IT Security News Blast 4-5-2017

Artificial Intelligence Can’t Replace Human Touch in Cybersecurity

Companies seeking a quick fix with artificial intelligence (AI)-enabled cybersecurity systems shouldn’t neglect the essential role that humans play in protecting computers, data and networks from attack or unauthorized access, industry professionals told Bloomberg BNA. “While we are certainly moving toward more automation across all industries, there will always be a need for human intervention in cybersecurity,” Symantec Corp. Chief Technology Officer Hugh Thompson told Bloomberg BNA.

https://www.bna.com/artificial-intelligence-cant-n57982086179/

30 percent of malware is ‘zero-day,’ finds new WatchGuard cybersecurity study

As a maker of security appliances, it’s in Watchguard’s interest to point out the threats that traditional antivirus solutions are missing. But the underlying data provides a unique view into the evolving landscape of cybersecurity threats. Among other findings, the study cites an increase in JavaScript as a mechanism for delivering malware in email and over the web. Watchguard also found that 73 percent of the top attacks targeted web browsers via drive-by downloads, which occur simply by visiting a malicious site.

http://www.geekwire.com/2017/zero-day-threats-make-30-malware-new-watchguard-cybersecurity-study/

Knowing when a trusted insider becomes a threat

Continuous trustworthiness is to my mind a data-informed, analytical way to dynamically prioritize (and reprioritize) the risk a person’s actions pose to an enterprise. It requires that we first build a mathematical model with predetermined thresholds for what trustworthy behaviors and characteristics—and threatening ones —look like. Then relevant data can be identified and applied to the model so that significant issues, such as a felony arrest, are known or so that deviations from a person’s normal life patterns may be detected early[.]

http://www.networkworld.com/article/3186658/analytics/knowing-when-a-trusted-insider-becomes-a-threat.html

Drive-by Wi-Fi i-Thing attack, oh my!

Apple hasn’t provided much detail, but you don’t want to ignore the latest iOS release – 10.3.1 – because it plugs a very nasty Wi-Fi vulnerability. Cupertino has rushed out the emergency patch because: “An attacker within range may be able to execute arbitrary code on the Wi-Fi chip” – meaning, presumably, that malicious packets gave attackers a vector. The fix for the bug, which Apple attributes to Gal Beniamini of Google’s Project Zero, was a buffer overflow fixed by better input validation.

https://www.theregister.co.uk/2017/04/03/driveby_wifi_ithing_fix/

Skype Users Hit By Fake Flash Player Download Malware Scam

A few days ago Skype users noticed that the instant messaging service served a malicious malware masquerading as fake Flash player update. Several users reported this incident on Twitter and Reddit and explained that they noticed an ad which was prompting them to download a malicious file disguised as “Flash player.” […] The so-called “flash player update” was an HTA file (HTML application file) and was designed to execute a PowerShell script to download a payload.

https://www.hackread.com/skype-users-hit-by-fake-flash-player-malware-scam/

A Cyber Coverage Warning for Hospitality Insureds

On March 27, 2017, St. Paul Fire & Marine Insurance Co. (St. Paul) filed suit against its insured, a subsidiary of the Rosen Hotels and Resorts of Orlando, and asked the court to find that it did not owe coverage for over $2 million in damages incurred by the hotel group resulting from a data breach of the hotel group’s credit card payment network. […] After retaining forensic investigators, Rosen discovered that malware had been installed on its credit card payment network and that cards used at its properties between September 2014 and February 2016 may have been affected by the breach, thus during and after the St. Paul policy period.

http://www.lexology.com/library/detail.aspx?g=e65ecae5-6df6-4625-89ed-80a959a55bc6

Hackers Are Emptying ATMs With a Single Drilled Hole and $15 Worth of Gear

Researchers from the Russian security firm Kaspersky on Monday detailed a new ATM-emptying attack, one that mixes digital savvy with a very precise form of physical penetration. Kaspersky’s team has even reverse engineered and demonstrated the attack, using only a portable power drill and a $15 homemade gadget that injects malicious commands to trigger the machine’s cash dispenser. And though they won’t name the ATM manufacturer or the banks affected, they warn that thieves have already used the drill attack across Russia and Europe, and that the technique could still leave ATMs around the world vulnerable to having their cash safes disemboweled in a matter of minutes.

https://www.wired.com/2017/04/hackers-emptying-atms-drill-15-worth-gear/

FBI Turns Up the Heat on Russian Election Hacking Investigation

Over the weekend, The Financial Times revealed that the agency charged with counter-espionage investigations is ramping up its inquiry into Russian election-meddling by bringing a veteran agent back to Washington to head up a new 20-person unit dedicated to the direction of the sprawling effort. One of the sources the FT relied on said that the change reflected a “surge” of new resources into the investigation, and was seen as confirmation that the agency is taking the case extremely seriously.

https://finance.yahoo.com/news/fbi-turns-heat-russian-election-162300405.html

Dubai police arrests hackers blackmailing White House officials

Dubai police arrested a gang of hackers that allegedly hacked the emails of some White House officials, Al-Bayan newspaper reported on Monday. Major Saud al-Khaledi, the chief of the information and development department at the cyber crimes division, said they received information from relevant authorities in the White House stipulating that the emails of five White House officials have been hacked. The White House also said that the hackers sent blackmail messages and attained secret information, adding that it suspects the hackers are in the United Arab Emirates.

https://english.alarabiya.net/en/media/digital/2017/04/03/Dubai-police-arrests-hackers-blackmailing-White-House-officials.html

Chinese gangs targeted Britain in ‘large-scale espionage operation,’ say cybersecurity experts

A China-based cyber gang dubbed APT10 uses custom malware and ‘spear phishing’ techniques to target IT service companies, planning to use them as a proxy for future attacks, security firms have said. The report, authored by the National Cyber Security Centre (NCSC) and cyber units at defense group BAE systems and accountancy firm PwC, has described the attack as “one of the largest ever sustained global espionage campaigns.” The gang is said to have targeted firms that run IT functions on behalf of large British companies.

https://www.rt.com/uk/383482-cyber-attack-china-espionage/

Tim Berners-Lee: selling private citizens’ browsing data is ‘disgusting’

Privacy, a core American value, is not a partisan thing. Democrats fight for it and Republicans fight for it too, maybe even more. So I am very shocked that the Republican party has managed to suggest that it should be trashed; if anyone follows up on this direction, there will be a massive pushback – and there must be a massive pushback! If they take away net neutrality, there will have to be a tremendous amount of public debate as well. You can bet there will be public demonstrations if they do try to take it away.

https://www.theguardian.com/technology/2017/apr/04/tim-berners-lee-online-privacy-interview-turing-award

Trump move to kill privacy rules opposed by 72% of Republicans, survey says

President Donald Trump yesterday signed the repeal of online privacy rules that would have limited the ability of ISPs to share or sell customers’ browsing history for advertising purposes, confirming action taken by the Senate and House. This was very much a partisan issue among elected officials. In a 50-48 vote, every Republican senator voted to kill privacy rules and every Democratic senator voted to preserve them. The House vote was 215-205, with 15 Republicans breaking ranks in order to support the privacy rules. But ordinary Americans aren’t split on the issue, according to a Huffington Post/YouGov survey that found 72 percent of Republicans and 72 percent of Democrats opposed the rollback.

https://arstechnica.com/tech-policy/2017/04/trump-move-to-kill-privacy-rules-opposed-by-72-of-republicans-survey-says/

Politicians’ web browsing history targeted after privacy vote

Two GoFundMe campaigns have raised more than US$290,000 in an effort to buy the web browsing histories of U.S. politicians after Congress voted to allow broadband providers to sell customers’ personal information without their permission. It’s unclear if those efforts will succeed, however. Even though Congress scrapped the FCC’s ISP privacy rules last week, the Telecommunications Act still prohibits telecom providers from selling personally identifiable information in many cases.

http://www.networkworld.com/article/3187611/security/politicians-web-browsing-history-targeted-after-privacy-vote.html

Lawmakers propose law requiring warrants to search electronics at US border

“Americans’ constitutional rights shouldn’t disappear at the border. By requiring a warrant to search Americans’ devices and prohibiting unreasonable delay, this bill makes sure that border agents are focused on criminals and terrorists instead of wasting their time thumbing through innocent Americans’ personal photos and other data,” said Sen. Ron Wyden, a Democrat from Oregon. Along with Wyden, the “Protecting Data at the Border Act” is sponsored by Sen. Rand Paul, a Republican of Kentucky; Rep. Jared Polis, a Democrat of Colorado; and Rep. Blake Farenthold, a Republican of Texas.

https://arstechnica.com/tech-policy/2017/04/lawmakers-propose-law-requiring-warrants-to-search-electronics-at-us-border/

Lessons From Top-to-Bottom Compromise of Brazilian Bank

For three months starting last October, hackers pulled off a stunning compromise of a Brazilian bank’s operations top-to-bottom. The attack was comprehensive with each of the bank’s 36 domains, corporate email and DNS under the attacker’s control. […] This plot was hatched at least five months in advance when the Let’s Encrypt certificate was registered. Spear-phishing emails were also discovered targeting bank employees, and it’s possible one of them also compromised someone at the bank’s registrar, Registro BR. This could be the avenue the attackers used to run the bank’s DNS settings; at one point they were able to redirect bank traffic to their servers.

https://threatpost.com/lessons-from-top-to-bottom-compromise-of-brazilian-bank/124770/

N.Korea Hacks into Secret War Plans

North Korean hackers seem to have managed to access a secret war masterplan by South Korea and the U.S. in a cyberattack last September, sources here said Monday. One government source said Defense Ministry investigators questioned around 40 people over the hacking attack and it appears that part of the masterplan, dubbed OPLAN 5027, “leaked.” A Defense Ministry source said the hackers accessed reports containing portions of the plan, not the entire document.

http://english.chosun.com/site/data/html_dir/2017/04/04/2017040401234.html

U.S. Ill-Prepared to Stop Widespread Russian Information Warfare

“Americans should be concerned because right now a foreign country, whether they realize it or not, is pitting them against their neighbor, other political parties, ramping up divisions based on things that aren’t true,” said Clint Watts, a cyber security expert and former FBI special agent. Russian information warfare operations seek to erode Americans’ trust in the government. “If they can do that, if Americans don’t believe that their vote counts, they’re not going to show up to participate in democracy,” said Watts, a senior fellow at the Foreign Policy Research Institute.

http://freebeacon.com/national-security/u-s-ill-prepared-stop-widespread-russian-information-warfare/

The British are waiving standards to recruit cyber operators. Should the Marines do the same?

“We don’t expect them to wear uniforms,” said Woodcock, second sea lord of the Royal Navy. “We don’t require them to cut their hair. What we need is cyber operators — people who can do cyber warfare. We are refusing to be constrained by the standard requirements for all of the fleet.” Most of the new cyber operators go into the Royal Navy Reserve, he explained. His advice to his American counterparts is to not get hung up on military formalities.

http://www.defensenews.com/articles/british-waive-military-requirements-for-cyber-operators

Cybersecurity in 2025: the skills we’ll need to tackle threats of the future

The global cost of cybercrime is predicted to reach £4.9 trillion annually by 2021 and new cybersecurity trends are emerging. To fight future threats, society must develop the next generation of cyber skills. But how do businesses identify weaknesses in their cybersecurity before they’re hacked? They hire ethical hackers. After all, to beat a hacker you need to think like one. That’s why businesses are training their employees in ethical hacking techniques.

http://www.wired.co.uk/article/cybersecurity-2025-skills-risks

Webcam sex blackmailer faces extradition to Canada to stand trial for bullied teen’s suicide

The man thought to be behind one of the most notorious cases of cyber bullying may finally face trial in Canada – after a Dutch court approved his extradition from the Netherlands. […] Coban was arrested during a completely different fraud investigation but investigators discovered when they searched his laptop that he had approached dozens of girls in a chat room in just a few minutes, and they started inquiring further. […] Either way, it looks as though the blackmailer and abuser is going to spend most of the rest of his life behind bars.

https://www.theregister.co.uk/2017/04/04/webcam_blackmailer_faces_extradition/

EU commissioner announces September review for EU-US Privacy Shield

Despite Jourova’s seeming optimism, the comments were made against a backdrop of uncertainty over the data-sharing agreement. The Privacy Shield framework was created after the decades-old European data protection regime, known as the Safe Harbour Principles, was struck down in EU courts. European Courts of Justice made the landmark 2015 decision after the realities of US surveillance were revealed, and the efficacy of Safe Harbour was challenged by activist Max Schrems. Although a variety of reassurances have been made by EU and US officials alike – that European data will be largely excluded from US surveillance practices – the framework is still the subject of criticism.

https://www.scmagazine.com/eu-commissioner-announces-september-review-for-eu-us-privacy-shield/article/648433/