IT Security News Blast 5-18-2017

The threat of cyber-attacks and data breaches on healthcare institutions

Data from healthcare institutions is particularly valuable because it contains sensitive personal information, such as social security numbers, date of birth, address details and medical histories. That data could in theory be sold to companies looking to carry out targeted advertising. However, in more worrying cases, the information obtained is held for ransom (usually by locking data and threatening to delete it) and a demand for payment (usually in untraceable bitcoins) is made. Interestingly, the amount of ransom sought is usually low in value as the success of this crime only works if the victim can afford to make the payment.

http://www.lexology.com/library/detail.aspx?g=27dedcf6-c51c-4b8d-a3c8-c95cf182f586

 Why Health Care Is Especially Vulnerable to Ransomware Attacks

It’s still too early to gauge the fallout from this digital delinquency. But the breach highlights a stark—and scary—reality about health IT: Outdated medical systems are woefully unprepared to deal with a new class of criminals willing to hold patients’ medical data, credit card numbers, and other personal information hostage barring a big payout. In fact, the FBI has issued several stark warnings about the unique and growing threat ransomware presents to health care companies specifically in the past few months.

http://fortune.com/2017/05/15/ransomware-attack-healthcare/

 Medical Devices Hit By Ransomware For The First Time In US Hospitals

A source in the healthcare industry passed Forbes an image of an infected Bayer Medrad device in a U.S. hospital. The source did not say which specific hospital was affected, nor could they confirm what Bayer model was hacked. But it appears to be radiology equipment designed to help improve imaging. More specifically, it’s a device used for monitoring what’s known in the industry as a “power injector,” which helps deliver a “contrast agent” to a patient. Such agents consist of chemicals that improve the quality of magnetic resonance imaging (MRI) scans.

https://www.forbes.com/sites/thomasbrewster/2017/05/17/wannacry-ransomware-hit-real-medical-devices/#4ad04f37425c

 Why We Need a Data-Driven Cybersecurity Market

Imagine you’re the chief information security officer (CISO) of a big bank. You’ve just implemented a new cybersecurity program and you want to see how your metrics stack up against those of your peers. It should be easy, right? It’s not. Unfortunately, there is no standardized process for measuring and reporting on cybersecurity metrics that all organizations can access. I can give my firsthand experience, or they can hire one of the big consultancies. Even then, the available data sets are too small and in different formats.

http://www.darkreading.com/threat-intelligence/why-we-need-a-data-driven-cybersecurity-market/a/d-id/1328879?

 Last week’s global cyberattack was just the beginning

Perhaps it is time for the United States to actually take meaningful action against Bitcoin. For non-criminal transactions, Bitcoin is decidedly inferior to all the alternatives, as it is expensive, cumbersome and surprisingly slow. Bitcoin’s only “superiority” over other electronic payment systems is its censorship resistance: There is no central authority that can say “thou shalt not.” Thus, it is only superior for criminal uses such as drug deals or extortion.

https://www.washingtonpost.com/opinions/last-weeks-global-cyberattack-was-just-the-beginning/2017/05/15/8bf22bde-39a0-11e7-8854-21f359183e8c_story.html

 Another large-scale cyberattack underway: experts

Another large-scale, stealthy cyberattack is underway on a scale that could dwarf last week’s assault on computers worldwide, a global cybersecurity firm told AFP on Wednesday. […] Instead of completely disabling an infected computer by encrypting data and seeking a ransom payment, Adylkuzz uses the machines it infects to “mine” in a background task a virtual currency, Monero, and transfer the money created to the authors of the virus.

http://www.msn.com/en-us/news/technology/another-large-scale-cyberattack-underway-experts/ar-BBBeD8R?li=AA4Zoy&ocid=spartandhp

 Fearing Shadow Brokers leak, NSA reported critical flaw to Microsoft

Those same NSA officials, according to Tuesday’s report, failed to communicate the severity of the vulnerability to the outside world. A month after Microsoft released the patch, the Shadow Brokers published the attack code, code-named EternalBlue, that exploited the critical Windows vulnerability. A month after that, attackers used a modified version of EternalBlue to infect computers around the world with malware that blocked access to data. Within hours of the outbreak of the ransomware worm dubbed WCry, infected hospitals turned away patients; banks, telecommunications companies, and government agencies shut down computers.

https://arstechnica.com/security/2017/05/fearing-shadow-brokers-leak-nsa-reported-critical-flaw-to-microsoft/

 Police anti-ransomware warning is hotlinked to ‘ransomware.pdf’

Official anti-ransomware advice issued by UK police to businesses can only be read by clicking on a link titled “Ransomware” which leads direct to a file helpfully named “Ransomware.pdf”. […] The message and link were sent by a Met copper working for OWL, Online Watch Link. This is a police initiative which we are told “keeps communities safe, helps reduce crime and keeps people informed of what’s going on locally”.

https://www.theregister.co.uk/2017/05/17/ransomware_wannacrypt_how_not_to_warn_against_it/

 The Evolution of a Cybersecurity Firm

We are doing this in many cases with a combination of products and services, but more important by helping our customers tie together their complex cybersecurity products into a more collaborative architecture. More broadly, our product portfolio is transforming to be more service-oriented. For example, we are offering more of our capabilities as cloud services and we are utilizing analytics to make our products smarter and better able to assist the human user.

https://www.wsj.com/articles/the-evolution-of-a-cybersecurity-firm-1494986640

 Any Half-Decent Hacker Could Break Into Mar-a-Lago. We Tested It.

We parked a 17-foot motor boat in a lagoon about 800 feet from the back lawn of the Mar-a-Lago Club in Palm Beach, and pointed a two-foot wireless antenna that resembled a potato gun toward the club. Within a minute, we spotted three weakly encrypted Wi-Fi networks. We could have hacked them in less than five minutes, but we refrained.

http://gizmodo.com/any-half-decent-hacker-could-break-into-mar-a-lago-we-1795276155

 Held hostage by ransomware? There is insurance for that.

According to Ben Myers, commercial lines producer with the Insurance Office of America, the standard “network extortion” coverage includes the cost of the ransom, experts to assist with removing the ransomware and the loss of income to your business in the event you are forced to cease operations during the attack. Additionally, as cyber insurance is a relatively new market, Mr. Myers advises that the varying insuring provisions can be purchased at a relatively low rate given the risk being assumed by the insurance company.

http://www.lexology.com/library/detail.aspx?g=7485a536-089d-43d5-bf55-06ad72f23925

 Why We Shouldn’t Be Surprised If North Korea Launched the WannaCry Ransomware Cyberattack

Today, an elite squad of 6,800 North Korean state hackers are engaged in fraud, blackmail and online gambling that together generate annual revenue of $860 million, according to the Korea Institute of Liberal Democracy in Seoul. And as U.S. state infrastructure and military facilities become ever more controlled via computer systems, the scope for hacking to do real, physical damage — rupturing gas pipelines, crashing crowded commuter trains or sending stock markets reeling — increases day by day.

http://time.com/4781809/ransomware-attack-north-korea-wannacry/

 McAuliffe urges lawmakers to ‘get their act together’ on cybersecurity

“I have been very public in my displeasure with the Congress,” McAuliffe said. “We don’t even have a committee [in] Congress today on cybersecurity. It is spread through many different committees — nobody will give up jurisdiction to come together.” […] McAuliffe, who has prioritized cybersecurity as chairman of the National Governors Association (NGA), said that he has visited lawmakers in both chambers to press them “to get their act together on cybersecurity” and “put all the partisanship aside.”

http://thehill.com/policy/cybersecurity/333840-mcauliffe-dings-congress-on-cybersecurity

 North America Cyber Security Market, 2021 – projected to reach USD 53.34 billion by 2020, at a CAGR of 16.73%

The North American cyber security market was estimated at USD 24.62 billion in 2015 and is projected to reach USD 53.34 billion by 2020, at a CAGR of 16.73% over the forecast period. Many of the critical infrastructure components are completely dependent on IT systems as it provides the foundation for information exchange for sectors like voice, data, video, and internet connectivity. As such, IT systems are a part of other key security and emergency preparedness resources and are an important component of the overall national critical infrastructure. 

http://menafn.com/1095480929/North-America-Cyber-Security-Market-2021—projected-to-reach-USD-5334-billion-by-2020-at-a-CAGR-of-1673—IBM-Cisco-Systems-Symantec

 Facebook hit with maximum fine for breaking French privacy law

The French data protection watchdog has imposed its harshest penalty on Facebook for six breaches of French privacy law. The breaches include tracking users across websites other than Facebook.com without their knowledge, and compiling a massive database of personal information in order to target advertising. […] CNIL wasn’t the only organization concerned by Facebook’s changes: data protection authorities in Belgium, the Netherlands, Spain and Hamburg, Germany also began investigations around the same time.

http://www.csoonline.com/article/3197001/privacy/facebook-hit-with-maximum-fine-for-breaking-french-privacy-law.html

 Chrome vulnerability can allow attackers to steal user credentials

Recently, a security engineer, Bosko Stankovic, found a vulnerability in Google Chrome that hackers can easily exploit to get a user’s credentials such as their username and password and potentially launch SMB relay attacks. It must be noted that WannaCry ransomware attack also exploits an SMB vulnerability present in the outdated version of Windows operating systems. Apparently, the vulnerability is in Google Chrome’s configuration, as claimed by Stankovic who works as a security expert at DefenseCode. He found the flaw in the latest version of Chrome installed on an updated version of Windows 10.

https://www.hackread.com/chrome-vulnerability-steal-user-credentials/

 PATCH Act introduced to improve federal cybersecurity and transparency

In the wake of the high-profile WanaCryptor ransomware attack, a bipartisan group of elected officials from both Congressional Houses have introduced the Protecting our Ability To Counter Hacking (PATCH) Act to improve cybersecurity and transparency at the federal level. […] The Patch Act creates an intra-agency review board, which will be chaired by the Department of Homeland Security, with one of its guiding principles being to ensure consistent policies are followed when the government evaluates vulnerabilities for disclosure and retention.

https://www.scmagazine.com/patch-act-introduced-to-improve-federal-cybersecurity-and-transparency/article/662541/

 The hackers that leaked NSA cyber-weapons say they will dump more data on a monthly basis

In a blog post, the group said the releases will start in June, and be available to people who pay a “subscription” fee. It alleges the data could include “compromised network data from Russian, Chinese, Iranian, or North Korean nukes and missile programs,” as well as exploits for Windows 10, handset exploits, and stolen data from central banks.

http://www.businessinsider.com/wannacry-nsa-cyber-weapon-leakers-shadow-brokers-promise-monthly-data-dumps-2017-5

 Next NSA Exploit Payload Could be Much Worse Than WannaCry

No one should be letting their guard down now that the WannaCry ransomware attacks have been relatively contained. Experts intimately involved with analyzing the malware and worldwide attacks urge quite the opposite, warning today that there’s nothing stopping attackers from using the available NSA exploits to drop more destructive malware. The key is to patch vulnerable Windows machines while there is a downtime, ensure offline backups are secure and available, and that antimalware protection is running and current.

https://threatpost.com/next-nsa-exploit-payload-could-be-much-worse-than-wannacry/125743/

 U.S. cyber bill would shift power away from spy agency

The new bill would mandate a review when a government agency discovers a security hole in a computer product and does not want to alert the manufacturer because it hopes to use the flaw to spy on rivals. It also calls for the review process to be chaired by the defense-oriented Department of Homeland Security rather than the NSA, which spends 90 percent of its budget on offensive capabilities and spying.

http://www.reuters.com/article/us-cyber-attacks-nsa-legislation-idUSKCN18D2WK

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.