IT Security News Blast 7-24-2017

HITRUST CSF Certification Now Includes NIST Cybersecurity Certification

A driver behind this broader growth is found in HITRUST’s support for an organization’s attestation of compliance with the NIST CSF. With the release of HITRUST CSF v9, a single CSF assessment will include the controls necessary to address the NIST CsF requirements and an addendum to the HITRUST CSF Assessment report has been added to display the HITRUST CSF controls through the lens of the NIST CsF Core Subcategories.

https://www.healthcare-informatics.com/news-item/cybersecurity/hitrust-announces-hitrust-csf-certification-now-includes-nist-cybersecurity

 Healthcare Cyber Security Market: Global Industry Overview, size, share and trends 2016

The global healthcare cyber security market is predicted to lay a strong foundation of propelling growth on the growing need of network security, a type of IT security widely sought by healthcare organizations. Access control and distributed denial-of-service (DDoS) mitigation are some of the highly sophisticated types of network security solutions that ensure protection. Interestingly, the end-user expenditure on these solutions is prognosticated to continue seeing a rise due to its mounting awareness.

https://www.medgadget.com/2017/07/healthcare-cyber-security-market-global-industry-overview-size-share-and-trends-2016.html

 Security a business priority for providers, not just a compliance concern

Since enforcement of HIPAA privacy and security rules began last decade, providers’ focus has been on being compliant with the regulations, he says. But those regulations didn’t anticipate ransomware and many other threats to protected health information that providers confront today. As a result, providers would be well-served to stop thinking HIPAA is a check-the-box exercise, Selfridge contends.

https://www.healthdatamanagement.com/news/security-a-business-priority-for-providers-not-just-a-compliance-concern

 Who’s responsible for cybersecurity: the adviser or the firm?

The number and frequency of attacks continue to grow, putting your clients’ money at risk (not to mention your firm’s). Broker-dealers that get hit with cyberattacks not only lose money as a direct result of the incursions, but also lose clients when their reputations take a hit — sometimes at a greater cost than the immediate loss from the financial breach. And if your firm loses clients, you can bet that you’re losing clients —and income — as well.

https://www.financial-planning.com/news/whos-responsible-for-cybersecurity-the-adviser-or-the-firm

 AI Cyber Wars: Coming Soon To A Bank Near You

For example, as firms adopt voice biometrics to make customers’ access to their accounts and information more secure, cyber-criminals can use the same machine learning algorithms to mimic voices and gain unauthorized access. […] Staying one step ahead of the threat is difficult, but forward-thinking financial institutions realize it’s imperative. As financial institutions up their game to protect their assets, three AI priorities have emerged: focusing resources, visualizing the threat, and accelerating response time.

https://www.forbes.com/sites/steveculp/2017/07/21/ai-cyber-wars-coming-soon-to-a-bank-near-you/#3efaea922959

 Kansas data breach compromised millions of Social Security numbers In 10 States

More than half a million of the SSNs were from Kansas, according to the Department of Commerce. The data is from websites that help connect people to jobs, such as Kansasworks.com, where members of the public seeking employment can post their resumes and search job openings. Kansas was managing data for 16 states at the time of the hack, but not all were affected. In addition to the 5.5 million personal user accounts that included SSNs, about 805,000 more accounts that did not contain SSNs were also exposed.

http://www.gctelegram.com/news/20170720/kansas-data-breach-compromised-millions-of-social-security-numbers-in-10-states

 A cyberattack is going to cause this tech company to miss earnings

Nuance Communications’ shares briefly fell Friday after the voice and language technology company said a recent global malware attack will impact its earnings. […] Some doctors have been unable to use Nuance’s transcription service since it was targeted by the Petya malware earlier this month, Bloomberg News reported Wednesday. Shares were about 4 percent lower in premarket trading Friday. They were off by more than 7 percent in the previous one month through Thursday’s close. The stock was up about 1 percent after the open.

http://www.cnbc.com/2017/07/21/a-cyberattack-is-going-to-cause-this-tech-company-to-miss-earnings.html

 Senator calls for review of energy infrastructure cybersecurity policy

The request comes in the form of two letters demanding a review of U.S. energy infrastructure by the Government Accountability Office and Transportation Security Administration from Maria Cantwell, D-Wash., the ranking member of the Senate Energy and Natural Resources Committee. The GAO is the investigative office of Congress, and the TSA has oversight over pipelines in addition to its core transportation responsibilities.

https://www.cyberscoop.com/senator-calls-review-energy-infrastructure-cybersecurity-policy/

 DHS Cyber Reorg, NIST Funding and Ethical Hacking Make Congress’ Calendar

On Tuesday, a Senate Appropriations subcommittee will mark up a funding bill that covers key cyber components at the Commerce and Justice departments. […] On Wednesday, State Department Cyber Coordinator Chris Painter will testify before the House Foreign Affairs Committee just five days before he leaves the State Department amid a possible dissolution of his department. […] The committee will also mark up the Cyber Vulnerability Disclosure Reporting Act, sponsored by Rep. Sheila Jackson Lee, D-Texas. That bill would order DHS to produce a report on the government process for deciding whether to disclose or hoard newfound computer vulnerabilities.

http://www.nextgov.com/cio-briefing/2017/07/dhs-cyber-reorganization-nist-funding-and-ethical-hacking-make-congress-calendar/139646/

 Cyber Office or Not, State Dept. Will Shape International Cyber Rules, White House Official Says

Secretary of State Rex Tillerson is reportedly considering folding the cyber coordinator’s office into the department’s Bureau of Economic and Business Affairs after Cyber Coordinator Chris Painter leaves his post at the end of this month. […] There is no final decision about the fate of the office yet, Joyce told reporters on the sidelines of the USTelecom Cybersecurity Policy Forum, but the State Department will retain primary responsibility for most major cyber negotiations.

http://www.nextgov.com/cybersecurity/2017/07/cyber-office-or-not-state-dept-will-shape-international-cyber-rules-white-house-official-says/139567/

 NSA director: ‘Now is probably not the best time’ for US-Russia cyber unit

Adm. Mike Rogers, the director of the National Security Agency, said Saturday that “now is probably not the best time” to pursue a joint cybersecurity initiative with Russia — an idea that President Donald Trump floated following his meeting with Russian President Vladimir Putin earlier this month. […] The NSA director said he stood by the intelligence assessment that Russia used hacking in an attempt to influence last year’s election, something Moscow has repeatedly denied. “I stand behind the intelligence, intelligence community assessment that we produced in January,” he said.

http://www.cnn.com/2017/07/22/politics/nsa-director-cyber-unit-remarks/index.html

 Intelligence Director Says Agencies Agree on Russian Meddling

Daniel Coats, the director of national intelligence, said Friday there is no dissent inside U.S. intelligence agencies about the conclusion that Russia used hacking and fake news to interfere in the 2016 presidential election — despite comments by his boss, President Donald Trump, that have seemed to cast some doubt about the unanimity. […] Coats said he had no doubt that the Russians “are trying to undermine Western democracy.” “I think they caught us a little bit behind the curve,” he said. “They caught us a little bit asleep in terms of the capabilities that they could do.”

http://www.nbcnews.com/news/us-news/intelligence-director-says-agencies-agree-russian-meddling-n785481

 How govts across the world use cyber troops to manipulate public opinion

A working paper titled “Troops, Trolls and Troublemakers: A Global Inventory of Organized Social Media Manipulation” studies how governments across the world, use organised teams to manipulate public opinion on social media. According to the report, social media has also become a tool of social control. Governments now deploy significant resources on social media “to generate content, direct opinion and engage with foreign and domestic audiences”. The paper discusses strategies, tools and techniques used for social media manipulation, how these teams are organised and their behaviour & capacity.

http://www.business-standard.com/article/current-affairs/how-govts-across-the-world-use-cyber-troops-to-manipulate-public-opinion-117071900815_1.html

 New book explores how protesters—and governments—use Internet tactics

Why did politicians feel safe ignoring the millions who participated in those marches—yet stand down after the protests against the proposed intellectual property laws SOPA and PIPA? Why did Occupy apparently vanish while the Tea Party has embedded itself into US national electoral politics? How much did Facebook really have to do with the Arab Spring? How—and this is the central question technosociologist Zeynep Tufecki considers in her new book, Twitter and Tear Gas: The Power and Fragility of Networked Protest—do digital media change the reality and effectiveness of social protest?

https://arstechnica.com/tech-policy/2017/07/twitter-and-tear-gas-book-explores-new-world-of-digital-protest/

 CIA Director Pompeo says WikiLeaks will ‘take down America’

CIA Director Mike Pompeo continued to expressed disdain for WikiLeaks a day after the organization published more Vault7 documents from CIA contractor Raytheon Blackbird Technologies for the “UMBRAGE Component Library” (UCL) project. […] The documents mostly contained proof of concept ideas and assessments for malware attack vectors – partly based on public documents from security researchers and private enterprises in the computer security field, according to the July 19 leak.

https://www.scmagazine.com/cia-director-pompeo-changes-stance-on-wikileaks/article/676802/

 Putin’s Hackers Now Under Attack—From Microsoft

How are they doing it? It turns out Microsoft has something even more formidable than Moscow’s malware: Lawyers. […] The lawsuit is a tool for Microsoft to target what it calls “the most vulnerable point” in Fancy Bear’s espionage operations: the command-and-control servers the hackers use to covertly direct malware on victim computers.  These servers can be thought of as the spymasters in Russia’s cyber espionage, waiting patiently for contact from their malware agents in the field, then issuing encrypted instructions and accepting stolen documents.

http://www.thedailybeast.com/microsoft-pushes-to-take-over-russian-spies-network

 What Does It Really Take To Track A Million Cell Phones?

If a representative of a phone service provider with 10 million customers came into my office and asked this question “What would it take to track every move of our 10 million customers?”. My answer would be “An intern and 6 months“. Then we’d insist the intern will need a desk, a computer, basic programming and algebra skills. That’s all it takes.

https://thehftguy.com/2017/07/19/what-does-it-really-take-to-track-100-million-cell-phones/

 Industrial cybersecurity resilience in focus as attacks increase

The manufacturing and energy sectors are the industrial sectors most targeted by cyberattacks. However, water, sewage, transportation, oil and gas and other critical industries are also common targets and the rate of industrial cyberattacks grows by about 20% a year, explains Berman. The impact of attacks against and disruptions to these critical systems is typically significant and severe, and, therefore, defending these systems is often a matter of national security.

http://www.engineeringnews.co.za/article/industrial-cybersecurity-resilience-in-focus-as-attacks-increase-word-id-2017-07-21/rep_id:4136

 Letting Cyberattack Victims Hack Back Is a Very Unwise Idea

Consider a digital assault routed through a hospital, an all-too-real possibility given the many, many points of potential vulnerabilities in some institutions’ IT systems. If an intrusion from a malicious actor exploited a vulnerability in the hospital’s network, that actor could make the hospital appear to be the source of the attack while masking its own identity. Any retaliation from the victim might therefore target the hospital, potentially resulting in damage to core hospital systems — or, worst-case scenario, crashing systems that result in the loss of life.

https://www.wired.com/story/letting-cyberattack-victims-hack-back-is-a-very-unwise-idea/

 How a fish tank helped hack a casino

The hackers attempted to acquire data from a North American casino by using an Internet-connected fish tank, according to a report released Thursday by cybersecurity firm Darktrace. […] “Somebody got into the fish tank and used it to move around into other areas (of the network) and sent out data,” said Justin Fier, Darktrace’s director of cyber intelligence.  The casino’s name and the type of data stolen were not disclosed in the report for security reasons, Darktrace said. The report said 10 GB of data were sent out to a device in Finland.

https://www.washingtonpost.com/news/innovations/wp/2017/07/21/how-a-fish-tank-helped-hack-a-casino/

 Why We Should Let Young People Enlist in a Year of Cyber Service

This isn’t just personal feel-good stuff: It matters to the country as a whole because those who serve in the military or other institutions are far more likely to vote and participate in public activities the rest of their life. Alas, though, a huge number of Americans are AWOL from all of this. McChrystal said two-thirds of young people are ineligible to serve in the military (due to drug tests and other restrictions), while Teach for America has become as hard to get into as Yale. In other words, there is a yawning gap between the number of people who would like to serve their country and the slots for them to do so.

http://fortune.com/2017/07/22/why-we-should-let-young-people-enlist-in-a-year-of-cyber-service/

 The rise of the cyber guru – the new must-have for the rich and famous

Cyber security consultants, or gurus, to the stars have found themselves highly sought after in the wake of well-publicised cyber-attacks, particularly those affecting individuals in the public eye.  After all, high profile individuals do not want to find their personal emails and communications, private photo collection or their family’s movements online for all to see. David Beckham, Hillary Clinton and Jennifer Lawrence all found themselves the victims of these violations and with reputations on the line, the cost of hiring a cyber-security specialist is a small price to pay to keep that information out of the wrong hands.

https://www.scmagazine.com/the-rise-of-the-cyber-guru–the-new-must-have-for-the-rich-and-famous/article/676785/

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.