IT Security News Blast 2-22-2017

Healthcare organizations boost spending on cyber security

The study from Thales e-Security finds 81 percent of US healthcare organizations and 76 percent of those globally will increase information security spending in 2017. In the US, government regulations such as the HITECH Act’s Electronic Patient Care Reporting (ePCR) requirements are driving healthcare organizations to digitize their data. While this creates efficiency, it means individual healthcare data is exposed to more people, in more places and on more devices, including smartphones, laptops and increasingly, IoT devices.

https://betanews.com/2017/02/21/healthcare-security-spending/

Hacking group RTM able to divert bulk financial transfers with malware

RTM is using its malware to spy on victims in a variety of ways such as monitoring keyboard strokes and smart cards inserted in the system, according to security software firm ESET. Malicious software allows all-time monitoring of banking-related activities as well as the possibility to upload files from the compromised system to its Command and Control (C&C) server. “The malware actively searches for export files common to popular accounting software mainly used in Russia,” said Jean-Ian Boutin, a malware researcher at ESET.

https://www.theregister.co.uk/2017/02/21/russian_hackers_target_business_bank_transfers/

Threat of Cyber Attack Is Biggest Fear for Businesses

The threat of cyber attacks and political instability resulting from rising populism are among the biggest worries for businesses around the world, according to a study of companies in 79 countries. The number one issue for executives working in business continuity and resilience is the threat from hackers, with 88 percent of companies included in the survey saying they are “extremely concerned” or “concerned” at the risk.

https://www.bloomberg.com/politics/articles/2017-02-21/threat-of-cyber-attack-is-biggest-fear-for-businesses-survey

C4ISR Market: Rising Threat of Cyber Crime Worldwide to Drive Demand

The rising concern of asymmetrical warfare is one of the primary factors driving the growth of C4ISR market. Furthermore, the integration C4ISR helps in better surveillance and coordination of the military forces. Hence they are less prone from the threat of sudden attacks. Moreover, the systems enable the armed forces to give the right information at the right moment. The rise in terrorist activities in Middle East region is further creating the need for these systems.

http://www.military-technologies.net/2017/02/21/c4isr-market-rising-threat-of-cyber-crime-worldwide-to-drive-demand/

Defense chief asks for plan on cyber reform

Mattis issued a memo on organizational and structural reforms to his deputy and other officials last week, moving forward on reforms spelled out in an annual defense policy bill. […] “Develop an initial plan … for more optimized organizational structure and processes to support information management and cyber operations, considering the impact of the provisions in the NDAA for 2017 concerning the establishment of U.S. Cyber Command, and other relevant laws,” Mattis wrote in the memo, which was highlighted by the Pentagon on Tuesday.

http://thehill.com/policy/cybersecurity/320527-defense-secretary-asks-for-plan-on-cyber-reform

How Israel became a leader in cyber security and surveillance

A good number of the Israeli companies have one thing in common: Their founders emerged from an elite division of the Israel Defense Forces known as Unit 8200, a legendary high-tech spy branch that also has become a prolific technology incubator. […] Most of its members are still teenagers, selected for their math and science skills but still untrained at formal universities. Nearly all Israelis must serve a stint in the IDF but only a select few are recruited into 8200.

http://www.mcclatchydc.com/news/nation-world/national/national-security/article134016454.html

Verizon Cuts Yahoo Deal By $350M Over Cyberattack Woes

Verizon Communications Inc. on Tuesday slashed $350 million from its planned $4.83 billion acquisition of Yahoo Inc.’s core business, after a cyberattack revealed by Yahoo last year put the fate of the transaction into question. The reworked terms of Verizon’s buyout of Yahoo’s core business follow the flagging technology giant’s revelation in September that a 2014 cyberattack had compromised data — such as names and hashed passwords — tied to at least 500 million user accounts.

https://www.law360.com/articles/893892/breaking-verizon-cuts-yahoo-deal-by-350m-over-cyberattack-woes

Ransomware: Why it’s a really big problem for small businesses

“These are businesses which typically can’t afford the protections that they need when this happens. So the business has an awkward decision to make: do I pay the ransom, or do I pay ten times the amount of the ransom to protect against the threat?” says Graeme Newman, chief innovation officer at CFC Underwriting, a specialist provider of cyber-insurance.

http://www.zdnet.com/article/ransomware-why-its-a-really-big-problem-for-small-businesses/

5 Cybersecurity Need-to-Knows When Preventing Expensive Data Breaches

Updated anti-malware software on all mobile devices

Encrypted communication through a VPN

Strong password authentication or biometric identification

Limited use or blockage of third party software

Separate and customized gateways for mobile data and communication

Secure mobile devices so they can be locked down when not in use

Regular mobile audits of devices and the network(s)

https://ctovision.com/5-cybersecurity-need-knows-preventing-expensive-data-breaches/

EFF: Congress considers making it illegal to protect consumer privacy online

Before the broadband consumer privacy rules were adopted, Wheeler explained that an “ISP would be required to notify consumers about what types of information they are collecting, specify how and for what purposes that information can be used and shared, and identify the types of entities with which the ISP shares the information.” […] Now, however, “cable and telephone companies are pushing Congress to make it illegal for the federal government to protect online consumer privacy.” The EFF explained, “The cable and telephone industry are actively lobbying Congress to not only eliminate your new privacy protections, but to go even further and potentially make it illegal for the federal government to protect your personal information online.”

http://www.networkworld.com/article/3172198/security/eff-congress-is-considering-making-it-illegal-to-protect-consumer-privacy-online.html

Researchers offer simple scheme to stop the next Stuxnet

To demonstrate this, Tippenhauer and his collaborators wrote what they call “ladder logic bombs” (LLBs) with a focus on stealthy behaviour that’s difficult for human operators to notice if they’re validating what’s running on their PLCs.

The payload types the trio tested included:

A Denial of Service LLB that waits for a trigger and shuts a system down;

A data manipulation LLB that manipulated sensor readings and commands; and

A data logging LLB, which they note is particularly dangerous because they don’t disturb the system, and might therefore leak sensitive data for long periods of time;

https://www.theregister.co.uk/2017/02/22/how_to_stop_the_next_stuxnet/

TeamSpy malware targeting users through malicious TeamViewer app

This campaign is being spread through malicious, infected emails in which attackers are using various social engineering skills and misusing the authentic TeamViewer remote access tool that includes TeamViewer VPN and keylogger to carry out the attacks. The cybercriminals trick innocent users into installing TeamSpy malware using DLL hijacking technique. In this trick, an authentic software program is manipulated in a way that it starts performing illegal activities.

https://www.hackread.com/teamspy-malware-stealing-data-malicious-teamviewer-app/

U.S. Homeland Security employees locked out of computer networks: sources

In a statement, a DHS official confirmed a network outage that temporarily affected four U.S. Citizenship and Immigration Services (USCIS) facilities in the Washington area due to an “expired DHS certificate.”  […] The source characterized the issue as one stemming from relatively benign information technology missteps and a failure to ensure network redundancy. There was no evidence of foul play, the source said, adding that it appeared the domain controller credentials had expired on Monday when offices were closed for the federal Presidents Day holiday.

http://www.reuters.com/article/us-usa-cyber-dhs-idUSKBN160240

Poach cyber experts from Trump’s banned countries: InfoTrust CEO

“We don’t have the depth of skills in country to address the growing need,” Meah told CIO Australia. “There are people in Trump’s banned countries who have those skills and our immigration screening systems have proven highly robust,” he said. “With such a drastic shortage of cyber security skills in Australia and with Trump about to issue a revised executive order banning entry, we need to be poaching the best and brightest today.”

http://www.csoonline.com/article/3171938/it-careers/poach-cyber-experts-from-trumps-banned-countries-infotrust-ceo.html

‘Hey, Homeland Security. Don’t you dare demand Twitter, Facebook passwords at the border’

The letter has been signed by, among others, the American Civil Liberties Union, Center for Democracy & Technology, Consumer Technology Association, Electronic Frontier Foundation and Internet Society, as well as a wide range of law professors, internet engineers and security experts, including Bruce Schneier. “Demanding passwords or other account credentials without cause will fail to increase the security of US citizens and is a direct assault on fundamental rights,” the letter argues.

https://www.theregister.co.uk/2017/02/21/campaign_against_digital_border_searches/

Check How Facebook AI Monitors Your Activities with this Crazy Chrome Extension

Through Data Selfie, you can identify the way machine learning algorithms monitor and process your activities on Facebook and how it gets information about your interests, personality, and habits. This is accomplished through the world famous cognitive system from IBM, the mighty “Watson.” When you download the app, it immediately starts tracking your interactions on Facebook; it checks your every single post, your Likes, the amount of time you spent checking out a shared article/post and every little thing such as when you scrolled and for how long. All the information is logged into the app.

https://www.hackread.com/chrome-extension-facebook-ai-monitoring-activities/

Unpatched Python and Java Flaws Let Hackers Bypass Firewall Using FTP Injection

The two popular programming languages, Java and Python, contain similar security flaws that can be exploited to send unauthorized emails and bypass any firewall defenses. And since both the flaws remain unpatched, hackers can take advantage to design potential cyber attack operations against critical networks and infrastructures. The unpatched flaws actually reside in the way Java and Python programming languages handle File Transfer Protocol (FTP) links, where they don’t syntax-check the username parameter, which leads to, what researchers call, protocol injection flaw.

http://thehackernews.com/2017/02/python-java-ftp-protocol-injection.html

IoT in crime prevention: Balancing justice with privacy

A homeowner reports a robbery. His IoT-enabled pacemaker doesn’t indicate any change in heart rate during the robbery? Can investigators obtain that information from the service provider? Should they? Issues of privacy increase as IoT sensors collect more information about us. What rights do individuals have over the information collected about them? Can the accuracy of sensor data be trusted?

http://www.networkworld.com/article/3172191/security/iot-in-crime-prevention-balancing-justice-with-privacy.html

Hackers behind bank attack campaign use Russian as decoy

The hackers behind a sophisticated attack campaign that has recently targeted financial organizations around the world have intentionally inserted Russian words and commands into their malware in an attempt to throw investigators off. […] “In some cases the inaccurate translations have transformed the meaning of the words entirely,” the researchers said in a blog post. “This strongly implies that the authors of this attack are not native Russian speakers and, as such, the use of Russian words appears to be a ‘false flag’.”

http://www.csoonline.com/article/3171937/security/hackers-behind-bank-attack-campaign-use-russian-as-decoy.html

//]]>