IT Security News Blast 1-26-2017

Cyber attacks on small business — it’s a matter of when, not if

Small businesses have to take protective measures, Brown said, because they probably don’t have the resources to recover from the kind of massive data breach that Target Corp. experienced in 2013. That hack ultimately cost Target about $300 million, speakers said Tuesday. “Our entire society is so connected,” Brown said. Hackers can enter company computers through links from smart HVAC systems, through outside vendors, and through emails to and from suppliers or customers.

http://www.philly.com/philly/business/Cyber-attack-on-small-business—-its-when-not-if.html

‘First utility cyber attack will happen this year’

That’s according to Perry Stoneman, Global Head of Utilities at consulting firm Capgemini, who told ELN it would likely take the form of a ransomware attack. This is when computer systems are hacked by criminals who then demand a sum of money to avoid a major city having its power cut off. Mr Stoneman believes the hackers would want their attack to be “visible, attention-catching and newsworthy” – turning the lights out is just that. He said: “It could be something more malicious than just wanting money. It could target critical information. We’re predicting a real threat against the grid.”

http://www.energylivenews.com/2017/01/25/first-utility-cyber-attack-will-happen-this-year/

Roles, Responsibilities of Cyber Command Debated

While there was some opposition to separating Cybercom and the NSA’s leadership, the reaction to the proposal was largely positive. “We should discontinue the dual-hat arrangement which I helped design when I was undersecretary of defense for intelligence seven years ago,” Director of National Intelligence James Clapper testified before the Senate Armed Services Committee prior to leaving office. “This isn’t purely a military issue. I don’t think this is in the NSA’s or the [intelligence community’s] best interest to continue the dual-hat set up.”

http://www.nationaldefensemagazine.org/archive/2017/february/Pages/RolesResponsibilitiesofCyberCommandDebated.aspx

Trump lieutenants ‘use private email’ for govt work… but who’d make a big deal out of that?

Key advisors to the president, Kellyanne Conway and son-in-law Jared Kushner, as well as press secretary Sean Spicer and chief strategist Steve Bannon, all have accounts on the Republican Party’s rnchq.org domain, and are continuing to use them in addition to their official government accounts, according to Newsweek. […] We note that the same rnchq.org domain was used by members of the Bush Administration, who were heavily criticized for having “lost” no fewer than 22 million emails when asked to hand them over to the presidential archives. It is also strongly suspected that the same domain and email server were compromised by Russian hackers during the latest presidential campaign.

https://www.theregister.co.uk/2017/01/25/trump_lieutenants_using_private_email_addresses/

President Trump is still using his “old, unsecured Android phone”

Donald Trump continues to use his “old, unsecured Android phone” since taking office despite “the protests of some of his aides,” according to a report from The New York Times about how the new president is settling in to his routine. […] In any case, it’s surprising that Trump has kept his old phone—the Trump campaign spent months criticizing Democratic nominee Hillary Clinton for her alleged mishandling of sensitive e-mails, and her campaign has claimed that the FBI’s statements on the case may have cost her the election. President Obama was only given a smartphone last year, and in interviews he claimed that it had been so locked down that it couldn’t even be used to take pictures or send text messages.

https://arstechnica.com/tech-policy/2017/01/post-inauguration-president-trump-still-uses-his-old-android-phone/

Disk-nuking malware takes out Saudi Arabian gear. Yeah, wipe that smirk off your face, Iran

Aramco is still in the malware herder’s sights, with Sadara Chemical, a joint venture firm owned by the company and Dow Chemical, confirming that it had taken a hit from the malware. It says the incident has now been contained and it is investigating. State media also reports the Saudi Arabian labor ministry has been hit. The motive for the attacks isn’t known, but the malware is thought to be the creation of Iranian state-sponsored hackers. There is speculation that this latest Saudi infection might be retaliation for hacking against Iranian petrochemical facilities.

https://www.theregister.co.uk/2017/01/26/shamoon_2_hits_saudi_arabian_targets/

The Humanization of the Security Leader: What CISOs Need to Be Successful

The first key skill is communication. The CISO’s job is to explain IT risk in terms of the appropriate business model and mission. This presumes an understanding of the organizational structure and culture, where resources come from, and how a win is measured. This may seem obvious, but many good, smart people heads down in IT departments are often unaware of the day-to-day workings of their organizations. Successful security professionals soon learn they need to open their ears and their minds in order to have influence.

https://f5.com/labs/articles/cisotociso/leadership/the-humanization-of-the-security-leader-what-cisos-need-to-be-successful-24732?sf52565574=1

GE Proficy HMI/SCADA iFIX, Proficy HMI/SCADA CIMPLICITY, and Proficy Historian Vulnerability (Update A)

GE has reported an insufficiently protected credentials vulnerability in Proficy Human-Machine Interface/Supervisory Control and Data Acquisition (HMI/SCADA) iFIX, Proficy HMI/SCADA CIMPLICITY, and Proficy Historian software. This vulnerability was identified by Ilya Karpov of Positive Technologies. GE has produced new versions to mitigate this vulnerability.

https://ics-cert.us-cert.gov/advisories/ICSA-16-336-05A

Schneider Electric Wonderware Historian

ATTENTION: Remotely exploitable/Low skill level to exploit

Vendor: Schneider Electric

Equipment: Wonderware Historian

Vulnerability: Credentials Management

AFFECTED PRODUCTS

The following Wonderware Historian versions are affected:

Wonderware Historian 2014 R2 SP1 P01 and earlier.

https://ics-cert.us-cert.gov/advisories/ICSA-17-024-01

Voices Cybersecurity 101: Understanding the threat levels and taking action

First, understand your network. What data is there and where is it located? If your workforce is distributed, do employees have sensitive company or client information on laptops? Inventory all network hardware and software assets and make sure you keep these assets up to date. And when you acquire new assets or update existing ones, always change the default passwords; “admin” or “administrator” are the first user names a hacker tries.

http://www.accountingtoday.com/opinion/take-cybersecurity-seriously-understanding-the-threat-levels-and-taking-action

How To Drive Productivity Without Compromising Cybersecurity

Striking a balance between security and productivity is a top priority for modern companies, but it’s absolutely critical to remember one very important thing about this balancing act: You should never sacrifice security for productivity. I wholeheartedly believe that productivity needs to take a backseat to security. Data is simply too valuable, and breaches too crippling, to reverse those priorities.

http://www.forbes.com/sites/danielnewman/2017/01/24/how-to-drive-productivity-without-compromising-cybersecurity/#246c94a324f0

Trump’s hiring freeze blunts rush to recruit cybersecurity talent

President Trump’s blanket civilian hiring freeze may hurt federal agencies already struggling to recruit enough skilled cybersecurity professionals for the nation’s digital defenses. While agencies can allow exemptions for national security reasons, some of the 1,099 unfilled cybersecurity jobs in the government may not fall into the category of essential personnel. When it comes to cybersecurity, says Davis Hake, a former National Security Council (NSC) aide, “we can’t afford a brain drain and we can’t afford to slow down.”

http://www.csmonitor.com/World/Passcode/2017/0125/Trump-s-hiring-freeze-blunts-rush-to-recruit-cybersecurity-talent

After CES, 2017 Will Finally Bring Reliable IoT Cybersecurity Products

Minds pre-CES were certainly focused with the Mirai botnet that attacked Dyn by activating more than 100,000 devices and bringing the internet to its knees. If those in the industry were concerned that such an attack was imminent, by the time the DDOS assault was over, it was common knowledge to the world. While the bad news is that it will happen again and by a more malicious agent than the alleged US teenager that did it this time, the good news is that there were some smart companies at CES that were creating cybersecurity redoubts against such threats.

http://www.forbes.com/sites/montymunford/2017/01/25/after-ces-2017-will-finally-bring-reliable-iot-cybersecurity-products/#3e5c3f5a573b

A top hacker-hunter at Russia’s largest cybersecurity firm has been arrested on charges of treason

Stoyanov was arrested along with a senior Russian FSB intelligence officer, Sergei Mikhailov, according to Kommersant. Mikhailov, who also faces treason charges, was the deputy head of the information security department of the FSB, Russia’s national security service. Investigators are examining money that Stoyanov allegedly received from foreign companies or entities, according to Kommersant. A source told the paper that the case has been filed under article 275 of Russia’s criminal code, which allows the government to prosecute an individual suspected of aiding a foreign state or organization.

http://www.businessinsider.com/ap-top-manager-at-russian-cybersecurity-firm-arrested-in-moscow-2017-1

Dark Web’ Largest Trading Platform AlphaBay Hacked; 200k Messages Leaked

AlphaBay is counted among the largest trading marketplace on the Dark Web and this is something that makes the platform inquisitive about prevailing security flaws and vulnerabilities. Recently a hacker identified the existence of two high-risk bugs and revealed this information on Reddit’s forum posts. The hacker, who uses the alias Cipher0007, managed to steal 200,000 private messages. These messages were exchanged between users/buyers and sellers. ZDNet reports that Cipher0007 disclosed the vulnerabilities earlier this week and revealed on Reddit that these flaws could be used to steal private messages on AlphaBay.

https://www.hackread.com/dark-webs-largest-trading-platform-alphabay-hacked-200000-messages-leaked/

70mn cyberattacks, mostly foreign, targeted Russia’s critical infrastructure in 2016 – FSB

The committee’s meeting was centered on debate over a new bill titled “On the Security of Critical Infrastructure of the Russian Federation,” that is designed to ensure that all companies deemed to be a part of Russia’s critical infrastructure are equipped with effective means to fight off the cyberattacks. The draft bill envisions that a special register of all companies and agencies that control objects of critical infrastructure be drawn up. Once the entity is in the list, it will be obliged to purchase means for detection and countering cyberwarfare, as well as to report all attempts to disrupt their information security to the relevant state bodies and provide assistance in the investigations that follow.

https://www.rt.com/news/374973-cyber-attacks-russian-infrastracture/

Worried about cybersecurity and the connected car? There’s a bill for that

This bill emerges as auto and tech industries floor the accelerator pedal with regard to connecting new vehicles to the Internet, citing benefits such as safety or driver convenience. Yet as we’ve seen repeatedly, not every automaker is taking the problem of cybersecurity as seriously as they ought to. Plus, the network architecture of our vehicles is still based on the Controller Area Network (CAN) bus, which wasn’t ever envisioned as something that would be permanently networked to the wider digital world.

https://arstechnica.com/cars/2017/01/worried-about-cybersecurity-and-the-connected-car-theres-a-bill-for-that/

Hacker Selling 126 Million Cell Phone Details of “U.S. Cellular” Customers

The vendor is selling a database containing personal and cell phone number details of 126,761,168 citizens of the United States taken from United States Cellular Corporation (U.S. Cellular), a regional carrier which owns and operates the fifth-largest wireless telecommunications network in the United States, serving 4.9 million customers in 426 markets in 23 U.S. states. DoubleFlag claims the database is updated till January 2017 and never been leaked on the Internet before. The database according to him contains details such as first name, last name, address, city, state and phone numbers of one hundred twenty-six million seven hundred sixty-one thousand one hundred sixty-eight (126,761,168) Americans.

https://www.hackread.com/hacker-selling-126-million-us-cellular-customers-data/