IT Security News Blast 3-7-2017

Businesses Blame DDoS Attacks on Rival Companies

[In] Asia-Pacific 56% of DDoS victims claim to have been attacked by a competitor, while in Western Europe that figure is just 37%. In Asia-Pacific, over quarter (28%) blame foreign governments and 33% blame former staff. In Western Europe 17% point the finger at foreign governments. Interestingly, it is smaller businesses that are more likely to blame a rival company for a DDoS attack. Nearly half (48%) of SMBs surveyed believe that to be the case, compared to 36% of enterprises. Those bigger businesses, however, are more likely to blame former employees and foreign governments.

https://www.infosecurity-magazine.com/news/businesses-blame-ddos-attacks/

Four Keys to Cyber Security: Protecting restaurants and retailers from data breaches

All of these transactions put the money of your business and your customers at risk if you’re not using the proper technology, which is why credit card processing is one of the biggest areas of interest for data thieves looking to access customer payment card information. The strategy for restaurant and retail business owners is to put themselves in the best position to have a secure environment and stay ahead of threats at the point of sale. Below are four key steps companies can take to best support and maintain a secure place of business.

http://www.chainstoreage.com/article/four-keys-cyber-security-protecting-restaurants-and-retailers-data-breaches

Financial Firms Unprepared For Cyber Security Risks Leaves Room For Fintech Expansion

The root cause of this issue may be the fact that cyber security talent is difficult to attract and retain. Since cybersecurity is a growing concern across all industries, the competition is especially intense for professionals with expertise in this area.  58% of the respondents to Deloitte’s effort said hiring and acquiring skilled cyber security talent is a challenge for their business. 57% said getting actionable, near real-time threat intelligence is another challenge.

http://www.valuewalk.com/2017/03/fintech-cyber-security-risks/

Why automation is key for the future of cyber security

At the moment, Woollacott argues, analysts are weighed down with basic tasks, drowning under the weight of less-important tasks – all the while the more serious threats go unresolved and are left free to wreak havoc. ‘If they are manually trying to manage all of this information that they are being bombarded with and reach conclusions, while all of the information is coming in at machine speed, they are always under water,’ the Huntsman CEO told CBR.

http://www.cbronline.com/news/cybersecurity/automation-key-future-cyber-security/

WikiLeaks publishes huge trove of CIA spying documents in ‘Vault 7’ release

The files are the most comprehensive release of US spying files ever made public, according to Julian Assange. In all, there are 8,761 documents that account for “the entire hacking capacity of the CIA”, Mr Assange claimed in a release, and the trove is just the first of a series of “Vault 7” leaks. Already, the files include far more pages than the Snowden files that exposed the vast hacking power of the NSA and other agencies. In publishing the documents, WikiLeaks had ensured that the CIA had “lost control of its arsenal”, he claimed. That included a range of software and exploits that if real could allow unparalleled control of computers around the world.

http://www.independent.co.uk/life-style/gadgets-and-tech/news/wikileaks-cia-vault-7-julian-assange-year-zero-documents-download-spying-secrets-a7616031.html

Consumer Reports to consider cyber security in product reviews

The group, which issues scores that rank products it reviews, said on Monday it had collaborated with several outside organizations to develop methodologies for studying how easily a product can be hacked and how well customer data is secured. Consumer Reports will gradually implement the new methodologies, starting with test projects that evaluate small numbers of products, Maria Rerecich, the organization’s director of electronics testing, said in a phone interview. “This is a complicated area. There is going to be a lot of refinement to get this right,” Rerecich said.

http://www.reuters.com/article/us-cyber-consumerreports-idUSKBN16D0DN

New cybersecurity report gets the hacker perspective

Joseph Blankenship, senior analyst at Forrester, agreed and said the report “provides a useful view of security.” “The report offers a perspective I haven’t seen in other cybersecurity reports. I don’t believe many security decision makers have gotten this perspective either,” Blankenship told SearchSecurity. “Getting an assessor’s view of security is helpful and may help to guide some decision making.”

http://searchsecurity.techtarget.com/news/450414361/New-cybersecurity-report-gets-the-hacker-perspective

US government reportedly used cyberweapons to sabotage North Korea’s nuclear efforts

“The strategy is based on a preemptive strike with new non kinetic technologies, such as electromagnetic propagation, cyber as well as offensive force to defeat nuclear ballistic missile threats before they are launched,” one report from 2015 elaborated. Discussing the ‘left of launch’ approach, it added: “The strategy is to attack by electronic embedment or through the electronic radar signatures of the threat’s command and control systems and the targeting systems of the threatening ballistic missiles.”

http://www.ibtimes.co.uk/us-government-reportedly-used-cyberweapons-sabotage-north-koreas-nuclear-efforts-1609976

Is It Wise to Foil North Korea’s Nuclear Tests With Cyberattacks?

For one, it could prompt North Korea to retaliate. The pariah state showed its willingness to launch cyberattacks on the U.S. when its state-sponsored hackers obtained and published private emails and information from Sony Entertainment in 2014. Leaking information from a movie studio is a far cry from a cyberattack on, say, a piece of critical infrastructure like the U.S. electrical grid—a feat the U.S. military fears North Korea may one day be capable of—but the Sony hack may have been something of a warning shot.

https://www.theatlantic.com/technology/archive/2017/03/north-korea-cyberattack-nuclear-program/518634/

Cyber order coming soon, says exec briefed by White House

The White House is putting the finishing touches on a new draft of the executive order, originally scheduled for signature in January, former IBM CEO Sam Palmisano said Monday. “My sense is that they’re moving along and maybe within a week or so we could see something,” he told an audience at the Center for Strategic and International Studies, where he had arrived late from an over-running meeting at the White House. He added, however, “But I’d have said the same thing two or three weeks ago, so I don’t know.

https://www.fedscoop.com/cyber-order-coming-soon-says-exec-briefed-white-house/

Proposed Bill Will Allow Victims to Hack Their Attackers to Stop Cyber-Attacks

The US is discussing new legislation that will allow victims of ongoing cyber-attacks to fight back against hackers by granting more powers to entities under attack in regards to the defensive measures they can take. The new bill, if approved, will allow victims of cyber-attacks to “access without authorization the computer of the attacker […] to gather information in order to establish attribution of criminal activity to share with law enforcement or to disrupt continued unauthorized activity against the victim’s own network.”

https://www.bleepingcomputer.com/news/government/proposed-bill-will-allow-victims-to-hack-their-attackers-to-stop-cyber-attacks/

Researchers link Middle East attacks to new victim in Europe

In addition, there are Persian-language indicators inside the malware. However, that does not mean that Iran was actually behind the new attack, he said. “We’d rather not go so far as to make a claim on attribution,” he said. “Either Shamoon and StoneDrill are the same group, that’s one possibility, or they’re totally unrelated, which is also a possibly, Or the third possibility is that they’re separate groups with aligned interests. The last one is the one we would espouse at this time.”

http://www.csoonline.com/article/3177284/cyber-attacks-espionage/researchers-link-middle-east-attacks-to-new-victim-in-europe.html

The best response to some cyberattacks may be to ignore them

The counterintuitive finding stems from a study sparked by the U.S. government’s claim that North Korea was responsible for hacking Sony Pictures in 2014. The attack exposed confidential information in an effort to blackmail the company into pulling the plug on the film The Interview, which poked fun at North Korea. The U.S. government’s reluctance to provide evidence for its accusation left many cybersecurity experts skeptical. This placed the government in the difficult position of choosing between exposing intelligence sources and having its credibility and motives questioned.

http://www.sciencemag.org/news/2017/03/best-response-some-cyberattacks-may-be-ignore-them

Russia is setting up formidable defenses against cyber hackers

Rostec is a major state-owned industrial holding that develops, produces and exports high-tech industrial equipment, including for the military. The company’s cybersecurity center does not seek publicity, and it has only a modest sign in a quaint little lane in old Moscow, and an open-space office where seemingly ordinary IT specialists sit behind computer monitors. […] The Rostec center must quickly warn state corporations about planned threats and neutralize them. The objective of the cyber security specialist is to make the hacking process for the criminal so complex and expensive that he’ll think twice next time before doing it.

http://rbth.com/science_and_tech/2017/03/06/russia-is-setting-up-formidable-defenses-against-cyber-hackers_714371

Cyber threat that attacked military now using new ‘wiper’ malware

Cybersecurity firm Kaspersky Lab announced Monday that it had discovered what it believes to be new malware from a hacking group that has, in the past, targeted United States military personnel and congressional staff.  […] StoneDrill embeds itself onto the memory used by a running web browser. It is designed to delete vast swaths of files, but will make a specific effort to delete any files with names beginning with “asdhgasdasdwqe” followed by numbers.

http://thehill.com/policy/cybersecurity/322478-cyber-threat-that-attacked-military-congressional-staffers-using-new

Microsoft Bug Bounty Program: Report Vulnerabilities, Get up to $30,000

The only catch with this bug bounty program is that it’s for a limited time (1st March until the 31st May 2017). Apparently, Microsoft wants to control the vulnerability disclosure process since Google was having an upper hand for last one year when its researchers found vulnerabilities in Internet Explorer and Edge browsers and gave Microsoft 90 days to fix the issue. The specific domains in which hackers can look for vulnerabilities are:

portal.office.com

outlook.office365.com

outlook.office.com

*.outlook.com

outlook.com

https://www.hackread.com/microsoft-bug-bounty-program/

Ex penetrated us almost 700 times through secret backdoor, biz alleges

A sportswear company in Oregon has alleged that a senior IT manager left a backdoor in its systems before departing to a business partner and illegally used that access almost 700 times for his new employer’s benefit. […] The accusation of betrayal notes that Leeper had been an employee at Columbia since May 2000, when he joined as manager of its desktop services team. He was subsequently promoted to senior director of technology infrastructure, from which he was responsible for maintaining Columbia’s global IT systems and dealing with technology vendors including Denali, for which he departed the sportswear business in 2014.

https://www.theregister.co.uk/2017/03/06/columbia_sportswear_versus_denali/

Data of 7.5M Georgia voters at risk

Personal information of as many as 7.5 million Georgia voters may have been compromised in the incident, according to the Atlanta Journal-Constitution (AJC). Authorities are not revealing many details as the incident is under investigation, but the announcement of a breach was made public on Friday, March 3, when officials at Kennesaw State said they were working with federal law enforcement officials “to determine whether and to what extent a data breach may have occurred involving records maintained by the Center for Election Systems.”

https://www.scmagazine.com/data-of-75m-georgia-voters-at-risk/article/642146/

802.eleventy what? A deep dive into why Wi-Fi kind of sucks

Let’s say a wireless router offers you an “AC5300” router with “breakthrough tri-band Wi-Fi technology with amazing combined wireless speeds of up to 5,332 Mbps. Thanks to 4×4 data streams, that can be combined through beamforming and MU-MIMO technology to increase reliability and range.” (Actual ad copy from a modern router. It’s not just D-Link, though—Netgear, Linksys, ASUS, and TP-Link all do the same thing.) By now, we hopefully know that absolutely does not mean we’re going to connect a laptop and download things at 600+ MB/sec. But what does it mean?

https://arstechnica.com/information-technology/2017/03/802-eleventy-what-a-deep-dive-into-why-wi-fi-kind-of-sucks/

One million Yahoo and Gmail account passwords for sale on the dark web

SunTzu583 also claims to have 500,000 Gmail accounts that came from the 2008 MySpace hack, the 2013 Tumblr breach and the 2014 Bitcoin Security Forum breach – for a price of 0.0219 bitcoins per account, more than twice the going rate for a Yahoo account. Another 450,000 Gmail accounts were also listed on sale for 0.0199 bitcoins from other data breaches that took place from 2010 to 2016. The data on sale by SunTzu583 is thought to be genuine, having reportedly been checked by matching it to data on data breach notification platforms, including HaveIBeenPwned.

https://www.scmagazine.com/one-million-yahoo-and-gmail-account-passwords-for-sale-on-the-dark-web/article/642319/

Spammers expose their entire operation through bad backups

Vickery had discovered everything. From Hipchat logs and domain registration records, to accounting details, infrastructure planning and production notes, scripts, and business affiliations. In addition, Vickery uncovered 1.34 billion email accounts. These are the accounts that will receive spam, or what RCM calls offers. Some of these records also contained personal information, such as full names, physical addresses, and IP addresses. “The natural response is to question whether the data set is real,” Vickery explained in his notes on the discovery.

http://www.csoonline.com/article/3176433/security/spammers-expose-their-entire-operation-through-bad-backups.html

For True Cyber Security, Using a USB Firewall Is Essential

Why should you trust this device? You shouldn’t! Trust nothing. But while, Fisk is selling them for 60 bucks a pop, the project is open source. You can know exactly what’s going on under the hood, and build it yourself. Or maybe there’s an IT guy at work that could help out. The project also comes recommended by Jamie Zawinski, a veteran programmer who has contributed to Mozilla, XEmacs, and early versions of the Netscape Navigator. Whether it’s this project that catches on or an improved version of the same concept, USB firewalls are a thing that needs to happen.

http://gizmodo.com/for-true-cyber-security-using-a-usb-firewall-is-essent-1792986118

//]]>