IT Security News Blast 6-12-2017

Healthcare Industry Suffers the Most Cyber Attacks

“The data shows that healthcare and education are consistently targeted and attackers can easily evade perimeter defenses,” the report states. At the same time, the study found attack rates increasing across the board, with the average number of reconnaissance, lateral movement and exfiltration detections all increasing by more than 265 percent. Reconnaissance detections, a first step in ransomware campaigns, were up by 333 percent over 2016.

http://www.esecurityplanet.com/network-security/healthcare-industry-hit-most-frequently-by-cyber-attacks.html

OCR Issues a Cyberattack Response ‘Checklist’

Federal regulators have issued new materials to aid healthcare organizations and their vendors in their “quick response” to cyberattacks. The checklist and infographic from the Department of Health and Human Services’ Office for Civil Rights are part of HHS’ ongoing campaign to help improve awareness and especially readiness of healthcare sector entities in dealing with escalating cyberattacks. Meanwhile, Congress is scrutinizing HHS’ role in helping the healthcare sector improve its cybersecurity capabilities.

http://www.govinfosecurity.com/ocr-issues-cyberattack-response-checklist-a-9982

HHS prepares to unveil cybersecurity communications center by the end of the month

The Department of Health and Human Services (HHS) will officially open its healthcare-specific cybersecurity communication center by the end of the month, according to HHS officials, after withstanding an unexpected test run during last month’s ransomware attack. Scanlon said the Department of Homeland Security, which operates the National Cybersecurity and Communications Integrations Center (NCCIC), recommended HHS open their own version specifically for the healthcare industry. HCCIC will focus its efforts on analyzing and disseminating cyberthreats across the healthcare industry in real time.

http://www.fiercehealthcare.com/privacy-security/hhs-prepares-to-unveil-its-cybersecurity-communication-center-by-end-month

Crying wolf: Combatting Cybersecurity alert fatigue

At the top of the list is desensitization with so many bells and whistles going off, how is one supposed to remain alert to what is truly necessary? The point is, security personnel can grow wary of the notices their equipment is throwing back at them, as the alarms go off so frequently that the humans monitoring the systems can only handle so much. In other words, so many of the notifications are set off by minor infractions that they lose urgency.

https://www.scmagazine.com/crying-wolf-combatting-cybersecurity-alert-fatigue/article/667677/

Thousands of Firms Fail to Update Software on Most Computers: Study

The research showed that more than 50 percent of computers in over 2,000 organizations run an outdated version of the operating system, and over 8,500 companies have failed to update Web browsers on more than half of their machines. Looking at each of the analyzed industries, BitSight found that the education and government sectors had the highest usage rate of outdated operating systems and browsers. Nearly 40 percent of computers used in the education sector and more than 25 percent of devices in the government sector had been running outdated operating systems, particularly outdated versions of Mac OS.

http://www.securityweek.com/thousands-firms-fail-update-software-most-computers-study

How to create a cybersecurity program for your own MSP

When discussing cybersecurity with clients, MSPs should be able to explain that they have their own cybersecurity program, what it is based on, and that they employ properly trained employees. Because well qualified cybersecurity professionals are both expensive and hard to find, it is recommended that MSPs start by getting their existing employees certified.

http://searchitchannel.techtarget.com/answer/How-to-create-a-cybersecurity-program-for-your-own-MSP

9 cyberattacks that threatened officer safety and obstructed justice

Cyberattacks, particularly doxing when personal information is made public puts the safety of our officers and their families at risk. […] Cyberattacks are nothing new, but as technology evolves, the threat intensifies, becoming more sophisticated and harder to prevent. Compare the doxxing that occurred after Occupy Wall Street protests (2011) to the doxxing after Ferguson (2014).

https://www.policeone.com/cyber-attack/articles/371392006–9-cyberattacks-that-threatened-officer-safety-and-obstructed-justice/

Weak Security Opened Door to Russian Hack of Voter System App Firm

Hackers linked to Russian military intelligence were able to penetrate the firm network with relative ease. The hackers gained access through a two-phased attack. The first was a phishing attack against the software vendor that gave the hackers access to a database containing the contact information of election officials in several states. A second phishing attack delivered a payload of malware-tainted Microsoft Word files to voter registration officials in multiple states. The files appeared as though they came from the vendor, VR Systems of Tallahassee, Fla.

http://www.eweek.com/security/weak-security-opened-door-to-russian-hack-of-voter-system-app-firm

A Notification Requirement for Using Cyber Weapons or for Unauthorized Disclosure of a Cyber Weapon

One ambiguity in the proposed legislation is what counts as an offensive cyber operation and in particular, whether or not offensive cyber operations include cyber exploitations. […] A second ambiguity in the proposed legislation is potentially troublesome.  The legislation also calls for notification of congressional defense committees immediately in the event of an unauthorized disclosure of a cyber capability covered by this section.

https://www.lawfareblog.com/notification-requirement-using-cyber-weapons-or-unauthorized-disclosure-cyber-weapon

SAVE THE DATES: REPORTS DUE UNDER TRUMP’S CYBERSECURITY ORDER

By June 24, 2017, the secretaries of State, Treasury, Defense, Commerce, and Homeland Security, in coordination with the attorney general and the FBI director, must report on their international cybersecurity priorities, including those concerning investigation, attribution, cybersecurity threat information sharing, response, capacity building, and cooperation. Those are due by June 25. The secretary of state must follow up with a report documenting an engagement strategy for international cooperation in cybersecurity by Sept. 23.

https://www.bna.com/save-dates-reports-b73014453104/

China’s new cybersecurity law: Time for firm pushback or retaliation

The Trump administration should elevate the new Chinese cybersecurity law to top priority in the ongoing 100-day negotiations mandated at the April Trump-Xi summit. The administration should make it clear that if regulations under the new law damage US companies’ ability to compete in the Chinese market, the United States will not just protest” it will act to institute reciprocal actions that close off the US market to top Chinese technology companies such as Alibaba, Baidu, and Tencent.

http://www.aei.org/publication/chinas-new-cybersecurity-law-time-for-firm-push-back-or-retaliation/

The Internet needs paid fast lanes, anti-net neutrality senator says

“Chairman Pai just mentioned medical diagnostics,” Johnson said. “You might need a fast lane within that pipeline so those diagnoses can be transmitted instantaneously and not be held up by, I don’t know, maybe a movie streaming.” In reality, the net neutrality rules already allow priority access for medical services. Certain types of services can be given isolated capacity to ensure greater speed and reliability, and providers of telemedicine (or remote medical diagnosis) can take advantage of this exception to the rules.

https://arstechnica.com/tech-policy/2017/06/the-internet-needs-paid-fast-lanes-anti-net-neutrality-senator-says/

Are Businesses Shortchanging Cybersecurity Or Shortchanging Change Itself?

From a financial point of view, we’re getting a questionable return on our security investments. It begs the question: Are we investing enough in cybersecurity, or are the investments we’re making not optimal? One way or another, businesses will need to close the cyber-readiness gap or become increasingly vulnerable to cyberthreats.

https://www.forbes.com/sites/forbestechcouncil/2017/06/09/are-businesses-shortchanging-cybersecurity-or-shortchanging-change-itself/#63b6f77546d7

Persirai malware in action: IP cameras all across the world compromised

“Looking at the data from infected devices from the United States, Japan, Taiwan and Korea, we see that Persirai is the clear frontrunner. However, the landscape is constantly changing and many vulnerable IP cameras are still exposed to the internet. With the success of these four families, other developers might be releasing their own IP camera-targeting malware and the results could be completely different very soon.

https://www.hackread.com/persirai-malware-ip-cameras-compromised/

Say hello to Dvmap: The first Android malware with code injection

The trojan was downloaded from Google Play more than 50,000 times since March, according to security researchers at the Russian antivirus firm. Kaspersky Lab reported the trojan to Google, which removed the software nasty from its store. Dvmap was distributed while posing as a simple, addictive puzzle game called colourblock, posted under the name “Retgumhoap Kanumep”. Developers bypassed the store’s security checks by uploading a clean app at the end of March.

https://www.theregister.co.uk/2017/06/09/dvmap_code_injection_android_trojan/

An Idiot’s Guide to Building an Ethereum Mining Rig

Mining is the term used to describe the process of extracting cryptocurrency tokens from a blockchain network. In the case of Ethereum, this involves having computers continuously run a hashing algorithm, which takes an arbitrarily large amount of information and condenses it to a string of letters and numbers of a fixed length. The hashing algorithm used by Ethereum called ethash hashes metadata from the most recent block using something called a nonce: a binary number that produces a unique hash value.

https://motherboard.vice.com/en_us/article/an-idiots-guide-to-building-an-ethereum-mining-rig

Banking trojan executes when targets hover over link in PowerPoint doc

[The] delivery technique made use of the Windows PowerShell tool, which was invoked when targets hovered over a booby-trapped hyperlink embedded in the attached PowerPoint document. Targets using newer versions of Microsoft Office would by default first receive a warning, but those dialogues can be muted when users are tricked into turning off Protected View, a mode that doesn’t work when documents are being printed or edited. Targets using older versions of Office that don’t offer Protected View are even more vulnerable.

https://arstechnica.com/security/2017/06/malicious-powerpoint-files-can-infect-targets-when-hovering-over-hyperlinks/

In detail: How we are all pushed, filed, stamped, indexed, briefed, debriefed or numbered by online biz all day

The data collection industry, fattened on info snippets gleaned from social media and mobile devices, affects people’s lives but operates without meaningful scrutiny. […] Cracked Labs’ report, “Corporate Surveillance in Everyday Life: How Companies Collect, Combine, Analyze, Trade, and Use Personal Data on Billions,” explores the data gathering ecosystem in an effort to illuminate how companies collect information on consumers and how they use that information.

https://www.theregister.co.uk/2017/06/09/cracked_labs_surveillance_capitalism/

GameStop notifies customers about massive credit card breach

Essentially, GameStop was notified by KrebsOnSecurity that most of their customer accounts had been hacked with attackers stealing private information related to credit cards along with CVV2 numbers. Also, it was reported that hackers were selling this information on a marketplace. The breach had allegedly occurred between August 2016 and April 2017, but GameStop did not notify its customers regarding the attack at the time.

https://www.hackread.com/gamestop-notifies-customers-about-credit-card-breach/

“Platinum” Cyberspies Abuse Intel AMT to Evade Detection

Microsoft noticed recently that a file transfer tool used by the group had started leveraging Intel AMT’s Serial-over-LAN (SOL) feature. […] The SOL feature also works all the time, even without the OS, and it provides a virtual serial port. A management console can connect to this port, boot to a basic DOS system, and communicate with software that listens on a designated COM port. Since SOL works independently of the operating system, communications are not picked up by firewalls and network monitoring applications running on the device.

http://www.securityweek.com/platinum-cyberspies-abuse-intel-amt-evade-detection

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.