IT Security News Blast 2-1-2017

Privacy worries are on the rise, new poll of U.S. consumers shows

Younger consumers, aged 18 to 35, were more concerned for their privacy than older consumers, aged 36 to 50, the survey found. The younger age group also had a 56% likelihood of switching business providers based on an impending hacker threat, compared to 53% for the older group. Meanwhile, women were more likely to switch than men, by a difference of 8 percentage points, for an impending hacker threat. If a breach affected them directly, 78% of all consumers said they would switch to another business from the one where the breach occurred.

http://www.csoonline.com/article/3163062/privacy/privacy-worries-are-on-the-rise-new-poll-of-u-s-consumers-shows.html

Don’t Let Cybercriminals Infiltrate Your Practice

The survey provides the viewpoints of people responsible for, or involved with, digital security at hospitals and hospitals’ partners. As a leader of a medical group, you cannot say, “‘That’s not me or my problem.” If anything, a medical group has more to worry about. […] If your group is hacked and patients’ credit card information, social security numbers, and/or birthdates are taken, the Ponemon Institute estimates the cost of recovery to be more than $200 per record. […] The National Cyber Security Alliance reports that as much as 60 percent of small and medium-sized businesses that experience a data breach go out of business after six months.

http://www.diagnosticimaging.com/blog/dont-let-cybercriminals-infiltrate-your-practice

40+ Intentionally Vulnerable Websites To (Legally) Practice Your Hacking Skills

So how do practice your hacking skills whilst staying on the right side of the law? Well there are a number of deliberately vulnerable websites out there designed to allow you to practise and hone your hacking skills, without fear of prosecution. So we’ve decided to compile a list of over forty of them, each with short description.

https://www.bonkersabouttech.com/security/40-plus-list-of-intentionally-vulnerable-websites-to-practice-your-hacking-skills/392

The Internet Is Mostly Bots

Spambots show up in comment sections and Twitter bots clog people’s timelines with everything from marketing, to political campaigning, to social activism, to utter nonsense. These sorts of bots aren’t always pleasant, but they aren’t outright dangerous. For the real villains, we turn to impersonator bots used for DDoS attacks. They accounted for about 24 percent of overall web traffic last year. Top offenders in this category included Nitol malware, a bot called Cyclone meant to mimic Google’s good search-ranking bots, and Mirai malware—a virus that caused mass internet disruptions in the United States in October.

https://www.theatlantic.com/technology/archive/2017/01/bots-bots-bots/515043/

Cocker Hill’s PD held to ransom by hackers; crucial digital evidence lost

As per the reports, the Police department of Cocker Hill lost digital data from as far as the year 2009 and officials suspect that Russian cyber-criminals are involved in the attack. The attack occurred in December 2016 and was identified on 12th of the same month. The malware was “introduced onto the network from a spam email that had come from a cloned email address imitating a department-issued email address,” as stated in the official press release. Police chief Stephen Barlag said that after being compromised the department lost evidence that included “all body cam video, some photos, some in-car video, and some police department surveillance video were lost.”

https://www.hackread.com/cocker-hills-pd-held-to-ransom-crucial-evidence-lost/

Report: Attack numbers fell last quarter, but attacks were more targeted and sophisticated

Instead of general-purpose exploit kits and broad scanning, the attackers are zeroing in on specific targets, he said. “If I can get access to your systems and start doing things that appear authorized, it’s not going to trigger alerts and I can get more information,” he said. That requires a more sophisticated approach, and has a higher potential payoff. “If I’m in your network for half a year, I’m going to do a lot more damage to your environment, than a quick $20,000 ransomware hit,” he said. “But I still want that $20,000 hit.”

http://www.csoonline.com/article/3163232/advanced-persistent-threats/report-attack-numbers-fell-last-quarter-but-attacks-were-more-targeted-and-sophisticated.html

Why You’re Doing Cybersecurity Risk Measurement Wrong

In the book How to Measure Anything in Cybersecurity Risk by Hubbard & Seiersen, the method for evaluating risk is, and I’m paraphrasing, identifying likelihood using modeling principles, and impact using cost estimation and the CIA (Confidentiality, Integrity and Availability) model.  Here’s where it gets more complicated: evaluating current and future risk requires accounting for people … and people make everything harder. A good risk analysis should account for risky behaviors by users, administrators, and security personnel, both before and after you make the change.

http://www.darkreading.com/risk/why-youre-doing-cybersecurity-risk-measurement-wrong-/a/d-id/1328003

Trump’s draft cybersecurity policy has no role for FBI

A proposed White House cybersecurity policy would empower the federal government to take a greater role in protecting the nation’s digital infrastructure, much of which is in private hands. But a draft copy of an executive order on the issue is also notable, observers say, because beyond its calls to “decisively shape cyberspace” it diminishes the role of once-key players, such as the FBI, and makes no mention of protecting election systems. Nor does it go as far as the Republican Party platform approved last July, which sought to enshrine the right of citizens to “hack back” and take other offensive digital measures.

http://www.star-telegram.com/news/nation-world/national/article129648539.html

Trump order may give Pentagon bigger role in civilian cybersecurity

Draft versions of the order that have leaked have elevated the Pentagon to a co-equal role with DHS over cybersecurity, which would give the military, with its capabilities and interests in surveillance, a deeper role into civilian digital protection than ever before. Officials suggested the order would be significantly different from the draft. But as of Monday night, senior DHS officials had yet to see a finalized order, the Guardian has learned, though drafts have circulated within the department.

https://www.theguardian.com/us-news/2017/jan/31/trump-cybersecurity-order-pentagon-surveillance

Decoding the 2017 NDAA’s Provisions on DoD Cyber Operations

In the most recent legislation authorizing the activities of the Department of Defense, Congress was particularly proactive in its approach to military cyber operations. Provisions of the Fiscal Year 2017 National Defense Authorization Act (NDAA), recently signed into law, will affect how the military organizes for and conducts cyber operations, in ways large and small. In this post, we examine some of the most important provisions that the Trump Administration must grapple with during its first year in office.

https://www.lawfareblog.com/decoding-2017-ndaas-provisions-dod-cyber-operations

Are America’s Airlines Under Cyber Attack?

But there are two things that could lead one to wonder if there’s more to this than meets the eye. The first is that Delta isn’t just some guy like me sitting at home who doesn’t know a thing about computers. It has 83,000 employees. It generates over $40 billion worth of revenue each year. The point is, Delta has plenty of resources to ensure that its systems don’t just “stop working.” The second piece of the puzzle is that Delta’s issues come one week after a similarly ambiguous glitch brought down the computer system at United Airlines[.]

http://www.nasdaq.com/article/are-americas-airlines-under-cyber-attack-cm740558

Czech Ministry Suffered Cyber-Attack Possibly From Foreign State

No classified data was stolen during the attacks, which took several weeks, Foreign Minister Lubomir Zaoralek said Tuesday. The servers containing sensitive communications were physically separate from those that were breached, he said. “The character of the attack was very sophisticated,” Zaoralek said, citing Czech cyber-warfare experts. “In their view, it must have been conducted by some foreign state — from abroad. They also said that the method of the attack very much resembled attacks against the internet system of the Democratic Party in the U.S.”

https://www.bloomberg.com/news/articles/2017-01-31/czech-ministry-suffered-cyber-attack-possibly-from-foreign-state

Insurers prepare for worst: cyber attack followed by a hurricane

A total of 17 insurers and brokers including Hiscox, Aon, RSA and Lloyd’s took part in the voluntary exercise, which was set up to probe the industry’s operational readiness as much as the financial consequences of the loss. The results showed that the industry believes it is well prepared financially for such a catastrophe. […] But the test also found that some long-held assumptions about the consequences of big losses are no longer valid. For example, the insurers acknowledged that they could no longer be sure that hefty price increases would follow large claims.

https://www.ft.com/content/128b22e8-e705-11e6-967b-c88452263daf

Politicians should stay out of cybersecurity market

Because the cybersecurity environment is constantly evolving, even companies with cyber insurance must assess their preparedness on an ongoing basis and meet benchmark security requirements to guarantee their policies will be renewed. In this way, firms are encouraged to engage with cyber security in a continuous and proactive way. The same cannot be said of prescriptive government standards. When commercial interests align, what you get are better cybersecurity practices.

http://thehill.com/blogs/pundits-blog/technology/317074-politicians-should-stay-out-of-cybersecurity-market

Russian cybersecurity experts suspected of treason linked to CIA

Over the weekend the New York Times cited one former and one current US official as saying human intelligence had played a major role in helping US authorities determine that Russia was behind the hacking. The publicly released version of the official report was largely free of real evidence to back up its conclusions, though if Russian sources were involved, it is understandable this would not be made public.

https://www.theguardian.com/world/2017/jan/31/russian-cybersecurity-experts-face-treason-charges-cia

Three Russian cyber arrests, one suspicious death, and a new twist in the US election hack

Russian media suggest that one or more of the trio either leaked details of Russia’s role directly to American intelligence, or to Christopher Steele, the former British spy believed to have compiled the so-called Trump dossier. The dossier is a 35-page memo that suggested various links between Trump and Russia, involving information that allegedly made him vulnerable to extortion.

https://qz.com/898168/three-russian-cyber-arrests-one-suspicious-death-and-a-new-twist-in-the-us-election-hack/

Another Radio Station Transmission hacked with F*** Donald Trump Songs

The targeted radio station was Sunny 107.9 WFBS-LPFM who acknowledged the hack in a Facebook post revealing that their Internet at the transmitter site was hacked pushing the station to play anti-Trump songs. Another user on Facebook told HackRead that the station played YG and Nipsey Hussle’s FDT (F*** Donald Trump) and Fiona Apple’s “Tiny Hands” song.

https://www.hackread.com/radio-station-transmission-hacked-anti-trump-songs/

Cisco: Spam is making a big-time comeback

It accounts for 65% of all corporate email among customers who opted in to let the company gather data via telemetry in Cisco gear. Whereas spam had been knocked down as a threat in 2010 and kept at relatively low levels through 2015, it made a surge in 2016. In 2010, Cisco recorded 5,000 spam messages being sent per second. That number stayed generally below 1,500 for the next five years, spiking to about 2,000 briefly in 2014. But in 2016 it leaped to more than 3,000.

http://www.networkworld.com/article/3163250/security/cisco-spam-is-making-a-big-time-comeback.html

2.5 million XBOX 360 and PSP ISO forum accounts breached

The breaches occurred approximately around September 2015 and compromised email addresses, account passwords and IP addresses, according to independent researcher Troy Hunt. Gamers who use the accounts are advised to reset the passwords for all of their gaming accounts. Although the breach may have affected a great deal of gamers, some researchers believe the gaming community may not be hit as hard as by the breach as some would think.

https://www.scmagazine.com/xbox-and-psp-forum-accounts-breached/article/635024/

Spanish Police Claim to Have Arrested Phineas Fisher – Hacking Team Hacker

Phineas Fisher gained international fame after he hacked the Gamma Group in 2014 and then the Hacking Team in 2015, two companies that sold surveillance software (spyware) to governments around the globe, including many oppressive regimes. The hacker leaked troves of sensitive data from both companies, exposing internal communications, hacking tools, exploits, and the source code of their surveillance software. Just like in the SEM case, Phineas Fisher published a step-by-step account about how he hacked Hacking Team.

https://www.bleepingcomputer.com/news/security/spanish-police-claim-to-have-arrested-phineas-fisher-hacking-team-hacker/