IT Security News Blast 4-7-2017

Congress addresses cyberwar on small business: 14 million hacked over last 12 months

If passed, the Main Street Cybersecurity Act, introduced at the end of March, would update the Cybersecurity Enhancement Act of 2014, which called for the National Institute of Standards and Technology to provide a voluntary set of guidelines for big businesses to follow in order to manage and reduce their cybersecurity risks. As a result of the 2014 act, cybersecurity became one of NIST’s primary focus areas, and the federal government made a verbal commitment to fund cybersecurity research. This new piece of legislation — discussed during a meeting of the Senate Committee on Commerce, Science and Transportation on Wednesday — directs NIST to consider small businesses in updating those guidelines.

http://www.cnbc.com/2017/04/05/congress-addresses-cyberwar-on-small-business-14-million-hacked.html

Healthcare Data Breach Risk Higher in Larger Facilities

There is a “fundamental trade-off,” as broad health data access helps hospital quality improvement efforts, research needs, and education requirements, researchers noted. However, that increased data access can also make “zero breach” a more challenging task for those providers. Researchers gathered information from HHS on reported data breaches from late 2009 to 2016. There were 257 reported data breaches in that time frame, occurring at 216 hospitals. Thirty-three of those hospitals were also breached at least twice, with more than one-third of the facilities classified as a major teaching hospital.

http://healthitsecurity.com/news/healthcare-data-breach-risk-higher-in-larger-facilities

Cybersecurity experts to Congress: Incentives will lead healthcare industry to share threat data

“It’s become increasingly apparent that the industry needs a government representative who understands cybersecurity issues, threats, vulnerabilities and impacts, as well as the blended threats between physical and cybersecurity,” said Anderson. In addition, Congress should create permanent cybersecurity liaisons and leaders who are experienced and certified cybersecurity professionals, Anderson said.

http://www.healthcareitnews.com/news/cybersecurity-experts-congress-incentives-will-lead-healthcare-industry-share-threat-data

AHA Suggests Law Enforcement Aid in Cyber Attack Prevention

“Hospitals and health care providers also work with a variety of federal agencies and law enforcement to respond to and prevent cyber attacks,” the letter explained. “The field also is actively regulated through the Health Insurance Portability and Accountability Act (HIPAA) Security Rule and related enforcement actions. Although attacks will occasionally succeed, the victims should be given support and not be presumed to have been at fault.”

http://healthitsecurity.com/news/aha-suggests-law-enforcement-aid-in-cyber-attack-prevention

German military can use ‘offensive measures’ against cyber attacks: minister

“If the German military’s networks are attacked, then we can defend ourselves. As soon as an attack endangers the functional and operational readiness of combat forces, we can respond with offensive measures,” she said. She added that the German military could be called in to help in the event of cyber attacks on other governmental institutions. During foreign missions, its actions would be governed and bounded by the underlying parliamentary mandate.

http://www.reuters.com/article/us-germany-cyber-idUSKBN1771MW

Growing cyber threats hidden in encrypted traffic

“Encryption offers the perfect cover for cyber criminals,” said Kevin Bocek, chief security strategist for Venafi. “It’s alarming that almost one out of four security professionals doesn’t know if his or her organisation is looking for threats hiding in encrypted traffic. It’s clear that most IT and security professionals don’t realise the security technologies they depend on to protect their business are useless against the increasing number of attacks hiding in encrypted traffic.”

http://www.information-age.com/growing-cyber-threats-hiding-encrypted-traffic-123465544/

Washington state asks: What comes after a cyber attack?

Federal and the state governments should emphasize planning for recovering after a cyberattack rather than focusing so much on preventing the attacks, the commander of Washington National Guard’s cyber unit has told a Senate committee. Washington state is trying to integrate cybersecurity into its plans for responding to emergencies, Col. Gent Welsh told the Senate Energy and Natural Resources Committee on Tuesday. “The (Washington) National Guard is working with Department of Homeland Security and Federal Emergency Management Agency on developing specifications for actual cyber response teams that can be deployed to help industry,” he said.

http://www.heraldsun.com/news/nation-world/national/article142985654.html

Great Britain: One in four legal firms suffered cyber-attack last year

According to the bank’s 2017 Legal Benchmarking Report, 24 per cent of firms were affected – of which 16 per cent were small firms, 31 per cent were large firms, and 28 per cent were very large firms. The study also revealed significant regional differences, with 37 per cent of firms in North East England and North West England being affected, compared to just 9 per cent of firms in Scotland.

http://www.irishlegal.com/6987/great-britain-one-in-four-legal-firms-suffered-cyber-attack-last-year/

Does the world need a Geneva Convention for cyber warfare?

“As a general rule if you do something in cyberspace that looks like the sort of thing you could do with kinetic weapons, it will be treated as though you have done it with kinetic weapons,” he says. “If I used a cyberattack to do a wholesale takedown of your power infrastructure, you’re going to treat it as if I’ve dropped bombs on your power infrastructure. So people know not to do that unless they really want to take a large number of chances.”

http://www.techworld.com/security/does-world-need-geneva-convention-for-cyber-warfare-3656996/

China And Cybersecurity: The 2017 Snapshot

China’s approach, however, of using the law as a cyber regulatory tool is attached to its using the internet to build up a domestic information economy and secure network infrastructure that directly benefits national economic development and political stability. By applying tight controls over its domestic internet to advance its economic, political, and military interests, the approach to what is required shifts from protecting consumers’ data to preventing attacks that threatened party objectives. For China, protecting domestic structures is at the heart of cyber law reform and one can certainly see such a move in the latest pronunciation of CSL.

http://themarketmogul.com/china-and-cybersecurity-2017-snapshot/

Cybersecurity Must Top Agenda as Trump Hosts Xi

Few experts expect easy negotiations. Trump, himself, has already cautioned, via tweet, that he is expecting “very difficult” meetings with his Chinese counterpart. Within this tightly packed agenda, however, Trump must also squarely address one of the most important issues in the bilateral relationship — cybersecurity — particularly if he hopes to ensure that America keeps “winning,” locally and abroad.

http://thediplomat.com/2017/04/cybersecurity-must-top-agenda-as-trump-hosts-xi/

Could China Hack US Like Russia? Military In Danger Of Cyber Warriors

Still, the Chinese have re-fixed their gaze on the U.S. for fear of an “intervention into Asia,” Libicki wrote, specifically against the military. “China is pursuing the ability to corrupt U.S. information systems – notably, those for military logistics – and disrupt the information links associated with command and control,” Libicki said. “The latter is also tailor-made for electronic war – hence the overall moniker for its effort, “Integrated Network-Electronic Warfare.”

http://www.ibtimes.com/could-china-hack-us-russia-military-danger-cyber-warriors-2521244

US poll: More worry about Chinese cyber attacks than trade gap

The Pew survey found on balance that Americans today tend to be more concerned about China’s economic strength than its military prowess, and the amount of US debt held by the Chinese topped their list of concerns. But it also noted that the number of Americans who see China as a military threat has grown from 28 per cent to 36 per cent over the past five years. In contrast, only 44 per cent now see the trade deficit as a serious issue, down from 61 per cent in 2012.

http://www.straitstimes.com/world/united-states/us-poll-more-worry-about-chinese-cyber-attacks-than-trade-gap

‘Evidence of Chinese spying’ uncovered on eve of Trump-Xi summit

The “Scanbox” malware – used by nation-state threat actors associated with or sponsored by the Chinese government – has been discovered embedded on webpages on the US National Foreign Trade Council (NFTC) site, Fidelis Cybersecurity reports. The possible cyber-espionage was found ahead of President Trump’s meeting with Chinese President Xi Jinping taking place on Thursday and Friday. Items on the agenda are likely to include North Korea, trade and the use of chemical weapons against civilians in Syria.

https://www.theregister.co.uk/2017/04/06/us_china_summit_suspected_espionage/

The Cybersecurity Immune System

Rather than creating specific code that recognizes known viral attacks on a network, Darktrace’s Enterprise Immune System uses artificial intelligence machine learning to teach itself the normal patterns of a network’s operations. The system then flags deviations from those patterns as potential cybersecurity threats. Thus, rather than creating a matrix of fixed rules that define what a cyberattack looks like, Darktrace’s system observes network activity and focuses its efforts on anything that is outside of the norm. This approach thwarts any attempt by a hacker to simply tweak a coding virus to make it unrecognizable to a fixed cybersecurity rule.

http://virtual-strategy.com/2017/04/04/the-cybersecurity-immune-system/

“Permanent denial of service” attack targets and kills IoT devices

PDoS attack bots (short for “permanent denial-of-service”) scan the Internet for Linux-based routers, bridges, or similar Internet-connected devices that require only factory-default passwords to grant remote administrator access. Once the bots find a vulnerable target, they run a series of highly debilitating commands that wipe all the files stored on the device, corrupt the device’s storage, and sever its Internet connection. Given the cost and time required to repair the damage, the device is effectively destroyed, or bricked, from the perspective of the typical consumer.

https://arstechnica.com/security/2017/04/rash-of-in-the-wild-attacks-permanently-destroys-poorly-secured-iot-devices/

Stop us if you’ve heard this: Cisco Aironet has hard-coded passwords

Cisco’s discovered that its Mobility Express Software, shipped with Aironet 1830 Series and 1850 Series access points, has a hard-coded admin-level SSH password. The default credentials open affected devices to remote exploitation if an attacker has “layer 3 connectivity to an affected device”. The bug is in access points running “an 8.2.x release of Cisco Mobility Express Software prior to Release 8.2.111.0, regardless of whether the device is configured as a master, subordinate, or standalone access point”.

https://www.theregister.co.uk/2017/04/06/stop_us_if_youve_heard_this_cisco_aironet_has_hardcoded_passwords/

San Francisco Is In a Race to Have Hack-Proof Voting Booths Before 2020 Election

Most of these machines are made by just three companies—Dominion Voting Systems, Hart InterCivic, and Election System and Software. Together, these companies comprise a powerful oligopoly in the market, and keep their software secret from the public. So, if we want to validate their security and accuracy, beyond the arguably insufficient certification process, we just have to take the corporations’ word for it. All of this amounts to “a lack of transparency and inadequate auditing,” which Chris Jerdonek of the San Francisco Elections Commission says “can and does hurt voters’ confidence.”

http://www.nextgov.com/cybersecurity/2017/04/san-francisco-race-have-hack-proof-voting-booths-2020-election/136747/

//]]>