IT Security News Blast 5-22-2017

Security Operations Teams Are Overwhelmed by Vulnerabilities and Volume of Threat Alerts, Study Finds

What emerged, in a nutshell, is that operations staff are overwhelmed by the sheer volume of vulnerabilities; they are falling behind in efforts to remediate them; and tend to under-report the problem to their seniors. To put this into context, on average, a mid market firm might have 10 full time staff servicing ten new vulnerabilities per month across just under 2,000 assets (almost 20,000 vulnerabilities to service every month). For a very large enterprise those figures translate to 100 staff servicing more than 1.3 million vulnerabilities every month. Seventy-four per cent of security teams admit they are overwhelmed by the volume of maintenance work required.

http://www.securityweek.com/whats-driving-stress-levels-security-operations-teams

 HHS Reiterates OCR Ransomware Guidance after Recent Attack

HHS sent an email reminder to that Healthcare and Public Health Sector (HPH) organizations about OCR’s guidance released in 2016. “OCR presumes a breach in the case of ransomware attack,” HHS warned. “The entity must determine whether such a breach is a reportable breach no later than 60 days after the entity knew or should have known of the breach.” Additionally, asking law enforcement to hold reports tolls the 60-day reporting deadline. 

http://healthitsecurity.com/news/hhs-reiterates-ocr-ransomware-guidance-after-recent-attack

 WannaCry responsible for infecting medical devices

It is not surprising to know that Internet-connected Medical devices are vulnerable to cyber attacks. There have been several cases in the recent past in which cyber criminals took over life-saving devices and held them to ransom. […] Initial reports said that it was mainly the management systems that were affected. Later, however, the Health Information Trust Alliance in the U.S, stated that medical devices had also been infected. This is because these devices were connected to the infected networks and had Windows running on them. Therefore, WannaCry was able to spread to these devices as such.

https://www.hackread.com/wannacry-responsible-infecting-medical-devices/

 OIG Notes Va. Medicaid Information Security Vulnerabilities

An Office of Inspector General (OIG) audit found the Virginia Medicaid Management Information System (MMIS) to have information security vulnerabilities. “Virginia did not adequately secure its Medicaid data and information systems, which potentially compromised the integrity of its Medicaid program and could have resulted in unauthorized access to and disclosure of Medicaid beneficiary information,” OIG stated in its report.

http://healthitsecurity.com/news/oig-notes-va.-medicaid-information-security-vulnerabilities

 Cyber Attacks: Criminals could use attacks to disable key buildings, experts warn

The warning comes in the wake of the WannaCry ransomware attack last week that brought the NHS to a standstill and infected the systems of Nissan, O2 owner Telefonica, FedEx and others. The attack is believed to have shut down 200,000 devices in 150 countries. Although it was eventually foiled, the number of cyber attacks is increasing.“Their culture is extortion and using ransomware for cyber attacks. Instead of damaging buildings, they have been stopping people doing business, but we know a cyber attack on a Germany steel mill caused an explosion. They have not been combined with a physical one yet, but there is no reason why they won’t.”

http://www.express.co.uk/finance/personalfinance/807142/Cyber-Attacks-NHS-Criminals-graduate-attacks-disable-buildings-factories

 The WannaCry cyberattack compromised some Russian banks

In a statement, the central bank said the consequences of the attack — which it did not detail — had been dealt with quickly. The central bank had previously said that Russian banks were targeted in the cyberattack late last week but that the attack had been unsuccessful. On Friday, the central bank said it had sent recommendations to Russian banks on updating their Windows software in April, before the WannaCry attack it said it had recorded on May 12.

http://www.businessinsider.com/twannacry-cyberattack-comprimised-some-russian-banks-2017-5

 More Voters View Cyberattack As Act of War

A new Rasmussen Reports national telephone and online survey finds that 62% of Likely U.S. Voters believe a major cyberattack on the United States by another country should be viewed as an act of war. That’s up from 57% in late 2014 after alleged attacks by North Korea and Iran and 55% in April 2013 following a cyberattack on South Korea.  Only 17% now say such an attack should not be viewed as an act of war, but a sizable 21% are undecided.

http://www.rasmussenreports.com/public_content/politics/current_events/cyberterrorism/may_2017/more_voters_view_cyberattack_as_act_of_war

 Johnson Sponsors Bill To Enhance Cybersecurity

The bill would create an intelligence review board that decides how the government goes about sharing information about software vulnerabilities. […] “The question becomes when they find a vulnerability, do we keep it secret so we can use it against our enemies, gather intelligence in a legal process, or do we tell the vendors so they can provide a patch so customers aren’t hacked?” Johnson said. Johnson said the bill would formalize the process now used by federal agencies.

https://www.wpr.org/johnson-sponsors-bill-enhance-cybersecurity

 Exclusive: North Korea’s Unit 180, the cyber warfare cell that worries the West

“Unit 180 is engaged in hacking financial institutions (by) breaching and withdrawing money out of bank accounts,” Kim told Reuters. He has previously said that some of his former students have joined North Korea’s Strategic Cyber Command, its cyber-army. “The hackers go overseas to find somewhere with better internet services than North Korea so as not to leave a trace,” Kim added. He said it was likely they went under the cover of being employees of trading firms, overseas branches of North Korean companies, or joint ventures in China or Southeast Asia.

http://www.reuters.com/article/us-cyber-northkorea-exclusive-idUSKCN18H020

 China may change cybersecurity rules amid pushback: report

One potential change would be establishing a “phase-in” period, which would delay full implementation for 18 months — or until the end of next year. It is unclear what other changes were proposed at the meeting. The cyber law is due to go into effect at the start of June. Among its controversial provisions, the law would force companies to pass mandated security reviews and store data on servers inside of China.

http://thehill.com/policy/cybersecurity/334298-china-may-change-cybersecurity-rules-amid-pushback-report

 WannaCry Cyberattack: Deep State Assault on Cryptocurrencies?

The WannaCry cyberattack follows a decade of commodity price manipulation by central bankers necessary to support the value of fiat currencies amidst profligate money creation. The recent price explosion across a wide swath of virtual currencies is the exact opposite of the stagnation experienced in precious metals–specifically gold and silver–the traditional measures of fiat currencies’ true worth. This sharp contrast augments theories of central bank manipulation of the metals markets that seek to preserve the US dollar especially against the accelerated inflationary policies instituted over the past decade.

http://www.globalresearch.ca/wannacry-cyberattack-deep-state-assault-on-cryptocurrencies/5591112

 NIST Cybersecurity Framework: The smart person’s guide

The framework isn’t just for government use, though: It can be adapted to businesses of any size. TechRepublic’s smart person’s guide about the National Institute of Standards and Technology’s Cybersecurity Framework (NIST CSF) is a quick introduction to this new government recommended best practice, as well as a “living” guide that will be updated periodically to reflect changes to the NIST’s documentation.

https://www.techrepublic.com/article/nist-cybersecurity-framework-the-smart-persons-guide/

 This Spy App Can See If You’ve Visited Whistleblowing Sites on the Dark Web

The researchers used Linux, which allowed them to access the data they needed (a rooted Windows or Mac system could allow similar access, Sunar said). They first tracked processor usage with the app while browsing different sites in Chrome in incognito mode, and in Tor, the browser that lets you access the dark web. An AI algorithm then parsed all of this data to come up with a baseline to predict which sites a user visited. After training, the algorithm could look at new hardware use patterns via the app and predict whether a user had visited Netflix or Amazon with surprising accuracy: 86.3 percent for Chrome in Incognito mode.

https://motherboard.vice.com/en_us/article/this-spy-app-can-see-if-youve-visited-whistleblowing-sites-on-the-dark-web

 ACLU files FOIA request to see how ICE uses cell phone trackers

Through a Freedom of Information Act request filed Friday, the American Civil Liberties Union (ACLU) is seeking to find out how Immigration and Customs Enforcement (ICE) and U.S. Customs and Border Protection (CBP) are using cell phone trackers known as Stingrays. “We’re troubled to see evidence of ICE using invasive surveillance equipment for immigration enforcement purposes, especially given this administration’s hyper-aggressive approach in this area,” ACLU attorney Nathan Freed Wessler said in a release.

https://www.scmagazine.com/aclu-files-foia-request-to-see-how-ice-uses-cell-phone-trackers/article/663167/

 GOP lawmaker who helped kill ISP privacy rules proposes new privacy rules

Rep. Marsha Blackburn (R-Tenn.) introduced the House version of legislation that ultimately killed those privacy rules in March. But now she’s back with a new bill that requires broadband providers and websites to obtain users’ opt-in consent before using or sharing Web browsing history, application usage history, and other sensitive data like the content of communications and financial and health information. There’s one big caveat: Blackburn’s bill would prevent individual states and municipalities from imposing laws that are stricter than the proposed federal standard.

https://arstechnica.com/tech-policy/2017/05/gop-lawmaker-who-helped-kill-isp-privacy-rules-proposes-new-privacy-rules/

 Customer Service Worker Gone Rogue Tells KFC, Pizza Hut Customers To Order Domino’s Next Time

If you’re going to fire a customer service rep, you need to make sure they can’t get back into your system and wreak havoc… like the former rep who managed to reply to dozens of emails from KFC and Pizza Hut, telling them the restaurants don’t care about complaints anymore, and to just “order from Domino’s next time.” According to The Sun, the poison pen emails were sent by a recently fired employee of Market Force, a company that provides a range of customer experience tools and services for retail businesses. This ex-worker allegedly broke into the company’s office and sent replies to about 50 UK customers who had written to KFC and Pizza Hut to complain or offer feedback.

https://consumerist.com/2017/05/16/customer-service-worker-gone-rogue-tells-kfc-pizza-hut-customers-to-order-dominos-next-time/

 Terror Exploit Kit Evolves Into Larger Threat

The kit is one of several new players that surfaced after the market consolidated last year, according to Cisco. “When Angler and friends disappeared, new EKs started to try their luck. Many of them were far from Angler’s quality. One of these was Terror EK,” wrote Holger Unterbrink and Emmanuel Tacheau, researchers at Cisco who posted their research Thursday. Over the past several months, researchers say they have seen a “fast evolution up to the latest version” of Terror.

https://threatpost.com/terror-exploit-kit-evolves-into-larger-threat/125816/

 Netgear ‘fixes’ router by adding phone-home features that record your IP and MAC address

“Such data may include information regarding the router’s running status, number of devices connected to the router, types of connections, LAN/WAN status, WiFi bands and channels, IP address, MAC address, serial number, and similar technical data about the use and functioning of the router, as well as its WiFi network.” Much of this is probably benign, but posters to the Slashdot thread were concerned about IP address and MAC address being collected by the company.

https://www.theregister.co.uk/2017/05/21/netgear_updates_router_with_phone_home_feature/

 HSBC voice recognition security system spoofed by BBC

Dan Simmons non-identical twin brother, Joe Simmons, tested the system and was successful enough to mimic his brother’s voice and breach his account. However, what is more, surprising is the fact that despite failing seven times to imitate his brother’s voice, Joe was finally in the eighth time he tried. This is therefore not like the traditional password systems where a user is blocked out if he or she fails to enter the correct password thrice.

https://www.hackread.com/hsbcs-voice-recognition-system-failed-to-protect-customer/

 ‘Combo list’ database of previously breached accounts contains over 560M credentials

Over 75 gigabytes in size, the database consists of data stolen from LinkedIn, Dropbox, Lastfm, MySpace, Adobe, Neopets, RiverCityMedia, 000webhost, Tumblr, Badoo, Lifeboat and other services. “The lesson here is simple: most likely, your password is already there and somebody might be trying to use this just now. So isn’t that a good time to change it now?” wrote blog post author Bob Diachenko, chief communication officer at Germany-based Kromtech, which is owns the MacKeeper computer security software brand.

https://www.scmagazine.com/combo-list-database-of-previously-breached-accounts-contains-over-560m-credentials/article/662861/

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.