IT Security News Blast 4-11-2017

Cyber Attack 101: Criminals Go After U.S. Universities

During eight years of scanning the dark web—the portion of the Internet not indexed for open searches, where criminals covertly operate—researchers from the security firm ID Agent discovered nearly 14 million addresses and passwords belonging to faculty, staff, students and alumni available to cyber criminals. Of those, 79 percent of the credentials were placed there within the last year.

http://www.afcea.org/content/?q=cyber-attack-101-criminals-go-after-us-universities

As cities get smarter, hackers become more dangerous: This could stop them

Cyber-criminals could theoretically hijack systems to launch powerful distributed denial of service attacks or hold an entire city for ransom in extortion attacks, according to an analysis by Nicolas Reys, a consultant for cybersecurity services at Control Risks. He noted that attacks “could be designed to encrypt and cripple an entire city’s grid, with ransom demands likely to be considerable in such a scenario.”

http://www.cnbc.com/2017/04/09/as-cities-get-smarter-hackers-become-more-dangerous-this-could-stop-them.html

Federal Cybersecurity Bill Would Help State and Local Governments Ward Off Hackers

In a rare bipartisan move, a group of U.S. senators and House members introduced a bill last month that would help state and local governments beef up their cybersecurity efforts. The proposed State Cyber Resiliency Act, which does not have a dollar figure attached, would create a dedicated grant program to distribute money to states so they could set up and implement a plan for how to protect themselves against cybersecurity threats and better identify, detect, respond to and recover from attacks. A chunk of funding also would go to local governments.

http://www.governing.com/topics/public-justice-safety/sl-federal-bill-cybersecurity.html

Setting Up Security as a Business: 3 Best Practices for Security Execs

This is the moment that security professionals must change the view of security from a defensive “stop the bad guys” function to a strategic lever that is critical to sustain and drive the business. This “Business Operations Protection” mentality has been simmering for a long time within the security community, and there are three things its leaders must do make sure this mindset is accepted by the C-suite and board of directors.

http://www.darkreading.com/careers-and-people/setting-up-security-as-a-business-3-best-practices-for-security-execs/a/d-id/1328582?

Why utilities say grid security is the most pressing sector issue of 2017

In Utility Dive’s fourth annual State of the Electric Utility Survey, more than 600 utility professionals named cyber and physical security the most pressing concern for their companies, with 72% saying it is either “important” or “very important” today. […] “The Ukraine attack was well documented and it was well understood the same attack could happen in North America,” he told Utility Dive.  “And utilities are starting to share information on cyber-attacks and threats.”

http://www.utilitydive.com/news/why-utilities-say-grid-security-is-the-most-pressing-sector-issue-of-2017/440056/

Here’s where the Apple accounts hackers are threatening to wipe came from

By running Have I been pwned (HIBP) and having 2.6 billion accounts from various data breaches to refer to, I’ve got a great data set with which to reference incidents like this. I want to walk you through what I’ve found and ultimately how I’ve identified where the vast majority of accounts have come from. […] More than 98% of the email addresses had already appeared in data breaches loaded into HIBP. This says to me that they were almost certainly sourced from existing breaches[.]

https://www.troyhunt.com/heres-where-the-apple-accounts-hackers-are-threatening-to-wipe-came-from/

Cyber attack on Union Bank of India similar to Bangladesh heist: WSJ

A cyber attack on Union Bank of India last July began after an employee opened an email attachment releasing malware that allowed hackers to steal the state-run bank’s data, the Wall Street Journal reported on Monday. […] The opening of the email attachment, which looked like it had come from India’s central bank, initiated the malware that hackers used to steal Union Bank’s access codes for the Society for Worldwide Interbank Financial Telecommunication (SWIFT), a system that lenders use for international transactions.

http://www.reuters.com/article/us-union-bank-cyber-idUSKBN17C1WR

New York regulator wants other states to model cyber laws after its rules

New York’s cyber security rules took effect on March 1. […] The rules lay out steps that New York banks and insurers must take to protect their networks and customer data from hackers and disclose cyber events to state regulators. Firms, for example, must scrutinize security at third-party vendors that provide them goods and services. They must also perform risk assessments in order to design a cyber security program particular to them. Covered entities must annually certify compliance.

http://www.reuters.com/article/us-new-york-cyber-idUSKBN17B13K

Private sector’s national cybersecurity strategy contributions lacking

Crimes perpetrated by the likes of Edward Snowden, Chelsea Manning and the individual(s) who committed the alleged leak of the CIA’s highly sensitive cyber warfare tools have resulted in mind-blowing losses. Beyond those headline grabbers is a problem that gets less attention but poses a significant risk to critical national assets: the fact that private sector businesses operate — but do not adequately protect — a vast majority of the nation’s critical infrastructure and data.

http://searchcompliance.techtarget.com/opinion/Private-sectors-national-cybersecurity-strategy-contributions-lacking

Symantec Connects Cyber Attacks to CIA-Linked Hacking Tools

The files posted by WikiLeaks appear to show internal CIA discussions of various tools for hacking into phones, computers and other electronic gear, along with programming code for some of them, and multiple people familiar with the matter have told Reuters that the documents came from the CIA or its contractors. Symantec (symc, -0.49%) said it had connected at least 40 attacks in 16 countries to the tools obtained by WikiLeaks, though it followed company policy by not formally blaming the CIA.

http://fortune.com/2017/04/10/symantec-resesearch-cyber-attacks-cia/

Angry Shadow Brokers release password for suspected NSA hacking tools

Annoyed with the U.S. missile strike last week on an airfield in Syria, among other things, hacker group Shadow Brokers resurfaced on Saturday and released what they said was the password to files containing suspected National Security Agency tools they had earlier tried to sell. “Is appearing you are abandoning ‘your base’, ‘the movement’, and the peoples who getting you elected,” the group wrote in broken English in a letter to U.S. President Donald Trump posted online on Saturday. […] The group also announced its retirement, which coming a few days before Trump’s inauguration led to speculation that the Shadow Brokers was part of the hacking operations Russia had set up to allegedly help the new president get elected.

http://www.csoonline.com/article/3188607/security/angry-shadow-brokers-release-password-for-suspected-nsa-hacking-tools.html

Found in the wild: Vault7 hacking tools WikiLeaks says come from CIA

Malware that WikiLeaks purports belongs to the Central Intelligence Agency has been definitively tied to an advanced hacking operation that has been penetrating governments and private industries around the world for years, researchers from security firm Symantec say. Longhorn, as Symantec dubs the group, has infected governments and companies in the financial, telecommunications, energy, and aerospace industries since at least 2011 and possibly as early as 2007. The group has compromised 40 targets in at least 16 countries across the Middle East, Europe, Asia, Africa, and on one occasion, in the US, although that was probably a mistake.

https://arstechnica.com/security/2017/04/found-in-the-wild-vault7-hacking-tools-wikileaks-attributes-to-the-cia/

DARPA to eliminate “patch & pray” by baking chips with cybersecurity fortification

The research outfit will this month detail a new program called System Security Integrated Through Hardware and Firmware (SSITH) that has as one of its major goals to develop new integrated circuit architectures that lack the current software-accessible points of criminal entry, yet retain the computational functions and high-performance the integrated circuits were designed to deliver. Another goal of the program is the development of design tools that would become widely available so that hardware-anchored security would eventually become a standard feature of integrated circuits[.]

http://www.networkworld.com/article/3188632/security/darpa-to-eliminate-patch-and-pray-by-baking-chips-with-cybersecurity-fortification.html

Apple Mac OS Malware Spiked in Q4

Mac OS malware increased by 247% in the fourth quarter of 2016, according to a new report by McAfee Labs. The dramatic increase in Apple Mac OS malware samples went from 50,000 in Q3 2016 to about 320,000 in Q4. McAfee Labs VP Vincent Weafer says the increase can be partially attributed to hackers setting their sights beyond Windows targets. More people are using multi-platform environments in their homes and businesses, he explains, and attackers are taking advantage.

http://www.darkreading.com/attacks-breaches/apple-mac-os-malware-spiked-in-q4-/d/d-id/1328591?

Machine vs. machine battle has begun to de-fraud the internet of lies

Detecting false advertisements, bullies, and bots – all of these can be done with machine learning. It can even be applied to a politician’s tweets – to find out if they’ve been fibbing about where they’ve been, and when. […] As Sir Tim Berners-Lee won the ACM A.M. Turing Award last week, the timing of this next evolution of his Web could not be more appropriate. The Web needs to grow a meta-layer of error-checking and truth-telling. That will likely slow things down a bit, even as it helps us feel more assured that the fake can be suppressed.

https://www.theregister.co.uk/2017/04/10/machine_vs_machine_battle_has_begun_to_defraud_the_internet_of_lies/

Travel Routers, NAS Devices Among Easily Hacked IoT Devices

A researcher only needed 20 minutes last week to explain just how hopelessly broken some of the more popular Internet of Things devices on the market these days are. […] Hoersch started off his talk Tuesday by dissecting a travel router, M5250, made by TP-LINK, warning the device’s admin credentials can be fetched via a SMS. According to the researcher, if an attacker sends a SMS to the router, it sends back data, including login information like the name, SSID, and admin password, in plaintext.

https://threatpost.com/travel-routers-nas-devices-among-easily-hacked-iot-devices/124877/

Wonga database hacked: Nearly 270,000 customers could be affected

Wonga, a UK based credit provider has admitted that their website was compromised on Friday. According to a statement released by Wonga officials, the site’s security was compromised and that hackers have stolen customer’s information from their database. Because of this data breach, hackers have taken the information of around 245,000 UK customers and 25,000 Poland customers. The stolen data includes names, addresses, bank account numbers, sort codes, phone numbers and the last 4 digits of card number of the victims.

https://www.hackread.com/wonga-database-hacked-270000-customers-affected/

Internet Society tells G20 nations: The web must be fully encrypted

The Internet Society has called for the full encryption of the internet, decrying the fact that securing the digital world has increasingly become associated with restricting access to law enforcement. […] The G20 will meet in Hamburg in July and one of the main agenda topics is the “spread of digital technology” and its impact on economic growth. Notably, there will be a “digital affairs ministers conference” for the first time at the summit, and the importance of the topic was highlighted with a special two-day preparatory meeting last week attended by “ministers in charge of digitalization.”

https://www.theregister.co.uk/2017/04/10/internet_society_full_encryption/

Amazon third-party vendors breached with stolen credentials

The threat actors have reportedly changed the bank deposit information on the compromised accounts to steal tens of thousands of dollars from the users, several sellers and advertisers have said.The attackers also targeted accounts that hadn’t been recently used to post nonexistent merchandise for sale at steep discounts in an attempt to pocket the cash. It’s unclear how many accounts were compromised and the hack appears to have stemmed from email and password credentials stolen from a previous breach.

https://www.scmagazine.com/hackers-compromise-third-party-vendor-amazon-accounts/article/649665/

John McAfee kicked off NYSE stage at Cyber Investing Summit due to security concerns

As momentum for the event continued building, McAfee’s agent, Francois Garcia, said he was suddenly informed by Lachman that McAfee would not be allowed in the NYSE building due to “security concerns”, according to McAfee, who claims Lachman did not tell Garcia who she spoke with at NYSE. When we reached out to Lachman for comment on why McAfee was removed as keynote speaker, Lachman replied “Our official statement is as follows: We look forward to the May 23rd Cyber Investing Summit, which is on track to be our biggest and best event yet.” – Cyber Investing Summit Co-founder Lindsey Lachman.

http://www.csoonline.com/article/3188663/security/john-mcafee-kicked-off-nyse-stage-at-cyber-investing-summit-due-to-security-concerns.html