IT Security News Blast 2-20-2017

Getting prepared for a ‘cyber-Pearl Harbor’

But the federal government can – and should – be a better partner for Tacoma and other local communities. That’s why I’m working on a bipartisan bill that would establish a cybersecurity grant program within the Department of Homeland Security. It would provide states with funds to develop cyber-resiliency plans so they can outline key issues and target how to fix them. Cyber resiliency requires exceptional coordination and planning across all levels of government. […] U.S. Rep. Derek Kilmer, D-Gig Harbor, represents Washington’s 6th Congressional District.

http://www.thenewstribune.com/opinion/article132917749.html

US account holders more likely to switch banks following fraud

Customer churn was especially prevalent when the bank was not able to trace the fraud to a specific party or explain what happened. The study, Security, Fraudulent Transactions and Customer Loyalty: A Field Study [PDF], was put together by a team led by Professor Rahul Telang and analysed data from 500,000 anonymised financial services users over five years. The researchers observed actual user behaviour rather than quizzing them about their intentions.

https://www.theregister.co.uk/2017/02/17/us_post_bank_fraud_churn_study/

Government Agencies and Hospitals Face Increasing Risk of IoT-Powered Cyberattacks

I also predict that a major hospital will face a HIPAA violation for using an unsecured smart medical device. Hospitals have a lot to gain from deploying the IoT for crucial data/insights to improve patient care, but so do hackers. They’re already targeting connected MRI machines, CT scanners and dialysis pumps to steal patient medical data, which is worth more than twice as much as financial information on the black market.

https://www.entrepreneur.com/article/287745

Cyber attacks target 2 East Idaho counties; Bingham County systems still down

The county chose not to pay the ransom and switched to backup servers Wednesday. County information technology staff thought the virus was contained but discovered early Friday morning that one of the backup servers had become infected, knocking the entire system offline. Bingham County dispatch was also impacted by the cyber attack, with 911 calls not being recorded by the computer tracking logs.

http://idahostatejournal.com/members/cyber-attacks-target-east-idaho-counties-bingham-county-systems-still/article_508cb09d-01c2-57b4-8bae-ea579d45b564.html

Cybersecurity Obligations of Directors – Guidance from the United States Decisions

Determining exactly what amounts to “reasonable” and “defensible” conduct by directors in the context of data security is further informed by the United States decisions in Wyndham v Holmes, 14-CV-01234 (SRC) [Wyndham] and Davis v Target Corporation,14-CV-00203-PAM-JJK [Target]. In those cases, reasonable and defensible conduct by the directors included:

  • Developing cybersecurity policies (see Target Corporation Report of the Special Litigation Committee);
  • Understanding and being kept informed of ongoing cyberattacks and data security issues; investigating cyberattacks; and
  • Taking an active role in the wake of any data breach.

http://www.jdsupra.com/legalnews/cybersecurity-obligations-of-directors-49120/

States, Local Governments Need to Focus on Cyber-security, Experts Say

A key problem is that states have a great deal of data on citizens—often more than the federal government. But protecting that data is a problem. It is not cost-effective to protect everything equally, so states should give priority to services and protecting data[.] […] While prioritizing cyber-security is one strategy, government agencies also need to find ways to get around resource shortages. Not only is money in short supply, but skilled workers are in demand as well. Virginia, for example, has 36,000 cyber-related positions available in 2017, up from 17,000 a year and a half ago, Jackson said.

http://www.eweek.com/security/states-local-governments-need-to-focus-on-cyber-security-experts-say.html

Iran Intensifies Its Cyberattack Activity

Iran’s cyberattack operations also have matured and become more disciplined, he says. “They are showing more mature capabilities” and organization, Meyers explained. “In early 2010 to 2014, they were very open, disorganized, [as] small companies doing training and pen-testing and exploit development. Now they’ve aligned themselves into proper ‘businesses” working on attack campaigns, he said. “We don’t see them talking [about their cyber activities] as openly as before. That’s notable.”

http://www.darkreading.com/threat-intelligence/iran-intensifies-its-cyberattack-activity/d/d-id/1328189

Iranian Hackers May Soon Target US Financial System, Experts Claim

To be more precise, security experts predict it is only a matter of time until Iran directs its cyber attacks to the United States. Considering how both countries are involved in a very complicated political relationship right now, such an outcome would not be entirely surprising. The US has allegedly put Iran “on notice”, which would warrant an increase in the number of cyber attacks against American targets.

http://www.livebitcoinnews.com/iranian-hackers-may-soon-target-us-financial-system-experts-claim/

Daily targeted in cyberattack after exposing ’fake news factory’

According to Bröms, the attack is directly related to the newspapers recent expose of the web-based radio broadcaster Granskning Sverige (Scrutinising Sweden) which claims to represent citizen journalism, encouraging people to phone journalists, politicians and other influential people, provoking conversations with them which are then taped and posted on YouTube. […] The newspaper found that people working for the broadcaster used fake identities to fool their targets into giving them interviews, which were then taped and heavily edited, essentially patching together opinions and “quotes” that were never even uttered.

http://www.thelocal.se/20170218/daily-targeted-in-cyberattack-after-exposing-fake-news-factory

Expert: Trump Cyber Policy Could Be ‘Remarkably Boring’

“Compared to the [other executive] orders that were actually signed, they are remarkably boring and responsible.” Assuming something like the leaked draft orders are eventually signed by the president, the new policy will build on those from the Obama and Bush administrations, Baker speculated. […] Both were “very thoughtful and pretty consistent with past practices and with an orderly process,” Baker said.

http://www.pcmag.com/news/351842/expert-trump-cyber-policy-could-be-remarkably-boring

“Secure” Trump website defaced by hacker claiming to be from Iraq

The source code contains a link to  javascript on a now-nonexistent Google Code account, masterendi, previously associated with the hacking of at least three other websites. As Italian IT journalist Paolo Attivissimo pointed out, an archive of the script shows it to be a snow animation script, not malware. Ars reached out to both Cloudflare and the Trump-Pence campaign team for comment. As more information becomes available, we’ll update this report.

https://arstechnica.com/security/2017/02/secure-trump-website-defaced-by-hacker-claiming-to-be-from-iraq/

Probe President Trump and his crappy Samsung Twitter-o-phone, demand angry congressfolk

In a letter to the committee, the congressfolk say [PDF] they were inspired by reports that the Commander in Chief is using a four-year-old Samsung Galaxy S3 to emit – and this is our technical term, here – borderline incoherent Twitter spouting. It’s not clear if this particular Android gadget is his only handset, but some in Congress are concerned that it’s putting the country at risk.

https://www.theregister.co.uk/2017/02/17/congress_calls_for_investigation_trumps_samsung_s3/

Winners and Losers at RSA’s Cyber-Security Extravaganza

Bill Phelps, an EVP at Booz Allan, believes there are too many companies doing the same thing, and many just aren’t pulling in revenue to justify their valuations. If he’s right, a winnowing is on the way. Phelps also identified what he calls “security supermarkets” as likely losers in the cyber market. These are big companies like or HP or Intel or FireEye, which acquire a mish-mash of smaller security firms, but fail to integrate them into a single platform. The result is a big bucket of products that don’t play well together—and annoy their customers.

http://fortune.com/2017/02/19/rsa-winners-losers/

Closing The Cybersecurity Skills Gap With STEM

Here are five ways we can begin closing the cybersecurity skills gap:

  1. Integrate STEM Education in Grade School
  2. Equip College Students with Cybersecurity Skills
  3. Drive Awareness of Cybersecurity Jobs
  4. Instruct with Industry Tools and Technology
  5. Training the Current Cybersecurity Workforce

http://www.darkreading.com/careers-and-people/closing-the-cybersecurity-skills-gap-with-stem/a/d-id/1328181

Researchers discover security problems under the hood of automobile apps

In a presentation at this week’s RSA security conference in San Francisco, researchers from Kaspersky Labs revealed more bad news for the Internet of drivable things—connected cars. Malware researchers Victor Chebyshev and Mikhail Kuzin examined seven Android apps for connected vehicles and found that the apps were ripe for malicious exploitation. Six of the applications had unencrypted user credentials, and all of them had little in the way of protection against reverse-engineering or the insertion of malware into apps.

https://arstechnica.com/security/2017/02/android-connected-car-apps-could-give-up-the-keys-to-criminals/

Paper factory fired its sysadmin. He returned via VPN and caused $1m in damage. Now jailed

We use the term hacking loosely: Johnson was still able to connect into Georgia-Pacific servers via VPN even after his employment was terminated. Once back inside the corporate network, he installed his own software, and monkeyed around with the industrial control systems. His target was the firm’s Port Hudson, Louisiana, factory, which produces paper towels and tissues 24 hours a day. In a two-week campaign, he caused an estimated $1.1m in lost or spoiled production.

https://www.theregister.co.uk/2017/02/18/it_admin_/

Charging Smartphone in Public Ports Leads to Data Hack — So Let’s Stop

This kind of hacking is called “Juice Jacking“, which was a term created by security researchers in 2011 and this was followed by the creation of another term called “Video Jacking“, which was introduced in 2016. This referred to phone’s ability to record everything that you typed or looked at due to being compromised by a hacked port.

https://www.hackread.com/public-charging-ports-smartphone-data-hack/

New certification to verify cyber threat detection skills

The CSA+ certification will offer a broad-spectrum validation of the knowledge and skills required to configure and use cyber-threat detection tools, perform data analysis and interpret the results to identify vulnerabilities, threats and risks to an organization. It certifies knowledge of a data-driven approach to information security.

https://betanews.com/2017/02/20/cyber-security-certification/