IT Security News Blast 4-3-2017

Email security appears grounded as attacks continue to take flight

Recently inboxes have been hit by the so-called “airline phishing attack.” It is a new take on an old phishing email. It uses multiple techniques to capture sensitive data and deploy an advanced persistent threat (APT). […] The attacker will have researched his target, selecting the airline, destination and price so that these details look legitimate in the context of the company and the recipient, Barracuda reports. After getting the employee to open the email, an APT embedded in an email attachment goes into action. The attachment is typically formatted as a PDF or DOCX document.

http://www.csoonline.com/article/3185960/security/email-security-appears-grounded-as-attacks-continue-to-take-flight.html#tk.twt_cso

Lack of gender diversity hurts tech financially, Microsoft report

A recent survey of IT and tech leaders found that more that on average, the gender mix among their teams was 80 percent male and 20 percent female with 35 percent saying they didn’t plan to change this imbalance, according to Microsoft’s “UK Cloud Skills Report: Closing the Cloud Skills Chasm.” The study also found that a fifth of firms that employ between 250 and 999 staff have no female IT workers. To make matters worse, the existing shortage of tech talent is creating an even greater void.

https://www.scmagazine.com/gender-diversity-in-tech-critical-to-financial-success/article/647593/

Airports and nuclear power stations on terror alert as government officials warn of ‘credible’ cyber threat

Intelligence agencies believe that Islamic State of Iraq and the Levant (Isil) and other terrorist groups have developed ways to plant explosives in laptops and mobile phones that can evade airport security screening methods. It is this intelligence which is understood in the past fortnight to have led the US and Britain to ban travellers from a number of countries carrying laptops and large electronic devices on board.

http://www.telegraph.co.uk/news/2017/04/01/airports-nuclear-power-stations-terror-alert-government-officials/

Isis losing ground in online war against hackers after Westminster attack turns focus on internet propaganda

By creating a virtual “back door” into devices, it is able to activate cameras, log keystrokes, steal files, read phone messages, take screenshots, detect GPS locations and collect contacts from unsuspecting jihadis. The infiltration forced Isis to issue a warning to followers through Amaq’s encrypted Telegram channel, saying its latest Arabic language website had been “penetrated” by a virus, adding: “Please exercise caution.”

http://www.independent.co.uk/news/world/europe/isis-islamic-state-propaganda-online-hackers-westminster-whatsapp-amaq-cyber-attacks-paranoia-a7662171.html

Anonymous hacks ISIS website; infecting users with malware

Amaq, the official news agency of ISIS or Daesh terrorist group is informing its users about a potential compromise in the security of its website. According to them, the site has been hacked by Anonymous hackers and is now infecting thousands of users. When visiting the site, the following message keeps appearing: “The site ahead contains malware, and that attacker might attempt to install dangerous programs on your computer that steal or delete your information.”

https://www.hackread.com/anonymous-hacks-isis-site-with-malware/

Customized Malware: Confronting an Invisible Threat

Customized malware is malicious software that has been modified to evade detection by traditional security technologies. Customized malware comes in many forms, including ransomware. The most common delivery method is through inbound email, by a phishing or spearphishing attack. Because traditional antivirus products provide signature-based detection, only malware variants whose algorithms have already been identified are successfully quarantined. Therefore, the modified variants escape detection at an alarming rate.

http://www.darkreading.com/vulnerabilities—threats/advanced-threats/customized-malware-confronting-an-invisible-threat/a/d-id/1328524?

Commentary: Cybersecurity is the next economic battleground

Although the primary objective of this massive cybersecurity push is to safeguard Singapore against cyberattacks, it would be naïve to overlook the potential economic benefits from this campaign. Cybersecurity expenditures hit US$75 billion globally last year, and is expected to cross US$100 billion mark by 2020. Locally, the cybersecurity market is expected to generate 2,500 jobs by 2018, and reach S$900 million by 2020.

http://www.channelnewsasia.com/news/singapore/commentary-cybersecurity-is-the-next-economic-battleground/3637274.html

How AI can ‘change the locks’ in cybersecurity

At the heart of any AI system is the ability to learn. Some AI solutions learn from their local environment, while others learn strictly from a global context. Those that will win out are solutions that build some or all of their threat detection capability using data that only exists in a customer’s network environment and produce a type of moving defense unique to that environment. These include:

  •    A defense that is substantively different from enterprise to enterprise.
  •     A defense that evolves over time as it adapts to changes in its environment.
  •     And, most importantly, a defense that no attacker can completely scope out beforehand and know for certain they can defeat.

https://venturebeat.com/2017/04/01/how-ai-can-change-the-locks-in-cybersecurity/

Division Between IT and IoT Hurts Cybersecurity

“It is indeed harder to secure, especially for already deployed, smaller microprocessors, smaller odd protocol stack things that the IT organizations really have very little insight into,” Bigman said. He added that private and government consumers can’t always expect the IoT products they buy to have security built in when some of the processors in those devices are so small that they would break under the strain.

https://www.meritalk.com/articles/division-between-it-and-iot-hurts-cybersecurity/

Cyber-Security Threats Against Industrial IoT Grow

Virtually all the security experts participating in a recent survey expect an increase in IIoT attacks this year, and they don’t believe they are ready for the onslaught. Those are among the major findings of the “Foundational Controls and IIoT” study released by Tripwire, a provider of security, compliance and IT operations solutions. As industrial companies pursue the IIoT, threats can affect critical operations such as utilities and healthcare, threatening safety and the availability of services such as the electrical grid.

http://www.baselinemag.com/security/slideshows/cyber-security-threats-against-industrial-iot-grow.html

Comcast: We won’t sell browser history, and you can opt out of targeted ads

Comcast also said today that it complies with various federal and state laws regarding privacy and data security. But Comcast and other ISPs won’t have to comply with Federal Communications Commission rules that would have required opt-in consent before using or sharing browsing and app usage history. That’s because of House and Senate votes to eliminate the FCC rules, an action likely to be signed by President Donald Trump.

https://arstechnica.com/tech-policy/2017/03/comcast-we-wont-sell-browser-history-and-you-can-opt-out-of-targeted-ads/

Your Ship has Probably Been Cyber Attacked Already

It is expected that shipping companies and independent vessels could be next on the list for major cybercrime activity as it is as yet mainly unexplored territory for hackers who are only now starting to realise its huge potential as a target. Attacks now have the capability to obtain sensitive ECDIS, AIS and GPS data, to name but a few, so it is vital that the correct procedures and processes are in place to stop the worst from happening.

http://gcaptain.com/your-ship-has-probably-been-cyber-attacked-already/

Senate Russia hearing: Rubio divulges hack attempts

Rubio — a former primary opponent of President Donald Trump — announced at a Senate intelligence committee hearing on Russian meddling that during last year’s election his former campaign staff was targeted by hackers twice. Rubio said the attacks came from computers using IP addresses located in Russia — once in July of last year, after he announced he would run again for the Senate and again, Wednesday morning. IP addresses do not necessarily confirm who conducted hacking, as it is relatively easy for hackers to mask their location.

http://www.cnn.com/2017/03/30/politics/senate-intelligence-committee-hearing-russia/

iOS 10.3 Update Fixed 911 DDoS Attack Flaw And The Vulnerability Of Safari To Hackers

According to a report from Forbes, the issue about the DDoS attack was discovered in October 2016 by an 18-year-old iPhone app developer named Meetkumar Desai. Desai was able to discover the bug in the iPhone and planned to report it to Apple. The bug causes the iPhone to repeatedly dial 911 over and over without stopping, even if people try to hang-up the smartphone. The only way for the smartphone to stop dialing is to power it down. The bug problem started after people clicked the link that Desai shared on Twitter.

http://www.travelerstoday.com/articles/44365/20170401/ios-10-3-update-fixed-911-ddos-attack-flaw-vulnerability.htm

UAS Symposium: FAA Can’t Take On Cybersecurity Alone

“We cannot, because we’re a government agency, pay what a cybersecurity expert can make out in the industry because of the criticality of the subject matter,” Ryan said. “So this has been a challenge of ours for a very long time. And the discipline changes. If we don’t have the expertise internally, we have to go seek that expertise. And that’s exactly what this session is meant to help us do; it’s an exchange.”

http://www.aviationtoday.com/2017/03/31/uas-symposium-faa-cant-take-cybersecurity-alone/

Wikileaks releases code that could unmask CIA hacking operations

The release was of a repository of code for the CIA EDG’s obfuscation tools called Marble. The tools were used to conceal the signature of the implants developed by the CIA from malware scans, to make it more difficult to reverse-engineer them if they were detected, and to figure out where the malware came from. University of California at Berkeley computer security researcher Nicholas Weaver told the Washington Post’s Ellen Nakashima, “This appears to be one of the most technically damaging leaks ever done by WikiLeaks, as it seems designed to directly disrupt ongoing CIA operations.”

https://arstechnica.com/security/2017/04/wikileaks-releases-code-that-could-unmask-cia-hacking-operations/

Trump Extends Obama’s EO for Sanctioning Hackers

President Donald J. Trump has quietly extended for one year the “national emergency” executive order issued by his predecessor Barack Obama that ultimately led to the sanctions and retaliatory measures taken by the Obama administration against Russian officials for that nation’s role in hacking activities targeting the US election.

http://www.darkreading.com/risk/trump-extends-obamas-eo-for-sanctioning-hackers/d/d-id/1328536?

Access Password protected WiFi hotspots for free with Instabridge App

Free WiFi connection is a dream for everyone, thanks to the social media platforms keeping us addicted to the Internet. If you are one of those people who want to keep in touch with friends and family at all costs there is an app called “Instabridge” providing its users free WiFi access. The app uses a list of user-submitted WiFi connections to let others access them for free. So far, thousands of network credentials have been added to the database so it is very likely that you could find a network near to you and join it for free.

https://www.hackread.com/instabridge-app-for-password-protected-wifi-hotspots/

Kremlin-linked hacker crew’s tactics exposed

A report by SecureWorks’ Counter Threat Unit offers an analysis of the connection between the APT 28 crew and Russia’s Main Intelligence Directorate (GRU) as well as a look at the comprehensive toolkits the cyberspies have put together. APT 28 (AKA Fancy Bear) has moved beyond covert intelligence gathering using tactics such as email credential theft, exploit kits, the XAgent RAT (remote access trojan) and XTunnel backchannel tool, and an endpoint exploitation kit called Scaramouche.

https://www.theregister.co.uk/2017/03/31/apt_28_hacking_tactics/

Smart TV hack embeds attack code into broadcast signal—no access required

The proof-of-concept exploit uses a low-cost transmitter to embed malicious commands into a rogue TV signal. That signal is then broadcast to nearby devices. It worked against two fully updated TV models made by Samsung. By exploiting two known security flaws in the Web browsers running in the background, the attack was able to gain highly privileged root access to the TVs. By revising the attack to target similar browser bugs found in other sets, the technique would likely work on a much wider range of TVs.

https://arstechnica.com/security/2017/03/smart-tv-hack-embeds-attack-code-into-broadcast-signal-no-access-required/

It’s malware, my lord, in a flatbed scanner

A team of three Israeli security researchers released a proof-of-concept earlier this month demonstrating the possibility of remote attackers exploiting vulnerabilities in scanners to deliver malware. Using the light sensitivity of the scanner, they devised several methods to deliver data via a nearby laser, including one on a drone, and even sent from a passing car to a smart bulb within an organization’s environs. Their incursion could be used to launch ransomware attacks.

https://www.scmagazine.com/its-malware-my-lord-in-a-flatbed-scanner/article/647832/