IT Security News Blast 1-3-2017

Top business stories of 2016: Cybersecurity firms gain investment as hacks proliferate

And such events have made investing in cybersecurity critical for many companies. Cybersecurity Ventures, a leading research firm on cybersecurity issues, projects that worldwide spending on cybersecurity will hit $1 trillion between 2017 and 2021. And Denver-area investors are paying attention. Private investors snapped up cybersecurity firms including Ping Identity and Optiv Security — both Denver firms were en route to going public.

http://www.denverpost.com/2017/01/01/top-business-stories-of-2016-cybersecurity-firms/

Cyber Intelligence and Defense for the Public Sector, Part 3: The Rise of Active Defense

Agencies must compete with the commercial market to recruit and retain high-quality cyber security talent spanning a wide range of expertise to provide ample threat coverage. Moreover, agencies must identify, acquire, and analyze vast amounts of threat data from multiple sources to disseminate context-aware, actionable intelligence. At a minimum, an agency’s threat intelligence capability should invest in extensive human intelligence (HUMINT) and signals intelligence (SIGINT) capabilities, whether internally or by way of a third party.

https://ctovision.com/cyber-intelligence-defense-public-sector-part-3-rise-active-defense/

Data breaches through wearables put target squarely on IoT in 2017

With the sheer velocity of how the distributed denial-of-service (DDoS) attacks spread through common household items such as DVR players, makes this sector scary from a security standpoint. “Today, firms are developing IoT firmware with open source components in a rush to market. Unfortunately, many are delivering these IoT solutions without good plans for updates, leaving them open to not only vulnerabilities but vulnerabilities security teams cannot remediate quickly,” write Forrester analysts.

http://www.csoonline.com/article/3150881/internet-of-things/data-breaches-through-wearables-put-target-squarely-on-iot-in-2017.html

Donald Trump to Press Intelligence Agencies on Russia Cyberattack Claims

Mr. Trump is planning to meet with intelligence community leaders next week to discuss the hacking episode, though he has shown little appetite to penalize Russia. “It’s time for our country to move on to bigger and better things,” he said Thursday, after Mr. Obama issued his executive order laying out the sanctions. In his comments Saturday, Mr. Trump reiterated his belief that others might be responsible for the cyberattacks.

http://www.wsj.com/articles/donald-trump-looks-to-press-intelligence-agencies-on-russia-cyberattack-claims-1483242263

Major cyber-attack on Turkish Energy Ministry claimed

“Many infiltration attempts to the systems controlling our transmission and electricity producing lines were determined and prevented. The infiltration attempts are indicators of a major sabotage preparation against Turkey’s national electricity network,” he added. Saying that the relevant institutions are taking necessary measures, the source noted that intelligence units had received intelligence on possible cyber-attacks on New Year’s Eve.

http://www.hurriyetdailynews.com/major-cyber-attack-on-turkish-energy-ministry-reported.aspx

Behind Russia’s Cyber Strategy

Cyberspace, wrote Gen. Gerasimov, “opens wide asymmetrical possibilities for reducing the fighting potential of the enemy.” […] In the 2013 article, Gen. Gerasimov elaborated on the Russian military’s desire to hone its hacking skills as an extension of conventional warfare and political conflict. Experts say that since then, Russia has used cyberattacks as part of its arsenal against neighboring countries and as a political weapon, Western officials and security researchers said.

http://www.wsj.com/articles/behind-russias-cyber-strategy-1483140188

Trump’s brilliant cybersecurity solution is to send messages by courier

“It’s very important, if you have something really important, write it out and have it delivered by courier, the old fashioned way because I’ll tell you what, no computer is safe. I don’t care what they say, no computer is safe. I have a boy who’s ten years old, he can do anything with a computer. You want something to really go without detection, write it out and have it sent by courier.”

http://mashable.com/2016/12/31/trump-cybersecurity-courier/#qWm.9RjDXkqj

Putin plays it cool, but Russia is worried about a US cyberattack

“The Russian president’s internet adviser, a guy named German Klimenko, was talking recently about trying to secure key infrastructure,” Maynes says. “They’re concerned about what US hacking might do to Russia’s banking sector [and] central bank, things like that.” “There was also recently the hacking of Vladislav Surkov’s email,” Maynes adds. “This is a key Putin adviser [who] currently has the Ukraine portfolio in Russia. It basically seemed to show the Kremlin was involved in stirring up trouble in east Ukraine, and had that plan in place quite a long time ago. And it was rather embarrassing.”

http://www.pri.org/stories/2016-12-30/putin-plays-it-cool-russia-worried-about-us-cyberattack

Drudge accuses US government of cyberattack

The accusation came just hours after President Obama unveiled sanctions on Russia for allegedly interfering with the U.S. presidential election. A secret CIA assessment reportedly concluded that Russia interfered in the election specifically to help President-elect Donald Trump. Russia and Trump have both denied it. Drudge and his website have been outspoken in backing Trump throughout his campaign.

http://thehill.com/media/312236-drudge-accuses-us-government-of-cyber-attack

Industrial Network Security [Book Review]

Securing an industrial network and the assets connected to it, although similar in many ways to standard enterprise information system security, presents several unique challenges. While the systems and networks used in industrial control systems (ICSs) are highly specialized, they are increasingly built upon common computing platforms using commercial operating systems.

http://searchsecurity.techtarget.com/feature/Industrial-Network-Security

Wondering What To Do With Your Law Degree, Consider Cybersecurity

Only 10% of the people in cyber-security are women. Recently Shelley disrupted herself, leaving IBM to join Protegrity, a data security company. She’s a Senior Vice President of Alliances & Field Operations. It’s not where law school usually leads, but it’s where she’s landed. It’s not where law school usually leads, but cyber-security is where Shelly Westman  landed.At IBM, Shelley formed a group called WISE (Women in Security Excelling). WISE now has over 800 members.

http://www.forbes.com/sites/whitneyjohnson/2016/12/30/wondering-what-to-do-with-your-law-degree-consider-cybersecurity/#6e97dc83141f

Trump must make cybersecurity a priority to keep America safe

Trump’s administration must also take part in public-private partnerships, in which government agencies such as the Commission on Enhancing National Cybersecurity and large cloud-based providers such as Google or Amazon work closely together to protect data and ensure the general public has the latest and best information on cybersecurity practices. Trump must also press for information sharing between intelligence communities, including outside the United States, to quickly identify and destroy hacker cells that target from afar.

http://thehill.com/blogs/pundits-blog/the-administration/312152-trump-must-make-cybersecurity-a-priority-to-keep

Fake News of Russian Cyberattack on Vermont Utility Goes Viral Before Truth Gets Its Boots On

Yet, it turns out this narrative was false, and as the chronology below will show, illustrates how effectively false and misleading news can ricochet through the global news echo chamber through the pages of top-tier newspapers that fail to properly verify their facts. From Russian hackers burrowed deep within the U.S. electrical grid, ready to plunge the nation into darkness at the flip of a switch, an hour and a half later the story suddenly became that a single non-grid laptop had a piece of malware on it and that the laptop was not connected to the utility grid in any way.

https://www.greentechmedia.com/articles/read/Fake-News-of-Russian-Cyber-Attack-On-Vermont-Utility-Goes-Viral-Before-Trut

Blockchain could facilitate exchange of threat intelligence among industries: Frost & Sullivan

“The setup of more Information Sharing and Analysis Centers (ISAC) will form platforms for both the private and private sector participants to share threat intelligence”, they added. “Blockchain may emerge as the technology to facilitate the exchange as it authenticates the trusted party to contribute, obfuscates the contributor’s detail with anonymity, and offers a tamper proof system that prevents unauthorized alteration of any data shared.”

http://www.econotimes.com/Blockchain-could-facilitate-exchange-of-threat-intelligence-among-industries-Frost-Sullivan-469504

Cyber Weapon Market – Global Industry Size, Share, Growth, Trends and Forecast Till 2021

Stringent regulations are thus being implemented to curb their use against the human race. This factor is likely to inhibit the market’s expansion to an extent. Nevertheless, in regions such as North America, governments are proactively investing in the development of advanced cyber weapons to protect their critical utilities. This will create new opportunities for growth for the market in the near future. According to TMR, the global cyber weapon market was valued at US$390 bn in 2014. Exhibiting a CAGR of 4.4%, the market is expected to reach US$521.87 bn by the end of 2021.

http://military-technologies.net/2017/01/02/cyber-weapon-market-global-industry-size-share-growth-trends-and-forecast-till-2021/

Military weighs expanded use of cyber, space weapons against ISIL

“If we want to be more agile then the reality is we are going to have to push decision authority down to some lower levels in certain areas,” Goldfein said during a December trip to this air base. “The big question that we’ve got to wrestle with … is the authorities to operate in cyber and space.” Capabilities in those two areas are among the military’s most closely held secrets, and their use now generally requires approval at the highest levels of government.

http://www.usatoday.com/story/news/world/2017/01/02/military-air-force-cyber-space-weapons-islamic-state/95970438/

Programmer finds way to liberate ransomware’d Google Smart TVs

Television production factory LG has saved Darren Cauthon’s new year by providing hidden reset instructions to liberate his Google TV from ransomware. The company initially demanded more money than the idiot box was worth to repair the TV and relented offering instructions for resetting the telly after Cauthon took to Twitter to express his displeasure. The infection came after the programmer’s wife downloaded an app to the TV promising free movies. Instead, it installed the ransomware, with a demand of US$500 to have the menace removed.

http://www.theregister.co.uk/2017/01/03/programmer_finds_way_to_liberate_ransomwared_google_smart_tvs/

Critical Updates — RCE Flaws Found in SwiftMailer, PhpMailer and ZendMail

A security researcher recently reported a critical vulnerability in one of the most popular open source PHP libraries used to send emails that allowed a remote attacker to execute arbitrary code in the context of the web server and compromise a web application. Disclosed by Polish security researcher Dawid Golunski of Legal Hackers, the issue (CVE-2016-10033) in PHPMailer used by more than 9 Million users worldwide was thought to be fixed with the release of version 5.2.18.

http://thehackernews.com/2017/01/phpmailer-swiftmailer-zendmail.html

Is an NSA contractor the next Snowden? In 2017, we hope to find out

While we do our best to cover a wide variety of civil and criminal cases, there are five that stand out to us in 2017. These cases range from privacy and encryption, to government-sanctioned hacking, to the future of drone law in America. […] Youngman touched on a concept that many Americans likely feel in their gut but has not been borne out in the legal system: property owners should be able to use force to keep unwanted drones out of their airspace. But here’s the thing: for now, American law does not recognize the concept of aerial trespass.

http://arstechnica.com/tech-policy/2016/12/in-2017-were-hoping-to-learn-whether-the-feds-can-nab-data-overseas/

Philippine Military Website Hacked and Defaced

Upon visiting the website, users were welcomed with a deface page displaying messages like “Surprise! Philippine Army you get Owned. I was bored so I thought of testing my skills on the US Army website Oh well, wrong target. I hacked Philippines Military and Army. Fix your security or I will be back. | Just a friendly defacement, your website security was good, but not good enough. Security is just an illusion, hacking is a talent, defacement is art.”

https://www.hackread.com/philippine-military-website-hacked-defaced/

//]]>