IT Security News Blast 1-25-2017

The cost of cyber crime to your business

Healthcare breaches cost $6.2B annually

  1. Breaches in the U.S. healthcare field cost $6.2 billion each year.
  2. Approximately 90 percent of hospitals have reported a breach in the past two years.
  3. When a healthcare organization experiences a breach, forensics costs added up to $610,000.
  4. Breach notification costs $560,000 on average
  5. Costs affiliated with lawsuits average $880,000.
  6. For each data breach, healthcare organizations average $3.7 million in lost revenue.
  7. Healthcare organizations average $500,000 in lost brand value after a breach.
  8. The average HIPAA settlement fine is approximately $1.1 million.
  9. Post-breach cleanup costs average $440,000.

http://www.beckershospitalreview.com/healthcare-information-technology/healthcare-breaches-cost-6-2b-annually.html

Cloud-AI: Artificially Intelligent System Found 10 Security Bugs in LinkedIn

The issues fixed in LinkedIn include:

Leak of any user’s Email ID on LinkedIn

Leak of users email and phone number and resume

Deleting every user’s LinkedIn request

Downloading every transcript to videos from Lynda

Downloading every Lynda exercise files without a premium membership

http://thehackernews.com/2017/01/artificial-Intelligence-cybersecurity.html

DDoSing has evolved in the vacuum left by IoT’s total absence of security

The release of the Mirai botnet source code has enabled the launch of extremely large attacks, such as the high-profile assault on DNS provider Dyn in October that rendered numerous well-known websites inaccessible for hours on end. The massive growth in DDoS capabilities has been driven by increased attack activity on all reflection/amplification protocols. DDoS barrages are not only getting bigger but are also becoming more frequent and complex, with multi-vector attacks becoming increasingly commonplace.

http://www.theregister.co.uk/2017/01/24/ddos_sitrep/

How big data can drive the future of cybersecurity

Another benefit that big data provides in the realm of cybersecurity is the ability to monitor and track systems, usually contained within the cloud, for irregularities and potential breaches. Cloud Security Information and Event Management (CSIEM) allows users to safely transmit and store their private information and files without fear of falling victim to a cyber attack.

http://www.cio.com/article/3157868/big-data/how-big-data-can-drive-the-future-of-cybersecurity.html

The Lloyds cyberattack shows banks still have an unsolved problem

Lloyds’ attack suggests that banks have a very broad range of security concerns, some of which glean more attention than others. Given that all the Group’s brands (Halifax, RBS, and TSB) use the same core technology platform, this points to weaknesses in its general infrastructure. A DDoS attack overwhelms a computer system by sending it multiple, repeated requests that it cannot process quickly enough, causing it to crash.

http://www.businessinsider.com/the-lloyds-cyberattack-shows-banks-still-have-an-unsolved-problem-2017-1

Cybersecurity Should Be Top of Mind for Colleges and Universities in 2017

Significant data breaches in 2016 at the University of Central Florida (63,000 records), University of California, Berkeley (80,000 records), and Michigan State University (400,000 records), which involved social security number and other personal information, illustrate how colleges and universities continue to be a target of data breaches. The Berkeley and Michigan State breaches resulted from vulnerabilities in IT systems or software, and all three breaches involved significant amounts of alumni data, including social security numbers.

http://www.natlawreview.com/article/cybersecurity-should-be-top-mind-colleges-and-universities-2017

A bold approach to fix the cybersecurity staffing deficit

Execute a 10-year national priority recruiting campaign that will flow new cyberist recruits across the US Armed Services . . . the majority of whom will eventually vector to mid and large companies across the private sector.  Each of the five US service branches—Army, Navy, Air Force, Marine Corps, Coast Guard—has its own domiciled Cyber Command element, all with dual reporting linkage to US Cyber Command. Additionally, there are the principal national security cyber echelons, NSA, DHS, etc.

http://www.csoonline.com/article/3160764/it-careers/a-bold-approach-to-fix-the-cybersecurity-staffing-deficit.html

Overcoming ‘cyber-fatigue’ requires users to step up for security

In broad terms, though, we do nothing at all. Over time, this leads to what I call “cyber fatigue” – namely, an inability to think critically about what needs to happen for meaningful, lasting cybersecurity improvements while focusing only on near-term problems. So as 2017 unfolds, instead of falling prey to cyber fatigue and tolerating the “status quo cyber,” we should capitalize on the global trend toward radical change in taking some new approaches to internet security thinking.

https://phys.org/news/2017-01-cyber-fatigue-requires-users.html

Cybersecurity Trends to Watch in 2017

  • Malicious Botnet Attacks
  • Need for Proactive Approaches
  • Application Security On the Rise
  • Fake News & Social Media
  • Increased Security Is the Big-Picture Trend

http://www.business2community.com/cybersecurity/cybersecurity-trends-watch-2017-01762454

What’s the deal with data breach insurance

A recent Investment News article highlighted a burgeoning market for financial advisors looking to protect their practices; namely, data breach insurance. Although such insurance seems like a great idea, you need to exercise due care when purchasing such insurance. According to the article, more and more firms are buying this insurance to supplement any gaps that may exist in regular D&O insurance. After all, the typical D&O insurance policy either does not cover or provides little coverage for the harm caused by a data breach.

http://www.jdsupra.com/legalnews/what-s-the-deal-with-data-breach-36551/

Saudi Arabia warns over cyber attacks as labor ministry hit

Riyadh — Saudi Arabia warned organizations in the Kingdom on Monday to be on the alert for cyber attacks including a version of the destructive Shamoon virus, as a chemicals firm reported a network disruption and the Ministry of Labor and Social Development said it had been attacked. An alert from the telecoms authority advised all parties to be vigilant for attacks from the Shamoon 2 variant of the virus that in 2012 crippled of tens thousands of computers at oil giant Saudi Aramco.

http://saudigazette.com.sa/saudi-arabia/saudi-arabia-warns-cyber-attacks-labor-ministry-hit/

Cyber, Intelligence, and Security, Vol 1, No 1

The journal’s articles specifically look at 1) the theoretical and practical development of the concept of ‘jointness’ in intelligence organizations; 2) the history of the US’ approach to cyber warfare; 3) the so-called Islamic State’s online psychological operations and viral marketing; 4) the need to eliminate the rivalry between human intelligence and technical intelligence gathering; 5) the stances Israel should take on regulating cyberspace; 6) the role of artificial intelligence in cybersecurity; and 7) the security implications of autonomous vehicles.

http://www.css.ethz.ch/en/services/digital-library/publications/publication.html/08ff02c4-fa7c-4ad4-abfc-1c31d256974f

SpyNote RAT Now Disguised As Netflix App

Once installed, the remote access Trojan (RAT) essentially hands control of the device over to the hacker, enabling them to copy files, view contacts, and eavesdrop on the victim, among other capabilities. The malware is a new twist on the SpyNote RAT, a Trojan first uncovered on the dark web last summer by Palo Alto Networks. The most recent iteration, a product of the SpyNote Trojan builder, mimics a Netflix app and was discovered recently by researchers with Zscaler’s ThreatLabZ.

https://threatpost.com/spynote-rat-now-disguised-as-netflix-app/123311/

Meet Ripper.cc, A Reputation Service For Cybercriminals

Ripper.cc is not the first service to try and help shield cybercriminals from fellow scammers. Cybercriminals have long used blacklists, underground forums, and other means to warn one another of rippers in their midst. Since 2005, in fact, a Russian service named Kidala.info has maintained a database of rippers. What makes Ripper.cc different is its level of sophistication and the quality of its service, says Michael Marriott, research analyst at Digital Shadows.

http://www.darkreading.com/vulnerabilities—threats/meet-rippercc-a-reputation-service-for-cybercriminals/d/d-id/1327966?

Penguins force-fed root: Cruel security flaw found in systemd v228

The CVE-2016-10156 security hole in systemd v228 opens the door to privilege escalation attacks, creating a means for hackers to root systems locally if not across the internet. The vulnerability is fixed in systemd v229. Essentially, it is possible to create world-readable, world-writeable setuid executable files that are root owned by setting all the mode bits in a call to touch(). The systemd changelog for the fix reads:

basic: fix touch() creating files with 07777 mode

mode_t is unsigned, so MODE_INVALID < 0 can never be true.

This fixes a possible [denial of service] where any user could fill /run by writing to a world-writable /run/systemd/show-status.

http://www.theregister.co.uk/2017/01/24/systemd_flaw/

Court denies US government appeal in Microsoft overseas email case

The U.S. Court of Appeals for the Second Circuit, in a 4-4 decision Tuesday, declined to rehear its July decision that denied the DOJ access to the email of a drug trafficking suspect stored on a Microsoft server in Ireland. Microsoft has been fighting DOJ requests for the email since 2013. The DOJ has argued that tech companies can avoid valid warrants by storing customer data outside the U.S.

http://www.csoonline.com/article/3161155/security/court-denies-us-government-appeal-in-microsoft-overseas-email-case.html

WikiLeaks seeks Trump’s tax returns

After spending the latter half of 2016 leaking emails belonging to former Secretary of State Hillary Clinton, the Democratic National Committee and others associated with the Democratic Party, WikiLeaks has now set its sights on Donald Trump, putting out a call for the new president’s missing tax return. “Trump Counselor Kellyanne Conway stated today that Trump will not release his tax returns. Send them to: https://wikileaks.org/#submit  so we can,” WikiLeaks tweeted Sunday. The call to hackers went out just after Conway said on ABC’s “This Week” that Trump would not release his returns. “The White House response is that he’s not going to release his tax returns,” she said. “We litigated this all through the election.”

https://www.scmagazine.com/wikileaks-seeks-trumps-tax-returns/article/633553/

Fearing Trump administration’s reach, Seattle City Council fights FBI and SPD’s ‘warrantless surveillance cameras’

“I think that it is totally unacceptable for the city of Seattle to be complicit in federal law enforcement and intelligence agencies surveilling Seattle’s public spaces,” she said at a meeting of the Council’s Energy and Environment Committee Tuesday. “As a sanctuary city, we should not be filming our general population and we certainly should not be sending that data to law enforcement agencies now being run by the Trump administration. Many find this chilling and the Council has a duty to protect constituents from being surveilled.”

http://www.geekwire.com/2017/fearing-trump-administrations-reach-seattle-city-council-fights-fbi-spds-warrantless-surveillance-cameras/

AG Nominee Backs Law Enforcement’s Ability to ‘Overcome’ Encryption

Sessions’ position on encryption immediately sparked an outcry among civil liberties groups that have loudly denounced the government’s desire to access encrypted data. “We will strongly oppose any legislative or regulatory proposal to force companies or other providers to give Sessions what he’s demanding: the ability to ‘overcome encryption,’” wrote Electronic Frontier Foundation staff attorneys Nate Cardozo and Andrew Crocker in a statement Monday.

https://threatpost.com/ag-nominee-backs-law-enforcements-ability-to-overcome-encryption/123301/

Bad Bots Up Their Human Impersonation Game

Distil Networks last year found that last year humans outnumbered bad bots on the Web for the first time since 2013. But Distil’s data drew from its Hadoop cluster that includes some 74 million bot requests and other customer data. Unlike Imperva’s data set, it doesn’t include DDoS bots but instead all other types of bad bots, including digital ad fraud. What was in common, however, was that Distil also saw an increase bad bots imitating human online behavior. “I think that what’s interesting is that the sophistication of bots seems to be increasing,” says Edward Roberts, director of product marketing at Distil, which currently is putting the finishing touches on its new 2016 bot activity report.

http://www.darkreading.com/cloud/bad-bots-up-their-human-impersonation-game/d/d-id/1327964?

Trump’s cyber advisor didn’t know about Signal

If you pay attention to surveillance or cybersecurity, you’ve probably heard of Signal since the election, right? It’s an encrypted messaging app, and it’s popularity has climbed in the wake of a new presidential administration that looks like it will favor increased surveillance. […] Giuliani’s only relevant experience, if you can call it that, includes a cybersecurity subdivision of his management consulting firm, Giuliani Partners. That subdivision, known as Giuliani Security and Safety, offers only vague services related to the firm’s supposed expertise in areas such as “forensic accounting” and “security design and architecture.”

http://mashable.com/2017/01/24/donald-trump-cyber-advisor-rudy-giuliani-signal/#tWWdyKssMaq1

//]]>