IT Security News Blast 5-9-2017

Government Joins The Finance Sector At The Top Of The Cyber Attack List

The report pinpoints a number of global geo-political events which could have contributed to the government sector being a cybersecurity attack target. These include:

  • The US presidential election campaign
  • A new US administration with a more aggressive stance toward China and North Korea
  • China adopting a more aggressive policy stance in securing its vital ‘core interests’
  • US and European Union-led economic sanctions against Russia
  • Russian state-sponsored actors continuing cyber operations against Western targets
  • Growing negative sentiment in the Middle East against the West’s aggression towards Syria

https://www.realwire.com/releases/Government-Joins-The-Finance-Sector-At-The-Top-Of-The-Cyber-Attack-List

 FBI/IC3: Vile $5B business e-mail scam continues to breed

The BEC scam is typically carried out by compromising legitimate business e-mail accounts through social engineering or computer intrusion to conduct unauthorized transfers of funds, the IC3 stated. Most victims report using wire transfers as a common method of transferring funds for business purposes; however, some victims report using checks as a common method of payment. The fraudsters will use the method most commonly associated with their victim’s normal business practices.

http://www.networkworld.com/article/3195072/security/fbi-ic3-vile-5b-business-e-mail-scam-continues-to-breed.html

 7 Types of Cyber Attacks Are Threatening Your Small Business Right Now

If you’re the owner of one of the estimated 28 million small businesses in America, you need to include cyber security as an important part of your business toolkit. Almost half (43 percent) of cyber attacks target small businesses. The threats are growing and changing as fast as online technology, and following are the types of cyber attacks criminals are plotting against your small business right now.

https://smallbiztrends.com/2017/05/types-of-cyber-attacks-small-business.html

 Supply Chain Update Software Unknowingly Used in Attacks

Microsoft said a recent attack it calls Operation WilySupply utilized the update mechanism of an unnamed software editing tool to infect targets in the finance and payment industries with in-memory malware. […] “While their software supply chain served as a channel for attacking other organizations, they themselves were also under attack,” said Elia Florio, senior security software engineer, with Windows Defender ATP Research Team.

https://threatpost.com/supply-chain-update-software-unknowingly-used-in-attacks/125483/

 FCC says it was victim of cyberattack after John Oliver show

The attack came shortly after comedian John Oliver urged viewers of his HBO show “Last Week Tonight” to file comments on the site in support of the agency’s net neutrality rules, which FCC Chairman Ajit Pai is aiming to roll back.  […] The website went down shortly after Oliver’s segment. Initial reports linked the downed website to the volume of comments, but the FCC is disputing that connection.

http://thehill.com/policy/technology/332414-fcc-says-it-was-victim-of-cyberattack-after-john-oliver-show

 Cybersecurity expert: Macron party hacker left ‘digtal fingerprints’ pointing back to Russian involvement

The security experts said it was unusual for someone with that level of skill to digital fingerprints behind. “This is a schoolboy error and looks very strange to see it coming from someone who works at a government contractor. Attribution and provenance are hard to pinpoint, and it’s very easy to create fake trails to throw people of from those who may really be working with the data,” Karatas explained.

https://www.rawstory.com/2017/05/cybersecurity-expert-macron-party-hacker-left-digtal-fingerprints-pointing-back-to-russian-involvement/

 Emmanuel Macron prepared to use force to retaliate over Russian cyber attacks, top aide suggests 

Yesterday, Aurélien Lechevallier, the new president’s foreign policy adviser warned: “We will have a doctrine of retaliation when it comes to Russian cyberattacks or any other kind of attacks.” “This means we are ready to retaliate against cyberattacks – not only in kind but also with any other conventional measure or security tool,” he told Politico.

http://www.telegraph.co.uk/news/2017/05/08/emmanuel-macron-prepared-use-force-retaliate-russian-cyber-attacks/

 Japan to rate home devices on cyber-attack vulnerabilities

To make it easier for consumers to determine whether such products, collectively called the internet of things (IoT), are safe, the ministry will create a certification mark. The ministry plans to introduce the system in 2018. […] With no current index to clearly rate cybersecurity measures, the Internal Affairs and Communications Ministry wants to create the certification to use as a yardstick for determining the safety of IoT devices.

http://www.sltrib.com/home/5265675-155/story.html

 The week in security: Crims get creative as cybersecurity named the biggest risk to nations, SMEs

Security practitioners are still suffering threat alert fatigue, while employers are suffering their own form of fatigue as they try to derive meaning from the range of cybersecurity credentials in the market. This, as experts warned about tightening controls on third-party access and remaining extra vigilant when choosing the right cybersecurity products in the face of often dubious claims by cybersecurity product vendors.

http://www.cso.com.au/article/618851/week-security-crims-get-creative-cybersecurity-named-biggest-risk-nations-smes/

 Women in cybersecurity need to take more risks

Her advice for any woman who is new to cybersecurity, whether she’s looking for technical mentorship or peer sharing, is to seek out those people with whom you can meet and share stories.  “It could be someone you are working with that you can meet with to talk through successes or challenges. Approach somebody and let them known that you’re new or mid career. It could start even as a friend, any of those people you naturally gravitate toward, or somebody in a leadership role,” Sethi said.

http://www.csoonline.com/article/3194867/it-careers/women-in-cybersecurity-need-to-take-more-risks.html

 Brokers are failing on cyber insurance – report

“This figure is quite shocking particularly when you put some context around it. 90% of our cyber claims come from businesses with less than £50 million in revenue and we get more than one claim every single day,” said Graeme Newman, chief innovation officer at CFC. “This shows just how vulnerable SMEs are to cyber attacks. I think it sadly demonstrates that cyber insurance is still well outside the comfort zone of many brokers who are providing their clients with a wide range of commercial covers.

http://www.insurancebusinessmag.com/uk/news/breaking-news/brokers-are-failing-on-cyber-insurance–report-67053.aspx

 Data leak insurance costs in US could reach $5bn a year

“Data breaches can cost companies hundreds of millions of dollars, and our modelling shows the overall insurable loss across US businesses from data exfiltration is running at over $5 billion a year,” said RMS senior vice president Andrew Coburn. “The past year has also demonstrated the potential for future systemic cyber catastrophes, for which overall losses would far exceed $5 billion.”

http://www.intelligentinsurer.com/news/data-leak-costs-in-us-could-reach-5bn-a-year-11850

 If you installed HandBrake from the official site, your Mac may be hosed

Over a four-day period ending Saturday, a download mirror located at download.handbrake.fr delivered a version of the DVD ripping and video conversion software that contained a backdoor known as Proton, HandBrake developers warned over the weekend. At the time that the malware was being distributed to unsuspecting Mac users, none of the 55 most widely used antivirus services detected it. That’s according to researcher Patrick Wardle, who reported results here and here from the VirusTotal file-scanning service.

https://arstechnica.com/security/2017/05/mac-users-installing-popular-dvd-ripper-get-nasty-backdoor-instead/

 Wormable Windows Zero Day Reported to Microsoft

Google Project Zero researcher Tavis Ormandy has a long legacy of finding unknown, critical software vulnerabilities to his credit. So when he calls a new bug the worst in recent memory, it’s likely not hyperbole. On Saturday, Ormandy tweeted that he and colleague Natalie Silvanovich has found a Windows remote code execution vulnerability that he labeled “crazy bad.” “Attack works against a default install, don’t need to be on the same LAN and it’s wormable,” Ormandy said in a second tweet.

https://threatpost.com/wormable-windows-zero-day-reported-to-microsoft/125513/

 BEC attacks have hit thousands, top $5 billion in losses globally

At their core, BEC attacks are a variation on Social Engineering, designed to target a person’s normal routine. Social Engineering isn’t easily detected or defeated, so when the criminals ask for something that isn’t unusual or out of victim’s comfort zone, the attack is often successful. By sticking to the routine, the criminals are taking advantage of lax policies and informal communications via email at work.

http://www.csoonline.com/article/3195010/security/bec-attacks-have-hit-thousands-top-5-billion-in-losses-globally.html

 Anti Public Combo List with Billions of Accounts Goes on Dark Web for Sale

The data Hunt discovered was in two lists with one list containing 457,962,538 accounts while the second one from Exploit.in containing 593,427,119 accounts. Now, it has emerged that in two different listings, two vendors going by the online handles of “wildfruit2” and “dbworld” are selling 457,962,538 accounts from anti-public combo list on a popular Dark Web marketplace. Both listings contain email addresses and clear text passwords of users around the world.

https://www.hackread.com/anti-public-combo-accounts-on-dark-web/

 DHS Report Outlines Feds’ Mobile Security Threats

Mobile devices used by federal government workers are potentially at a higher risk of attack than those used by consumers, solely for the mere fact that they are public-sector employees, according to a report presented to Congress last week by the US Department of Homeland Security. Cybercriminals targeting government workers’ mobile devices view them as a potential channel to accessing back-end computer systems rich in data containing sensitive federal government information and private information on millions of Americans, according to the DHS.

http://www.darkreading.com/mobile/dhs-report-outlines-feds-mobile-security-threats-/d/d-id/1328821?

 US device searches at borders ignite resistance

Under current guidelines, CBP can search a device without “any suspicion” of a crime and with no court-ordered warrant, said Esha Bhandari, a staff attorney with the ACLU Speech, Privacy, and Technology Project. “We think that’s a Fourth Amendment violation,” she said. “They can essentially conduct these searches in a suspicionless manner for no reason at all.”

http://www.csoonline.com/article/3195149/security/us-device-searches-at-borders-ignite-resistance.html

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.

//]]>