IT Security News Blast 6-16-2017

Don’t Overlook Basics in Cybersecurity Strategies, Officials and Experts Warn

The advent of mobile technology has amplified the role of cybersecurity professionals in part by allowing access to large-scale networks virtually everywhere device users travel, Hect told the audience. But he said technology may also offer solutions to staffing shortages private and public sectors face. There aren’t enough people to do that work, period, end of story,” Hect said, “so we’ve got to rely on automation and analytics and machine learning to build into the architecture to do that heavy lifting.”

http://www.govtech.com/security/Dont-Overlook-Basics-in-Cybersecurity-Strategies-Officials-Experts-Warn.html

Cybersecurity Checklist for HIPAA Covered Entities

While the HHS checklist is certainly a practical resource for healthcare providers, it does not (and absolutely should not) alleviate a healthcare provider’s responsibility to create, implement, and continuously test/update an incident response plan (“IRP”) tailored to that provider’s circumstances and vulnerabilities. Relying solely on the HHS checklist without an IRP will surely result in panic-based reactions with no structure to guide next steps when a cyber-related security incident inevitably occurs.

http://www.insidearm.com/news/00043013-cybersecurity-checklist-hipaa-covered-ent/

Don’t all rush out at once, but there are a million devices ripe to be the next big botnet

A wormable vulnerability involving an estimated one million digital video recorders (DVR) is at risk of creating a Mirai-style botnet, security researchers warn. […] “This [flaw] leads to remote code execution and a wormable exploit,” researchers warned. “Shodan [a search engine for internet-connected devices] shows ~1M devices available as of today, which would make for a nice botnet.”

https://www.theregister.co.uk/2017/06/15/dvr_vuln_botnet_threat/

1 Million Endpoints Exposed on Public Internet via Microsoft File-Sharing Services

“We found around 800,000 Windows systems on the Internet exposing SMB,” says Rudis. “A good chunk of those were susceptible, and are still susceptible, to WannaCry ransomware.” The file-sharing port 445, which enabled WannaCry, was actively sought out in May 2017. SMB port scan results increased by 17%, from 4.7 million to 5.5 million nodes, in that timeframe. Blocking port 445 would block attacks like this, the report indicates.

https://www.darkreading.com/vulnerabilities—threats/1-million-endpoints-exposed-on-public-internet-via-microsoft-file-sharing-services/d/d-id/1329148?

Nigerian BEC Scams Hit 500 Companies in 50 Countries

Like most BEC attacks, the attacks begin with phony but authentic looking emails, complete with attachments named “Energy & Industrial Solutions W.L.L_pdf, and so on. All the emails came with .RTF files armed with either an old Microsoft Word exploit CVE-2015-1641, or macros and OLE objects that trigger the download of additional malicious files. Data sniffing malware, packed both with VB and .NET packers, from eight different families including ZeuS, Pony, LokiBot, and a variety of RATs  were also used in the attacks, Kaspersky Lab said Thursday.

https://threatpost.com/nigerian-bec-scams-hit-500-companies-in-50-countries/126298/

Major bitcoin exchanges hit by cyberattacks as record rally makes them a target [Audio]

  • At least two major bitcoin exchanges reported cyberattacks this week.
  • The attacks were ‘denial-of-service’ in nature and did not affect clients’ funds.
  • Bitcoin briefly more than tripled for the year when it topped $3,000 last weekend.

http://www.cnbc.com/2017/06/14/major-bitcoin-exchanges-hit-by-cyberattacks-as-record-rally-makes-them-a-target.html

Five traits employers should look for when hiring cyber security professionals [Video]

Jarvis explained that IBM is addressing both concerns with their “New Collar approach,” focusing on sets of individuals from a variety of backgrounds, not just four year institutions. Not all high tech jobs require a four year university background, rather, a specific set of skills, Jarvis said. By hiring individuals based on their cyber skills, the tech industry gives more people like military or community college grads the opportunity to enter the cyber workforce, thus, closing the gap, Jarvis said.

http://www.techrepublic.com/article/five-traits-employers-should-look-for-when-hiring-cyber-security-professionals/

National Flight Academy plans first-of-its kind cybersecurity camp for Pensacola-area kids

Students will practice writing computer code, encrypting messages and thwarting hacking attempts in a new camp planned by the National Flight Academy in July. “Our goal is to get (kids) interested in cybersecurity, computer programming and encryption,” said Cody Grogan, a 24-year-old University of West Florida student and Army reservist who helped design the camp.

http://www.pnj.com/story/news/military/2017/06/14/cyber-security-camp-national-flight-academy-pensacola-naval/373724001/

Advanced CIA firmware has been infecting Wi-Fi routers for years

CherryBlossom, as the implant is code-named, can be especially effective against targets using some D-Link-made DIR-130 and Linksys-manufactured WRT300N models because they can be remotely infected even when they use a strong administrative password. An exploit code-named Tomato can extract their passwords as long as a default feature known as universal plug and play remains on.

https://arstechnica.com/security/2017/06/advanced-cia-firmware-turns-home-routers-into-covert-listening-posts/

Why the U.S. is struggling with the digital war on ISIS

The cyberweapon payloads needed to defeat nation states differ significantly from that needed to defeat terrorist entities, a former intelligence official told CyberScoop on condition of anonymity to broadly discuss Cyber Command’s ongoing efforts. Countering terrorist operations online is similar to countering Russian propaganda efforts.  [But] performing these sorts of operations raises significant legal grey area and questions on exactly what should and should not be censored.

https://www.cyberscoop.com/us-cyber-command-digital-war-isis/

Smart Home Cybersecurity Companies Deliver On CES Promises

Many have called the Smart Home a Dumb Home because of the weaknesses in protecting linked devices across a range of technologies. Others, like this Forbes writer, have memorably described it as the Internet of Thieves. Consequently, Smart Home cybersecurity has become a market all of itself and at CES in January, there were many big players announcing security products that would be launched later that year.

https://www.forbes.com/sites/montymunford/2017/06/15/smart-home-cybersecurity-companies-deliver-on-ces-promises/#1d1d877176f3

Look who’s joined the anti-encryption posse: Germany, come on down

Speaking on Wednesday, German interior minister Thomas de Maizière said the government was preparing a new law that would give the authorities the right to decipher and read private encrypted messages, specifically citing encrypted messaging apps such as WhatsApp and Signal. Such services were allowing criminals and terrorists to evade surveillance, de Maizière said, adding: “We can’t allow there to be areas that are practically outside the law.”

https://www.theregister.co.uk/2017/06/15/germany_joins_antiencryption_posse/

Georgia special election disruption concerns rise after 6.7M records leaked

The data was supposed to be behind a password protected firewall but the center misconfigured the server so that the files were accessible to anyone and the site was also using an outdated version of Drupal containing a critical vulnerability dubbed Drupageddon. The bug would allow an attacker to gain control of any site containing the vulnerability and it is unclear if any of these vulnerabilities have already been exploited before or after Lamb’s discovery. Lamb reported the issues to the executive director at the center who told him the server would be fixed.

https://www.scmagazine.com/researchers-fear-georgia-special-election-still-vulnerable/article/668925/

FCC makes net neutrality commenters e-mail addresses public through API

If you’re one of the many people filing comments on the Federal Communications Commission plan to gut net neutrality rules, be aware that your e-mail address and any other information you submit could be made public. There’s nothing nefarious going on, but the FCC’s privacy policy could lead people to believe that e-mail addresses will be kept secret if they file comments on FCC proceedings.

https://arstechnica.com/information-technology/2017/06/psa-commenting-on-fcc-net-neutrality-plan-could-make-your-e-mail-public/

Metadata Analysis Draws its Own Conclusions on WannaCry Authors

For example, a linguistics analysis of the 28 ransom notes embedded in the malware moved away from the Lazarus theory and concluded that the author was a native Chinese or English speaker. It also stated that the Korean version of the ransom note was among the most poorly written, or translated. To take that conclusion as gospel, however, seems premature as well given that native speakers could easily write in broken versions of their language.

https://threatpost.com/metadata-analysis-draws-its-own-conclusions-on-wannacry-authors/126287/

Cybersecurity Attacks Are a Global Threat. Chinese Scientists Have the Answer: Quantum Mechanics [Video]

[Evidence] is mounting that the future of technology lies in quantum mechanics, which focuses on how the smallest things in our universe work. And a new breakthrough by scientists in China has just brought the world one very big step closer to this quantum revolution. Hundreds of miles closer, in fact. So it’s as good a time as any to understand why quantum physics is making such waves.

http://www.newsweek.com/cyber-security-attacks-are-global-threat-chinese-scientists-have-answer-626090

Orgs struggle to define, integrate threat intelligence, ISF report says

The survey reveals the struggles faced by organizations trying to understand and incorporate threat intelligence capabilities to better manage risk. Hampered by the fact that there is no common understanding of threat intelligence (90 percent said they’d benefit from one), most find it difficult to find the skilled workers needed to operate and manage their threat intelligence capability. In fact, a mere eight percent said they can find the skills they need with the most glaring gaps being in identifying business implications and doing analysis, according to the report.

https://www.scmagazine.com/orgs-struggle-to-define-integrate-threat-intelligence-isf-report-says/article/668923/

BAE accused of flogging mass-spying toolkits to assh*le autocrats

BAE has its fingers in many pies, including the online sphere, and in 2011 it bought Danish firm ETI and added it to its Systems Applied Intelligence division. ETI had invented an online surveillance tool called Evident. “You’d be able to intercept any internet traffic,” a former employee told the BBC. “If you wanted to do a whole country, you could. You could pin-point people’s locations based on cellular data. You could follow people around. They were quite far ahead with voice recognition. They were capable of decrypting stuff as well.”

https://www.theregister.co.uk/2017/06/15/bae_accused_selling_to_repressive_regimes/

Login-stealing phishing sites conceal their evil with lots of hyphens in URL

Hassold called the tactic “URL padding,” the front-loading of the Web address of a malicious webpage with the address of a legitimate website. The tactic, he said, is part of a broad credential-stealing campaign that targets sites that use an e-mail address and password for authentication[.] […] The credentials are likely being used in other attacks based on password reuse.

https://arstechnica.com/security/2017/06/phishing-attacks-target-mobile-browsers-with-dash-padded-urls/

Hackers Using Chinese Malware to Rob ATMs Using Outdated Windows XP

Several security agencies have already warned banks that their ATMs are being breached and robbed. The thieves don’t have to break into the hardware, nor do they need to steal credit cards. Instead, they use Rufus, a new Chinese software that makes the ATMs simply give up the money. Several reports of such thefts have already been received, and they came from many different places. West Bengal, Gujarat, Odisha, and Bihar were all affected by this new way of stealing the money.

https://www.hackread.com/hackers-use-chinese-malware-on-atms-using-windows-xp/

The Rising Tide of Crimeware-as-a-Service

[It’s] no surprise that so many cybercriminal ventures today have adjusted both their technology stacks and their revenue models to service clients with crimeware in the same way that your average software vendor does. Crimeware, stolen data, and other salable items on the Dark Web are increasingly sold as a service. Here are some facts and figures that show how pervasive the SaaS mentality has become in the cybercriminal underground.

https://www.darkreading.com/threat-intelligence/the-rising-tide-of-crimeware-as-a-service/d/d-id/1329102

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.