IT Security News Blast 4-17-2017

Financial Services Firms Report Spike in Cyber Preparedness, Anticipated Regulatory Scrutiny

86% of financial services firms intend to increase the time and resources they spend on cybersecurity in the next year.  This contrasts with 2016, when less than 60% said they planned to spend more resources and time on cybersecurity planning and initiatives.

31% of respondents expect cybersecurity to be the top priority for regulators this year – a 63% increase over 2016 when just 19% of respondents held this view.

21% of respondents believe that Anti-Money Laundering and “Know Your Customer” considerations – which are increasingly converging with cybersecurity and technology – will be a top regulatory focus.

http://www.darkreading.com/risk/financial-services-firms-report-spike-in-cyber-preparedness-anticipated-regulatory-scrutiny/d/d-id/1328627

Former OCR Advisor on HIPAA Compliance and Data Breaches: “This is a Management Problem, Not a User Problem”

The Department of Health and Human Services’ Office for Civil Rights (OCR) has stepped up its enforcement activities in recent years, and 2016 was a very busy year in Health Insurance Portability and Accountability Act (HIPAA) enforcement activity. In fact, last year saw unprecedented levels of enforcement actions, fines and aggregate HIPAA penalties being assessed. This past year also saw HHS OCR launch Phase 2 of its HIPAA Privacy, Security and Breach Notification Audit program.

https://www.healthcare-informatics.com/article/cybersecurity/former-ocr-advisor-hipaa-compliance-and-data-breaches-management-problem-not

FBI advice: Respect info security fundamentals … or else

a lack of respect for the fundamentals of information security can spell disaster. “No matter how complex the impact, oftentimes what we find at the end in a post-mortem is information security fundamentals are not being adhered to,” he said. “Log management, auditing, identity access management, training personnel on awareness and social engineering and spear-phishing, and inoculating employees to these vectors so they are more aware – these all are key.”

http://www.healthcareitnews.com/news/fbi-advice-respect-info-security-fundamentals-or-else

Tired: Stealing Data. Wired: Holding a Dam for Ransom

“What ransomware does is it creates a business model [in which] anybody who has money can potentially be extorted to pay[.] “There’s no reason not to think that criminals will see government assets like critical infrastructure as a target they can hold for ransom,” Grobman added. If hackers were able to seize the controls of a critical infrastructure asset such as a dam or airport where they could cause major property destruction and loss of life, the ransom demand could be huge, Grobman said, and there’s a good chance the asset owner or the government would have to pay up.

http://www.defenseone.com/threats/2017/04/tired-stealing-data-wired-holding-dam-ransom/136919/

Stories From Two Years in an IoT Honeypot

After planting vulnerable devices, mostly in the UK and his native Romania, Demeter was able to register 200 malicious or abusive IP addresses and almost 13 million hits from his honeypots. […] Demeter saw attackers attempt to carry out a variety of exploits – new and old – but broke down three of the more common ones in his talk. […] Many attacks tried to leverage an older vulnerability in the embedded webserver RomPager in order to change DNS server settings.  […] Demeter also saw attacks trying to execute commands via another vulnerability from 2014, ShellShock, and perhaps more interesting–especially given the freshness of the vulnerability–leverage last month’s Apache Struts 2 exploit.

https://threatpost.com/stories-from-two-years-in-an-iot-honeypot/124974/

Will Congress Help Fund New State and Local Cyberprograms?

The act would leverage the existing State Cyber Resiliency Grant program to: “Assist State, local, and tribal governments in preventing, preparing for, protecting against, and responding to cyber threats, which shall be administered by the Administrator of the Federal Emergency Management Agency.” Each state would be eligible to apply for grants after they submit an approved cyber-resiliency plan. The act has now been referred to many committees and subcommittees.

http://www.govtech.com/blogs/lohrmann-on-cybersecurity/will-congress-help-fund-new-state-and-local-cyber-programs.html

Don’t underestimate the cyberthreat from Syria and North Korea

As President Trump considers his options against Syria and North Korea, his advisers would do well to remind him that cyberwarfare has a way of leveling the battlefield between a second- or even third-rate military power and the world’s undisputed military superpower. Not as alarming as the specter of a North Korean intercontinental ballistic missile armed with a nuclear warhead, nor as worrisome as chemical or biological terrorism. But easier to carry out and much more likely.

https://www.washingtonpost.com/opinions/dont-underestimate-the-cyberthreat-from-syria-and-north-korea/2017/04/14/55f8101e-1b11-11e7-bcc2-7d1a0973e7b2_story.html

Trump’s CIA Director Calls Out Rogue Information Warriors

Nevertheless, he said, “it’s time to call out WikiLeaks for what it really is: a non-state, hostile intelligence service often abetted by state actors like Russia.” The organization “overwhelmingly focuses on the United States while seeking support from anti-democratic countries and organizations” to “use our free speech values against us,” Pompeo said. […] Pompeo also criticized Edward Snowden, saying a “staggering number” of terrorist groups and other foreign intelligence targets have changed the way they communicate as a direct result of the former NSA contractor’s disclosures.

https://www.technologyreview.com/s/604201/trumps-cia-director-calls-out-rogue-information-warriors/

Shadow Brokers Redux: Dump of NSA Tools Gets Even Worse

This dump also provides significant ammunition for those concerned with the US government developing and keeping 0-day exploits. Like both previous Shadow Brokers dumps, this batch contains vulnerabilities that the NSA clearly did not disclose even after the tools were stolen. This means either that the NSA can’t determine which tools were stolen—a troubling possibility post-Snowden—or that the NSA was aware of the breach but failed to disclose to vendors despite knowing an adversary had access. […] UPDATE: Further analysis suggests that at least one exploit will also successfully compromise Windows 10 without modification.

https://lawfareblog.com/shadow-brokers-redux-dump-nsa-tools-gets-even-worse

Major Leak Suggests NSA Was Deep in Middle East Banking System

The new leak includes evidence that the NSA hacked into EastNets, a Dubai-based firm that oversees payments in the global SWIFT transaction system for dozens of client banks and other firms, particularly in the Middle East. The leak includes detailed lists of hacked or potentially targeted computers, including those belonging to firms in Qatar, Dubai, Abu Dhabi, Syria, Yemen, and the Palestinian territories. Also included in the data dump, as in previous Shadow Brokers releases, are a load of fresh hacking tools, this time targeting a slew of Windows versions.

https://www.wired.com/2017/04/major-leak-suggests-nsa-deep-middle-east-banking-system/

Your Government’s Hacking Tools Are Not Safe

The actual value of the information included in each of these dumps varies, and some may not be all that helpful in and of themselves, but they still highlight a key point: hackers or other third parties can obtain powerful tools of cyber espionage that are supposedly secure. […] It’s as if someone posted a skeleton key online for breaking into an unimaginable number of locks. “What we learn from the disclosures and leaks of the last months is that unknown vulnerabilities are maintained secret even after they’ve been clearly lost, and that is plain irresponsible and unacceptable[.]

https://motherboard.vice.com/en_us/article/your-governments-hacking-tools-are-not-safe

Mysterious Microsoft patch killed 0days released by NSA-leaking Shadow Brokers

That’s because the critical vulnerabilities for four exploits previously believed to be zerodays were patched in March, exactly one month before a group called Shadow Brokers published Friday’s latest installment of weapons-grade attacks. Those updates—which Microsoft indexes as MS17-010, CVE-2017-0146, and CVE-2017-0147—make no mention of the person or group who reported the vulnerabilities to Microsoft. The lack of credit isn’t unprecedented, but it’s uncommon, and it’s generating speculation that the reporters were tied to the NSA.

https://arstechnica.com/security/2017/04/purported-shadow-brokers-0days-were-in-fact-killed-by-mysterious-patch/

How the FBI gets frontline intelligence about what’s on the dark web

A cadre of former intelligence officers is lurking on the dark recesses of the internet on behalf of federal law enforcement and a shortlist of wealthy clients. Insiders tell Chris Bing of CyberScoop that the relationships are especially distinct because the companies operate in a hazardous legal environment where they must constantly balance operational risks and client interests while maintaining the government’s trust.

https://www.fedscoop.com/fbi-gets-frontline-intelligence-whats-dark-web/

Military seeks civilians with high-tech skills to counter IS

The military is looking for new ways to bring in more civilians with high-tech skills who can help against IS and prepare for the new range of technological threats the nation will face. Nakasone said that means getting Guard and Reserve members with technical expertise in digital forensics, math crypto-analysis and writing computer code. The challenge is how to find them.

http://mtstandard.com/news/national/govt-and-politics/military-seeks-civilians-with-high-tech-skills-to-counter-is/article_7a99436d-13f3-520e-b12f-685e9d14ceb4.html

Someone Hacked Far-Right Group Britain First’ Website, Twitter and YouTube

Although it is unclear how the hack was conducted the hackers were able to compromise Britain First’s official YouTube channel, Twitter account of Paul Golding, the leader of Britain First and a convicted criminal and website of Jayda Fransen, the deputy Leader of Britain First. […] This is not the first time when a far-right group has suffered embarrassment by getting their online platforms compromised by hackers. In the past, hackers carried out successful cyber attacks on English Defence League (EDL) by defacing their website several times and also deleting their official Facebook page.

https://www.hackread.com/someone-hacked-far-right-group-britain-first/

Homeland Security’s cyber tool finds huge amount of ‘shadow IT’ in agencies

New cybersecurity tools being deployed across the U.S. government found huge numbers of uncatalogued and unmanaged computer devices connected to federal networks — a phenomenon known as “shadow IT” — necessitating urgent modifications to many hundreds of millions of dollars’ worth of contracts. Shaun Waterman reports for CyberScoop that cloud and mobile technologies weren’t included in the scans, because the tools — known as Continuous Diagnostics and Monitoring — aren’t tracking them yet. But CDM found everything from printers, PCs and laptops to “stuff like an Xbox,” one source said.

https://www.fedscoop.com/homeland-securitys-cyber-tool-finds-huge-amount-shadow-agencies/

The Steady Rise of Digital Border Searches

In the last six months, nearly 15,000 travelers had one of their devices searched at the border. Compare that to just 8,503 between October 2014 and October 2015, or 19,033 the following year. If CBP’s border searches continue at the current pace for the next six months, agents will search about 30,000 travelers by the end of the fiscal year. That would represent an increase of one-third from the previous year.

https://www.theatlantic.com/technology/archive/2017/04/the-steady-rise-of-digital-border-searches/522723/

9 Ways To Protect Your Aging Parent From Identity Theft

Con artists and cyber criminals prey on older Americans, exploiting what is often their limited understanding of online risks. Here are nine steps you can take to protect your parents from becoming identity theft victims[.]

https://www.forbes.com/sites/nextavenue/2017/04/14/9-ways-to-protect-your-parent-from-identity-theft/#127179b64af8

Cars with Vulnerable WIFI Dongle can be Hacked via Bluetooth

Argus wrote in their blog post that in the first vulnerability, the security flaw in the message filter allows an attacker with root privileges on the driver’s phone to send malicious CAN messages outside of the scope a small subset of diagnostic messages (i.e., OBDII PIDs) which can potentially have physical effects on the vehicle. The second vulnerability amplifies the effect of the first and eliminates the need for a compromised phone.

https://www.hackread.com/cars-with-vulnerable-wifi-dongle-can-be-hacked/

Surge in exploit kits last month, Check Point

In particular, the researchers detected a spike in the use of exploit kits in March, after a fallow period for most of the past year. Exploit kits are generally a type of hacking package disseminated via web servers that is able to detect vulnerabilities in software on devices connected to it and, once discovered, can exploit the flaws to launch malicious code to the victim machines. Available on the underground market, users need little knowledge of coding to put them to use.

https://www.scmagazine.com/surge-in-exploit-kits-last-month-check-point/article/650570/