IT Security News Blast 1-9-2017

Foreign nation behind Anthem cyber breach, investigators say

The cyber attacker who breached more than 78 million Anthem consumer records in 2015 was acting on behalf of a foreign government, according to the California Department of Insurance. […] The team determined with a high degree of confidence the identity of the attacker and concluded with a medium degree of confidence that the attacker was acting on behalf of a foreign government, the department said. Notably, the exam team also advised that previous attacks associated with this foreign government have not resulted in personal information being transferred to non-state actors.

http://www.healthcarefinancenews.com/news/foreign-nation-behind-anthem-cyber-breach-investigators-say

US warns of ‘imminent’ cyberattack threat on electrical grid

“Widespread disruption of electric service because of a transmission failure initiated by a cyberattack at various points of entry could undermine U.S. lifeline networks, critical defense infrastructure and much of the economy; it could also endanger the health and safety of millions of citizens,” the DOE said in a massive 494-page report. “Also, natural gas plays an increasingly important role as fuel for the nation’s electricity system; a gas pipeline outage or malfunction due to a cyberattack could affect not only pipeline and related infrastructures, but also the reliability of the nation’s electricity system.”

https://www.cnet.com/news/us-warns-imminent-cyberattack-threat-on-electrical-grid/

Cyber attackers can make it impossible to call 911

[If] an attacker can manage to tie up all the available connections with malicious traffic, no legitimate information – like regular people browsing a website, or calling 911 in a real emergency – can make it through. This type of attack is most often done by spreading malware to a great many computers, infecting them so that they can be controlled remotely. Smartphones, which are after all just very small computers, can also be hijacked in this way. Then the attacker can tell them to inundate a particular site or phone number with traffic, effectively taking it offline.

http://www.salon.com/2017/01/07/cyber-attackers-can-make-it-impossible-to-call-911_partner/

Verizon-Yahoo Deal On The Ropes – Is Cyber Security Killing Deals?

Cyber security has trickled down to much smaller deals. Prospective buyers considering the purchase of any size business have to now add this component to their due diligence review process. Buyers need to be certain there are adequate systems in place, or potentially adjust their purchase prices to accommodate costs they will incur to implement them. Unfortunately, that may not be enough as costs can be staggering.

http://www.forbes.com/sites/richardparker/2017/01/05/verizon-yahoo-deal-on-the-ropes-is-cyber-security-killing-deals/#5b71ef2116b5

US designates election infrastructure as ‘critical’

The determination came after months of review and despite opposition from many states worried that the designation would lead to increased federal regulation or oversight on the many decentralized and locally run voting systems across the country. It was announced on the same day a declassified U.S. intelligence report said Russian President Vladimir Putin “ordered” an influence campaign in 2016 aimed at the U.S. presidential election.

http://www.foxnews.com/politics/2017/01/06/us-designates-election-infrastructure-as-critical.html

In 2017, real action on cybersecurity will happen after loss of life

The terrorist attacks of Sept. 11, 2001 sadly demonstrated that policy makers typically act on well-known security problems after people die and media outlets loudly broadcast the body count. For a decade prior to the 2001 event, a group of CIA officers tracked Osama Bin Laden and his organization. Despite their vigorous warnings to others in the US intelligence community, nothing was done to comprehensively address the problem until nearly 3,000 Americans died and the US government was embarrassed into taking the terrorism threat seriously. We are now seeing this pattern repeated with cybersecurity.

http://www.csoonline.com/article/3154937/critical-infrastructure/in-2017-real-action-on-cybersecurity-will-happen-after-loss-of-life.html

U.S. Reacting at Analog Pace to a Rising Digital Risk, Hacking Report Shows

The report, compiled by the F.B.I., the C.I.A. and the National Security Agency, makes no judgments about the decisions that the agencies or the White House made as evidence of Russian activity mounted. But to anyone who reads between the lines and knows a bit of the back story not included in the report, the long lag times between detection and reaction are stunning. The delays reveal fundamental problems with American cyberdefenses and deterrence that President-elect Donald J. Trump will begin to confront in two weeks, regardless of whether he continues to resist the report’s findings about Russia’s motives.

http://www.nytimes.com/2017/01/07/us/politics/us-reacting-at-analog-pace-to-a-rising-digital-risk-hacking-report-shows.html

Cyberwar for Sale

Hacking Team has fewer than 50 employees, but it has customers all over the world. According to internal documents, its espionage tool, which is called the Remote Control System, or R.C.S., can be licensed for as little as $200,000 a year — well within the budget of a provincial strongman. After it has been surreptitiously installed on a target’s computer or phone, the Remote Control System can invisibly eavesdrop on everything: text messages, emails, phone and Skype calls, location data and so on. Whereas the N.S.A.’s best-known programs grab data in transit from switching rooms and undersea cables, the R.C.S. acquires it at the source, right off a target’s device, before it can be encrypted.

http://www.nytimes.com/2017/01/04/magazine/cyberwar-for-sale.html?smid=tw-share

1 million cybersecurity job openings in 2017

For every cybersecurity grad, there’s a job. But that will only put a small dent in the number of entry- and lower-end positions which include titles such as information security analyst.Those people play important roles by monitoring screens of information displaying abnormalities and alerts, and other tasks. However, it’s the experienced mid-level to senior cybersecurity specialist positions that are the most daunting to fill.

http://www.csoonline.com/article/3155324/it-careers/1-million-cybersecurity-job-openings-in-2017.html

WikiLeaks proposes tracking verified Twitter users’ homes, families and finances

Asked by journalist Kevin Collier why it needed to build a database of dossiers, WikiLeaks replied that the database would be used as a “metric to understand influence networks based on proximity graphs.” But the proposal faced a sharp and swift backlash as technologists, journalists and security researchers slammed the idea as a “sinister” and dangerous abuse of power and privacy.

https://www.washingtonpost.com/news/the-switch/wp/2017/01/06/wikileaks-proposes-tracking-verified-twitter-users-homes-families-and-finances/

National Guard expects expanded role in cybersecurity

Citing the “growing investments in developing sophisticated cyber defense capabilities in the National Guard,” the commission suggested that “state legislatures should give serious consideration to providing governors with the necessary authorities and resources to train and equip the National Guard to serve their states and safeguard the public from malicious cyber activity.”

https://gcn.com/articles/2017/01/06/national-guard-cybersecurity.aspx

The JAR did more harm than good

The Joint Activity Report (JAR) on GRIZZLY STEPPE did far more harm than good.  I’ve had numerous clients of Rendition Infosec question me on what the indicators mean and whether they should be concerned. […] There are 876 IP addresses in the GRIZZLY STEPPE IOCs.  There are several from Amazon EC2, and absent a date of when those IPs were actively used by Russian hackers, they are useless.  Less than useless. My favorite IP address in the report though has to be 65.55.252.43.  This resolves to watson.telemetry.microsoft.com.  This makes it clear that nobody competent vetted the report.  Either that or someone at NCCIC has it out for Dr. Watson.

http://malwarejake.blogspot.com/2017/01/the-jar-did-more-harm-than-good.html

Was It a 400-Pound, 14-Year-Old Hacker, or Russia? Here’s Some of the Evidence

Over the course of a year, the SecureWorks team watched as over 5,000 Google accounts — mostly in Russia and states formerly in the Soviet Union — were targeted in the same manner. By searching for online profiles associated with the email addresses that had been attacked, the team was able to identify roughly half of the targets. They found that of the targets outside the former Soviet Union, most were government or military personnel, aerospace professionals, political activists, authors and journalists.

http://www.nytimes.com/interactive/2017/01/06/us/russian-hack-evidence.html?_r=1

CyberZeist’s claims to have hacked FBI’s website ‘are a hoax’

The Plone Security Team released an advisory announcing some previously planned updates. In the process, it refuted hacker CyberZeist’s claim of compromising the FBI’s website (fbi.gov) and publicly leaking personal account information of several FBI agents. […] In its advisory, the Plone Security Team said it will release a security update on January 17 to patch various vulnerabilities. Throwing cold water on CyberZeist’s claims, they said there’s no evidence that the issues to be fixed are being actively exploited.

https://nakedsecurity.sophos.com/2017/01/06/cyberzeists-claims-to-have-hacked-fbis-website-are-a-hoax/

A Secure Model of IoT with Blockchain

When someone wants to add a transaction to the chain, all the participants in the network will validate it. They do this by applying an algorithm to the transaction to verify its validity. What exactly is understood by “valid” is defined by the Blockchain system and can differ between systems. Then it is up to a majority of the participants to agree that the transaction is valid.

https://www.bbvaopenmind.com/en/a-secure-model-of-iot-with-blockchain/

Researcher Finds Data Breach of U.S. Special Operations Employees

Cybersecurity researcher Chris Vickery realized last week that he had just discovered a data breach exposing the personal information of dozens of men and women who go to work daily on military bases and work directly with U.S. special operations forces. He contacted the principals of the private subcontractor involved to alert them that their online data was vulnerable.

http://www.govtech.com/security/Researcher-Finds-Data-Breach-of-US-Special-Operations-Employees.html

US Air Force Creates Group to Recruit Cyber Nerds for Weapons Programs

Like the Pentagon’s Defense Digital Service (DDS) before it, the Air Force Digital Service (AFDS) will recruit engineers from the private sector for short-term stints working for the service, said Air Force Secretary Deborah Lee James, who jokingly called the group the “nerd cyber swat team.” The hope is that the group will bring in innovative new ideas and practices that can help the service smooth out longstanding issues on key programs.

http://www.defensenews.com/articles/air-force-creates-new-group-to-recuit-cyber-nerds-for-weapons-programs

A New Era of Mass Surveillance is Emerging Across Europe

The same political leaders and legislators that once rebuked the NSA on the ethics of its mass surveillance practices, seem to now be taking a page out of the NSA’s playbook. This post surveys these three national legal frameworks, highlighting their troubling similarities, with the aim of showing how legislators from these countries are treading a dangerous line of surveillance expansion and overreach, paving the way for more European countries to follow in their footsteps.

https://www.justsecurity.org/36098/era-mass-surveillance-emerging-europe/

Insurers tap cyber security ratings to limit liabilities

A new generation of cyber security start-ups is trying to solve this problem of a widespread attack, helping insurers analyse the risk of writing cyber security policies for individual companies, how to price them and how to balance their portfolio so they do not accidentally insure the cyber equivalent of all the houses in Florida. With the market for cyber insurance predicted to grow to more than $20bn by 2025, according to forecasts by Allianz, insurers are looking for help to understand the fast-changing threat from hackers.

https://www.ft.com/content/1cfd5d28-c26f-11e6-81c2-f57d90f6741a