CyberWeekly: Russian Phishing, BlackBerry Acquisition, and a New US Cybersecurity Agency
CyberWeekly Newsletter: Weekly Edition
New Russian Phishing
While it’s been widely reported that Russian threat actors were quiet during the recent 2018 US midterm elections, two threat intelligence firms have indicated that APT 28 (aka Fancy Bear) and APT 29 (aka Cozy Bear) may have some new phishing tricks of their sleeves. According to research by Palo Alto Networks’ Unit 42 the threat actor APT 28 was spotted using a new trojan—called “Cannon”—during phishing attacks in late October and early November. The “Cannon” trojan communicates with its command & control (C2) server using encrypted email. The phishing has reportedly targeted government entities from around the global, including North America, Europe, and a former USSR state. (I think it’s safe to assume they’re talking about Ukraine on that last one.)
Meanwhile, FireEye spotted APT 29 back at it after a fairly long hiatus. They’re sending phishing emails from a spoofed US State Department email address that delivers a decoy PDF along with a Cobalt Strike BEACON backdoor. Notably, APT 29 did little to hide that the email isn’t actually from the State Department. FireEye’s research provides a redacted email header in which the Message ID is clearly not a State Department domain.
The only constant is change. In that regard our (not so) friendly neighborhood bears stay constant. Besides that, that Cozy Bear is active again is news in and of itself.
BlackBerry Buys Cylance
Who says BlackBerry is dead? Sure, they’ve ceded the smartphone battleground to the iPhone and the Android. However, while retail consumers moved on to cooler phones, BlackBerry has focused on what they were always the best at… enterprise mobile security. In 2015, BlackBerry bought Good Technology (which 50% of Fortune 100 companies used at the time) for $425 million. If that acquisition is considered BlackBerry shoring up its base, BlackBerry’s acquisition of the cybersecurity startup Cylance for $1.4 billion can be considered the next phase of Blackberry’s evolution.
I’ve been asking for a while, who are the natural buyers for today’s cybersecurity startups. Personally, I’ve suspected that the cloud computing companies would be the ones to kick off a buying sprees. In hindsight, BlackBerry seems like a smart buyer. (Thanks, Captain Hindsight.) The next question is, will more big players step up the acquisitions in the near-term? I’ll double down as I still think cloud computing firms like Amazon Web Services (AWS), Microsoft, and Google are natural buyers.
Cybersecurity for the cloud is a new frontier. There is a value-add to cloud firms providing built in cybersecurity services. I don’t know that there will be any rush though as the supply of cybersecurity startups is likely great, than buyer demand. In the near-term we likely seem consolidation within the cybersecurity space as startups try to expand their service offerings as they await deep-pocketed buyers.
Speaking of Cloud Computing Firms…
Google Cloud’s CEO Diane Greene is scheduled to step down early next year. Despite the 3-year push into the cloud market by Alphabet, the nascent cloud platform remains in a distant third-place behind the market leader AWS and second place Microsoft Azure. According to T_HQ, “Commentators also note that Greene’s tenure lacked the kind of large-scale acquisition that could have helped close the gap with competitors.”
Greene will be succeeded by former Oracle executive Tomas Kurian. Will the change in leadership make much of a difference? I suspect that depends on how much clout Kurian can garner internally. That’s clearly important if Kurian needs to get Alphabet approval for the 10-figure acquisitions necessary cut into AWS and Azure’s 8 year head start. Maybe Google will surprise us.
New Cybersecurity Agency
As of Friday, the United States has a new defense agency devoted to cybersecurity. The Cybersecurity and Infrastructure Security Agency (CISA) is the first US agency devoted to the defense of both cyber and physical attacks. This Department of Homeland Security (DHS) agency will include a National Cybersecurity and Communications Integration Center (NCCIC), which the DHS states will provide “24x7 cyber situational awareness, analysis, incident response and cyber defense capabilities to the Federal government; state, local, tribal and territorial governments; the private sector and international partners.”
I suspect the NCCIC will be an invaluable resource to governments at the state-level and below, which don’t the resources to build robust cybersecurity teams. If there is a cyberwar coming, the US government has demonstrated that it is preparing for the task of defending US critical infrastructure.
What comes next? I suspect in the next couple of years we’ll see US Cyber Command split from the National Security Agency (NSA). While the split has certainly been hinted at, it seems unlikely that it will occur within the next couple of years. Gen. Paul Nakasone, who heads both organizations, has called for them to remain unified for at least the next two years. It’s certainly an exciting time for cyber defense.
Cool Job of the Week
NBCUniversal Media, LLC — Filmed Entertainment Cyber Security Business Leader (Location: Universal City, CA)
Veteran-Preferred Job of the Week
IBM — X-Force Incident Response & Intelligence Services (IRIS) - Strategic Cyber Threat Analyst (Location: Los Angeles, CA)
Hope you’ve enjoyed this week’s edition of the CyberWeekly Newsletter. Please share with a friend or colleague.
Click here to subscribe to the CyberWeekly Newsletter.
Stay vigilant,
Oritse J. Uku, Editor-in-Chief
Disclaimer: The opinions expressed in this newsletter are my own.