IT Security News Blast 5-25-2017

Malware Network Communication Provides Better Early Warning Signal

Research is expected to be unveiled today that challenges the industry’s current reliance on dynamic malware analysis as the best means of early detection of infections. Instead, researchers from the Georgia Institute of Technology, the IMDEA Software Institute and EURECOM posit that a better approach would be an analysis of network traffic to suspicious domains that would potentially cut detection times down by weeks or even months. […] The researchers concluded that attackers—including spammers and adware purveyors dabbling in PUPs—re-use infrastructure over and over and that provides a better early-detection signal than an exclusive study of malware and PUP domains.

https://threatpost.com/malware-network-communication-provides-better-early-warning-signal/125874/

 Kaspersky – Cyber battleground to shift to critical infrastructure

National critical infrastructure, such as power, telecommunications and transportation will be the new battleground in the war against cyber crime, according to Kaspersky Lab founder and CEO, Eugene Kaspersky. […] “If we don’t have electricity, that is the end of civilisation,” he said. “Last year and in 2015 there were full-blown cyber attacks against the Ukrainian power grid.” […] “We have not seen any reports on cyber attacks on transportation infrastructure yet, but we know at least that cars are vulnerable,” he said. […] The third threat, according to Kaspersky, was telecommunications infrastructure. “If there is no internet and no mobile network, that’s the end of our civilisation, even if the power grid and transport system still works,” he said.

https://www.arnnet.com.au/article/619737/kaspersky-cyber-battleground-shift-critical-infrastructure/

 Federal Cybersecurity Directive Looms Over Contractors

A looming new federal security directive will require businesses working with the federal government to protect their cyber data, or have a detailed plan for doing so, by year’s end. The directive is called “NIST 800-171” — or sometimes just “rule 171” — and it will control whether companies from defense engineering firms to janitorial outfits can do business with the federal government. […] “We are finding that a lot of companies are not aware of this requirement and face losing their government contracts,” said Tamara Wamsley, a strategist with Fastlane. “This issue could impact the success of many local companies, could result in lost jobs. This is a big deal.”

http://www.govtech.com/policy/Federal-Cybersecurity-Directive-Looms-Over-Contractors.html

 Not investing in cybersecurity has ‘inverse ROI’

If the cyberattacks that infected computers in more than 150 countries this month did anything good, they have shown organizations the world over what not keeping systems up to date costs. […] Big corporations, he said, are “reasonably ahead of the curve” in measuring risk, communicating that to the board and then investing in cybersecurity. For smaller companies, though, “It’s a whole different story.”

http://searchcio.techtarget.com/news/450419414/Not-investing-in-cybersecurity-has-inverse-ROI

 Our National Resilience Depends On Bold Cybersecurity Leaders

We need a new wave of leaders who are unafraid of standing up and speaking out about the current deficiencies in our cyber strategy. We will depend on their vision, visibility, and accountability like we did with the H1N1 (swine flu) national pandemic response. These leaders must recognize that our national cyber capacity depends on the strength of our workforce. They should also proactively create pathways to connect young people with opportunities in the cybersecurity field.

https://www.forbes.com/sites/gradsoflife/2017/05/08/our-national-resilience-depends-on-bold-cybersecurity-leaders/#3eaad0a643c3

 Fresh wave of mutating Qakbot malware brings down enterprise networks

The Trojan can spread not only through networks and external drives and devices but also focuses on stealing valuable credentials and harnessing control of the networks it has infected. There has been a resurgence of the malware, according to Cylance, which had been made even more evasive and persistent with new, polymorphic features that enable the malicious code to squat in business networks for longer and “easily thwart legacy endpoint [security] solutions” by the use of obfuscating code, as well as constantly-evolving file makeup and signatures.

http://www.zdnet.com/article/fresh-wave-of-qakbot-malware-brings-down-enterprise-networks/

 The Rise Of Toxic Data

Data growth raced ahead while information security fell behind, and the collateral damage is making headlines. Data breaches like those that happened to Sony, Mossack Fonseca, the U.S. Office of Personnel Management (OPM) and the Democratic National Committee (DNC) are practically daily occurrences. Instead of increasing revenues or furthering goals, stolen files and emails disrupt and subvert plans. If an organization stores valuable data (and most store more than they realize), someone will try to steal it. Your next breach may be perpetrated by someone who has never heard of you; ransomware, a form of file extortion, is now a $1 billion business.

https://www.forbes.com/sites/forbestechcouncil/2017/05/22/the-rise-of-toxic-data/#156d42382092

 Twitter Bug Allowed Hackers To Tweet From Any Account

“By sharing media with a victim user and then modifying the post request with the victim’s account ID the media in question would be posted from the victim’s account,” Twitter wrote in its summary of the bug. In plain English, this means that the attacker simply needed to fiddle with the code that gets sent to Twitter when posting something to trick the social network into posting the tweet as somebody else—all without having to hack anyone’s account.

https://motherboard.vice.com/en_us/article/twitter-bug-allowed-hackers-to-tweet-from-any-account

 FCC stonewalls demands for evidence of cyberattack

The advocacy group Fight for the Future tells ZDNet that the FCC should disclose information “to the appropriate authorities and to journalists” to have them investigate the data while maintaining privacy. And if there’s an organization behind the attack, the group says, the FCC should divulge who it is. That it isn’t is worrying — does the Commission not know, or is it trying to hide the origins? Fight for the Future is concerned that the traffic is either from net neutrality supporters (and thus evidence that the FCC couldn’t/wouldn’t handle opposition to its net neutrality rollback) or opponents trying to stifle criticism.

https://www.engadget.com/2017/05/24/fcc-wont-show-evidence-of-cyberattack/

 Republicans want to leave you more voicemail — without ever ringing your cellphone

The GOP’s leading campaign and fundraising arm, the Republican National Committee, has quietly thrown its support behind a proposal at the Federal Communications Commission that would pave the way for marketers to auto-dial consumers’ cellphones and leave them prerecorded voicemail messages — all without ever causing their devices to ring. Under current federal law, telemarketers and others, like political groups, aren’t allowed to launch robocall campaigns targeting cellphones unless they first obtain a consumer’s written consent. But businesses stress that it’s a different story when it comes to “ringless voicemail” — because it technically doesn’t qualify as a phone call in the first place.

https://www.recode.net/2017/5/23/15681158/political-campaign-robocall-ringless-voicemail-without-ringing-cellphone-republican

 Top hacker conference to target voting machines

When over 25,000 of them descend on Caesar’s Palace in Las Vegas at the end of July for DEFCON, the world’s largest hacking conference, organizers are planning to have waiting what they call “a village” of different opportunities to test how easily voting machines can be manipulated. Some will let people go after the network software remotely, some will be broken apart to let people dig into the hardware, and some will be set up to see how a prepared hacker could fiddle with individual machines on site in a polling place through a combination of physical and virtual attacks.

http://www.politico.com/story/2017/05/23/defcon-hacker-conference-voting-machines-238734

 Qatar’s State News Agency Hacked by ‘Unknown Entity’: Official

Amid an apparent wide-scale security breach it was also reported that the agency’s official Twitter account had also been attacked. Among the issues allegedly addressed by the Qatari ruler in the statement were the Palestinian-Israeli conflict, strategic relations with Iran, and comments about Hamas. There were also alleged negative remarks about Qatar’s relationship with the new administration of US President Donald Trump.

http://www.securityweek.com/qatars-state-news-agency-hacked-unknown-entity-official

 Call center fraudsters targeting insurance companies

According to the report, “the insurance industry is … taking severe hits from phone fraud.” Life insurance policies and policies for mobile phone replacements, in particular, have been heavily hit. Dewey said about one in every 12,000 calls to life insurance companies are fraudulent. About one in every five of those is successful, he said. For mobile device insurance firms, about one in every 200 calls is fraudulent, while the same one in five success rate applies. “The major failing is in the knowledge-based authentication questions,” Dewey said. “The problem is they just don’t work.

http://www.insurancebusinessmag.com/us/news/breaking-news/call-center-fraudsters-targeting-insurance-companies-68470.aspx

 Oil and gas industry on guard for cyber attack

Those with specialist knowledge suggest that in most cases, cyber and physical attacks are disassociated, although “cyber physical” attacks, where control systems are hacked to cause physical damage, are on the increase. […] “Politically and economically, the attention of hackers is drawn to energy in wishing to cause disruption by halting production, causing financial loss, or even causing loss of life. Cyber attacks on the energy sector, and on oil and gas facilities, have increased in the past five years along with the associated costs.

http://www.oedigital.com/component/k2/item/15432-oil-and-gas-industry-on-guard-for-cyber-attack

 U.S. cyberwarriors are getting better at fighting ISIS online, says top general

Codenamed Operation Glowing Symphony, the operation reportedly began in November with the goal of disrupting ISIS’s online presence by obtaining account passwords, deleting content and sabotaging existing online campaigns. But before ever being launched, the mission reportedly concerned top Obama officials, including former Secretary of State John Kerry, because the operation involved military personnel manipulating computer servers located in allied countries. In the end, a total of 15 countries were notified of the secretive mission, according to the Washington Post.

https://www.cyberscoop.com/paul-nakasone-isis-cyber-attacks-army-cyber-command/

 U.S. Cyber Command Seeks 16 Percent Raise in FY18

U.S. Cyber Command hopes for a bigger slice of the federal budget pie to cover operating costs in an increasingly volatile and dangerous cyber domain, said Adm. Michael Rogers, USN, head of U.S. Cyber Command and the National Security Agency (NSA). He made his budget pitch before House lawmakers on Tuesday, seeking $647 million in fiscal year 2018—a 16 percent increase from fiscal year 2017—to address mounting cyber needs. […] “Hardly a day has gone by during my tenure at Cyber Command that we have not seen at least one significant cyber event occurring somewhere in the world.”

http://www.afcea.org/content/?q=us-cyber-command-seeks-16-percent-raise-fy18

 American special forces open a drone hacker lab

Battlefield drones are evolving quickly, and there’s only so much militaries can do to keep up — they’re not used to competing with consumer tech that can improve in a matter of months. […] Not that the Command can afford to wait for breakthroughs. ISIS has already ramped up its ability to fly drones (up to 70 drones in one day over Mosul alone), and SOCOM felt enough heat that it recently placed an urgent order for 350 Switchblade drones to bolster its arsenal. While the lab should ultimately help in the long run, there will likely be plenty of stopgap solutions in the near term.

https://www.engadget.com/2017/05/20/us-special-operations-drone-hacker-lab/

 Cybersecurity Concerns Boost Bets In Network Security

According to Symantec, the number of ransomware attacks increased by 36% from 2015 to 2016, while the average ransomware amount increased by 266%, from $294 to $1,077, over the same period. […] Perhaps as a reaction from this increase in volume and ongoing warnings from experts, investors appear to be betting that corporations and governments will step up investments in cybersecurity. From May 13 to May 18, network security software companies, as defined by FactSet’s Revere Business Industry Classification System (RBICS), experienced a 10.1% increase in price, up from a 4.3% increase over the same period last year.

http://www.valuewalk.com/2017/05/cybersecurity-concerns-boost-bets-network-security/

 Why Cybersecurity ETF HACK Hit Its Year-to-Date High

In the previous part of this series, we looked at the impact of the WannaCry ransomware attack on cybersecurity stocks. Now let’s look at the impact of that attack on the PureFunds ISE Cyber Security ETF (HACK). HACK rose 3.3% on May 15, 2017. That was its biggest rise in the last six months. WannaCry ransomware was the reason behind the surge. In comparison, the Vanguard S&P 500 ETF (VOO) rose only 0.50% that day.

http://marketrealist.com/2017/05/why-cybersecurity-etf-hack-hit-its-year-to-date-high/

 A wormable code-execution bug has lurked in Samba for 7 years. Patch now!

The seven-year-old flaw, indexed as CVE-2017-7494, can be reliably exploited with just one line of code to execute malicious code, as long as a few conditions are met. Those requirements include vulnerable computers that (a) make file- and printer-sharing port 445 reachable on the Internet, (b) configure shared files to have write privileges, and (c) use known or guessable server paths for those files. When those conditions are satisfied, remote attackers can upload any code of their choosing and cause the server to execute it, possibly with unfettered root privileges depending on the vulnerable platform.

https://arstechnica.com/security/2017/05/a-wormable-code-execution-bug-has-lurked-in-samba-for-7-years-patch-now/

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.

//]]>