IT Security News Blast 7-17-2017

Are destructive exploits the new wave in cyberattacks on health care?

Mike Hamilton, founder and President of Critical Informatics, Seattle: Health care is known to be particularly monetizable by organized crime in that the sector cannot afford to have critical services disrupted, will pay the ransom, making it low-hanging fruit for extortion — ransomware is a form of extortion. Additionally, theft of records to sell on dark markets is still problematic, but the number of health records available now has resulted in a bit of a glut, resulting in declining value per record. Extortion is much simpler and produces a better “return on investment” than records theft.

https://pbn.decisionhealth.com/Blogs/Detail.aspx?id=200587

 McAfee CTO says human-machine teams will stop cybercrime better

Grobman believes that including human curation — someone who can take the results of AI analysis and think more strategically about how to spot cyber criminals — is a necessary part of the equation. “We strongly believe that the future will not see human beings eclipsed by machines,” he said, in a recent blog post. “As long as we have a shortage of human talent in the critical field of cybersecurity, we must rely on technologies such as machine learning to amplify the capabilities of the humans we have.”

https://venturebeat.com/2017/07/14/mcafee-cto-says-human-machine-teams-will-stop-cybercrime-better/view-all/

 Meditologys New White Paper Affirms Perfect Cyber Storm Striking Healthcare Organizations at Critical Juncture

Referencing a recent report from CORL Technologies, Meditology’s sister company focused on healthcare vendor security risk management, Selfridge noted that third party providers have yet to be effective in adequately protecting PHI to comply with regulatory and risk management standards. Equally alarming is that only 26 percent of outsourced service BAs retain a security certification (HITRUST, SOC 2 Type 2, ISO 27001, and FedRAMP). ?That’s one in four business associates, which is great cause for worry,” he said.

http://www.itbusinessnet.com/article/Meditology—s-New-White-Paper-Affirms-Perfect-Cyber-Storm-Striking-Healthcare-Organizations-at-Critical-Juncture-5041401

 SEC’s Clayton outlines his agenda as chairman

Cyber-security is an area where coordination is critical. “Information sharing and coordination are essential for regulators to address potential cyber threats and respond to a major cyber-attack, should one arise,” he said. “The SEC is therefore working closely with fellow financial regulators to improve our ability to receive critical information and alerts and react to cyber threats.”

https://www.complianceweek.com/blogs/the-filing-cabinet/sec%E2%80%99s-clayton-outlines-his-agenda-as-chairman

 Crooks Stealing Data From ATMs Using Infrared

Insert Skimmers are thin pieces of devices that can be inserted in the card acceptance slots found in ATMs. The devices are not visible once they are in and record data present on the card of an unsuspecting user. The devices are fitted with small flash drives that store the data stolen from cards. The data is then transmitted to hidden cameras through an infrared connection. Essentially, it is reported that the devices contain small antennas that are responsible for the transmission.

https://www.hackread.com/crooks-stealing-data-from-atms-using-skimmer-infrared/

 Research: businesses over confident about ability to fend off hackers

According to the research findings, 76 percent said their organisation had increased investment in perimeter security technologies such as firewalls, IDPS, antivirus, content filtering and anomaly detection to protect against external attackers. Despite this investment, two-thirds (68 percent) believe that unauthorised users could access their network, rendering their perimeter security ineffective. These findings suggest a lack of confidence in the solutions used, especially when over a quarter (28 percent) of organisations have suffered perimeter security breaches in the past 12 months.

https://www.scmagazine.com/research-businesses-over-confident-about-ability-to-fend-off-hackers/article/675046/

 Cybersecurity for Family Offices: Q&A with the director of the Global Family Office Group at Citi Private Bank

The author of the report, Edward Marshall, director, Global Family Office Group at Citi Private Bank, said, “As seen in recent news, the number of cyberattacks perpetrated against nations, corporations and individuals are increasing at a rapid pace. One of the most pressing issues our clients face now is cybersecurity as Family Offices have more and more become targets of cyberattacks. We hope this white paper will impart actionable best practices and identify available resources in the cybersecurity space.”

http://www.csoonline.com/article/3205872/cyber-attacks-espionage/cybersecurity-for-family-offices-qa-with-the-director-of-the-global-family-office-group-at-citi-pri.html

 Hacking cars: cybersecurity regulations needed for new vehicles

New regulations and oversight of smart cars would be good first steps. Those regulations should include laws mandating security updates and patches for the reasonable lifespan of the vehicle. We also need cybersecurity safety testing and ranking of vehicles by government agencies and insurers, just like we do for car front-end collision safety today.

http://www.cbc.ca/news/canada/new-brunswick/cybersecurity-hacking-cars-david-shipley-opinion-1.4206548

 Look beyond job boards to fill cybersecurity jobs

One option is to look for people in related technology professions, says Alan Cohen, chief commercial officer at Sunnyvale, Calif.-based Illumio. “Lots of smart IT people are moving into information security,” he says. “As things become more software-led, application developers and operations people will filter into important security roles.”

http://www.csoonline.com/article/3206688/it-careers/firms-look-beyond-job-boards-to-find-and-recruit-cybersecurity-talent.html

 Olympic College’s new role in stopping cyber attacks and viruses

The development of a new cyber range — which will be housed at the Poulsbo campus of Olympic College, the first of its kind in Washington state — will allow students in Kitsap County to receive top-notch training while staying close to home. […] Nathan Evans, the group’s technology committee co-chair and a principal software architect at Microsoft, said the new programs available at Olympic College align perfectly with its vision to ensure the Kitsap region is a place where technology companies can establish themselves and thrive.

http://www.kitsapdailynews.com/news/olympic-colleges-new-role-in-stopping-cyber-attacks-and-viruses/

 Military Cyber Operations Headed for Revamp after Long Delay

After months of delay, the Trump administration is finalizing plans to revamp the nation’s military command for defensive and offensive cyber operations in hopes of intensifying America’s ability to wage cyberwar against the Islamic State group and other foes, according to U.S. officials. Under the plans, U.S. Cyber Command would eventually be split off from the intelligence-focused National Security Agency.

https://www.voanews.com/a/military-cyber-operations-headed-for-revamp-after-long-delay/3946194.html

 Hackers target Irish energy networks amid fears of further cyber attacks on UK’s crucial infrastructure

“Attribution is exceptionally hard to do but a large proportion of these attacks are believed to be state sponsored,” he added. “You’re either trying to cause chaos, or just probe, or destabilise rather than make a financial gain.” The analyst said that some countries are known to “outsource” the task to criminal groups, who may also sell on information for profit.

http://www.independent.co.uk/news/world/europe/cyber-attacks-uk-hackers-target-irish-energy-network-russia-putin-electricity-supply-board-nuclear-a7843086.html

 An old foe’s footprints muddle the mystery around group responsible for energy sector hacks

“Koala Team is a prolific cyber espionage actor that has affected a comprehensive set of verticals using a combination of opportunistic and targeted tactics since at least 2011,” Cristiana Brafman Kittner, a senior analyst with U.S. cybersecurity firm FireEye, told CyberScoop. “Koala Team’s operations are believed to have a strong nexus to industrial espionage and reconnaissance across multiple sectors, particularly, energy, academia, and pharmaceutical.”

https://www.cyberscoop.com/us-nuclear-hack-russia-energetic-bear-fireeye-phishing-watering-hole/

 White House voter commission publishes names, numbers of worried citizens

Shortly before the Presidential Advisory Commission on Election Integrity is set to have its first meeting on Wednesday July 19—which will be livestreamed here—the controversial committee published hundreds of pages from concerned citizens about the group’s work. In some cases, the White House released citizens’ phone numbers and e-mail addresses, seemingly without their knowledge.

https://arstechnica.com/tech-policy/2017/07/white-house-voter-commission-publishes-names-numbers-of-worried-citizens/

 VPN crackdown: China’s latest plan to fortify ‘Great Firewall’

In January, the Ministry of Industry and Information Technology ruled that all VPNs that did not seek government approval to operate would be deemed illegal. Since then, a slew of VPN providers have been forced to shut down, citing regulatory warnings. Under President Xi Jinping, the VPN crackdown is part of an effort to “clean up” the Chinese Internet and enhance the country’s “cyber sovereignty,” the government has said.

http://www.dailyherald.com/business/20170715/vpn-crackdown-chinas-latest-plan-to-fortify-great-firewall

 US border agents: We won’t search data “located solely on remote servers”

The recently published letter from CBP reiterated what federal officials have said before: electronic border searches are extremely rare, and the government claims the legal authority to compel assistance to open a device (including forcing someone to hand over their password). But it also distinguishes between data held on the phone and data held in the cloud. […] The phrase “located solely on remote servers” seems like it’s a step toward privacy, but it’s unclear what the statement would mean in practice.

https://arstechnica.com/tech-policy/2017/07/us-border-agents-we-wont-search-data-located-solely-on-remote-servers/

 Judge: Pacemaker data can be used in Middletown arson trial

The data taken from Compton’s pacemaker included his heart rate, pacer demand, and cardiac rhythms before, during and after the fire. A cardiologist who reviewed that data determined, “it is highly improbable Mr. Compton would have been able to collect, pack and remove the number of items from the house, exit his bedroom window and carry numerous large and heavy items to the front of his residence during the short period of time he has indicated due to his medical conditions,” according to court documents.

http://www.mydaytondailynews.com/news/judge-pacemaker-data-can-used-middletown-arson-trial/Utxy63jyrwpT2Jmy9ltHQP/

 Dark web souk AlphaBay shuts for good after police raids

Dark web marketplace AlphaBay’s closure last week followed an international law enforcement operation and multiple raids, it has emerged. It has also been reported that a key suspect who was arrested in the raids has died in custody. The world’s biggest online drug bazaar dropped offline on 5 July, sparking fears that its administrators had disappeared taking a swag bag of digital currency with them, pulling an “exit scam” like other dark web marketplace kingpins before them.

https://www.theregister.co.uk/2017/07/14/alphabay/

 You can buy password stealing malware ‘Ovidiy Stealer’ for $7

According to Proofpoint researchers, the malware is essentially a password stealer that was available on the product’s official website ovidiystealer[.]ru. And like any other consumer product website, it features customer reviews, statistics regarding the sales and efficacy of the product and much more. The website also mentions strong customer support along with providing updates regarding any future releases of the product.

https://www.hackread.com/buy-password-stealing-malware-ovidiy-stealer-for-7/

 Industrial control security practitioners worry about threats … for a reason

The biggest three threats cited by the respondents were “Devices and ‘things’ (that cannot protect themselves) added to networks”; “Internal threats (accidental)”; and “External threats (hacktivism, nation states)”. “Extortion, ransomware and other financially motivated crimes” came in fourth place, while “External threats via a supply chain or partnerships” was far behind at number eight (out of 10 options offered to the respondents).

https://www.welivesecurity.com/2017/07/12/industrial-control-security-practitioners-worry-about-threats-for-a-reason/

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.