Keynotes at BSides yesterday highlighted calls for true multidisciplinary cooperation on the very large-scale problems we face in cybersecurity. The disciplines that could make a major difference would prominently include economics, behavioral science, and machine learning.
Endgame gave an interesting talk: "Destructive Malware and Interstate Rivalries: The Evolution of Digital Weapons and Geopolitical Conflict." Andrea Little Limbago and Mark Dufresne gave attack timelines and details of destructive attacks (with an emphasis on the destructive as opposed to the merely intrusive). They covered Stuxnet to recent attacks centered on, but extending beyond, Ukraine. Limbago put the incidents into geopolitical context by describing the various rivalries that created the conditions for the attacks: a smart pairing of the political and the technical.
In general the atmosphere at BSides has been easy-going. It's free, the teachers are volunteers, and the attendees struck our stringer as passionate people who care about security and at the same time liked to have fun. Therefore we had a chat with the BSides bartender. She told our stringer that the most commonly chosen morning beverage so far has been beer, followed by Jägermeister. (Our sociological desk suggests this means one thing: young crowd, college-girl/boy drinking habits.) Around 10:30 local time the first Jack and Coke was ordered up.
Some food for thought that may serve to put the usual threat news into perspective: Symantec has taken a look at some prominent Advanced Persistent Threat groups and found that their tools tend to be buggy. They quietly suggest this could be turned to the defender's advantage.
North Korea is famously isolated, but its rulers? They're about as connected as anyone else, according to a Recorded Future study. Pyongyang's elite are assiduous users of Facebook, YouTube, and Amazon, to pick just three attractive Western services. This seems inconsistent with the Juche spirit of collective solidarity and self-reliance, but it may provide some insight useful to any elements of the civilized world interested in counter-value targeting in cyberspace.
Also in the study are some interesting observations about North Korea's use of foreign networks, sourced by Recorded Future to research done by Team Cymru. Chinese and Indian networks are most commonly exploited by Pyongyang's mix of espionage and criminal operators; they also use networks in Kenya, Indonesia, Mozambique, Malaysia, and Indonesia.
Various looks at Iran's CopyKitten operators are reaching a consensus that they're not highly skilled, but that they've been effective at espionage nonetheless. ClearSky and Trend Micro report that CopyKitten's Wilted Tulip campaign has successfully exfiltrated data from a range of regional, European, and North American targets.
The Fruitfly malware found to have been infesting Apple products is an odd one. Mac Rumors calls it "old and possibly abandoned," but the FBI is investigating.
Adobe will finally retire Flash, in 2020.