IT Security News Blast 3-23-2017

SAP Vulnerability Puts Business Data at Risk for Thousands of Companies

The vulnerability allows an attacker to remotely upload code that would execute on the vulnerable client; should an attacker, for example, successfully execute a ransomware attack, critical business systems could be held hostage. ERPScan calls this the most dangerous SAP vulnerability since a 2011 verb tampering vulnerability was disclosed at the Black Hat conference. SAP GUI for Windows 7.20 and 7.30, and SAP GUI for Windows 7.40 Core SP012 and 7.50 CORE SP000 are affected, the company said.

https://threatpost.com/sap-vulnerability-puts-business-data-at-risk-for-thousands-of-companies/124473/

Malware ‘disguised as Siemens firmware drills into 10 industrial plants’

Dragos CEO Robert Lee writes: Starting in 2013, there were submissions from an ICS environment in the US for Siemens programmable logic controller control software. The various anti-virus vendors were flagging it as a false positive initially, and then eventually a basic piece of malware. Upon our inspection, we found … variations of this file and Siemens theme 10 times over the last four years, with the most recent flagging of this malicious software being this month in 2017. In short, there has been an active infection for the last four years of an adversary attempting to compromise industrial environments by theming their malware to look like Siemens control software.

https://www.theregister.co.uk/2017/03/22/malware_siemens_plc_firmware/

Unpatchable ‘DoubleAgent’ Attack Can Hijack All Windows Versions — Even Your Antivirus!

Dubbed DoubleAgent, the new injecting code technique works on all versions of Microsoft Windows operating systems, starting from Windows XP to the latest release of Windows 10. What’s worse? DoubleAgent exploits a 15-years-old undocumented legitimate feature of Windows called “Application Verifier,” which cannot be patched. Application Verifier is a runtime verification tool that loads DLLs (dynamic link library) into processes for testing purpose, allowing developers quickly detect and fix programming errors in their applications.

http://thehackernews.com/2017/03/hacking-windows-dll-injection.html

Hackers Using Fake Cellphone Towers to Spread Android Banking Trojan

Security researchers at Check Point Software Technologies have uncovered that Chinese hackers are using fake base transceiver stations (BTS towers) to distribute “Swearing Trojan,” an Android banking malware that once appeared neutralized after its authors were arrested in a police raid. This is the first ever reported real-world case in which criminals played smart in such a way that they used BTS — a piece of equipment usually installed on cellular telephone towers — to spread malware.

http://thehackernews.com/2017/03/rogue-bts-android-malware.html

How the military is defeating drones

ISIS conducts UAS operations on a regular basis — over 100 operations in a 60-day window varying from surveillance to dropping ordinance — said Col. John Dorrian, Operation Inherent Resolve spokesman. This bears a localized threat, he said. […] Moreover, captured documents indicate the group has developed a standardized approach to employing these systems in an operational context. The ways in which U.S. forces could down these devices is garnering greater attention from high levels of the Defense Department.

http://www.c4isrnet.com/articles/how-the-military-is-defeating-drones

Pentagon plans more anti-hacker cyber ranges

To meet the growing demand for cyber-vulnerability testing and training, the Defense Department’s Test Resource Management Center (TRMC) wants to set up and operate an integrated suite of facilities like the National Cyber Range. The NCR, developed by DARPA from 2009 to 2012, conducts training events for the Cyber Mission Force and is a test-bed for cyber weapons and defense in a complex simulated environment. It has four components: cyber event tools, operational procedures, the test team, and secure computing facilities.

https://about.bgov.com/blog/pentagon-plans-anti-hacker-cyber-ranges/

Trump’s Big Defense Buildup Should Include a National Cyber Academy

We urgently need to build the next generation of cyberleaders to prepare both government and civil society to defend and deter in this venue. A useful model to consider is that of a national cyberservice academy, much like the dedicated national service academies at Annapolis, West Point, and Colorado Springs, which educate the human leaders to defend the nation at sea, on land, and in the air. The Pentagon should use its new windfall to establish a national cyber academy to defend America in cyberspace, in our critical infrastructure, and in the internet of things.

http://foreignpolicy.com/2017/03/21/trumps-big-defense-buildup-should-include-a-national-cyber-academy-military-education/

Secret Service likely to cut cybercrime investigations to pay for Trump’s weekly Mar-a-Lago trips

The Post reports that the Office of Management and Budget rejected the Secret Service’s funding proposal, which means that it will have to take away resources from other areas to pay the additional costs of keeping the First Family safe. “While best known for protecting the president, Secret Service agents also investigate cybercrimes, counterfeit-money operations and cases involving missing and exploited minors,” the Post notes.

http://www.rawstory.com/2017/03/secret-service-likely-to-cut-cybercrime-investigations-to-pay-for-trumps-weekly-mar-a-lago-trips/

Cyber Firm at Center of Russian Hacking Charges Misread Data

[The] International Institute for Strategic Studies (IISS) told VOA that CrowdStrike erroneously used IISS data as proof of the intrusion. IISS disavowed any connection to the CrowdStrike report. Ukraine’s Ministry of Defense also has claimed combat losses and hacking never happened. The challenges to CrowdStrike’s credibility are significant because the firm was the first to link last year’s hacks of Democratic Party computers to Russian actors, and because CrowdStrike co-founder Dimiti Alperovitch has trumpeted its Ukraine report as more evidence of Russian election tampering.

http://www.voanews.com/a/crowdstrike-comey-russia-hack-dnc-clinton-trump/3776067.html

Seoul Sees More Hack Attempts on Military Amid Tensions with Beijing, Pyongyang

The increase in hack attempts happens to coincide with the arrival of the Terminal High Altitude Area Defense, also known as THAAD, in South Korea. THAAD spurred Beijing to slap sanctions on South Korea to express its displeasure with the move. Following the disputed installment of a cutting-edge missile system in South Korea, a Global Times op-ed said that the Chinese government ought to show Washington “that the THAAD deployment will lead to China’s increasing nuclear prowess.”

https://sputniknews.com/asia/201703221051828771-seoul-more-hack-military-tensions/

Will the Trump Administration Protect Hard-Won Progress with China on Cybersecurity?

He should stress the importance of adherence to the 2015 agreement and ensure China knows it is still important to us. In the Obama years, we gained Chinese attention by demonstrating that hacking was a top priority and warranted retaliation with strong tools like sanctions and indictments. Trump should put forward the polite but forceful message that Obama’s team repeatedly conveyed to Chinese counterparts following the September 2015 accord:  adherence to the agreement is critical, and we pay attention to actions, not words.

https://www.lawfareblog.com/will-trump-administration-protect-hard-won-progress-china-cybersecurity

Google and sister company to offer cyber security to election groups

The growing frequency of politically-motivated online attacks — from the recent hacking of Twitter accounts by Turkish nationalists to the U.S. Democratic Party’s email breach — has left governments and pro-democracy groups scrambling for ways to thwart hackers and the rising tide of “fake” news. Alphabet Inc subsidiaries Jigsaw and Google are offering a free Protect Your Election package to low-budget organizations. The service to ward off website attacks has already been offered to news organizations for the past year under what is known as Project Shield.

http://www.reuters.com/article/us-cyber-election-idUSKBN16S166

How technology tramples on freedom

Perhaps policymakers will have to reposition confidentiality within some new paradigm that prioritizes a right to integrity over a right to confidentiality, particularly as points of observation for biometric data proliferate. That proliferation coupled with increasing standoff distances at which data can be collected are likely to soon make the majority of biometric observation not a choice on the part of the individual. Biometrics thus eclipse the principal paradigm of privacy, the right to selective revelation.

http://www.csmonitor.com/World/Passcode/Passcode-Voices/2017/0322/How-technology-tramples-on-freedom

US lawmakers question police use of facial recognition tech

The FBI and police departments across the country can search a group of databases containing more than 400 million photographs, many of them from the drivers’ licenses of people who have never committed a crime. The photos of more than half of U.S adults are contained in a series of FBI and state databases, according to one study released in October. Law enforcement agencies don’t need a court-ordered warrant to search the database, members of the House of Representataties Oversight and Government Reform Committee noted during a hearing Wednesday.

http://www.networkworld.com/article/3183431/security/us-lawmakers-question-police-use-of-facial-recognition-tech.html

Why do Beijing and Moscow embrace cyber sovereignty?

Oddly enough, China might try to sell the concept of cyber sovereignty to Trump. This assumption is backed by the recent publication in Foreign Policy of an opinion piece by Ran Jijun, associate professor at China Foreign Affairs University in Beijing. Naming the deficiencies of the worldwide information flow, Ran said “the web is based on the expression of moods and the airing of grievances, and is characterized by unreasonableness and a lack of order. Recently, the Internet has also become a place where America’s ever more extreme social conflicts find a voice. The web has become polarized and social rifts have grown deeper, posing a huge challenge to modern American society.”

http://rbth.com/opinion/2017/03/22/why-do-beijing-and-moscow-embrace-cyber-sovereignty_725018

It’s time for a Cybersecurity Bill of Rights

By any measure, our privacy is in jeopardy. When our conversations are no longer private, when our personal data is being sliced and diced every which way, when we can’t expect even our messages, our photos, and our email to remain in our control, that fundamentally changes who we are and how we act. The U.S. Constitution doesn’t specifically define protections for privacy, but the time has come to consider a new series of amendments, similar in stature to the Bill of Rights that defined Americans’ inalienable freedoms. An enduring way to shore up our eroding privacy is to craft a Cyber Bill of Rights that draws a line in the sand before technology removes even our most basic expectations of privacy.

http://thehill.com/blogs/pundits-blog/technology/324998-its-time-for-a-cybersecurity-bill-of-rights

New brain-inspired cybersecurity system detects ‘bad apples’ 100 times faster

Due to its brain-inspired design, it can look for the complex patterns that indicate specific “bad apples,” all while using less electricity than a standard 60-watt light bulb. The processor in the Neuromorphic Cyber Microscope is based on the neuroscience research of Dr. Pamela Follett, a co-founder of Lewis Rhodes Labs. Follett is a pediatric neurologist and neuroscientist who studies developmental diseases, such as cerebral palsy in children.

https://phys.org/news/2017-03-brain-inspired-cybersecurity-bad-apples-faster.html

Companies May Soon Have New Defense Against Cyber-Attacks

Specifically, under the bill, a victim of a cyber-attack can access without authorization the attacker’s computer to gather information in order to establish attribution of criminal activity, including sharing information with law enforcement and stopping unauthorized activity against the victim’s network.

http://www.natlawreview.com/article/companies-may-soon-have-new-defense-against-cyber-attacks

These Are the Countries Most (and Least) Prepared for Cyber Attacks

Today’s infographic comes to us from CompariTech, and it breaks down the countries most prepared for cyber attacks, as well as those that are the most susceptible targets for cyber criminals.

https://www.visualcapitalist.com/countries-least-prepared-cyber-attacks/

Extended ‘Ghost in the Shell’ Clip Shows Off the Cyber of It All

Not only does the first line of the clip reference a “cyber-crime” in progress, but the subsequent conversation between the president and his creepy doctor host includes a piece of dialogue that places the theme of the story out for all to see clearly. “My people embrace cyber enhancement, as do I,” the president says, adding, “There’s no one who really understands the risk to individuality, to identity, messing with the human soul.”

http://www.hollywoodreporter.com/heat-vision/ghost-shell-clip-shows-cyber-all-988070

Russian mastermind of $500m bank-raiding Citadel coughs to crimes

Mark Vartanyan, who operated under the handle “Kolypto”, was arrested in Norway last year, and extradited to America in December. The 29-year-old was charged with one count of computer fraud. On Monday, he pleaded guilty [PDF] to a district court in Atlanta, US. He faces up to 10 years in the clink and a $250,000 fine – that’s slashed from a maximum of 25 years due to his guilty plea. He will be sentenced in June.

https://www.theregister.co.uk/2017/03/22/russian_citadel_malware_pleads_guilty/

//]]>