IT Security News Blast 5-11-2017

Cyber security: an ‘indigestion problem’ in healthcare industry

Take the case of wirelessly connected and implanted defibrillators for controlling the heartbeat. In the right hands, these are valuable medical aids, but researchers have demonstrated that it is possible to glean personal information by eavesdropping on the signals these implants emit. Indeed, there is a possibility that such a device can be reprogrammed to deliver a fatal jolt of electricity directly to the organ it is monitoring. The Ponemon Institute estimates the cost of data breaches in the healthcare industry to be about $6.2 billion per year.

http://www.livemint.com/Opinion/c2QusjQh9tT2hXrKjCz7gO/Cyber-security-an-indigestion-problem-in-healthcare-indus.html

 HHS Creating Own NCCIC for Improved Healthcare Cybersecurity

HHS plans to create its own version of the National Cybersecurity and Communications Integration Center (NCCIC) in an effort to create stronger healthcare cybersecurity, according to a Federal News Radio report. HHS Chief Information Security Officer Christopher Wlaschin explained at the 2017 ACT-IAC Mobile Health Forum that the Health Cybersecurity and Communications Integration Center (HCCIC) should reach initial operating capability around the end of June.

http://healthitsecurity.com/news/hhs-creating-own-nccic-for-improved-healthcare-cybersecurity

 Preparing for the Cyberattack That Will Knock Out U.S. Power Grids

Based on conversations I’ve had with experts in the field, preparedness for a major cyberattack like this is low, regardless of whether you’re talking about the regional or city level, or the private sector. As Lawrence Susskind, a professor in MIT’s urban systems department, described it to me, “Millions…could be left with no electricity, no water, no public transportation, and no waste disposal for weeks (or even months)…. No one can protect critical urban infrastructure on their own. Nobody, though, is showing any leadership.”

https://hbr.org/2017/05/preparing-for-the-cyberattack-that-will-knock-out-u-s-power-grids

 Is Commercial Real Estate Prepared for a Cyberattack?

The type of harm inflicted by a cyberattack depends on the access point of the attack. An attack on data can result in email leaks and theft of personal or proprietary information. An attack on a building management system may result in disruptions to HVAC systems, safety systems and elevators, while an attack through third-party vendors or SaaS applications may lead to treasury management losses or disclosure of personally identifiable information.

https://commercialobserver.com/2017/05/is-commercial-real-estate-prepared-for-a-cyberattack/

 Cyber-attacks are becoming more ‘made to order’ for chosen victims

During the first months of 2017, quite a few cases of attackers of Russian origin were spotted. A similar pattern was followed in all of them: once a computer was accessed by them via RDP, they install Bitcoin mining software to obtain added profit and then encrypt files or block access to the computer. Cyber-crime is more professionalised than ever with highly specialised groups creating malware and exploits, distributing malware, information theft, money laundering, etc.

https://www.scmagazineuk.com/cyber-attacks-are-becoming-more-made-to-order-for-chosen-victims/article/656337/

 Microsoft releases emergency patch for ‘crazy bad’ Windows zero-day bug

The vulnerability allows attackers to remotely execute code if the Microsoft Malware Protection Engine scans a specially crafted file. When successfully exploited, attackers are able to worm their way into the LocalSystem account and hijack an entire system. […] The Project Zero team says the vulnerability can be leveraged against victims by only sending an email to users — without the need for the message to be opened or any attachments to be downloaded.

http://www.zdnet.com/article/microsoft-releases-emergency-patch-for-crazy-bad-windows-zero-day-bug/

 Cyber Security R&D Showcase Coming in July

“This year’s R&D Showcase and Technical Workshop is shaping up to be the best yet,” said CSD Division Director Dr. Douglas Maughan. […] Each year at the R&D Showcase and Technical Workshop, CSD brings together its researchers, stakeholders and public and private-sector partners to spotlight its many cutting-edge research projects. It also facilitates collaboration among its researchers and the cybersecurity R&D community and connects funded technologies to potential transition partners.

http://www.newswise.com/articles/cyber-security-r-d-showcase-coming-in-july

 Global Revenues for Smart Building Cyber Security will Reach $8.65Bn by 2021, Predicts Memoori Research

The increased proliferation of smart devices, combined with persistent concerns over cyber risk and data privacy and an increased incidence of cyber attacks against smart buildings will drive a significant increase in demand for new cyber security hardware, software and services in the market. Memoori estimates that global revenues for smart building cyber security will reach $8.65 billion by 2021, up from an estimated $4.26 billion in 2016, which represents a healthy CAGR of over 15% during the forecast period.

http://www.businesswire.com/news/home/20170510005925/en/Global-Revenues-Smart-Building-Cyber-Security-Reach

 Senators press Trump for cyber deterrence, response strategy

The issue has taken center stage in Washington in the wake of high-profile cyber intrusions and attacks in both the public and private sectors, and has been amplified by Russian interference efforts in the presidential election. Sen. John McCain (R-Ariz.), chairman of the Armed Services Committee, expressed frustration on Tuesday over the Trump administration’s lack of a strategy to address cyber threats despite his pledge to deliver an anti-hacking plan within 90 days of taking office.

http://thehill.com/policy/cybersecurity/332759-senators-press-for-cyber-deterrence-response-strategy

 Social media is having a field day creating fake URLs that appear within the official www.donaldjtrump.com site.

The Trump Administration has another tech headache to sort out after Reddit users found a glaring vulnerability on www.donaldjtrump.com that allows people to create their own URLs within the official site. […] The vast majority of the URLs trending so far have been slamming the GOP health-care bill, the ACHA, which squeaked through the House last week. Some choice URLs include “as long as I still get my cialis and lipitor” and “lets kill some poor people.”

http://www.hollywoodreporter.com/news/twitter-users-exploit-trump-website-vulnerability-mock-president-slam-gop-health-bill-1001610

 Dems want details on FCC cyberattack after John Oliver critique

The two Democrats sent a letter to FCC Chairman Ajit Pai with a list of questions about the FCC’s claim on Monday that its comment filing system had been hit with a distributed denial of service (DDoS) attack. […] On Sunday night, Oliver tore into Pai over his plans to repeal the agency’s net neutrality rules, and urged his audience to file comments in support of the regulations on the FCC’s website. The site later slowed to a crawl and many attributed it to the flood of responses prompted by Oliver. But the next day, FCC chief information officer David Bray said that the site was disrupted by malicious actors and not legitimate commenters.

http://thehill.com/policy/technology/332594-dem-senators-call-on-fcc-to-provide-details-on-cyberattack-claims

 Fancy Bear uses ‘Trump’s attack on Syria’ phish in French election to drop Seduploader

According to a report on the company’s We Live Security blog, the attackers – well known for stealing information from various targets – allegedly targeted Emmanuel Macron, who ultimately won the election, with a series of phishing emails containing an attachment titled Trump’s_Attack_on_Syria_English.docx. […] “To achieve this, Sednit used two zero-day exploits: one for a Remote Code Execution vulnerability in Microsoft Word (CVE-2017-0262) and one for a Local Privilege Escalation in Windows (CVE-2017-0263),” the report explained.

https://www.scmagazine.com/fancy-bear-uses-trumps-attack-on-syria-phish-in-french-election-to-drop-seduploader/article/656349/

 Macron campaign team used honeypot accounts to fake out Fancy Bear

Campaign team members told the New York Times that as the phishing attacks mounted, they created a collection of fake e-mail accounts seeded with false information. “We created false accounts, with false content, as traps,” Macron campaign digital director Mounir Mahjoubi told the Times. “We did this massively, to create the obligation for them to verify, to determine whether it was a real account.”

https://arstechnica.com/security/2017/05/macron-campaign-team-used-honeypot-accounts-to-fake-out-fancy-bear/

 How to prevent your data from being searched at the US border

Consider removing sensitive data from your devices by storing it in the cloud or on another device that stays home. […] If you don’t want CBP searching your work email, consider temporarily removing your email app from your smartphone […] Also, consider keeping your devices off as you’re going through customs. If your smartphone is powered up, log out of apps that contain personal data. […] Still, expect to have your device seized if you refuse to unlock it.

http://www.csoonline.com/article/3195206/security/how-to-prevent-your-data-from-being-searched-at-the-us-border.html

 Face recognition system at US airports may target citizens

Although the system is mainly targeted toward visa holders (that is, non-citizens only), the security concerns with regards to US citizens, however, have not yet been addressed adequately. The biggest problem that people fear is that officials might abuse the photos and may be exploited for all sorts of illegal purposes. Moreover, citizens have also raised questions regarding what kind of punishments will the agents get for such abuse.

https://www.hackread.com/face-recognition-system-at-us-airports-target-citizens/

 Extreme Makeover: AI & Network Cybersecurity

These solutions can also dynamically partition network segments, isolate affected devices and remove malware. New security measures and countermeasures can also be provisioned or updated automatically as new devices, workloads, and services are deployed or moved from anywhere to anywhere in the network, from endpoints to the cloud. Tightly integrated and automated security enables a comprehensive threat response far greater than the sum of the individual security solutions protecting the network.

http://www.darkreading.com/threat-intelligence/extreme-makeover-ai-and-network-cybersecurity-/a/d-id/1328837

 What Internet-Connected War Might Look Like

The Army Cyber Institute is keenly aware of the potential hazards a unit designed for network penetration poses to civilian infrastructures in theaters of war, she continued. As a research body, the institute does not conduct operations. However, it does guide the procedures of units that do — and to that end, the team evaluates the civilian impact on conducting military network intrusion operations.

http://www.linuxinsider.com/story/84519.html

 New Persirai Malware infects tons of IP cameras

The malware infects the devices by exploiting a vulnerability that is present in these cameras. The flaw lets an attacker use the vulnerability to gain remote access to the wireless cameras and virtually take control of the devices. Also, the malware works by infecting a number of cameras at once so as to form a botnet and then launches a Distributed Denial of Service (DDoS) attack which leads to a complete shutdown of the website that has been attacked as such.

https://www.hackread.com/persirai-malware-infects-tons-of-ip-cameras/

 Session Hijacking, Cookie-Stealing WordPress Malware Spotted

Anjos says it appears attackers used typosquatting, or URL hijacking, to craft the phony domain, code.wordprssapi[.]com. Typosquatting is a technique that usually relies on users making typographical errors when inputting URLs into a web browser. […] The researcher said it appeared attackers injected malware into the bottom of a legitimate WordPress JavaScript file designed to reroute sensitive information, such as cookies, to the fake domain.

https://threatpost.com/session-hijacking-cookie-stealing-wordpress-malware-spotted/125586/

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.