IT Security News Blast 5-15-2017

Dealing with WannaCry on Monday morning, and the days ahead

In the medical sector, an IT staffer explained during a brief phone conversation that his team isn’t allowed to install patches or additional software, as doing so often requires various checks and change approvals, as well as certification. There is also the consideration of support contracts, where the hospital isn’t allowed to alter a systems software, which includes patching. As for the legacy systems in the medical world, dealing with them isn’t a simple upgrade or replace. And that’s not because the organization is cheap, but because when you purchase expensive medical equipment, the investment is measured in decades, not years. There is also the issue of compatibility to consider.

http://www.csoonline.com/article/3196784/security/dealing-with-wannacry-on-monday-morning-and-the-days-ahead.html

 UK Working to Restore Hospital Systems After Cyberattack

Britain’s National Cyber Security Center said Saturday that teams are working “round the clock” to restore hospital computer systems after a global cyberattack that hit dozens of countries forced British hospitals to cancel and delay treatment for patients. In Russia, where a wide array of systems came under attack, officials said services had been restored or the virus contained. The extortion attack, which locked up computers and held users’ files for ransom, was believed the biggest of its kind ever recorded, disrupting services from the U.S. to Russia, Spain and India.

http://www.military.com/daily-news/2017/05/13/uk-working-to-restore-hospital-systems-after-cyberattack.html

 Global cyberattack: A super-simple explanation of what’s going on

WannaCry Outbreak: Microsoft Issues Emergency XP PatchThe software tools to create the attack were revealed in April among a trove of NSA spy tools that were either leaked or stolen. The tools were made public by a hacking group called the Shadow Brokers. Microsoft released a security patch for the vulnerabilities in March. But many corporations don’t automatically update their systems, because Windows updates can screw up their legacy software programs. The phenomenon of companies failing to update their systems has been a persistent security problem for years. Playing with fire finally caught up with the victims.

http://money.cnn.com/2017/05/14/technology/global-cyberattack-explanation/

 Cyberattack hits 200,000 in at least 150 countries – Europol

“The global reach is unprecedented. The latest count is over 200,000 victims in at least 150 countries, and those victims, many of those will be businesses, including large corporations,” he said. “At the moment, we are in the face of an escalating threat. The numbers are going up; I am worried about how the numbers will continue to grow when people go to work and turn (on) their machines on Monday morning.”

http://www.cnbc.com/2017/05/14/cyber-attack-hits-200000-in-at-least-150-countries-europol.html

 Researcher ‘accidentally’ stops spread of ‘unprecedented’ global cyberattack

“Currently the spreading of the ransomware is slowed down dramatically because a researcher found a logic bug in the malware, not because the companies around the world are having good security practice,” Matt Suiche, founder of Comae Technologies, a cybersecurity company in the United Arab Emirates, told ABC News on Saturday. Suiche said the cyberattackers could soon release a new update to the malware, making it more robust and resuming the global infection.

http://abcnews.go.com/International/researcher-accidentally-stops-spread-unprecedented-global-cyberattack/story?id=47390745

 Ransomware’s Aftershocks Feared as U.S. Warns of Complexity

The attack is more complicated because “the experts tell us that this code was cobbled together from many places and sources,” according to an administration official who insisted on anonymity to discuss the government’s cybersecurity plans. The more potential sources of the malicious code, the harder it is for investigators to run down the trail of possible perpetrators.

https://www.nytimes.com/2017/05/14/world/europe/cyberattacks-hack-computers-monday.html?_r=0

 WannaCry Outbreak: Microsoft Issues Emergency XP Patch

Microsoft has issued emergency security updates for multiple operating systems that it no longer supports to help organizations protect themselves against a still-unfolding global cyberattack. The attack involves WannaCry crypto-locking ransomware, also known by various another names, including WCry and WanaCrypt0r. The ransomware is being spread via a worm that attempts to leverage two leaked exploits that have been tied to the National Security Agency, including one for an SMB flaw in all versions of Microsoft Windows XP to Server 2008 R2 (see WannaCry Ransomware Outbreak Spreads Worldwide).

http://www.bankinfosecurity.com/wannacry-cyber-attack-microsoft-issues-emergency-xp-patch-a-9913

 As prices rise, oil companies drill down on industrial cyber security

Rising oil prices and increased awareness of industrial cyber threats seem to have spurred new corporate-level maneuvers this year to secure computer controls that run energy facilities, said Barak Perelman, chief executive of Israeli cyber security firm Indegy. At some oil companies, he said, chief information security officers now spend a quarter of their monthly security committee meetings discussing so-called industrial control systems, the devices that control oil and gas equipment.

http://fuelfix.com/blog/2017/05/12/as-prices-rise-oil-companies-drill-down-on-industrial-cyber-security/

 We Don’t Need More Reports on Cybersecurity

In fact, the order, titled “On Strengthening the Cyber Security of Federal Networks and Critical Infrastructure,” signed on Thursday (long after its original deadline of Jan. 31), is a feeble mishmash—a few good ideas backed by no money or mechanism to turn them into practice, followed by a call for several reports the likes of which have been gathering dust in the archives of past five presidents.

http://www.slate.com/articles/news_and_politics/war_stories/2017/05/we_don_t_need_any_more_reports_on_cybersecurity.html

 ‘I think we need to throw a few stones’

Stavridis posed the idea of punishing Russia by altering the bank accounts of Putin and his associates or simply revealing the account information to the Russian people. “That kind of reveal, I think, would have a salutary effect.” Hayden said another step would be to “attack the foundations of Russian autocracy” by releasing anonymizing tools to allow citizens and dissidents to avoid the surveillance of the Russian government. “I’m all for doing this, but there needs to be due consideration for what the counter retaliation might be,” Clapper warned. “They might not react in kind.”

https://fcw.com/articles/2017/05/12/senate-cyber-resilience-carberry.aspx

 A Frightening Fact the F-22 Raptor and F-35 Both Share (And Why Chinese Stealth Fighters Are in the Skies)

Russia and China will likely use their cyber-warfare and cyber-espionage capabilities to challenge the United States into the foreseeable future. Both nations possess highly capable forces that can steal information or attack American infrastructure. Indeed, in some cases, highly classified data on some of the United States’ most advanced military hardware—including the Lockheed Martin F-22 Raptor, F-35 Joint Strike Fighters and Bell-Boeing V-22 Osprey—is in now in the hands of foreign adversaries as result of cyber-espionage.

http://nationalinterest.org/blog/the-buzz/frightening-fact-the-f-22-raptor-f-35-both-share-why-chinese-20654

 The urgent need to ‘quantify the hidden costs of a data breach’

“Increasingly, we are seeing organisations struggling to recover from a cyber incident when compared to more traditional types of downtime. If a disk fails or a database corrupts for example, the recovery process is relatively simple. You can fail-over to a replica system or restore data from a backup. Cyber attacks however, add an increased layer of complexity.”

http://www.information-age.com/urgent-need-quantify-hidden-costs-breach-123466227/

 US intelligence chiefs don’t trust Kaspersky Lab software

The big question in Thursday’s intelligence hearing on worldwide threats before the US Senate Intelligence Committee was whether the Russian government interfered with US elections. The respondents – CIA director Michael Pompeo, NSA director Michael Rogers, Defense Intelligence Agency director Vincent Stewart, Director of National Intelligence Dan Coats, National Geospatial-Intelligence Agency Robert Cardillo, and Acting Director of the FBI Andrew McCabe (who replaced the recently fired James Comey at the head of the Bureau) – said yes. Also, all of them responded no to the question of whether they would be comfortable having on their computer software created by Russian security company Kaspersky Lab. The implication is that the company possibly has close ties with the Russian government.

https://www.helpnetsecurity.com/2017/05/12/distrust-kaspersky-lab-software/

 Why You Really Need to Stop Using Public Wi-Fi

The most common method of attack is known as “Man in the Middle.” In this simple technique, traffic is intercepted between a user’s device and the destination by making the victim’s device think the hacker’s machine is the access point to the internet. A similar, albeit more sinister, method is called the “Evil Twin.” Here’s how it works: You log on to the free Wi-Fi in your hotel room, thinking you’re joining the hotel’s network. But somewhere nearby, a hacker is boosting a stronger Wi-Fi signal off of their laptop, tricking you into using it by labeling it with the hotel’s name.

https://hbr.org/2017/05/why-you-really-need-to-stop-using-public-wi-fi

 Data security disruptions can have cascading negative impacts

The leading industries identified by experts as most likely to experience a systemic attack this year are:

   * Financial Services (19 percent)

   * Power/Energy (15 percent)

   * Telecommunications/Utilities (14 percent)

   * Healthcare (13 percent)

   * Information Technology (12 percent).

https://www.helpnetsecurity.com/2017/05/11/data-security-disruptions/

 Keys to attracting and retaining cybersecurity talent

To retain existing information security professionals and attract new hires, federal respondents indicated that offering training programs, paying for professional cybersecurity certifications, boosting compensation and providing more flexible and remote work schedules and opportunities were the most important initiatives. “It’s crystal clear that the government must enhance its benefits offering to attract future hires and retain existing personnel given its fierce competition with the private sector for skilled workers and the unprecedented demand; unfortunately, the layers of complexity involved in fulfilling that goal are significant,” said Dan Waddell, (ISC)2 managing director, North America.

https://www.helpnetsecurity.com/2017/05/11/retaining-cybersecurity-talent/

 Two days after WCry worm, Microsoft decries exploit stockpiling by governments

The unusually blunt message from Microsoft President and Chief Legal Officer Brad Smith came after a weekend of tense calm, as security professionals assessed damage from Friday’s outbreak and braced themselves for the possibility of follow-on attacks that might be harder to stop. It also came 24 hours after Microsoft took the highly unusual step of issuing patches that immunize Windows XP, 8, and Server 2003, operating systems the company stopped supporting as many as three years ago.

https://arstechnica.com/security/2017/05/2-days-after-wcry-worm-microsoft-decries-exploit-stockpiling-by-governments/

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.

//]]>