IT Security News Blast 1-17-2017

Cyber Security Survey: More than 80 Percent of Resellers Think Customers Are Most Concerned with New Ransomware Threats

About 45 percent of reseller respondents believe that less than half their customers have the proper resources in place to adequately manage incoming security alerts. Many SMBs simply don’t have the time or personnel necessary to focus on the management of network security solutions and the mitigation of growing cyber threats. As a matter of fact, only 5 percent of surveyed resellers believe all their customers have these resources in place, while 7 percent believe none of them do at all. This suggests that while many customers do have solutions in place, there is still significant room for improvement.

https://finance.yahoo.com/news/cyber-security-survey-more-80-050100548.html

Aviation Industry Under Attack By Chinese Hackers

[Air] traffic control and booking systems are the most vulnerable parts, that’s why hacker attacks on the aviation industry are common. An example from 2016 shows that the electronic passport control systems at the Atatürk and the Sabiha Gökçen airports were the targets of the breaches. A Vietnamese hacker group, whose headquarters are located in China, took the display panels under their control and spread insulting messages in English. […] The study shows that 75 percent of the analyzed companies at the aviation industry are infected with malicious software. Most of the firms don’t even know that they have malware in their systems. The subsystems at 30 percent of the companies are actively controlled by hackers.

https://www.deepdotweb.com/2017/01/16/aviation-industry-attack-chinese-hackers/

Intelligence report claims the Kremlin has cracked Telegram service

According to the report, the Russian Federal Security Service (FSB) offers bribes for back doors into commercial products, it uses to recruit black hat hackers in every way, including blackmail and coercion. The document reports the FSB used the sale of cheap PC game containing malware to compromise the machines. The report also reveals that the Russian Intelligence has cracked the popular Telegram instant messaging service. The intelligence report has been prepared by a former British agent, he received the information about the hack of the Telegram service by a “cyber operative.”

http://securityaffairs.co/wordpress/55341/intelligence/russia-telegram-hacked.html

Suspected NSA tool hackers dump more cyberweapons in farewell

The hacking group that stole cyberweapons suspected to be from the U.S. National Security Agency is signing off — but not before releasing another arsenal of tools that appear designed to spy on Windows systems. On Thursday, the Shadow Brokers dumped them online after an attempt to sell these and other supposedly Windows and Unix hacking tools for bitcoin. […] Those tools contained several previously unknown and valuable exploits, lending credibility to the hacking group’s claims, according to security researchers.

http://www.networkworld.com/article/3157362/security/suspected-nsa-tool-hackers-dump-more-cyberweapons-in-farewell.html

A Hacker Just Proved That Apple May Have Been Right About the F.B.I.

After a tense showdown, the F.B.I. withdrew its case when it reportedly found another way to break into the iPhone: a private Israeli security firm called Cellebrite, which specializes in data extraction and had teamed up with the F.B.I. before. Cellebrite has received more than $2 million in purchase orders from the F.B.I. over the past four years. Now, it appears Cook may have been right to worry about the iPhone’s security. A new report from Motherboard says Cellebrite has been hacked, and its data—including highly confidential customer information, databases, and technical details about Cellebrite’s products—has been stolen. The same technology built by Cellebrite to allow the F.B.I. to unlock iPhones could now be sold to the highest bidder.

http://www.vanityfair.com/news/2017/01/a-hacker-just-proved-that-apple-may-have-been-right-about-the-fbi

Brilliant phishing attack probes sent mail, sends fake attachments

The new attack uses the file names of sent attachments and applies that name into new attachments that appear to be PDFs but are actually images that, when clicked, send victims to phishing pages. Suitable subject lines stolen from sent emails are applied to the new phishing emails, making the mischievous messages more legitimate. Even the URL to which the attachments point is crafted to appear legitimate, bearing the google.com domain, says WordFence chief executive officer Mark Maunder who reported the attacks.

http://www.theregister.co.uk/2017/01/16/phishing_attack_probes_sent_mail/

Putin Tried to Hack Report of Downing of Malaysian Airlines Flight MH17

The reason Russia attempted to hack the report is quite simple, of course: the investigation concluded the obvious, namely, that Russia and its allies in eastern Ukraine were responsible for shooting down the airplane with hundreds of innocent civilians in it. In total, 298 people were killed, 283 passengers and 15 crew members. It doesn’t come as a surprise that Russia tried to hack the report before it was made public, but it’s still extremely discomforting. Other states engage in the same behavior, but they at least have the good sense to hide their tracks somewhat. Putin doesn’t care who knows what he’s doing and why. Apparently, he’s convinced that the West is so weak that he’ll get away with everything.

https://pjmedia.com/trending/2017/01/14/putin-tried-to-hack-report-of-downing-of-malaysian-airlines-mh17/

After MongoDB, ransomware groups hit exposed Elasticsearch clusters

Elasticsearch is a Java-based search engine that’s popular in enterprise environments. It’s typically used in conjunction with log collection and data analytics and visualization platforms. The first report of an Elasticsearch cluster being hit by ransomware appeared on the official support forums on Thursday from a user who was running a test deployment accessible from the internet. All data from the cluster was wiped and a single index was left behind with a ransom message reading: “SEND 0.2 BTC TO THIS WALLET: 1DAsGY4Kt1a4LCTPMH5vm5PqX32eZmot4r IF YOU WANT RECOVER YOUR DATABASE! SEND TO THIS EMAIL YOUR SERVER IP AFTER SENDING THE BITCOINS.”

http://www.networkworld.com/article/3157414/security/after-mongodb-ransomware-groups-hit-exposed-elasticsearch-clusters.html

White House Approves New Rules for Sharing of Raw Intelligence Data

“That’s a huge and troubling shift in the way those intelligence agencies receive information collected by the NSA. Domestic agencies like the FBI are subject to more privacy protections, including warrant requirements,” said Kate Tummarello, a member of the Electronic Frontier Foundation’s Activism Team. “Previously, the NSA shared data with these agencies only after it had screened the data, filtering out unnecessary personal information, including about innocent people whose communications were swept up the NSA’s massive surveillance operations.”

https://threatpost.com/white-house-approves-new-rules-for-sharing-of-raw-intelligence-data/123094/

KFC’s New Facial Recognition Software Is Troubling For A Few Reasons

A spokesperson for KFC told The Guardian that the artificial intelligence-enabled system provides meal recommendations based on a consumer’s age and mood. According to a Baidu press release obtained by Tech Crunch, the machine would offer a male customer in his early 20s something like “a set meal of crispy chicken hamburger, roasted chicken wings and Coke.” On the other hand, a female customer in her 50s would be given a recommendation of “porridge and soybean milk for breakfast.”

http://www.huffingtonpost.com/entry/kfcs-new-facial-recognition-software-is-troubling-for-a-few-reasons_us_587ce160e4b09281d0eba03d?vxj58npaqzo2prpb9

Biometrics leads to arrest of accused child molester on the lam 17 years

A fugitive suspected of molesting a 10-year-old Indiana girl 17 years ago has been arrested after the Federal Bureau of Investigation employed facial recognition technology, according to court documents. The bureau said the suspect’s US passport photo in December was run though a Facial Analysis, Comparison, and Evaluation (FACE) test, and it matched photos taken before he disappeared nearly two decades ago.

http://arstechnica.com/tech-policy/2017/01/biometrics-leads-to-arrest-of-accused-child-molester-on-the-lam-17-years/

Idaho beefs up cybersecurity efforts

Idaho Governor “Butch” Otter signed an executive order Monday enacting the recommendations of his Cybersecurity Task Force. […] The Task Force worked with business and industry experts, counterparts from other states, and national cybersecurity specialists. Its recommendations are aimed at supporting State agencies in implementing the best practices in cybersecurity. They also address the need for employee education and training — and call for development of a public outreach program to share best practices and up-to-date information.

http://www.kivitv.com/news/idaho-beefs-up-cybersecurity-efforts

Is cyber insurance worth the cost?

Nearly 30% of financial advisory firms have cyber coverage in addition to their typical errors and omissions policies, according to preliminary data from an InvestmentNews adviser technology benchmarking study underway. About half of advisers reported that their E&O insurance covers a cybersecurity breach, although in some cases only to a limit less than their overall policy, and 29% said they aren’t sure whether their current E&O policy would pay out in such an event.

http://www.investmentnews.com/article/20170115/FREE/170119958/is-cyber-insurance-worth-the-cost

Trump and Offensive Cyber Warfare

While the world is carefully watching what path the new administration will adopt, offensive cyber capabilities will continue to expand. However, the United States runs the risk of accelerating this cyber weapons race before adequate norms for their use are established. Unpredictability paired with bellicosity is always a dangerous mix in global politics, but even more troublesome in an increasingly militarized cyberspace.

http://thediplomat.com/2017/01/trump-and-offensive-cyber-warfare/

‘Fancy Bear’ also growls at Norway

The same group of hackers that intelligence officials believe swung the US election in favour of Donald Trump has also attacked Norwegian targets within the military and foreign service. Called “Fancy Bear,” computer security experts believe Russia is behind the hacking that’s aimed at political manipulation and destablization of western democracies.

http://www.newsinenglish.no/2017/01/16/fancy-bear-also-growls-at-norway/

Who’s winning the cyber war? The squirrels, of course

To “counteract the ludicrousness of cyberwar claims by people at high levels in government and industry,” Thomas said, he launched CyberSquirrel1. Inspired by a presentation at Thotcon by Josh Corman (now the director for Cyber Statecraft at the Atlantic Council) and Jericho of Attrition.org, SpaceRogue started CyberSquirrel1 initially as a Twitter feed on March 19, 2013. The account simply “collected from a Google alert for news,” he said.

http://arstechnica.com/information-technology/2017/01/whos-winning-the-cyber-war-the-squirrels-of-course/

Google reveals its servers all contain custom security silicon

Revealed last Friday, the document outlines six layers of security and reveals some interesting factoids about the Alphabet subsidiary’s operations, none more so than the revelation that “We also design custom chips, including a hardware security chip that is currently being deployed on both servers and peripherals. These chips allow us to securely identify and authenticate legitimate Google devices at the hardware level.” That silicon works alongside cryptographic signatures employed “over low-level components like the BIOS, bootloader, kernel, and base operating system image.”

http://www.theregister.co.uk/2017/01/16/google_reveals_its_servers_all_contain_custom_security_silicon/

Botnet of things: Samsung SmartCams vulnerable to hackers

The latest exploit involving Samsung SmartCams further strengthens this notion that IoT devices are quite vulnerable to hacks. Since the time Samsung’s SmartCams went on sale, they have become victims of exploitation by cyber-criminals. In the latest exploiting spree, the attackers have attempted to convey commands as the root user. In the previous such attacks, the remote command execution and modification of admin password were the primary achievements of the attackers.

https://www.hackread.com/botnet-of-things-samsung-smartcams-vulnerable-to-hackers/