IT Security News Blast 1-10-2017

BEC Attacks Will Overtake APT, Ransomware: Study

BEC generally happens when email accounts of key executives are compromised and involves payments made to fraudulent bank accounts. In Singapore alone, about S$19 million has been lost through BECs between January to September 2016. There was an increase of 20% in number of such cases as compared to the same period last year. Police investigations revealed that the scam usually involves businesses with overseas dealings with email as the main form of communication in the dealings.

http://www.cxotoday.com/story/bec-attacks-will-overtake-ransomware-and-atp-attacks-in-2017/

5 data breach predictions for 2017

Experian says five data breach trends will dominate 2017:

  • Aftershock password breaches will expedite the death of the password.
  • Nation-state cyber-attacks will move from espionage to war.
  • Healthcare organizations will be the most targeted sector with new, sophisticated attacks emerging.
  • Criminals will focus on payment-based attacks despite the EMV shift that took place more than a year ago.

International data breaches will cause big headaches for multinational companies.

http://www.cio.com/article/3155724/security/5-data-breach-predictions-for-2017.html

Cyber threats to your medical device

While the increased use of wireless technology and software in medical devices also increases the risks of potential cybersecurity threats, these same features also improve healthcare and increase the ability of healthcare providers to treat patients. Among its recommendations for mitigating and managing cybersecurity threats, the USFDA suggests that medical device manufacturers remain responsible for, and vigilant about, identifying risks and hazards associated with their medical devices, including risks related to cybersecurity.

http://www.thehindubusinessline.com/specials/pulse/cyber-threats-to-your-medical-device/article9464422.ece

Video: How to recover a system from a Ransomware attack

Having a system infected with Ransomware can be a painful and frightening experience for some. All of your personal files, including pictures, documents, music, and programs are encrypted and left completely useless. However, if you’ve got backups and some time on your hands, it is possible to recover from a Ransomware attack. The video below explains the entire recovery process, but it’s important to note that the full recovery took us several hours.

http://www.csoonline.com/article/3155061/security/video-how-to-recover-a-system-from-a-ransomware-attack.html

Cyberattack threats to nation’s utilities pose credit risk for investors

For investors, that means that credit risk wouldn’t be limited to just the victim of a successful cyberattack: The whole industry’s credit could be called into question. “We view cyber attacks as a form of event risk. As the number and sophistication of attacks grow, the probability of a successful cyber attack that would cause a material disruption to a utility is growing and the financial and reputational implications could be significant,” the authors write.

http://www.investmentnews.com/article/20170109/FREE/170109947/cyberattack-threat-to-nations-utilities-pose-credit-risk-for

The Limitations Of Phishing Education

When it comes to employee expectations, the digital-native millennial generation, now the largest workforce demographic, is perhaps the most careless when it comes to cybersecurity, opting for expedience over security.  […] Frankly, it’s very hard to change behavior. In fact, it’s proven that users, regardless of training and awareness, will still click on phishing links or download attachments because of a variety of factors, including curiosity, greediness, distraction, well-crafted impersonations, and/or simply failing to learn from past mistakes.

http://www.darkreading.com/threat-intelligence/the-limitations-of-phishing-education/a/d-id/1327786?

How Machine Learning For Behavior Analytics & Anomaly Detection Speeds Mitigation

Business-centric machine learning for behavior analytics and anomaly detection should be adopted by any organization focused on faster detection and mitigation to prevent advanced persistent threats (APTs) from significantly impacting their business. By relying on artificial intelligence to identify suspicious network activity or behavior, machine learning can adapt to both business needs and new threats.

http://www.darkreading.com/partner-perspectives/bitdefender/how-machine-learning-for-behavior-analytics-and-anomaly-detection-speeds-mitigation/a/d-id/1327830?

Cybersecurity pros to Trump: Critical infrastructure very vulnerable to cyber attack

These “teams” tend to be made up of a combination of Washington insiders with intelligence and/or military experience, as well as an assortment of industry folks. For example, President Obama’s recent Commission on Enhancing National Cybersecurity, included former NSA director Keith Alexander, former IBM CEO Sam Palmisano, etc. With all due respect to President Obama’s commission, I strongly suggest Mr. Trump recruit (or at least ask for input) from actual cybersecurity professionals who work in the trenches each day. This group is closer to the actual problems/solutions than some of the usual ivory tower folks who participate in this type of panel, so it would be worthwhile to get their opinions.

http://www.networkworld.com/article/3155573/security/cybersecurity-pros-to-trump-critical-infrastructure-is-very-vulnerable-to-a-cyber-attack.html

Trump team turns focus of Russia report to cybersecurity holes

Instead of focusing on the crux of the report — that Russian President Vladimir Putin ordered a multifaceted campaign aimed at helping Trump take the White House — members of the president-elect’s team emphasized Russia’s failure to actually disrupt the country’s democracy and influence election results. Incoming Chief of Staff Reince Priebus said Sunday he thinks Trump accepts the findings of the intelligence community.

http://thehill.com/homenews/campaign/313241-trump-team-seeks-to-downplay-russia-report

Servant or spy? Law enforcement, privacy advocates grapple with brave new world of AI assistants

[As] a recent murder case illustrates, AI assistants are creating thorny legal and privacy questions that legal and cybersecurity experts are scrambling to understand. Because virtual assistants rely on microphones that, in some cases, may be continuously recording and sending information, that trove of information creates a delicate balance between law enforcement requests, corporate strategy and individual privacy rights. […] In order to function, the device must constantly record and process all sound all the time, hoping to pick up on the wake word.

http://www.cnbc.com/2017/01/06/servant-or-spy-law-enforcement-privacy-advocates-grapple-with-brave-new-world-of-ai-assistants.html

The Real Russian Hacking Story: A Nation Underdefended From Cyberattack

Putting this all together, it is certainly critically important to understand Russia’s potential role in influencing the US presidential election and that deserves significant investigation. However, just as important is that the focus of those investigations not be strictly on the election itself, but rather on understanding the vulnerabilities that made that influence possible, from underdefended presidential campaigns to journalistic and academic norms on the use of stolen data.

http://www.forbes.com/sites/kalevleetaru/2017/01/09/the-real-russian-hacking-story-a-nation-underdefended-from-cyberattack/#4762b98621c8

Iran to Increase Military Spending on Missiles, Drones and Cyber

Tasnim news agency said 173 lawmakers voted in favour of an article in Iran’s five-year development plan that “requires government to increase Iran’s defence capabilities as a regional power and preserve the country’s national security and interests by allocating at least five percent of annual budget” to military affairs. Only 10 lawmakers voted against the plan, which includes developing long range missiles, armed drones and cyber-war capabilities.

http://www.haaretz.com/middle-east-news/iran/1.763881

Study: Hackers Say Mass Surveillance Is Cybersecurity’s No. 1 Threat In 2017

According to the findings, a mass surveillance threat is more likely to occur than a widespread ransomware attack on private citizens. However, the latter was still a high concern for ethical hackers. Ransomware is also a concern held by other experts for 2017, particularly within cloud infrastructure. “A complete overhaul of our nation’s info-security policies will help,” said ethical hacker and CEO of Red Cell Infosec Dominique Davis, one of the individuals surveyed in MonsterCloud’s study.

https://finance.yahoo.com/news/study-hackers-mass-surveillance-cybersecuritys-190537762.html

Hello Kitty Database of 3.3 Million Breached Credentials Surfaces

The breach was originally reported in December 2015, but at the time Sanrio denied any data was stolen as part of the breach. The breach was tied to a misconfigured MongoDB installation that was discovered by security researcher Chris Vickery. On Sunday a website that specializes in harvesting leaked credentials called LeakedSource, said the Sanrio database of 3,345,168 million users has surfaced. The disclosure was part of the website’s January 2017 update. According to original reports of the 2015 breach, 186,261 of the records belonged to Sanrio users under the age of 18.

https://threatpost.com/hello-kitty-database-of-3-3-million-breached-credentials-surfaces/122932/

Google plugs severe Android vulnerability that exposed devices to spying

Google has shut down a “high-severity” exploit in its Nexus 6 and 6P phones which gave attackers with USB access the opportunity to take over the onboard modem during boot-up—allowing them to listen in on phonecalls, or intercept mobile data packets. The vulnerability was part of a cluster of security holes found by security researchers at IBM’s X-Force all related to a flaw—tagged CVE-2016-8467—in the phones’ bootmode, which uses malware-infected PCs and malicious power chargers to access hidden USB interfaces. Patches were rolled out before the vulnerabilities were made public, in November for the Nexus 6, and January for the 6P.

http://arstechnica.com/security/2017/01/google-plugs-severe-android-bootmode-vulnerability/

FBI let alleged pedo walk free rather than explain how they snared him

Why? Because Michaud’s lawyer insisted that the FBI hand over a sample of the NIT code so it could be checked to ensure that it didn’t breach the terms of the warrant the FBI obtained to install the malware, and to check that it wouldn’t throw up any false positives. US District Judge Robert Bryan agreed, saying that unless the prosecution turned over the code, he’d have to dismiss the charges. The FBI has since been arguing against that, but has now decided that it’s better to drop the case than reveal its techniques.

http://www.theregister.co.uk/2017/01/06/fbi_lets_people_off_to_keep_methods_secret/

Hackers Leak 1.5 Million ESEA Player Records after Demanding $50k as Ransom

The hacked records include username, first name, last name, last login date/time, registration date, city/state/province, e-mail ID, date of birth, zip code, bcrypt hash, phone number and URL address of the website. Additionally, the Steam, Xbox and PSN IDs of the players have also been part of the hacked database. The sensitivity of this database is quite evident. It is worth noting that the ESEA registration form contains 90 fields, which actually is the entire player record of the customer. None of the information is protected except for the passwords. This means hackers can use the leaked data to carry out social engineering bases attacks such as phishing attacks.

https://www.hackread.com/esea-hacked-player-records-leaked/

DHS designates election systems as critical infrastructure, under ‘Government Facilities’ category

In an official Department of Homeland Security (DHS) press release, Johnson admitted that many state and local election officials are opposed to his decision, but insisted that the designation does not signify a U.S. government takeover of electoral systems, nor does it portend the introduction of federal regulation. It does, he continued, allow the DHS under its National Infrastructure Protection Plan, to prioritize the provisioning of cybersecurity assistance to state and local election officials who request help.

https://www.scmagazine.com/dhs-designates-election-systems-as-critical-infrastructure-under-government-facilities-category/article/630523/

Russia: US fueling ‘witch hunt’ with election hacking claims

Russia dismissed an intel report claiming that the Kremlin meddled with the U.S. presidential election, saying the accusations were “amateurishly emotional” and driving a “witch-hunt.” “There was nothing in this report that deserved to be read in detail,” said Kremlin spokesman Dmitry Peskov on Monday, according to the Russian news agency TASS.

http://www.csoonline.com/article/3155727/security/russia-us-fueling-witch-hunt-with-election-hacking-claims.html

FedRAMP issues ‘high’ approval for AWS services

The Amazon Relational Database Service can help agencies manage MySQL, Oracle and Postgres databases in the cloud. Amazon CloudWatch Logs can be used to monitor various system and application logs for problems, patterns or specific phrases. And AWS CloudTrail, according to the company, “is a web service that records AWS API calls for accounts and delivers log files to the user.” […] The high baseline allows cloud service providers to handle and store data that, if compromised, could severely hurt organizational operations, assets or people in the federal agency that hired the provider.

https://gcn.com/articles/2017/01/09/aws-fedramp-high.aspx?admgarea=TC_SecCybersSec

How hackers made life hell for a CIA boss and other top US officials

Justin Gray Liverman, 24, of Morehead City, North Carolina, pleaded guilty to conspiracy to violate the Computer Fraud and Abuse Act, commit identity theft, and make harassing, anonymous phone calls, federal prosecutors said Friday. Among the 10 people targeted in the conspiracy were Brennan; then-Deputy FBI Director Mark Giuliano; National Intelligence Director James R. Clapper; Greg Mecher, the husband of White House Communication Director Jen Psaki; and other government officials. The group called itself Crackas with Attitude, and it was led by a co-conspirator going by the name of Cracka.

http://arstechnica.com/tech-policy/2017/01/how-hackers-made-life-hell-for-a-cia-boss-and-other-top-us-officials/

Unprotected MongoDB: Medical Data of Veterans affected by sleep disorders leaked

The database contains personal details of over 1,200 veterans who have been suffering from some kind of sleep disorders. The data in this database contains names, email addresses, clear-text passwords, mobile phone numbers, history related to their service in the military and their ranks.The worse thing about this database is that researchers also got their hands on chat logs between patients and doctors discussing their medical problems including email conversations from @us.army.mil email domain.

https://www.hackread.com/unprotected-mongodb-veterans-medical-data-leaked/

//]]>