IT Security News Blast 4-20-2017

Healthcare organizations’ employees pose cybersecurity risk

The HIMSS Analytics data somewhat mirrors concerns raised by a recent survey by KLAS Research and the College for Healthcare Information Management Executives, which found that fewer than half of surveyed organizations have a vice president or C-suite executive leading cybsecurity efforts, and just under two-thirds talk about security quarterly at board meetings.

http://www.modernhealthcare.com/article/20170418/NEWS/170419865

The Cost Of Cyber Breach — How Much Your Company Should Budget

The board and executives of organizations must protect the assets of the business. Seven out of ten Target board members were ousted and the CEO was fired — they had no visibility into the risk that cyber had on the business. Cyber risk must be understood in dollars and cents to communicate in a language that the board and executives understand. Only then can senior executives have a cyber strategy that allows them to protect the assets properly.

https://www.forbes.com/sites/christopherskroupa/2017/04/19/the-cost-of-cyber-breach-how-much-your-company-should-budget/#6c60e10dce74

Protecting vital water infrastructure

The most prominent and likely forms of terrorist attack on the water sector include the intentional release of chemical, biological, and radiological contaminants into the water supply or wastewater systems, disruption of service from explosions, and breaches in cybersecurity. The water sector is complex, composed of drinking water and wastewater infrastructure of varying sizes and types of ownership. The sector has its own unique risks driving sector security and resilience activities, including threats, vulnerabilities, and consequences.

http://www.csoonline.com/article/3190651/critical-infrastructure/protecting-vital-water-infrastructure.html

Extreme Cybersecurity Visibility: You Can’t Secure What You Can’t Measure

But finding the right products to provide those capabilities is one of the most challenging aspects of the entire portfolio creation process. So I’ve spoken to executives from seven different security product firms to understand how their products fit into the larger framework. Here’s some of Hooper’s thinking about how to create a balanced portfolio of security products to meet your needs.

https://www.forbes.com/sites/danwoods/2017/04/19/extreme-cybersecurity-visibility-you-cant-secure-what-you-cant-measure/#d7026ae6ba96

What to do first when hit by a cyber attack

Do you have any corroborating evidence? For example, if the IDS (intrusion detection system) detects a brute force attack against the website, do web logs support this having occurred? Or, if a user reports a suspected phishing attack, has this email been received by other users and did the user click on links or open documents? You also need to think about answering questions about the nature of the incident. Is it a generic malware infection, or an active system hack?  Is there an intentional denial of service (DoS) attack in progress and is this an incidence of deliberate insider action?

http://www.computerweekly.com/opinion/What-to-do-first-when-hit-by-a-cyber-attack

Cyber Attack Hits 1,200 InterContinental Hotels in United States

The company declined to say how many payment cards were stolen in the attack, the latest in a hacking spree on prominent hospitality companies including Hyatt Hotels Corp, Hilton, and Starwood Hotels, now owned by Marriott International Inc. The breach lasted from September 29 to December 29, InterContinental spokesman Neil Hirsch said on Wednesday. He declined to say if losses were covered by insurance or what financial impact the hacking might have on the hotels that were compromised, which also included Hotel Indigo, Candlewood Suites and Staybridge Suites properties.

http://www.foxbusiness.com/markets/2017/04/19/cyber-attack-hits-1200-intercontinental-hotels-in-united-states.html

‘46%’ of British businesses experienced cyber attack – ‘vendors’ to blame

This proportion of vulnerability increases with medium and large organisations. Two-thirds of these suffered a breach or attack. The most common breach was a result of fraudulent emails containing viruses or malware being sent to corporation employees. The results were based on a government survey of 1,500 UK businesses, including 30 in-depth interviews.

http://www.information-age.com/46-british-businesses-experienced-cyber-attack-breach-123465807/

Chinese Military Prepares for New Cyber Focus, Streamlined Force

The plan would see the establishment of 84 units at the combined corps level. These units, headed by major generals or rear admirals, would fall under the five military area commands and 15 agencies that were already regrouped last year from seven military area commands and four military departments, respectively, Reuters reported Wednesday. The reforms would introduce a greater focus on electronic warfare and help the military transition into an “indestructible combat force” by 2020, Xi said, according to an article published Tuesday by China’s official Xinhua News Agency.

http://www.newsweek.com/chinese-military-prepares-massive-changes-new-cyber-division-586313

Tanium exposed hospital’s IT while using its network in sales demos

Starting in 2012, Tanium apparently had a secret weapon to help it compete with the wave of newcomers, which the company’s executives used in sales demonstrations: a live customer network they could tap into for product demonstrations. There was just one problem: the customer didn’t know that Tanium was using its network. And since the customer was a hospital, the Tanium demos—which numbered in the hundreds between 2012 and 2015, according to a Wall Street Journal report—exposed live, sensitive information about the hospital’s IT systems. Until recently, some of that data was shown in publicly posted videos.

https://arstechnica.com/security/2017/04/security-vendor-uses-hospitals-network-for-unauthorized-sales-demos/

Monster rivalry forming between IoT botnets Mirai and Hajime

[Rebooting] a device infected by Hajime would reopen its vulnerable ports again, leaving it susceptible once again to Mirai. “And so, we are left with embedded devices stuck in a sort of Groundhog Day time loop scenario,” Grange wrote in the blog post. “One day a device may belong to the Mirai botnet, after the next reboot it could belong to Hajime, then the next any of the many other IoT malware/worms that are out there scanning for devices with hardcoded passwords. This cycle will continue with each reboot until the device is updated with a newer, more secure firmware.”

https://www.scmagazine.com/monster-rivalry-forming-between-iot-botnets-mirai-and-hajime/article/651643/

A vigilante hacker may have built a computer worm to protect the IoT

The worm, known as Hajime, has infected tens of thousands of easy-to-hack products such as DVRs, internet cameras, and routers. However, the program so far hasn’t done anything malicious. Instead, the worm has been preventing a notorious malware known as Mirai from infecting the same devices. It’s also been carrying a message written from its developer. “Just a white hat, securing some systems,” the message reads. “Stay sharp!”

http://www.csoonline.com/article/3191092/security/a-vigilante-hacker-may-have-built-a-computer-worm-to-protect-the-iot.html

Workers like to circumvent corporate cybersecurity policies, study

While inappropriate internet use was to blame some of the breaches in security protocol, malicious threats were also responsible for some of the unauthorized activity. The report found that 60 percent of all attacks are carried out by insiders and 68 percent of all insider breaches were due to simple negligence, while 22 percent were from malicious activity by a staffer and 10 percent were related to credential theft.

https://www.scmagazine.com/study-finds-most-employees-actively-circumventing-security-protocols/article/651335/

Tons of Apps on Google Play Store Infected with BankBot Malware

Once downloaded, the malware tricks users into gaining administrative privileges before removing the icon of the app, letting the user think that the app has been deleted. In reality, however, the app continues to work in the background! That’s not all; the Botnet is designed to display fake screens disguised as banking apps, encouraging the users to put credit card information and other login credentials. As soon as the app gets what it wants, the credentials are then passed on to the hacker through a control and command (C&C) server.

https://www.hackread.com/google-play-store-apps-bankbot-malware/

Snowden Says Mass Surveillance Programs ‘Are About Power’

“Surveillance technologies have outpaced democratic controls,” said Snowden, who joined the event via satellite. “A generation ago, surveillance was extremely expensive … there was a natural limitation because governments had to spend extraordinary sums to track individual people.” Today, the dynamic is reversed. One person in front of a monitor can track “an unimaginably large” number of people, he continued. The NSA’s surveillance program, deployed in secret and with “serious constitutional implications,” he said, is an example.

http://www.darkreading.com/vulnerabilities—threats/snowden-says-mass-surveillance-programs-are-about-power/a/d-id/1328678?

We’re spying on you for your own protection, says NSA, FBI

A new factsheet by the NSA and FBI has laid bare ludicrous contradictions in how US intelligence agencies choose to interpret a law designed to prevent spying on American citizens, but which they use to achieve exactly that end. […] The document even claims that it is surveilling US citizens for their own protection while at the same time claiming that it is not doing so. The obvious and painful contradictions within the 10-page document [PDF] are testament to the very reason why the factsheet had to be prepared in the first place: Congress is threatening not to renew the legislation due to the intelligence agencies’ willful misrepresentation of the law to perform the very activities it was designed to prevent.

https://www.theregister.co.uk/2017/04/19/nsa_fbi_spy_on_us_for_our_protection/

Record Oracle Patch Update Addresses ShadowBrokers, Struts 2 Vulnerabilities

In all, Oracle admins have a tall order with 299 patches across most of the company’s product lines; 162 of the vulnerabilities are remotely exploitable. Two Solaris exploits were leaked by the mysterious ShadowBrokers last Friday. The Solaris attacks were included among a rash of other exploits including a laundry list of Windows attacks, many of which had already been patched by Microsoft prior to last Friday’s dump.

https://threatpost.com/record-oracle-patch-update-addresses-shadowbrokers-struts-2-vulnerabilities/125046/

Microsoft turns two-factor authentication into one-factor by ditching password

Microsoft Authenticator is a pleasant enough two-factor authentication app. You can use it to generate numeric authentication codes for accounts on Google, Facebook, Twitter, and indeed, any other service that uses a standard one-time password. […] But for Microsoft accounts, Redmond is offering something new: getting rid of that first password and using just the phone to authenticate. With phone-based authentication enabled, after entering your Microsoft Account e-mail address, you’ll receive an alert on your phone. From that alert, you can either approve or reject the authentication attempt—no password necessary.

https://arstechnica.com/information-technology/2017/04/microsoft-turns-two-factor-authentication-into-one-factor-by-ditching-password/

Feds face big obstacle in cyber efforts: Geography

There’s a major overlooked challenge in the government’s struggle to shore up its cybersecurity, experts say: the location of the nation’s capital. Most of the federal government’s cybersecurity operations are run out of Washington, D.C., far from the technology hubs of California, Texas and Massachusetts, where many tech professionals live and work. But, say experts, those hubs may be the secret to meeting a growing shortage in the federal information technology workforce.

http://thehill.com/policy/cybersecurity/329401-feds-face-big-obstacle-in-cyber-efforts-geography

Big data study of disaster-related social media language helps first responders

Researchers explore how the properties of language style used in social media — particularly on Twitter — can help first responders quickly identify areas of need during a disaster. The researchers analyzed several hundred thousand tweets from social media users located in and around the areas where Hurricane Sandy, the Oklahoma tornadoes, and the Boston Marathon bombing occurred.

http://www.homelandsecuritynewswire.com/dr20170419-big-data-study-of-disasterrelated-social-media-language-helps-first-responders

 

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.