IT Security News Blast 1-6-2017

Hacktastrophe: How cyber-attacks on critical U.S. infrastructure could lead to catastrophic property loss

Hackers have proven they can seize control over governmental and industrial computer systems and manipulate them to cause tangible—and substantial—real-world property damage. Armed with the ability to cause real-world property damage, sophisticated computer criminals will undoubtedly target the systems of critical, and vulnerable, U.S. infrastructure operations, looking to cause catastrophe-level property destruction. They could be successful.

http://www.jdsupra.com/legalnews/hacktastrophe-how-cyber-attacks-on-79384/

Ransomware took in $1 billion in 2016–improved defenses may not be enough to stem the tide

That includes more than $50 million each for three wallets associated with the Locky ransomware, and a fourth one that processed close to $70 million. Cryptowall brought in close to $100 million before it was shut down this year. CryptXXX gathered in $73 million during the second half of 2016, and Cerber took in $54 million, the expert said. […] “The $1 billion number isn’t at all unreasonable and might even be low,” confirmed Mark Nunnikhoven, vice president of cloud research at Trend Micro.

http://www.csoonline.com/article/3154714/security/ransomware-took-in-1-billion-in-2016-improved-defenses-may-not-be-enough-to-stem-the-tide.html

Hackers devising new ways to extract personal information, study

The finding, the researchers attest, illustrates a security risk easily exploited by attackers who prey on the fact that personnel are too often easily enticed into providing confidential information that could open doors for the attackers to enter the company network. The study also pointed up the fact that many employees show little awareness of the security risks of using social media. More than a third of respondents (37 percent) said they take no action to check or verify the identity of people they are connecting with online.

https://www.scmagazine.com/hackers-devising-new-ways-to-extract-personal-information-study/article/629903/

Unsecure routers, webcams prompt feds to sue D-Link

“Defendants have failed to take reasonable steps to protect their routers and IP cameras from widely known and reasonably foreseeable risks of unauthorized access, including by failing to protect against flaws which the Open Web Application Security Project has ranked among the most critical and widespread web application vulnerabilities since at least 2007,” the FTC said in a complaint (PDF) filed in San Francisco federal court. The commission’s move comes 11 months after the agency settled with Asus over its insecure routers that allowed attackers to remotely log in to them and, depending on user configurations, change security settings or access files stored on connected devices.

http://arstechnica.com/tech-policy/2017/01/unsecure-routers-webcams-prompt-feds-to-sue-d-link/

Netgear launches Bug Bounty program; offering lucrative rewards

The company has presented 2 types of security flaw disclosure programs namely Kudos Program and Cash Reward Program. The Kudos Program will offer reward in points and is strictly limited to issues pertaining to the latest version of the software. The Cash Reward Program offers reward in US Dollars and involves identification of security vulnerabilities in some of their products. Participants are required to report bugs as soon as they are identified; the bugs may be used in the form of chain submission at any time in the next 6 months.

https://www.hackread.com/netgear-launches-bug-bounty-program/

U.S. spy chief ‘resolute’ on Russia cyber attack, differs with Trump

James Clapper, the director of national intelligence, said he had a very high level of confidence that Russia hacked Democratic Party and campaign staff email, and disseminated propaganda and fake news aimed at the Nov. 8 election. “Our assessment now is even more resolute than it was” on Oct. 7 when the government first publicly accused Russia, Clapper told a hearing of the Senate Armed Services Committee. He said motives for the attack would be made public next week.

http://www.reuters.com/article/us-usa-russia-cyber-clapper-idUSKBN14P0G5

Are you ready for a state-sponsored cyber attack?

Geopolitical tensions ensure that 2017 will be another big year for state-sponsored cyber attacks.  The lethality of state-sponsored attacks derives from their ability to bypass security point products by combining device, network and data center vulnerabilities into an integrated assault.  Another aspect of state-sponsored cyber attacks is their willingness to patiently creep from organization to organization to get to their target.

https://ctovision.com/ready-state-sponsored-cyber-attack/

Police investigating possible cyber threat against Hydro One

A cyber attack on an archaic, unused IP address at Hydro One could be part of a broader hacking campaign, security experts say. Rick Haier, chief security officer of Hydro One, said the electricity provider was contacted by the RCMP on Dec. 29, alerting them to an IP address in their system that had been targeted by hackers.

https://www.thestar.com/business/2017/01/04/police-investigating-possible-cyber-threat-against-hydro-one.html

backdoorme

Tools like metasploit are great for exploiting computers, but what happens after you’ve gained access to a computer? Backdoorme answers that question by unleashing a slew of backdoors to establish persistence over long periods of time. Once an SSH connection has been established with the target, Backdoorme’s strengths can come to fruition. Unfortunately, Backdoorme is not a tool to gain root access – only keep that access once it has been gained. Please only use Backdoorme with explicit permission – please don’t hack without asking.

https://github.com/Kkevsterrr/backdoorme

‘The internet will shut down for 24 hours in 2017 causing financial markets to crash’

“The power of influence is starting to shift away from mainstream news outlets, and I don’t think that is something those mainstream outlets can afford to let happen. They will respond to the fake news threat by trying to implement some level of media control that will likely take it a little too far,” he said. “I think hackers, in the name of protecting our freedom of speech, will retaliate by knocking down a major media outlet or two.”

https://www.rt.com/business/372707-internet-shut-down-2017/

Who’s hacking your network?

The cybercrime rate’s going up, up, up, up, up. Cybercrime damages were predicted to cost the world $6 trillion annually by 2021, up from $3 trillion in 2015, according to a recent CSO story. So, who’s committing the the hacks? Hackers have morphed from the lone wolf wearing a hoodie and sitting behind a computer — to a garden variety of cyber intruders and perpetrators wearing anything from T-shirts and flip-flops, to dark suits and wing-tips, to military garb, according to Cybersecurity Ventures’ annual cybercrime report.

http://www.cio.com/article/3154207/security/whos-hacking-your-network.html

U.S. Intelligence Chiefs Dispute Trump Over Russian Hacking

In a joint statement to the Senate Armed Services Committee, Director of National Intelligence James Clapper, Undersecretary of Defense for Intelligence Marcel Lettre and National Security Agency Director Admiral Michael Rogers said they stood by the intelligence community’s Oct. 7 finding that Russia interfered with U.S. political institutions last year. The three officials testified Thursday at a committee hearing on foreign cyber threats. Rogers is a finalist for Trump’s pick for the director of national intelligence.

https://www.bloomberg.com/news/articles/2017-01-05/top-u-s-intel-officials-dispute-trump-s-doubts-on-russian-hacks

Our cybersecurity policies are failing us. It’s time to fix them.

Today’s criminals are fighting a 21st century war, attacking our critical infrastructure and financial systems using unconventional techniques, while we defend ourselves with antiquated methods. Pins, tokens, passwords, IP verification, device authentication, physical biometrics and even multi-factor authentication can all be bypassed. We know this because today’s fraud comes from authenticated sessions that are taken over post-login. Instead of being a step ahead of the fraudsters, we are a step behind.

http://thehill.com/blogs/pundits-blog/technology/312724-our-cybersecurity-policies-are-failing-us-its-time-to-fix-them

2017: The year of cybersecurity scale

Yup, EPS growth will continue, but cybersecurity scale is about to hit an exponential curve, driven by things such as:

  • Cloud utilization
  • IoT
  • Network growth
  • Digital transformation applications

http://www.networkworld.com/article/3154813/security/2017-the-year-of-cybersecurity-scale.html

The Cybersecurity Industry Meets Connectivity Challenges

As the connected network becomes more and more widespread, the cybersecurity industry is reacting to the vulnerabilities and evolving to keep pace. A large part of the refocusing going on is the forming of new partnerships across industry lines. The cybersecurity industry alone can’t possibly implement new security measures and requirements, or reach each individual connected device user and prepare them for potential cyberattacks.

https://www.pastemagazine.com/articles/2017/01/the-cybersecurity-industry-meets-connectivity-chal.html

US intelligence: 30 countries building cyber attack capabilities

More than 30 countries are developing offensive cyber attack capabilities, according to US intelligence chiefs. They warn that cyber attacks against critical infrastructure and information networks will give attackers a means of bypassing traditional defence measures. The warning came in a joint statement by US director of National Security James Clapper, undersecretary of defense for intelligence Marcel Lettre, and NSA and US Cyber Command director Admiral Mike Rogers, at a hearing on foreign cyber threats by the Senate Armed Services Committee.

http://www.zdnet.com/article/us-intelligence-30-countries-building-cyber-attack-capabilities/

Cyber Beyond Third Offset: A Call for Warfighter-Led Innovation

As the Obama administration comes to an end, so does the innovation-focused tenure of Ashton Carter as secretary of defense. Under his leadership and the guiding precepts of the third offset, the Department of Defense initiated a series of Silicon Valley-inspired innovations. From chief innovation officers to the Strategic Capabilities Office and Defense Innovation Unit-Experimental, Carter’s Pentagon has focused on institutionalizing innovation. Unfortunately and as many other commentators have noted, this focus on top-down innovation may have unwittingly created innovation architectures that bypass the warfighter.

https://warontherocks.com/2017/01/cyber-beyond-third-offset-a-call-for-warfighter-led-innovation/

Hope for global cyber norms struggles following Russian hacking allegations

Michael McFaul, former ambassador to Russia in the Obama administration told The Atlantic that the recent set of sanctions won’t really damage their targets, but noted that was not the intention. “The intention is to exact a cost and to attribute this attack to those entities and those individuals,” he said. Senate Armed Services Committee Chairman John McCain, R-Ariz., and Sen. Lindsey Graham, R-S.C., in a joint statement called the punitive measure “a small price for Russia to pay for its brazen attack on American democracy.”

http://www.c4isrnet.com/articles/hope-for-global-cyber-norms-struggles-following-russian-hacking-allegations

KillDisk cyber sabotage tool evolves into ransomware

What’s even more interesting is that there’s also a Linux variant of KillDisk that can infect both desktop and server systems, the ESET researchers said Thursday in blog post. The encryption routine and algorithms are different between the Windows and the Linux versions, and on Linux, there’s another catch: The encryption keys are neither saved locally nor sent to a command-and-control server, and the attackers can’t actually get to them.

http://www.csoonline.com/article/3155245/security/killdisk-cyber-sabotage-tool-evolves-into-ransomware.html

Android banking trojan mimics 50 banking apps

The bot targets Android devices and can even enable attackers to prevent victims from receiving bank alerts of any unusual activities or transactions and the trojan is also able to intercept victim’s SMS messages, according to The Sun Online. People who visit porn sites on their mobile devices are particularly at risk because they could be fooled into downloading and installing the software, according to the publication.

https://www.scmagazine.com/russian-bot-modified-to-mimic-banking-apps-to-steal-credentials/article/629768/