Risky Business #546 -- The fifth domain sees some action

Reports from the cyber front!
03 Jul 2019 » Risky Business

Adam Boileau is along this week to discuss the week’s security news. We cover:

  • NYTimes reports USA is getting all up in Russia’s grids
  • Kremlin not happy
  • CYBERCOM targets Iranian rocket control and APT crews
  • TRITON attackers target US grid
  • Turla completes hostile takeover of Oilrig
  • Reuters publishes huge feature on Cloudhopper/APT10
  • China pwns global telcos, targets key subscribers
  • FVEY owns Yandex
  • Tourists entering Xinjiang now have mobile malware installed at border
  • Florida city governments having a bad time
  • Much, much more!

This week’s edition of Risky Business is brought to you by Senetas. They make layer 2 encryption tech, but they’ve also got a content disarm and reconstruction play now, Votiro, as well as their safe file sharing platform SureDrop. But we’re sticking with encryption in this week’s sponsor interview. Senetas CTO Julian Fay will be along a bit later to talk about his trip to the International Crypto Module Conference. He’ll fill us in on what the agenda was there – lots of talk about quantum resistant crypto and also some talk about streamlining various certification regimes.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

U.S. Escalates Online Attacks on Russia’s Power Grid - The New York Times
Kremlin Warns of Cyberwar After Report of U.S. Hacking Into Russian Power Grid - The New York Times
The Highly Dangerous 'Triton' Hackers Have Probed the US Grid | WIRED
US wants to isolate power grids with 'retro' technology to limit cyber-attacks | ZDNet
Wait, What The Hell Is Going On With Huawei Now? | Gizmodo Australia
The Legal Context for CYBERCOM’s Reported Operations Against Iran - Lawfare
Iran executes ‘defence ministry contractor’ over spying for CIA
Iranian Hackers Launch a New US-Targeted Campaign as Tensions Mount | WIRED
Nation-sponsored hackers likely carried out hostile takeover of rival group’s servers | Ars Technica
Stealing Clouds
Microsoft to Require Multi-Factor Authentication for Cloud Solution Providers — Krebs on Security
Chinese spies have been sucking up call records at multinational telecoms, researchers say
Exclusive: Western intelligence hacked 'Russia's Google' Yandex to spy on accounts - sources - Reuters
China Is Forcing Tourists to Install Text-Stealing Malware at its Border - VICE
Will Hurd’s Black Hat keynote nixed amid criticism of voting record
A Florida city paid a $600,000 bitcoin ransom to hackers who took over its computers — and it's a massive alarm bell for the rest of the US | Business Insider
Florida city fires IT employee after paying ransom demand last week | ZDNet
Ryuk, Ryuk, Ryuk: Georgia’s courts hit by ransomware | Ars Technica
Georgia courts (mostly) shrug off ransomware attack | Ars Technica
Collections Firm Behind LabCorp, Quest Breaches Files for Bankruptcy — Krebs on Security
Firefox zero-day was used in attack against Coinbase employees, not its users | ZDNet
FTC settles with device maker D-Link, requires 'comprehensive' security effort
Cellebrite Now Says It Can Unlock Any iPhone for Cops | WIRED
Gift-card scheme went well beyond Wipro hack, RiskIQ reports
Tracing the Supply Chain Attack on Android — Krebs on Security
Fraudsters Spoof Blockchain.com to Steal $27M in Cryptocurrency
Android Malware Bypasses 2FA by Stealing One-Time Passwords
LTE flaws let hackers ‘easily’ spoof presidential alerts | TechCrunch
NASA hacked because of unauthorized Raspberry Pi connected to its network | ZDNet
Microsoft warns Azure customers of Exim worm | ZDNet