IT Security News Blast 2-7-2017

Healthcare Hack Offers Key Lessons in Cybersecurity, Attorneys Write

As businesses and consumers seek to protect themselves from hackers, they should weigh lessons from the 2015 data breach of healthcare firm Anthem, advise veteran data privacy and cybersecurity attorneys from national law firm LeClairRyan. On Jan. 29, 2015, Indianapolis-based Anthem learned that hackers had breached its IT system and reportedly made off with the personal data of as many as 80 million Americans. In the post (“The Anthem Breach—A Retrospective”), Bowen and Hutchins write that the Anthem breach contained some lessons that could help other businesses better respond to such a crisis.

https://finance.yahoo.com/news/healthcare-hack-offers-key-lessons-133500750.html

Sirrus Corp. reports Increasing Demand for Cybersecurity Solutions in Vulnerable Healthcare Industry

As a direct result of escalating cybersecurity threats, global spending on cybersecurity-related hardware, software, and services is expected to grow from $73.7 billion in 2016 to just over $100 billion in 2020, this according to forecasts from International Data Corporation. Other industry experts have published even higher growth estimates for the cybersecurity sector, some as high as $170 billion in sales by 2020. Within compliance-driven industries, such as healthcare, telecom, government, and financial services, the cost and threat of cybersecurity breeches is even greater.

https://finance.yahoo.com/news/sirrus-corp-reports-increasing-demand-123127805.html

Middle market firms must prioritize cybersecurity, experts say

Even middle market companies lack adequate cybersecurity protection and often are unaware when attacks take place, according to a recent survey conducted by the National Center for the Middle Market. “I think cybersecurity started as a big company problem,” said Doug Farren, managing director of the organization, which is headquartered at The Ohio State University. “You see all the well-publicized hacks, and I think the mindset of the middle market company is ‘well, we fly under the radar. We may be a B2B company and no one is coming after us.’”

https://mibiz.com/item/24479-middle-market-firms-must-prioritize-cybersecurity,-experts-say

Five Taiwan brokerages report cyber attack threats, regulator says

Rick Wang, an official with Taiwan’s Financial Supervisory Commission (FSC), said each brokerage had received an email setting a deadline for the transfer of funds to avoid a distributed denial of service (DDoS) attack. Such attacks, among the most common kind on the internet, overload a website until it is forced to inhibit access or go offline. They have become common tools for cyber criminals trying to cripple businesses and organizations with significant online activities. “We have never seen this on such a scale – five companies hit at one time with the same threat,” said Wang, adding that the regulator usually sees single instances of cyber-crime.

http://www.reuters.com/article/us-taiwan-cyber-idUSKBN15L128

Hacker Steals 700,000 Accounts from Police Forum

A hacker is selling a database allegedly containing over 700,000 user accounts from a popular law enforcement forum. The site, PoliceOne, is used by verified police officers and investigators to discuss tactics, weapons, and other specialist topics. […] “Emails from NSA, DHS, FBI and other law enforcement agencies as well as other US government agencies,” Berkut’s listing on the Tochka dark web market reads. Berkut is selling the full database, which allegedly includes around 715,000 user accounts and dates from 2015, for $400. The hacker said they had already sold the database on other forums.

https://motherboard.vice.com/en_us/article/hacker-steals-thousands-of-accounts-from-police-forum

Deliberate Denial Of Risk? Just 5% Of FTSE100 Has Specialist Tech Experience On Its Board

“In light of high profile breaches, companies understand more than ever that the event of a cyber attack is not a question of if, but when, by whom and by what degree. The vast majority of FTSE 100 reports acknowledge the principal risk, but our analysis shows there were wide variations in the disclosure of cyber risk management and mitigation strategies.

http://www.forbes.com/sites/dinamedland/2017/02/06/deliberate-denial-of-risk-just-5-of-ftse100-has-specialist-tech-experience-on-its-board/#5612661273d1

Honeywell SCADA Controllers Exposed Passwords in Clear Text

The flaws exist in some versions of Honeywell’s XL Web II controllers, systems deployed across the critical infrastructure sector, including wastewater, energy, and manufacturing companies. An advisory from the Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) warned about the vulnerabilities Thursday.

https://threatpost.com/honeywell-scada-controllers-exposed-passwords-in-clear-text/123562/

How app makers increasingly track your every move

“With business models focused on advertisements and sharing information of others, we’ve seen massive amounts of tracking,” says Norman Sadeh, a computer science professor at Carnegie Mellon University in Pittsburgh. “There’s been erosion of privacy over the past few years.” In 2015, he cowrote a study that found a dozen or so popular Android apps – from companies such as the Weather Channel and Groupon – collecting location data about every three minutes.

http://www.csmonitor.com/World/Passcode/2017/0206/How-app-makers-increasingly-track-your-every-move

Thought your data was safe outside America after the Microsoft ruling? Think again

A court in Pennsylvania has ruled that Google must obey domestic search warrants for data stored overseas. […] Last month, Microsoft won a crucial privacy battle in the Second Circuit Court of Appeals in a similar case. […] On Friday, in a separate case, a district court in eastern Pennsylvania ruled that Google must obey two SCA search warrant and cough up emails stored overseas to the Feds. The judge’s decision [PDF] is seemingly at odds with the appeals court: it doesn’t matter that Google distributes its file systems across the world, it’s still an American corporation. And that means an American court can order it to give up customers’ private information.

https://www.theregister.co.uk/AMP/2017/02/04/google_must_provide_emails_held_overseas/

Surveillance of journalists and court orders puts Canada’s press freedom at risk

“There’s been a series of very serious press freedom violations,” Duncan Pike, campaigns and advocacy coordinator for press freedom organization, Canadian Journalists for Free Expression (CJFE), told CPJ. “Underlying all of this is the general threat to press freedom we see from national security laws.” Last week, CJFE released details of a nationwide poll that showed three-quarters of the 2,316 Canadians surveyed wanted a national inquiry into police surveillance of journalists and 70 percent said they would support a shield law to protect journalists from search warrants or from being compelled to give up their sources in court.

https://cpj.org/blog/2017/02/surveillance-of-journalists-and-court-orders-puts-.php

Britain could carry out cyber attacks to defend itself against Russia, suggests Sir Michael Fallon

“Nato must defend itself as effectively in the cyber sphere as it does in the air, on land, and at sea.  So adversaries know there is a price to pay if they use cyber weapons.” However, a group of influential MPs on Thursday said the Government’s ability to protect Britain from high-level cyber-attacks was being hit by skills shortages and a chaotic lack of organisation. The Public Accounts Committee (PAC) said that with cyber-attacks ranked as a top four risk to UK national security, the Government needed to “raise its game”.

http://www.telegraph.co.uk/news/2017/02/02/britain-could-carry-cyber-attacks-defend-against-russia-suggests/

Proportional response to cyber attacks by foreign governments remains an unclear challenge

“In cyber security, much as in nuclear strategy in the immediate post-World War II era, what actions will produce what results are still unknown,” says Zachary Goldman, executive director of NYU’s Center on Law and Security. “Some people asked after the DNC hack, ‘Was that an act of war?’ The answer is almost certainly no. But what is a proportionate dissuasive response to the DNC hack? Not clear. There is no settled response to that question. We don’t have a well-developed concept of deterrence. We don’t have a well-developed concept of strategic interaction in cyberspace.”

https://www.pri.org/stories/2017-02-06/proportional-response-cyber-attacks-foreign-governments-remains-unclear-challenge

We Talked to the Hacker Who Took Down a Fifth of the Dark Web

“Hello, Freedom Hosting II, you have been hacked,” the message read. According to a report from independent security researcher Sarah Jamie Lewis, Freedom Hosting II ran around 20 percent of all dark web sites. […] The feds, however, might not be all that pleased. In recent years, when law enforcement agencies such as the FBI have taken over dark web sites or hosting providers, they have then tried to identify individual users by deploying malware. The FBI did this with the original Freedom Hosting—the agency used a hacking tool to grab visitors’ IP addresses.

https://motherboard.vice.com/en_us/article/talking-to-the-hacker-who-took-down-a-fifth-of-the-dark-web

New York Man Admits to Role in Cybercrime Operation

The FBI determined that Khaimov, who had been using the alias “Samuel Gold,” received tens of thousands of dollars on numerous occasions from other mules, and forwarded the money to overseas co-conspirators, including to accounts in Thailand and various companies operated by these co-conspirators. Investigators said Khaimov and a company he owned received more than $230,000 taken from the accounts of at least eight victims. Authorities believe the man was involved in fraudulent wire transfers pertaining to at least 20 victims.

http://www.securityweek.com/new-york-man-admits-role-cybercrime-operation

Cannabis Company Cyberattack Reveals Industry’s Vulnerability to Hacking

Convinced that the incident was caused by a malicious attack, the company referred the matter to Colorado authorities for a criminal investigation, which is ongoing. MJ Freeway did not refer the case to the FBI, since its customers operate in a federally illegal industry. “We don’t want to expose our clients to the feds digging around in this data,” Ward says. MJ Freeway is keeping fairly tight-lipped about the attack since a criminal investigation is underway. But the company believes the attacker’s goal was to destroy, rather than steal data. This is unusual since stolen data can be ransomed back to the owner or otherwise monetized.

http://www.laweekly.com/news/cannabis-company-cyberattack-reveals-industrys-vulnerability-to-hacking-7895250

DoD Exempts Cyber from Trump’s Hiring Freeze

Congress recently authorized DoD to build an “excepted service” cyber civilian personnel system—meaning the Department could fill its vacant cyber positions without adhering to the cumbersome federal hiring and management process overseen by the Office of Personnel Management (OPM). DoD expected to place at least 3,000 personnel within this excepted service system, which would have included people in U.S. Cyber Command and the Defense Information Systems Agency and was planning to make its first new hires in the fall. A freeze would have killed the momentum for this new excepted service system right as it is getting off the ground.

https://www.lawfareblog.com/dod-exempts-cyber-trumps-hiring-freeze

UK cyber security workforce up 163% in five years

The report, based on data from information technology job tracking firm IT Jobs Watch and the quarterly labour force survey by the Office for National Statistics, is encouraging in the light of growing concerns about the international shortage of people with cyber security skills. The data shows that salaries are up 7% in the past year to about £57,000 a year, which is 15% higher than for tech specialists as a whole. This also bodes well for the future as it may help to attract more young people to the increasingly important information security profession.

http://www.computerweekly.com/news/450412399/UK-cyber-security-workforce-up-163-in-five-years

‘Streaming Prevention’ technology takes a new approach to stopping cyber attacks

[A] new generation of non-malware attacks try to gain control of computers without downloading malicious software. Instead, they use trusted, native operating system tools, such as PowerShell, and exploit running applications, like browsers. Where legacy AV solutions and static, machine-learning approaches focus on detecting malware at the point-in-time it is written or executed, Streaming Prevention lets security teams to see and stop a cyber attack at any point during the attack cycle. This means they can address the problem before a system can be compromised. It’s a similar technology to that used in automated trading systems.

https://betanews.com/2017/02/06/streaming-prevention-technology/

//]]>