IT Security News Blast 4-10-2017

Hacker sets off all 156 emergency sirens in Dallas

The sirens started sounding at 11:42 p.m. Friday and continued until 1:17 a.m. Saturday. The blaring sirens, used primarily to warn of tornadoes and other severe weather, prompted anxious residents to call 911, clogging up that system. At one point, 911 calls were backed up for six minutes instead of the normal wait time of 10 seconds. […] “This is yet another serious example of the need for us to upgrade and better safeguard our city’s technology infrastructure,” he posted on Facebook. “It’s a costly proposition, which is why every dollar of taxpayer money must be spent with critical needs such as this in mind. Making the necessary improvements is imperative for the safety of our citizens.”

https://www.usatoday.com/story/news/2017/04/08/hacker-triggers-all-156-emergency-sirens-dallas/100212412/

Water Utility Cyberattack Rings Up Hefty Data Charges

As the hackers took command and used the routers for other purposes, the authority’s cellular data bill soared — from an average of $US 300 a month to $US 45,000 in December and $US 53,000 in January. Details of the government’s report on the incident were described to Circle of Blue by Michael Preston, who works on security issues with the National Rural Water Association, and others who read the briefing.

http://www.circleofblue.org/2017/water-management/water-utility-cyberattack-rings-hefty-data-charges/

Cyber Watchers Fear Hackers Could Hold Government, Infrastructure Hostage

“There’s no reason not to think that criminals will see government assets like critical infrastructure as a target they can hold for ransom,” Grobman added. If hackers were able to seize the controls of a critical infrastructure asset such as a dam or airport where they could cause major property destruction and loss of life, the ransom demand could be huge, Grobman said, and there’s a good chance the asset owner or the government would have to pay up.

http://www.nextgov.com/cybersecurity/2017/04/cyber-watchers-fear-hackers-could-hold-government-infrastructure-hostage/136846/

Power grid leaders worry that a cyberattack is looming

The potential for a major cyberattack against the nation’s power system is at an all-time high, according to the industry group representing electrical grid operators. […] The Department of Homeland Security received reports of 59 cyber-incidents at energy facilities last year, up nearly a third from the year before. That brings the number of such incidents in the industry to more than 400 since 2011, according to Homeland Security data show. But security specialists say that’s likely a conservative number because energy companies aren’t required to report cyberattacks to the U.S. government.

http://www.houstonchronicle.com/business/article/Power-grid-leaders-worry-that-a-cyberattack-is-11058322.php

Criminals Prepare For Global Cyberattack With Sundown Exploit Kit

While the Sundown developers have added a lot of new functionality, they also got rid of some useless features. Removing the original identifiers – or most of them, at least – makes the revised Sundown exploit kit virtually impossible to detect. Moreover, the numeric subfolders and filenames, as well as the previous iteration’s file extensions, have all been stripped out of the source code. In a way, one could argue Sundown has gotten a new lease on life and is starting out with a clean slate.

https://themerkle.com/criminals-prepare-for-global-cyberattack-with-sundown-exploit-kit/

WikiLeaks just dropped the CIA’s secret how-to for infecting Windows

Friday’s installment includes 27 documents related to “Grasshopper,” the codename for a set of software tools used to build customized malware for Windows-based computers. The Grasshopper framework provides building blocks that can be combined in unique ways to suit the requirements of a given surveillance or intelligence operation. The documents are likely to be of interest to potential CIA targets looking for signatures and other signs indicating their Windows systems were hacked.

https://arstechnica.com/tech-policy/2017/04/wikileaks-just-dropped-the-cias-secret-how-to-for-infecting-windows/

Baseband Zero Day Exposes Millions of Mobile Phones to Attack

In one attack scenario, the vulnerability could be used by attackers to execute a memory-corruption attack against vulnerable devices over the air. […] Baseband vulnerabilities give attackers the ability to monitor a phone’s communications, place calls, send premium SMS messages or cause large data transfers unbeknownst to the owner of the phone. […] Offensive testing of this technology is also risky, considering wiretapping laws that make it federal offense to illegally intercept licensed frequencies used by wireless carriers.

https://threatpost.com/baseband-zero-day-exposes-millions-of-mobile-phones-to-attack/124833/

Forget Mirai – Brickerbot malware will kill your crap IoT devices

“The Bricker Bot attack used Telnet brute force – the same exploit vector used by Mirai – to breach a victim’s devices,” Radware’s advisory states. […] Brickerbot then flushes all iptables firewall and NAT rules and adds a rule to drop all outgoing packets. Finally it tries to wipe all code on the affected devices and render them useless – a permanent denial of service. To block the attack, the key factor is disabling Telnet and changing the device’s factory-set passwords. Radware also recommends using intrusion prevention systems to lock down devices.

https://www.theregister.co.uk/2017/04/08/brickerbot_malware_kills_iot_devices/

Researcher Warns SIEMs Are Weak Link In Network Security Chain

“SIEMs are a one-stop shop for attackers. Nobody has these locked down. And once they gain a toehold on the SIEM box, an adversary has a map and keys to do what they want on the network,” he said. While SIEMs are used as defensive tools to analyze events on a network, weak or default credentials often used by network administrators coupled with complex installations make them prime targets.

https://threatpost.com/researcher-warns-siems-are-weak-link-in-network-security-chain/124864/

McAfee: Hackers Use Their Own Form of “Fake News” In Cyberattacks

Hackers have been known to launch large-scale decoy attacks to distract and overwhelm a victim, so they can slip in a more subtle and damaging exploit, says Vincent Weafer, vice president of McAfee Labs. […]But a DDoS attack can also be a “noisy” crisis, intended just to attract a lot of attention and keep the victim occupied, Weafer says. “The defender spends time focusing on it, even feels good about their efforts, while the hacker is launching a separate and more deadly attack,” Weafer says.

http://www.xconomy.com/san-francisco/2017/04/07/mcafee-hackers-use-their-own-form-of-fake-news-in-cyberattacks/#

North Korea’s failed missile test could have been caused by US cyber-attack, expert suggests

The US has engaged in a programme to sabotage North Korean rocket tests since 2014, known as the ‘left of launch’ strategy. It was introduced by Barack Obama in an attempt to stem North Korean progress in weapons testing. Cyber warfare and subterfuge is used to damage missile components and functionality. […] He added: “There is a possibility that the North’s supply chain for components has been deliberately infected, and they might never know. “It is quite possible that parts that they are importing are intentionally faulty because, through history, there have been similar attempts to sabotage an enemy’s capabilities.”

http://www.independent.co.uk/news/world/asia/north-korea-missile-test-fail-us-cyber-attack-barack-obama-kim-jong-un-intervention-a7669686.html

Hackers Leak Passwords to NSA’s “Top Secret Arsenal” against Trump’s Policies

According to researchers, the password leaked by the group unlocks the hacking tools, which include servers belonging to universities and companies allegedly used to deploy malware.  […] Since the researchers have concluded the data to be legit the fact that it’s online for anyone to download will lead to devastating results for the NSA. At the time of publishing this article, there was no comment from the NSA or Pakistan’s mobile network over the hacking of their system.

https://www.hackread.com/hackers-leak-passwords-to-nsa-top-secret-arsenal/

Germany to use ‘offensive measures’ against cyber attacks

“If the German military’s networks are attacked, then we can defend ourselves. As soon as an attack endangers the functional and operational readiness of combat forces, we can respond with offensive measures,” she said. She added that the German military could be called in to help in the event of cyber attacks on other governmental institutions. During foreign missions, its actions would be governed and bounded by the underlying parliamentary mandate. Any legal questions would be addressed by the military in close cooperation with other government agencies, she added.

https://www.geo.tv/latest/136973-Germany-to-use-offensive-measures-against-cyber-attacks

Cybersecurity vendors spin up channel partner programs

Potential plusses for MSP partners and resellers include access to training, more favorable licensing approaches and the availability of more product options to address customers’ IT security needs. […] “A lot of our partners’ business models are changing,” she said, noting that some resellers are developing a hybrid approach in which they become more of a service provider.

http://searchitchannel.techtarget.com/news/450416525/Cybersecurity-vendors-spin-up-channel-partner-programs

How AIG’s Cyber Security Gamble Could Pay Off

American International Group (AIG) has recently begun offering personal cyber security insurance plans to individuals. The company appears to be riding a wave of individuals’ fears about losing online data or having their bank accounts emptied, and should find success with wealthier customers who have a lot to lose. But it remains to be seen whether ordinary consumers will come to regard cyber security insurance as a necessary expense.

http://fortune.com/2017/04/08/cyber-security-insurance-cybersecurity-aig-2017-tools-news/

Combating information and disinformation campaigns

[The] reported Russian meddling in the 2016 U.S. election — and the elections of other Western democracies — compounded with the official standing up of an information operations wing in the Russian military, has forced a reevaluation of information warfare within U.S. ranks. The alleged Russian influence operation serves as somewhat of a wake-up call. […] Some in the cyber business, such as James Miller, a member of the Defense Science Board and the former undersecretary of defense for policy, believe cyber can be a tool to knock down fake news and remove host websites.

http://www.c4isrnet.com/articles/combating-information-and-disinformation-campaigns

Twitter pulls lawsuit after US government backs down

Twitter said it filed the lawsuit after warning the government it would do so if the request was not withdrawn. On Friday, a day after Twitter delivered on its threat and after a heap of media coverage, the government withdrew its request. “The speed with which the government buckled shows just how blatantly unconstitutional its demand was in the first place,” said Esha Bhandari, an attorney for the American Civil Liberties Union, which was representing the Twitter user in the case.

http://www.networkworld.com/article/3188467/social-networking/twitter-pulls-lawsuit-after-us-government-backs-down.html

US lawmakers demand to know how many residents are under surveillance

Committee members have been seeking an estimate of the surveillance numbers from the ODNI for a year now. Other lawmakers have been asking for the surveillance numbers since 2011, but ODNI has failed to provide them. The law that gives the NSA broad authority to spy on people overseas expires at the end of the year, and it’s “imperative” that lawmakers understand the impact on U.S. residents before they extend the surveillance authority, the letter said.

http://www.csoonline.com/article/3188424/security/us-lawmakers-demand-to-know-how-many-residents-are-under-surveillance.html

A Cyber Bill of Rights

How much freedom of speech does the First Amendment grant as soon as said speech is online? Are digital communications such as emails protected from unlawful search and seizers under the Fourth Amendment? And how does the Fifth Amendment apply to medical information? Some have even questioned if the Second Amendment provides a right to bear encryption and called for additional legislation to consider internet access a basic right and more. A growing body of cases raises the question of how much protection Americans have under the existing Bill of Rights, how these rights are interpreted when modern technology factors into the equation, and even if a more pointed Cyber Bill of Rights is necessary to ensure internet security and freedom.

https://www.scmagazine.com/a-cyber-bill-of-rights/article/649066/

Democrats draft laws in futile attempt to protect US internet privacy

Less than a week after President Trump signed the law allowing ISPs to sell customers’ browsing habits to advertisers, Democratic politicians are introducing bills to stop the practice. On Thursday, Senator Ed Markey (D-MA) submitted a bill [PDF] that would enshrine the FCC privacy rules proposed during the Obama administration into law – the rules just shot down by the Trump administration. Americans would have to opt in to allowing ISPs to sell their browsing data under the proposed legislation, and ISPs would have to take greater care to protect their servers from hacking attacks.

https://www.theregister.co.uk/2017/04/06/democrats_move_to_restore_internet_privacy/

Booby-trapped Word documents in the wild exploit critical Microsoft 0day

The attack is notable for several reasons. First, it bypasses most exploit mitigations: This capability allows it to work even against Windows 10, which security experts widely agree is Microsoft’s most secure operating system to date. Second, unlike the vast majority of the Word exploits seen in the wild over the past few years, this new attack doesn’t require targets to enable macros. Last, before terminating, the exploit opens a decoy Word document in an attempt to hide any sign of the attack that just happened.

https://arstechnica.com/security/2017/04/booby-trapped-word-documents-in-the-wild-exploit-critical-microsoft-0day/

Google expands automatic “fact check” insertion into search results

When Google determines that a search is worth a fact-check notice, that data will be placed at the very top of those search results. It will always tell users what the claim is, who claimed it, and what a fact-checking organization determined about that claim. […] Google lists some of the data points that its bots seek, including a requirement that “analysis must be transparent about sources and methods, with citations and references to primary sources.” How robots confirm that kind of content “algorithmically” without human intervention is unclear.

https://arstechnica.com/business/2017/04/google-expands-automatic-fact-check-insertion-into-search-results/