IT Security News Blast 2-17-2017

This Ransomware Malware Could Poison Your Water Supply If Not Paid

GIT researchers created a proof-of-concept ransomware that, in a simulated environment, was able to gain control of a water treatment plant and threaten to shut off the entire water supply or poison the city’s water by increasing the amount of chlorine in it. Dubbed LogicLocker, the ransomware, presented at the 2017 RSA Conference in San Francisco, allowed researchers to alter Programmable Logic Controllers (PLCs) — the tiny computers that control critical Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) infrastructure, like power plants or water treatment facilities.

http://thehackernews.com/2017/02/scary-scada-ransomware.html

Russian hacker Rasputin hits universities, state and fed government agencies

New research has just been released from Recorded Future that confirms the hacker hit 60 organizations, including a number of universities (NYU, Cornell, Oxford, Cambridge), city governments (Springfield, Mass.; Pittsburgh, Pa., Alexandria, Va.), state governments (Oklahoma), and federal agencies (U.S. Department of Housing and Urban Development). He has been selling access to all of these systems since December 2016, the report found.

https://www.scmagazine.com/russian-hacker-rasputin-hits-universities-state-and-fed-government-agencies/article/638303/

Iran Intensifies Its Cyberattack Activity

As all eyes are on Russia’s coordinated hacking and propaganda efforts aimed at influencing elections in the US and some European nations, state-sponsored attackers out of Iran are quietly cranking up their cyber spying and data-destruction attacks. Most of Iran’s targets over the past few months have been in the Middle East – namely its nemesis Saudi Arabia – but some security experts warn that the US indeed could be in the line of fire given the increasingly contentious geopolitical climate between the two nations.

http://www.darkreading.com/threat-intelligence/iran-intensifies-its-cyberattack-activity/d/d-id/1328189?

Top 6 US Government Cyber Assets Prone to Attacks

  1. Miscellaneous Security Devices
  2. Routers
  3. Webcams
  4. Specialized Devices
  5. WAP
  6. Firewalls

https://themerkle.com/top-6-us-government-cyber-assets-prone-to-attacks/

Cryptography experts cast doubt on AI’s role in cybersecurity

“The real problem is that what AI and machine learning is great at is lots of data and dealing with it effectively and what we’re dealing with, with the serious attacks are anomalous situations and AI does not look like it’s going to be useful there,” said Susan Landau, professor of cybersecurity policy and professor of computer science at Worcester Polytechnic Institute, during the session earlier this week.

https://www.scmagazine.com/cryptography-experts-cast-doubt-on-ais-role-in-cybersecurity/article/638701/

Doubts abound over U.S. action on cybersecurity

“I wish the federal government could do this, but it’s very hard, unfortunately, due to partisan politics,” said Virginia Gov. Terry McAuliffe, during a speech at the show. “They haven’t been able to take the lead on this issue as they should have.” Instead, it might be up to the states to assume a larger role in promoting cybersecurity, given that divisive politics at the federal level have been stalling government action, McAuliffe said on Tuesday.

http://www.computerworld.com/article/3170564/security/doubts-abound-over-us-action-on-cybersecurity.html

Ukraine charges Russia with new cyber attacks on infrastructure

The allegations are the latest sign that Russia’s behavior in conflict areas has not changed markedly since Donald Trump became U.S. president last month, calling for warmer relations between Washington and Moscow. The new attacks caused some of Ukraine’s cyber defenders to cancel plans to attend this week’s RSA cyber security conference in San Francisco, according to one Western expert familiar with the situation.

http://www.reuters.com/article/us-ukraine-crisis-cyber-idUSKBN15U2CN?il=0

Analysis of internet-connected devices reveals millions are vulnerable to attack

The most important conclusion to draw from Trend Micro’s analysis of the Shodan data is that there’s lots of work to be done in securing the millions of vulnerable internet-connected devices. The company will be presenting its analysis and conclusions at the RSA conference that’s currently underway, and you can dig into the details yourself in its report titled “U.S. Cities Exposed in Shodan.”

http://www.digitaltrends.com/computing/trend-micro-analysis-of-shodan-data-shows-millions-unsecured-devices/

Yahoo tells users of another cyber attack on accounts [Video]

Yahoo users found out Wednesday that hackers used a technical trick with cookies to log into their accounts without passwords. Yahoo told users in an email, “Based on the ongoing investigation, we believe a forged cookie may have been used in 2015 or 2016 to access your account.” The internet company revealed the attack in December but the news was largely overlooked.

http://www.sfgate.com/news/media/Yahoo-tells-users-of-another-cyber-attack-on-746508.php

Phishing campaign uses Yahoo breach to hook email

It took about….what? a day?… for criminal phishers to take advantage of this week’s Yahoo breach news and create emails that they hope will fool Yahoo mail users into thinking their account “needs updating.” I have a Yahoo mail account and received this email Thursday.  It notifies me that my account access is “temporarily limited for failing automated security server update.”  It then helpfully asks me to “kindly upgrade” my email with the link below to re-verify account ownership “or you will be locked out,” it adds ominously.

http://www.csoonline.com/article/3171634/security-awareness/phishing-campaign-uses-yahoo-breach-to-hook-email.html

Cyber Security Threats to Move up the Agenda? (SYMC, PANW)

If President Trump’s intentions to “make America safe again” extend to defending against data breaches, technology companies such as Symantec (SYMC), Palo Alto Networks (PANW) and FireEye (FEYE) and defense giants Raytheon (RTN) and Lockheed Martin (LMT) may finally start to reap the benefits of years of investment in technologies designed to thwart cyber attacks.

http://www.investopedia.com/news/cyber-security-threats-move-agenda-symc-panw/

Cyber Security Market Dynamics, Forecast, Analysis and Supply Demand 2014-2020

The cyber security market across the globe is a multi billion market and is expected to show a substantial growth in CAGR, from 2013 to 2019. There is a significant increase in the cyber security market because cyber security solutions increase cyber speed and offers number of options to save data. The key drivers of this market include Government regulation on data privacy, increasing cyber threats and increasing number of data centers, which are the biggest revenue generators for Cyber Security Market. The key restraints to this market are lack of awareness and availability of pirated security software.

http://www.openpr.com/news/439137/Cyber-Security-Market-Dynamics-Forecast-Analysis-and-Supply-Demand-2014-2020.html

Cybersecurity a Main Concern for Connected Plants, but Tech is Improving

Using the most common security technology, such as air gap and firewalls, is not sufficient, but new technologies have the potential to greatly reduce the threat of a cybersecurity attack, according to Schneider. “If you’re dependent on fire walls, realize an insider attack easily breaches a fire wall protection. There’s just so many things that don’t work that people are dependent on for various reasons, but the new technologies [where] you can layer in different levels of security, are definitely making it better,” he said.

http://www.powermag.com/cybersecurity-a-main-concern-for-connected-plants-but-tech-is-improving/

USB Killer now lets you fry most Lightning and USB-C devices for $55

If you haven’t heard of the USB Killer before, it’s essentially a USB stick with a bunch of capacitors hidden within. When you plug it into a host device (a smartphone, a PC, an in-car or in-plane entertainment system), those capacitors charge up—and then a split second later, the stick dumps a huge surge of electricity into the host device, at least frying the port, but usually disabling the whole thing. For more information on its technical operation, read our original USB Killer explainer.

https://arstechnica.com/gadgets/2017/02/usb-killer-fry-lightning-usb-c-devices/

New Navy Wildcat helicopters can’t transmit vital data

Instead, crews must use a USB stick after landing to transfer data collected by the Wildcat’s radar and camera systems to its host ship. The only other alternative, at present, is for the crew to call out contacts over the radio by voice – just as Fleet Air Arm observers did during the Second World War.

https://www.theregister.co.uk/2017/02/17/lynx_wildcat_has_no_tactical_data_link_royal_navy/

To Spy or Not to Spy; Congress to Decide

Many civil liberties groups and activists have joined to form End 702, they are more forthcoming saying “Absent a full reform” the act needs to expire. Further stating on their website “Section 702 of FISA has allowed for mass surveillance programs, including PRISM and UPSTREAM, that have been used by the US government to warrantlessly collect and search the Internet communications of people all over the world.”

https://www.hackread.com/to-spy-or-not-to-spy-congress-to-decide/

US visitors must hand over Twitter, Facebook handles by law – newbie Rep starts ball rolling

Banks’ proposed law appears to end any uncertainty over whether or not non-citizens will have their online personas vetted: if the bill is passed, visa applicants will be required to disclose their online account names so they can be scrutinized for any unwanted behavior. This includes people who apply for tourist visas. For holidayers on visa-waiver programs – such as Brits arriving with ESTA passes – revealing your social media accounts is and will remain optional, but again, being allowed into the country is optional, too.

https://www.theregister.co.uk/2017/02/17/us_visitors_social_media/

Man Jailed For Hacking Ex-Employer’s Operations

The report states Johnson, who was a systems administrator in the IT department of Georgia-Pacific’s Port Hudson division, was fired in February 2014. Following his termination, he configured his home computer to gain remote access to the company’s network and transmitted codes and commands to cause significant damage to the plant’s operations. A police search at Johnson’s residence came up with evidence of his former misdeeds. His computer system and related devices were seized.

http://www.darkreading.com/man-jailed-for-hacking-ex-employers-operations/d/d-id/1328197?

Global Shortfall of 1.8 Million Cyber Security Pros Expected by 2022

The survey, conducted by the Center for Cyber Safety and Education and sponsored by (ISC)2, also found that 47 percent of respondents are struggling to find qualified personnel. In the U.K., the survey found, 46 percent of companies say the shortfall of cyber security personnel is having a significant impact on their customers, and 45 percent say the shortfall is causing cyber security breaches. Forty-six percent of U.K. respondents hope to expand their cyber security workforce by more than 16 percent in the next 12 months, but the skills shortage is holding them back from doing so.

http://www.esecurityplanet.com/network-security/global-shortfall-of-1.8-million-cyber-security-workers-expected-by-2022.html