IT Security News Blast 4-28-2017

Report: Cyber Attackers Using Simple Tactics, Tools to Target Healthcare, Other Industries

Overall, the report found that cyber attackers revealed new levels of ambition in 2016, “a year marked by extraordinary attacks, including multi-million dollar virtual bank heists, overt attempts to disrupt the US electoral process by state-sponsored groups, and some of the biggest distributed denial of service (DDoS) attacks on record powered by a botnet of Internet of Things (IoT) devices.”

https://www.healthcare-informatics.com/news-item/cybersecurity/report-cyber-attackers-using-simple-tactics-tools-target-healthcare-other

4 Industries Account for Majority of Global Ransomware Attacks

Ransomware is rapidly on the rise and four industry sectors are taking the largest hit, accounting for 77% of the action, according to NTT Security’s 2017 Global Threat Intelligence Report released today. The business and professional services sector accounted for 28% of the ransomware attacks, followed by government at 19%, and healthcare and the retail sectors both coming in at 15%, the report noted.

http://www.darkreading.com/attacks-breaches/4-industries-account-for-majority-of-global-ransomware-attacks/d/d-id/1328712

Machine learning and math can’t trump smart attackers

No matter how smart a machine learning algorithm is, it has a narrow focus and learns from a specific data set. By contrast, attackers possess so-called general intelligence and are able to think outside of the box. They can learn from context and benefit from inspiration, which no machine or algorithm can predict. Take self-driving cars as an example. These smart machines learn how to drive in an environment with road signs and pre-set rules. But what if someone covers all the signs or manipulates them?

https://www.welivesecurity.com/2017/04/25/machine-learning-math-cant-trump-smart-attackers/

Verizon DBIR Shows Attack Patterns Vary Widely By Industry

Data that Verizon collected from security incidents and data breaches that it investigated in 2016 showed, for instance, that financial and insurance companies suffered about six times as many breaches (364) from web application attacks as organizations in the information services sector (61). Similarly, Verizon’s dataset showed healthcare organizations suffered about 13 times as many breaches involving privilege misuse in 2016 compared to manufacturing companies—104 breaches to 8.

http://www.darkreading.com/attacks-breaches/verizon-dbir-shows-attack-patterns-vary-widely-by-industry/d/d-id/1328757?

EMV chips with that Chipotle PoS breach?

“We will refrain from providing additional commentary now or in the Q&A,” Chipotle’s Chief Financial Officer (CFO) John Hartung told Wall Street analysts during a Tuesday earnings conference call. “We anticipate notifying any affected customers as we get further clarity about the time frames and the restaurant locations that might have been affected.” Researchers say that failure to accept EMV chip cards makes retailers a bigger target as attackers become more sophisticated.

https://www.scmagazine.com/chipotle-announced-a-breach-of-its-payment-card-system/article/653103/

Russian-controlled telecom hijacks financial services’ Internet traffic

On Wednesday, large chunks of network traffic belonging to MasterCard, Visa, and more than two dozen other financial services companies were briefly routed through a Russian government-controlled telecom under unexplained circumstances that renew lingering questions about the trust and reliability of some of the most sensitive Internet communications. […] This would appear to be targeted to financial institutions. A typical cause of these errors [is] in some sort of internal traffic engineering, but it would seem strange that someone would limit their traffic engineering to mostly financial networks.”

https://arstechnica.com/security/2017/04/russian-controlled-telecom-hijacks-financial-services-internet-traffic/

Why businesses have the wrong cybersecurity mindset, and how they can fix it

“Building an impenetrable defense is no longer practical and the mentality of preventing all breaches is outdated,” Seth Robinson, senior director of technology analysis for CompTIA, said in a press release. “But a new, proactive approach combining technologies, procedures and education can help find problem areas before attackers discover them.”

http://www.techrepublic.com/article/why-businesses-have-the-wrong-cybersecurity-mindset-and-how-they-can-fix-it/

China tried to hack group linked to controversial missile defense system, US cybersecurity firm says

A cybersecurity firm in the United States believes state-sponsored Chinese hackers were trying to infiltrate an organization with connections to a US-built missile system in South Korea that Beijing firmly opposes. “China uses cyber espionage pretty regularly when Chinese interests are at stake to better understand facts on the ground,” John Hultquist, the director of cyber espionage analysis at FireEye, told CNN’s News Stream. “We have evidence that they targeted at least one party that has been associated with the missile placements.”

http://www.koreaherald.com/view.php?ud=20170427000945

Cyber attacks ten years on: from disruption to disinformation

Today is the tenth anniversary of the world’s first major coordinated “cyber attack” on a nation’s internet infrastructure. This little-known event set the scene for the onrush of cyber espionage, fake news and information wars we know today. In 2007, operators took advantage of political unrest to unleash a series of cyber measures on Estonia, as a possible form of retribution for symbolically rejecting a Soviet version of history. It was a new, coordinated approach that had never been seen before.

http://theconversation.com/cyber-attacks-ten-years-on-from-disruption-to-disinformation-75773

Lawsuit: Fox News group hacked, surveilled, and stalked ex-host Andrea Tantaros

[The] Defendants in this case subjected Ms. Tantaros to illegal electronic surveillance and computer hacking, and used that information (including, on information and belief, privileged attorney-client communications) to intimidate, terrorize, and crush her career through an endless stream of lewd, offensive, and career-damaging social media posts, blog entries and commentary, and high-profile “fake” media sites which Fox News (or its social influence contractors) owned or controlled.

https://arstechnica.com/tech-policy/2017/04/former-fox-news-host-claims-company-hacked-her-stalked-her-with-sock-puppets/

Facebook decides fake news isn’t crazy after all. It’s now a real problem

Penned by Facebook chief security officer Alex Stamos and security colleagues Jen Weedon and William Nuland, “Information Operations and Facebook” [PDF] describes an expansion of the company’s security focus from “traditional abusive behavior, such as account hacking, malware, spam and financial scams, to include more subtle and insidious forms of misuse, including attempts to manipulate civic discourse and deceive people.”

https://www.theregister.co.uk/2017/04/27/facebook_fake_news_security/

Vulnerability in Portrait Display service; millions of IoT devices affected

A simple bloatware used to serve as a virtual on-screen display has been found to have severe flaws. The worst part; it was used in millions of PCs and laptops including Fujitsu devices, HP devices and some of the Philips devices. You might have known this bloatware as “HP Display Assistant, HP Display Control, HP My Display, or HP Mobile Display Assistant, Fujitsu DisplayView Click, and Philips SmartControl.” If you ever used one of the above-mentioned ones there’s a good chance that you could be one of the affected victims.

https://www.hackread.com/vulnerability-in-portrait-display-service-iot-devices-affected/

Mysterious Hajime botnet has pwned 300,000 IoT devices

The steadily spreading Hajime IoT worm fights the Mirai botnet for control of easy-to-hack IoT products. The malware is billed as a vigilante-style internet clean-up operation but it might easily be abused as a resource for cyber-attacks, hence a growing concern among security watchers. […] The resiliency of Hajime surpasses Mirai, security researchers say. Features such as a peer-to-peer rather than centralised control network and hidden processes make it harder to interfere with the operation of Hajime (meaning “beginning” in Japanese) than comparable botnets.

https://www.theregister.co.uk/2017/04/27/hajime_iot_botnet/

The Time Has Arrived to Embrace Hackers

To a large degree, that’s happening already, she said, pointing to the Department of Defense’s Hack the Pentagon, Army and Air Force bug bounty programs as examples of hackers playing a bigger role in hardening defenses. She also said programs such as the Federal Trade Commission’s competition that solicited security solutions for connected devices and DARPA’s Cyber Grand Challenge represents a general recognition by lawmakers and boards of directors that awareness of threats and solutions are a mandate.

https://threatpost.com/the-time-has-arrived-to-embrace-hackers/125250/

Online scammers impersonating military service members

If you get a friend request or message on Facebook from a high-ranking military official, it’s probably fake. […] She said impostors are being bold and targeting high-ranking officials. Some of the impostors are looking for fame, or maybe trying to trick someone into romance, but most want to scam you out of your money. “What they end up doing is trying to use that trust relationship to develop relationships with people and maybe send money, for example,” said Dunkerley.

http://www.waff.com/story/35254242/cyber-criminals-impersonating-service-members-online

Report: Multiple groups likely collaborating on Shamoon malware campaign

“We found that the latest Shamoon campaigns… are connected to other notable campaigns, and the increase in sophistication suggests investment, collaboration and coordination beyond that of a single hacker group,” McAfee explains in blog post co-authored by Raj Samani, chief scientist, and Christiaan Beek, lead scientist and principal engineer. Rather, the campaign appears more in line with “the comprehensive operation of a nation-state,” the report continues.

https://www.scmagazine.com/report-multiple-groups-likely-collaborating-on-shamoon-malware-campaign/article/653385/

Ransomware attacks are taking a greater toll on victim’s wallets

The hackers spreading ransomware are getting greedier. In 2016, the average ransom demand to free computers hit with the infection rose to US$1,077, up from $294 the year before, according to security firm Symantec. “Attackers clearly think that there’s more to be squeezed from victims,” Symantec said in a Wednesday report. In addition, the security firm has been detecting more ransomware infection attempts. In 2016, the figure jumped by 36 percent from the year prior.

http://www.csoonline.com/article/3192864/security/ransomware-attacks-are-taking-a-greater-toll-on-victims-wallets.html

Foiled! 15 tricks to hold off the hackers

Each year, a few hackers do something truly new. But for the most part, hackers repeat the tried and true. It doesn’t take a supergenius to check for missing patches or craft a social engineering attack. Hacking by and large is tradework: Once you learn a few tricks and tools, the rest becomes routine. The truly inspired work is that of security defenders, those who successfully hack the hackers. Following are some of the most clever tricks in use today by computer security defenders in foiling hackers.

http://www.networkworld.com/article/3192850/security/foiled-15-tricks-to-hold-off-the-hackers.html

Machine-learning-based solution to help combat phishing

When it comes to hacking, phishing is one of the oldest tricks in the book. According to IBM security research, some 30 percent of phishing e-mails are opened by targeted recipients. Additionally, the attacks are becoming more advanced and harder to detect at first glance. A new machine-learning-based security solution could help businesses detect phishing sites up to 250 percent faster than other methods.

http://www.homelandsecuritynewswire.com/dr20170428-machinelearningbased-solution-to-help-combat-phishing

====

Archived articles from the IT Security news blast are at https://criticalinformatics.com/it-security-news/

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.