IT Security News Blast 2-14-2017

University attacked by its own vending machines, smart light bulbs & 5,000 IoT devices

Of the thousands of domains requested, only 15 distinct IP addresses were returned. Four of these IP addresses and close to 100 of the domains appeared in recent indicator lists for an emergent IoT botnet. This botnet spread from device to device by brute forcing default and weak passwords. Once the password was known, the malware had full control of the device and would check in with command infrastructure for updates and change the device’s password—locking us out of the 5,000 systems.

http://www.networkworld.com/article/3168763/security/university-attacked-by-its-own-vending-machines-smart-light-bulbs-and-5-000-iot-devices.html

Experts worried about ransomware hitting critical infrastructure

Expect ransomware to grow more aggressive in the coming years, including higher ransom payments and attempts to go beyond attacking data — by shutting down entire computer systems to utilities or factories. “I see no reason for ransomware to stop,” said Neil Jenkins, an official with the U.S. Department of Homeland Security. “It’s shown to be effective.”

http://www.csoonline.com/article/3169584/security/experts-worried-about-ransomware-hitting-critical-infrastructure.html

‘Internet of Evil Things’ challenges security pros

What was once a straightforward mission for IT security – understanding assets and what they’re connected to, as well as keeping them partitioned from the outside world – has grown more complex with the rise of connected devices brought into the workplace not only by employees but also other outsiders, like business partners and visitors. And top management, by and large, has broken from its previously more conservative stand on personal devices, now pressuring security pros to allow and support them in the enterprise’s milieu to increase productivity and allow a more fluid flow of business environment.

https://www.scmagazine.com/internet-of-evil-things-challenges-security-pros/article/637660/

‘Shock And Awe’ Ransomware Attacks Multiply

Ransomware is rising dramatically, growing by a rate of 167 times year over year, according to SonicWall, with some 638 million attack attempts in 2016, up from 4 million the previous year. Kaspersky Lab data as of last October shows there’s a ransomware attack every 40 seconds. […] He describes their brazen demands and attacks as a “shock-and-awe” approach that’s catching fire among cybercriminals hoping to more efficiently strong-arm their victims and potentially cash out more quickly.

http://www.darkreading.com/attacks-breaches/shock-and-awe-ransomware-attacks-multiply/d/d-id/1328124?

Most Americans with knowledge of employer’s cybersecurity wouldn’t want to be a customer

Today Kaspersky Lab and HackerOne released the report, “Hacking America: Cybersecurity Perception.” Some of its revelations include that most Americans wouldn’t want to be a customer of their employers since they don’t trust their employers to protect their personal data; also, almost half the people surveyed think America is more vulnerable to cyber-espionage/nation-sponsored cyberattacks with Donald Trump as president.

http://www.networkworld.com/article/3168042/security/most-americans-with-knowledge-of-employers-cybersecurity-wouldnt-want-to-be-a-customer.html

Open Databases a Juicy Extortion Target

Security researchers at Rapid7 estimate that 50 percent of the 56,000 vulnerable MongoDB servers have been ransomed. When it comes to similar misconfigured databases; 58 percent of the 18,000 vulnerable Elasticsearch servers have been ransomed and of the 4,500 CouchDB servers vulnerable 10 percent have been ransomed. “It’s about the path of least resistance for hackers interested in the biggest potential reward,” said Bob Rudis, chief data security officer at Rapid7. “Hackers have decided it’s easier to end-run an enterprise’s multi-million dollar security system and instead simply target an open server.”

https://threatpost.com/open-databases-a-juicy-extortion-target/123688/

Firms split on who handles aftermath of cyber-attacks

The study by BAE Systems suggests senior managers expect IT staff to deal with data breaches, but technology bosses feel it should be board members. The confusion could make firms more vulnerable to attacks, said BAE. Both camps also had widely different estimates of how much a breach could cost, according to the research. “Both sides seem to think that its the other’s responsibility when it comes to a successful breach and that reflects a gap in understanding,” said Dr Adrian Nish, head of the cyber-threat intelligence unit at BAE Systems.

http://www.bbc.com/news/technology-38907073

Is breach mitigation the next wave of cybersecurity regulation?

One key element of the EU GDPR is the requirement, in certain circumstances, for firms to designate a data protection officer (DPO). This position, which must be in place by the law’s effective date, can be either an employee with a significant level of expertise or a contractor. Some in the industry are already worrying about the limited talent pool for this key position, and the importance of early recruitment so the DPO can guide an organization through preparations for the GDPR’s quickly approaching effective date.

http://www.lexology.com/library/detail.aspx

You Can’t Hire Your Way Out of a Skills Shortage … Yet

In 2015, 89% of cybersecurity job postings went unfilled due to the high standards that companies imposed for entry and midlevel positions, according to a CareerBuilder survey. Not enough job applicants had the necessary skills and/or certifications that hiring managers were looking for in potential new employees. The problem is perfect cybersecurity workers don’t exist — or if they do, they’re employed elsewhere.

http://www.darkreading.com/careers-and-people/you-cant-hire-your-way-out-of-a-skills-shortage–yet/a/d-id/1328113?

Security skills gap? What security skills gap?

Network security specialists are still highly sought after no matter where you look: it’s the most wanted skill set in Israel, Ireland, the UK, the US and Germany. In the UK, network security is 223.1% more in demand than the next skill set of mobile security; in Germany it’s 83.1% more requested than identity and access management, and in the US, it’s 210.8% more in demand than application security. In some places, supply outstrips demand. In the third quarter of 2016, job seeker interest for the coveted CISO role in the USA outstripped available roles by a factor of more than two to one.

https://www.helpnetsecurity.com/2017/02/13/security-skills-gap/

Paranoid’ Republicans flock to app that wipes conversations

A little-known messaging app that automatically erases all conversations has reportedly taken off among “paranoid” US politicians, including members of the Trump administration. […] In today’s febrile Washington, it’s not hard to fathom why insiders might be flock to this model given the ever-present threat of hackers crawling into government and party servers looking for kompromat. In a world where off-the-cuff email banter can be “weaponized” by opponents at any moment, talk is no longer cheap and cheerful.

https://nakedsecurity.sophos.com/2017/02/13/paranoid-republicans-flock-to-app-that-wipes-conversations/

State-sponsored hackers targeting prominent journalists, Google warns

“The fact that all this started right after the election suggests to me that journalists are the next wave to be targeted by state-sponsored hackers in the way that Democrats were during it,” said one journalist who got the warning. “I worry that the outcome is going to be the same: Someone, somewhere, is going to get hacked, and then the contents of their gmail will be weaponized against them — and by extension all media.”

http://www.politico.com/story/2017/02/google-hackers-russia-journalists-234859

Australia to get data breach notification regime

Under the legislation an eligible data breach is “is unauthorised access to, unauthorised disclosure of, or loss of, personal information held by an entity” where “the access, disclosure or loss is likely to result in serious harm to any of the individuals to whom the information relates”. The notification regime created by the legislation will cover most Australian government agencies, businesses with an annual turnover in excess of $3 million, and some smaller organisations (such those that handle health data).

http://www.computerworld.com.au/article/614151/australia-get-data-breach-notification-regime/

NARUC Release of Cybersecurity Guidelines should have Utility Companies on High Alert

In light of increasing threats, state and federal regulators are developing guidance documents, and several state public utility regulators have prepared cybersecurity action plans, such as Connecticut. The American Water Works Association (“AWWA”) also recently released guidance for water utilities regarding the protection of systems infrastructure. This momentum is likely to lead to increasingly stringent regulatory requirements regarding cybersecurity plans, policies, and practices for public utilities in the United States.

http://www.lexology.com/library/detail.aspx?g=b5f9275a-71a4-42b2-bbc1-74ee439fe13a

US-born NASA scientist says he was told to unlock his phone at border

Sidd Bikkannavar said in a post on social media that US Customs and Border Protection officers wanted his cell phone — and password — before they would let him through at Houston’s George Bush Intercontinental Airport. […] “Just to be clear — I’m a US-born citizen and NASA engineer, traveling with a valid US passport. Once they took both my phone and the access PIN, they returned me to the holding area with cots and other sleeping detainees until they finished copying my data.”

http://www.cnn.com/2017/02/13/us/citizen-nasa-engineer-detained-at-border-trnd/index.html

Insurers turn to outsourcing to shore up data security

Two-thirds of insurers have increased the amount of outsourcing they use to combat cyber threats in the past two years, as the number of threats rises, according to a Moody’s survey of 50 insurance carriers. Leveraging third parties that specialize in security to assist means that insurers are protected against turnover among their in-house security staff, and can be generally assured that the latest risks and solutions are at their disposal, Moody’s says. The typical insurer employs about 10 different cybersecurity vendors, according to the survey.

http://www.insurancenetworking.com/news/security-risk/insurers-turn-to-outsourcing-to-shore-up-data-security-38018-1.html

How Vladimir Putin and Russia are using cyber attacks and fake news to try to rig three major European elections this year

Officials and security officers in France, Germany, and the Netherlands have agreed to share information as they brace for “influence operations,” including the leaking of hacked emails and using internet bots to spread fake or misleading news on social media, in the run up to presidential and general elections this year. “[It is] a way not to convince people, but to confuse them, not to provide an alternative viewpoint, but to divide public opinion and to ultimately undermine our ability to understand what is going on.”

http://www.telegraph.co.uk/news/2017/02/13/vladimir-putin-russia-using-cyber-attacks-fake-news-try-rig/

7 Best Encrypted Email Services That You Can Use

Here are some of the dangers that you get exposed to when you are using your ordinary email communication service.

  • The emails that you send and receive are not encrypted. Since the messages are not encrypted, it means that a hacker who successfully accesses the messages can read them.
  • It is easy for third parties to access your messages. In this case, government spies and cyber criminals can access the emails that you send and receive via your standard service.
  • Your ISP stores copies of the emails that you send and receive. Because of your ISP stores copies of your messages for some time, it means that you cannot be sure about your privacy when you are using standard email services.

https://www.hackread.com/7-best-encrypted-email-services-can-use/

Expert: Line between cyber crooks and cyber spies getting more blurry

Cybercriminals acting on behalf of national governments and nation-backed espionage agents carrying out cybercrimes for cash on the side is the future of security threats facing corporations and governments, says the former top U.S. attorney in charge of the Department of Justice’s national security division. “I think this blending of criminal and national security, whether it’s terrorists or state actors moonlighting as crooks or state actors using criminal groups as a way to distance themselves from the action, I think that is a trend that we saw increasing that’s just going to continue to increase over the next three to five years[.]”

http://www.csoonline.com/article/3169304/security/expert-line-between-cyber-crooks-and-cyber-spies-getting-more-blurry.html

Windows 10 will soon have a very different security system

WDATP offers a new post-breach layer of protection to the Windows 10 security stack, as well as a cloud service to help detect threats that have made it past other defenses and trace how far they penetrated into the enterprise. With the upcoming Windows 10 Creators Update, Microsoft will allow organizations to add customized detection rules and provide the ability to perform what it called “time travel” detections with every new detection added across six months of historical data.

http://www.networkworld.com/article/3169287/windows/windows-10-will-soon-have-a-very-different-security-system.html

//]]>