IT Security News Blast 3-22-2017

The information security marketplace shift

Our client base require much more business focus now. Looking at how they interact with the business and the business reporting that comes out of a managed service, that shift is also shifting towards managed detection and response rather than just simply detecting and sending an email or picking up the phone. They actually want to partner with us and build those business processes into their business so they can actually take action, and proactive action against the threats that they’re facing.

https://www.helpnetsecurity.com/2017/03/17/information-security-marketplace-shift/

Cybercrime bills advance in two states

In Indiana, a new bill seeks to upgrade ransomware attacks to a category of its own, punishable with a sentence from one to six years in prison, and a maximum fine of up to $10,000, according to Bleeping Computer. […] The proposed House Bill 8, The Texas Cybersecurity Act, would gain the Lone Star State a task force to share cyber information and seek out loopholes bad actors are employing, the report stated. It would also require state agencies to report when information has been breached.

https://www.scmagazine.com/cybercrime-bills-advance-in-two-states/article/645597/

Are you open to cyber attack?

IT Cyber Security is no longer just a headache for big companies. More and more, IT experts are recommending that small businesses and independent contractors have a plan in place to secure their existing systems and data, protect their clients and keep their businesses safe and secure going forward. […] This short survey asks for 5 minutes of your time to gauge your current security plans, the impact on your business in the event of an attack and your appetite to risk.

http://www.contractorweekly.com/business-news/open-cyber-attack/

Overcoming the cyber-security skills gap: experience vs qualifications

The research revealed that when it comes to hiring, 93 percent of respondents think experience is more important than qualifications.  Furthermore, 73 percent said that it didn’t matter whether IT staff were college graduates when it came to getting the job done. […] To keep up with the rapidly changing threat landscape, 90 percent of respondents said that IT security professionals would have to become more business savvy. A third of respondents said they could use more intelligent IT security products. With more intuitive technology, staffing resources could be freed up from mundane tasks to focus their knowledge where it really counts.

https://www.scmagazine.com/overcoming-the-cyber-security-skills-gap-experience-vs-qualifications/article/645454/

How China is preparing for cyberwar

[In] the absence of any official Chinese policies, it is possible to identify the motivations of state-backed hackers. Chinese leaders view cyberspace as essential to fostering economic growth, protecting and preserving the rule of the Chinese Communist Party, and maintaining domestic stability and national security. Given these overarching interests, computer network operations are conducted to achieve three goals: To strengthen the competitiveness of the Chinese economy by acquiring foreign technology by cyber espionage; weaken opponents of the regime and resist international pressures and foreign ideologies; and offset US dominance in conventional military capabilities.

http://www.csmonitor.com/World/Passcode/Passcode-Voices/2017/0320/How-China-is-preparing-for-cyberwar

A Court Will Decide if a GIF Can Be Considered a ‘Deadly Weapon’

On Monday, a suspect faced federal charges in a Dallas County court for allegedly sending a strobing GIF that triggered a seizure in Kurt Eichenwald, a Newsweek writer with epilepsy, late last year. […] The case has similarities with previous complaints over videos, often with bright flashing lights, that triggered seizures. For example, a scene from a 1997 episode of Pokémon, in which Pikachu launches a lightning attack, reportedly hospitalized some 685 children.

https://motherboard.vice.com/en_us/article/a-court-will-decide-if-a-gif-can-be-considered-a-deadly-weapon

How police unmasked suspect accused of sending seizure-inducing tweet

Court documents show that a search warrant to Twitter concerning the @jew_goldstein handle provided the authorities with information that the account was created on December 11 with a “PhoneDevice.” Twitter also divulged the device’s phone number and said that the carrier was AT&T.  […] The Dallas authorities next obtained information from AT&T that the telephone number used to start the Twitter account was a burner SIM card with a Tracfone prepaid account “with no subscriber information.” “However, a review of the AT&T toll records showed an associated Apple iPhone 6A Model 1586 (Apple iPhone),” Nathan Hopp, an FBI agent in Dallas, wrote in the criminal complaint (PDF). The police then sent a search warrant to Apple “for the iCloud account associated to the telephone number” used to open the Twitter account.

https://arstechnica.com/tech-policy/2017/03/how-police-unmasked-suspect-accused-of-sending-seizure-inducing-tweet/

Got cyber insurance? Share your thoughts to lead security change

In simple terms, insurance transfers the risks of high impact, low likelihood events from a single person or organization to an entire group. By spreading the risk out across a broad pool, the impact from a risk is lowered for everyone. At least that’s a classic approach to insurance. That means insurance products, risk management, and security models need to find new ways to come together. We need to look for ways to simplify our risk discussions inside our organizations. I dubbed this the “one risk discussion.”

http://www.csoonline.com/article/3182697/leadership-management/got-cyber-insurance-share-your-thoughts-to-lead-security-change.html

Are U.S. nuclear weapons forces vulnerable to debilitating enemy cyber warfare attacks?

Two troubling cyber security incidents highlight the vulnerability of the nuclear weapons system and the consequences a single mistake can have. Fifty nuclear weapons were suddenly rendered inoperable for over an hour in 2010 as a result of a technical glitch nobody in the U.S. Air Force had ever noticed. The Air Force traced the glitch to single computer card but then discovered several similar defective parts which could be exploited by a hacker.

http://www.militaryaerospace.com/articles/pt/2017/03/are-u-s-nuclear-weapons-forces-vulnerable-to-debilitating-enemy-cyber-warfare-attacks.html

Cyber nationalism and the new world order

Over the past few years, the cyber domain has been the chessboard on which these cyber powers in the world — Russia, China and the United States —  have vied for influence and control. This cyber statecraft, or “cyber nationalism,” manifests itself in intrusions, leaks and, on occasion, physical destruction. The superpowers are not alone on the board. Catalytic actors like North Korea, Iran and criminal groups also have disproportionate influence in this domain and inject a degree of chaos and uncertainty that can be destabilizing. A new balance of power built on cyber dominance is emerging in this dynamic and potentially strained world order.

https://gcn.com/articles/2017/03/20/cyber-nationalism.aspx

North Korea denies cyberattacks, calls U.S. ‘hacking empire’

Pyongyang’s state-controlled news agency KCNA said the United States has reached new “despicable heights,” although the suggestion North Korea may be behind bank breaches came from private U.S. firm Symantec. “Cyberspace is one of the many strategies of U.S. hegemony, along with the nuclear stick and the U.S. dollar, to launch a pre-emptive strike” against North Korea, the statement from KCNA read.

http://www.upi.com/Top_News/World-News/2017/03/20/North-Korea-denies-cyberattacks-calls-US-hacking-empire/6241490012861/

Middle East Cyber Security Market Worth $22.14 Billion by 2022

The government and defense industry vertical is expected to contribute the largest market share and expected to grow at the highest CAGR from 2017 to 2022 in the Middle East Cyber Security Market, due to increasing instances of cyberattacks on the government sector and the government-regulated oil and gas companies. The healthcare sector is expected to grow at the second highest CAGR from 2017 to 2022 in the Middle East Cyber Security Market, due to the technological proliferation of healthcare applications and increased instances of data thefts in the sector.

https://finance.yahoo.com/news/middle-east-cyber-security-market-133000737.html

Follow the money! Where VC security investment is occurring [Video]

In the latest episode of our Security Sessions video interviews, I spoke with Jeff Fagan, the founder of Accomplice, a venture capital and private equity firm in Cambridge, Mass. We discussed where VC money was going in the enterprise security space, as well as areas where money is not going – in other words, where there’s an over-abundance of funding.

http://www.csoonline.com/article/3183640/techology-business/follow-the-money-where-vc-security-investment-is-occurring.html

Report says smart people do dumb things online

People who identified themselves in a survey as “tech savvy” were 18 percent more likely to be victims of online identity theft. In addition those who said they had Ph.Ds were more frequently victims than high school graduates. These were some of the interesting findings of online training company CBT Nuggets in a survey of 2,000 respondents. “Some of the more surprising findings include – for example – that 69 percent of those surveyed in the legal industry don’t care to follow online security practices.

http://www.csoonline.com/article/3182879/security/report-says-smart-people-do-dumb-things-online.html

Coppers ‘persistently’ breach data protection laws with police tech

Coppers in England and Wales are “persistently” committing data breaches, according to the Police Federation’s head of misconduct. Technologies from the Police National Computer (PNC) systems through to the Automatic Number Plate Recognition (ANPR) databases are “increasingly being used by officers for non-work related reasons” according to the Police Federation, the statutory staff association for officers – all of whom are barred from joining an ordinary trade union under the Police Act 1996.

https://www.theregister.co.uk/2017/03/22/coppers_persistently_breaching_data_protecton_laws_with_pnc_and_anpr/

Locky, Cerber Ransomware Skilled at Hiding

The latest versions of Cerber and Locky ransomware have been, since mid-January, finding great success in bypassing existing security detection systems through the use of a common infrastructure that allows the malicious code to bury itself inside NSIS installers, and use several layers of obfuscation and encryption to hide before executing in memory. It’s unknown whether the infrastructure supporting these attacks is being sold on private forums, or whether the malware authors are sharing code. What’s known is the latest versions of these crypto-ransomware families are exhibiting the exact same behavior.

https://threatpost.com/locky-cerber-ransomware-skilled-at-hiding/124441/

What should password managers not do? Leak your passwords? What a great idea, LastPass

Password vault LastPass is scrambling to patch critical security flaws that malicious websites can exploit to steal millions of victims’ passphrases. The programming cockups were spotted by Tavis Ormandy, a white-hat hacker on Google’s crack Project Zero security team. He found that the LastPass Chrome extension has an exploitable content script that evil webpages can attack to extract usernames and passwords. LastPass works by storing your passwords in the cloud. It provides browser extensions that connect to your LastPass account and automatically fill out your saved login details when you surf to your favorite sites.

https://www.theregister.co.uk/2017/03/21/lastpass_vulnerabilities/

Hackers claim to steal 200 million Apple accounts; demand $75k ransom

The group, which goes by the name, Turkish Crime Family, is demanding that the money ($75,000) is paid in Bitcoin and/or Ethereum, two forms of online currency which are popular right now. According to MotherBoard’s Joseph Cox, the “family” is also willing to settle on $100,000 worth of iTunes gift cards. To prove the legitimacy of their claims, the group managed to provide a video, email screenshots and also an email address to the Apple security team. However, representatives from Apple have declined to pay for whatsoever and have threatened to hand over all the information provided to the authorities.

https://www.hackread.com/hackers-steal-200-million-apple-accounts/

China Installs Facial Recognition System in Public Toilets

Facial recognition machines have been installed in public toilets in Beijing’s most famous Park, Temple of Heaven. These machines are on trial to avoid the waste of toilet paper, as it has been excessively used by “some tourists.”  So be prepared to use a limited 60-centimeter-piece (that has been upgraded from one-ply to two-ply) given to each user after having their face scanned in the main toilet’s entrance. The sensor will not dispense more paper to the same person until after nine minutes have passed.

https://www.hackread.com/china-public-toilets-face-recognition-system/

Critical Moodle Vulnerability Could Lead to Server Compromise

Tens of thousands of universities worldwide, including the California State University system, the University of Oxford, and Stanford University, use the service to provide students with course outlines, grades, and other personal data. The issue–at its root a SQL injection vulnerability–could be used by an attacker to execute PHP code on a university’s server according to Netanel Rubin, the researcher who found the bug.

https://threatpost.com/critical-moodle-vulnerability-could-lead-to-server-compromise/124446/

Curses! Mobile banking malware ‘Swearing Trojan’ lives on, despite police actions

The malware, dubbed Swearing Trojan because its code contains Chinese curse words, is capable of stealing personal data and banking credentials, and can bypass two-factor authentication by replacing a user’s legit Android SMS app with a malicious version that intercepts incoming SMS messages. While this malware campaign has historically targeted Chinese users, Check Point warned in a blog post that the scheme could easily spread globally.

https://www.scmagazine.com/curses-mobile-banking-malware-swearing-trojan-lives-on-despite-police-actions/article/645616/