IT Security News Blast 6-8-2017

Latest NSA Leak Reveals Exactly the Kind of Cyberattack Experts Had Warned About

The details of an apparent Russian state-sponsored cyberattack on local election officials and a vendor of U.S. voting software are shocking—but they shouldn’t be surprising. In fact, experts had been warning for months before the 2016 election about exactly the type of attack that was revealed Monday in leaked NSA documents. […] [Targeting] voter registration systems is widely seen as one of the most effective ways to use a cyberattack to disrupt the electoral process. An adversary with access to voter registration information could, for example, delete names from the voter roll or make other modifications to the data that could cause chaos on Election Day.

https://www.technologyreview.com/s/608043/latest-nsa-leak-reveals-exactly-the-kind-of-cyberattack-experts-had-warned-about/

The Behavioral Economics of Why Executives Underinvest in Cybersecurity

For example, they may think about cyber defense as a fortification process — if you build strong firewalls, with well-manned turrets, you’ll be able to see the attacker from a mile away. Or they may assume that complying with a security framework like NIST or FISMA is sufficient security —just check all the boxes and you can keep pesky attackers at bay. They may also fail to consider the counterfactual thinking — We didn’t have a breach this year, so we don’t need to ramp up investment — when in reality they probably either got lucky this year or are unaware that a bad actor is lurking in their system, waiting to strike.

https://hbr.org/2017/06/the-behavioral-economics-of-why-executives-underinvest-in-cybersecurity

Symantec and the changing of the guard in cybersecurity

Cybersecurity in the enterprise really comes down to “prevent, detect and respond,” said Lieberman. Many of the older tech companies are good at the first two elements, but not so great at “respond.” “Responding is a critical element of solving the problem,” said Lieberman. “If the old-school companies can figure out how to fit into the processes required by cybersecurity professionals, then they will be able to live by brand name and live to fight on.”

http://www.ciodive.com/news/symantec-and-the-changing-of-the-guard-in-cybersecurity/444252/

After a cyberattack, companies remain vulnerable. What CIOs can do to protect their brands

It’s a time tested strategy for malicious actors: Strike with phishing attacks while a company and its clients are dealing with the aftermath of a hack. A classic tactic is to send an email to customers that appears to be a message from the CEO, warning people to change their passwords because of the recent attack, but which contains a password-reset link that leads to a website controlled by the hacker. Perhaps that’s the same hacker who invaded the company’s system earlier this week, or it could be a new, unrelated actor who is just taking advantage of the situation.

http://www.cio.com/article/3199952/cyber-attacks-espionage/after-a-cyberattack-companies-remain-vulnerable-what-cios-can-do-to-protect-their-brands.html

Reporting cybersecurity vulnerabilities too difficult, expert warns

Just as with members of the public being attentive to potential terrorism, security researchers have argued that they need to be listened to when they see suspiciously insecure domains and software online. “We need to be able to ‘If you see something, say something’ but how can I say something?” said Ms Kubecka. “There’s literally no secure way that I can get this information to the NCSC (National Cyber Security Centre).”

http://news.sky.com/story/reporting-cybersecurity-vulnerabilities-too-difficult-expert-warns-10907427

Hand in your notice – by 2022 there’ll be 350,000 cybersecurity vacancies

The General Data Protection Regulation (GDPR) will force European organisations to expand their cyber workforce, causing demand to outstrip the supply of expertise. Two in five governments and companies will expand their cybersecurity divisions by more than 15 per cent in the next 12 months, according to a survey by the International Information System Security Certification Consortium, or (ISC)2. This will lead to a shortfall of 350,000 cyber workers across the continent by 2022.

https://www.theregister.co.uk/2017/06/07/gdpr_cyber_skills_jobs_gap/

Still hiring: Cybersecurity workforce shortage to reach 1.8M by 2022

The cybersecurity workforce gap is on track to hit 1.8 million by 2022, according to a new report released Wednesday from Frost & Sullivan for the Center for Cyber Safety and Education, with the support of (ISC)², Booz Allen Hamilton and Alta Associates. That number represents a 20% increase since 2015. The report, which includes insights from more than 19,000 cybersecurity professionals, also found two-thirds of respondents say they do not have enough workers to address current threats.

http://www.ciodive.com/news/still-hiring-cybersecurity-workforce-shortage-to-reach-18m-by-2022/444385/

3.5M vacant cybersecurity roles by 2021, Cybersecurity Ventures report

Citing a Microsoft study that estimated that by 2020, three-quarters of infrastructure will be operated by third parties (such as cloud providers and internet service providers), the whitepaper emphasized the service offered by a subset of such third-party providers: MSSPs (managed security service providers), which focus particularly on security. […] “Having a partnership with a third-party security operations center (SOC) provider is beneficial to companies that have limited IT resources and lack internal security expertise” said Melissa Zicopula, vice president of Managed Security Services at Herjavec Group.

https://www.scmagazine.com/35m-vacant-cybersecurity-roles-by-2021-cybersecurity-ventures-report/article/666895/

Nigeria: ‘Managed Security Services Can Help Nigeria Curb Cyber Attacks’

To curb the increasing threat posed by cyber attacks to businesses, especially in Nigeria, organisations have been advised to explore managed security services. This is coming on the heels of the recent ransomware attack, WannaCry, which has been described as the world’s biggest cyber-attack till date, and has wrecked the Internet and computer systems in over 100 countries including Spain, Russia, and China.

http://allafrica.com/stories/201706070642.html

DoD’s assessment of China’s information capabilities

Cyberspace operations also play a critical role within China’s anti-access, area denial, or A2/AD, which includes increasing opposing standoff range, though the report notes the Chinese do not use this term. “Chinese cyberattack operations could support A2/AD by targeting critical nodes to disrupt adversary networks throughout the region,” the report states. “China believes its cyber capabilities and personnel lag behind the United States. To deal with these perceived deficiencies, China is improving training and domestic innovation to achieve its cyber capability development goals.”

http://www.c4isrnet.com/articles/dods-assessment-of-chinas-information-capabilities

Insuring cyber risk for government contractors

Part of these requirements reflect that in the face of a cyber incident caused by the GovCon (think OPM, USIS or USPS breaches), then the GovCon will be held accountable for some of the costs associated with the event that arose. This can include the costs tied to incident response and recovery (crisis management), breach notifications, and even credit monitoring. When I referenced 300,000 GovCons earlier, half of those are small businesses. The likelihood a GovCon, let alone a small business one, can sustain these costs without dramatically impacting their bottom line is noteworthy.

http://www.csoonline.com/article/3199911/cyber-attacks-espionage/insuring-cyber-risk-for-government-contractors.html

Senator blows a fuse as US spies continue lying over spying program

“You promised that you would provide a ‘relevant metric’ for the number of law-abiding Americans who are swept up in the FISA 702 searches,” Wyden told director of national intelligence Daniel Coats at a hearing of the Senate Intelligence Committee this morning. Waving his finger at Coats, Wyden continued: “This morning you went back on that promise. And you said that even putting together a statistical estimate would ‘jeopardize national security.’ I think that is a very, very damaging position to stake out.”

https://www.theregister.co.uk/2017/06/07/intelligence_services_lying_over_spying/

EFF Sues DOJ Over National Security Letter Disclosure Rules

The suit, filed in U.S. District Court for the Northern District of California, claims that the Federal Bureau of Investigation is not complying with 2015 Congressional rules that require a periodic review of National Security Letter (NSL) gag orders and mandate the disclosure of information related to those NSLs that are no longer needed. […] The EFF seeks injunctive relief from the court alleging the DOJ is in violation of its FOIA. “Plaintiff seeks the release of records that Plaintiff requested from Defendant United States Department of Justice concerning the review of National Security Letter nondisclosure orders under  the Federal  Bureau of Investigation’s termination procedure,” according to a copy of the lawsuit.

https://threatpost.com/eff-sues-doj-over-national-security-letter-disclosure-rules/126136/

In UAE Supporting Qatar on the Internet is Now a Cybercrime

Keeping that in mind and amid bitter relationships between Qatar the UAE, the country’s Attorney-General Hamad Saif al-Shamsi said that showing any kind of sympathy for Qatar on the Internet including social media or any other communication platform will be considered as a cybercrime and punishable with jail time between 3 to 15 years or a fine of Aed 500,000 (USD 136128 – Euro 121256). The announcement was confirmed by Al Arabiya, a Saudi-owned pan-Arab television news. Shamsi’s statement was also shared on the social media platforms of the UAE’s Ministry of Justice.

https://www.hackread.com/in-uae-supporting-qatar-on-the-internet-is-a-cybercrime/

Pop-up Android adware uses social engineering to resist deletion

The dodgy Android utility poses as “Ks Clean”, an Android cleaner app. Once installed, the app displays a fake system update message in which the only option presented to the user is to select the “OK” button, giving victims little immediate option other than to accept a supposed security update. As soon as the user presses “OK”, the malware prompts the installation of another APK named “Update”. The Update app asks for administrator privileges which, if granted, can’t be revoked.

https://www.theregister.co.uk/2017/06/07/android_adware_ksclean/

Internet cameras have hard-coded password that can’t be changed

Security cameras manufactured by China-based Foscam are vulnerable to remote take-over hacks that allow attackers to view video feeds, download stored files, and possibly compromise other devices connected to a local network. That’s according to a 12-page report released Wednesday by security firm F-Secure. Researchers at F-Secure documented 18 vulnerabilities that the manufacturer has yet to fix despite being alerted to them several months ago. All of the flaws were confirmed in a camera marketed under the Opticam i5 HD brand.

https://arstechnica.com/security/2017/06/internet-cameras-expose-private-video-feeds-and-remote-controls/

 

Zusy Malware Installs Via Mouseover – No Clicking Required

The malware is novel because it does not rely on macros, JavaScript or VBA macros to be enabled for the dropper file to download the malware payload. Instances of the malware are relatively low, according to researchers who attribute the small infection numbers to the fact that recent versions of Microsoft Office warn users that booby-trapped files could be malicious. Victims must first open the PowerPoint file to become infected; once opened a “Loading… Please wait” hypertext message appears. If a user hovers over those words it triggers an infection chain that delivers the Zusy malware payload.

https://threatpost.com/zusy-malware-installs-via-mouseover-no-clicking-required/126122/

Russian Hackers Control Malware via Britney Spears Instagram Posts

Antivirus provider called Eset has reported a backdoor Trojan that was discovered recently. Apparently, Eset’s researchers have discovered that the Trojan used Britney Spears’s Instagram account in order to find the control server that was receiving data and sending instructions to the devices infected with the Trojan. This new approach, allegedly by the hacker group called Turla, has made malware attacks even harder to predict and discover, since the servers controlled by the group were never directly referenced by anyone.

https://www.hackread.com/russian-hackers-control-malware-via-britney-spears-instagram-posts/

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.

//]]>