IT Security News Blast 8-17-2017

Shipping company Maersk says June cyberattack could cost it up to $300 million

“In the last week of the [second] quarter we were hit by a cyber-attack, which mainly impacted Maersk Line, APM Terminals and Damco,” Maersk CEO Soren Skou said in a statement. “Business volumes were negatively affected for a couple of weeks in July and as a consequence, our Q3 results will be impacted. We expect that the cyber-attack will impact results negatively by USD 200-300m.”

https://www.cnbc.com/2017/08/16/maersk-says-notpetya-cyberattack-could-cost-300-million.html

 Commentary: Why information security is a patient safety issue

“The healthcare and public health sector is charged with keeping patients safe,” officials wrote. “This includes physical and privacy related harms that may stem from a cybersecurity vulnerability or exploit. If exploited, a vulnerability may result in medical device malfunction, disruption of health care services (including treatment  interventions), and inappropriate access to patient information, or compromised EHR data integrity. Such outcomes could have a profound impact on patient care and safety.”??

http://www.healthcareitnews.com/blog/commentary-why-information-security-patient-safety-issue

 Blockchain: Catalyst for New Healthcare Ecosystem

While blockchain is a fairly new concept, a recent Deloitte survey found that 35 percent of healthcare and life sciences respondents plan to deploy blockchain in production within the next calendar year. At its core, a healthcare blockchain is a data repository of patient-related events. Transactions—everything from diagnoses and surgeries, to prescribed drugs and claim history—are permanently recorded, linked and augmented to continuously generate patient-specific insights. A blockchain system has no central authority, which is critical to its success.

http://www.cioinsight.com/security/blockchain-catalyst-for-new-healthcare-ecosystem.html

 Mitigating medical device risks one of biggest challenges to IT pros, study

Of the 370 professionals surveyed, 30.1 percent reported that identifying and mitigating the risks of fielded and legacy connected devices is one of the medical device industry’s biggest cybersecurity challenges, according to the Deloitte poll. Embedding vulnerability management into the design phase of medical devices was the next biggest challenge with 19.7 percent of respondents choosing it as their biggest challenge. Nearly the same amount, 19.5 percent, said their monitoring and responding to cybersecurity incidents proved difficult.

https://www.scmagazine.com/study-legacy-and-fielded-medical-device-risks-pose-the-greatest-cybersecurity-challenge/article/682313/

 Smart electrical grids more vulnerable to cyber attacks

“Sophisticated cyberattacks on advanced metering infrastructures are a clear and present danger,” Dr. Shenoi pointed out. Such attacks affect both customers and distribution companies and can take various forms, such as stealing customer data (allowing a burglar to determine if a residence is unoccupied, for instance), taking power from particular customers (resulting in increased power bills), disrupting the grid and denying customers power on a localized or widespread basis.

https://www.sciencedaily.com/releases/2017/08/170816100230.htm

 Los Angeles Cyber Lab: Unprecedented Cyber Attack Prevention Program

The Los Angeles Cyber Lab is billed as America’s first city-led partnership dedicated to protecting businesses and residents from cyber attacks. The lab will circulate information gleaned from analyses of what the mayor’s office called more than 4 million attempted cyber attacks on city computer networks each day. Information gathered by the lab will alert registered business owners to attacks as they are occurring. “A cyber attack can steal a downpayment on a young couple’s first home,” Garcetti said. “A cyber attack could release confidential hospital records to the public or hold a small company’s data for ransom, crippling their business.”

http://www.nbclosangeles.com/news/local/Los-Angeles-Cyber-Lab-Unprecedented-Cyber-Attack-Program-440647723.html

 How America Is Closing the Cybersecurity Skills Gap

Quietly, but with great effect, the regulatory community has been gearing up public-private partnership efforts to be proactive on cyber threats and has now successfully engaged academia. Indeed, fellow financial regulators at the New York Federal Reserve Bank and its member banks, the Securities Industry and Financial Markets Association, companies and local colleges in New York have created a workforce-engagement model — the Cybersecurity Workforce Alliance (CWA). Its goal is to address the weakest link in our cybersecurity defenses: the skills gap.

http://knowledge.wharton.upenn.edu/article/america-plans-close-skills-gap-cybersecurity/

 Amazon Unveils Machine Learning Security Service

When deployed, Amazon Macie creates a baseline and then uses a behavior analytics engine to detect risky or suspicious activity. Customers can define automated remediation actions, including for resetting passwords and access control lists (ACLs), and create custom alert management via CloudWatch Events for integration with existing security ticketing systems.

http://www.securityweek.com/amazon-launches-aws-data-protection-service

 Global cybersecurity spending to grow 7% to $86.4BN in 2017, says Gartner

Analyst Gartner is projecting that worldwide spending on IT security products and services will grow seven per cent, year over year, to reach a total of $86.4 billion in 2017 — suggesting opportunities for security startups to tap into rising demand for specialist b2b services. […] The fastest growing segment will be security services, according to the analyst — especially IT outsourcing, consulting and implementation services. […] Gartner also expects a big rise in the bundling of security services and broader IT outsourcing (ITO) projects with managed security service (MSS) contracts in the coming years — expecting this to rise from 20 per cent currently to 40 per cent by 2020. It says this is being driven by large organizations wanting to manage “the complexity of designing, building and operating a mature security program in a short space of time”.

https://techcrunch.com/2017/08/16/global-cybersecurity-sending-to-grow-7-to-86-4bn-in-2017-says-gartner/?ncid=mobilenavtrend

 A Cyber Security Investment Strategy For The Future

  • Cyber Security ETF’s have performed well on average, gaining 10%-17% since February.
  • Having investments across all areas of cyber security is key to a diverse cyber defense portfolio.
  • Zix, Symantec, and HACK ETF have seen strong growth and profits are expected to continue as the need for cyber defenses grow.

https://seekingalpha.com/article/4099083-cyber-security-investment-strategy-future

 Ukraine malware author turns witness in Russian DNC hacking investigation

A Ukrainian malware author who built the PAS Web shell—a PHP-based implant used to execute commands remotely on hacked systems—has turned himself in to Ukrainian authorities. He has been cooperating with the Federal Bureau of Investigation’s probe into the apparent Russian hacking of the Democratic National Committee. The information provided by “Profexor” to Ukrainian investigators and the FBI reveals, in part, how hackers (who were apparently coordinated by a Russian intelligence agency) used a combination of purpose-built and community tools as part of what researchers have labeled as the threat group “APT 28,” also known as “Fancy Bear.”

https://arstechnica.com/gadgets/2017/08/ukraine-malware-author-turns-witness-in-russian-dnc-hacking-investigation/

 Email Provider ProtonMail Says It Hacked Back, Then Walks Claim Back

A ProtonMail spokesperson told Motherboard in an email that the company’s hack back tweet, “was fueling unsubstantiated rumors and speculation about what may or may not have happened.” “For reasons that you can probably understand, we do not really comment on the record regarding phishing attempts, and we cannot confirm nor deny if anything happened.” Regardless, the phishing link is no longer active.

https://motherboard.vice.com/en_us/article/qvvke7/email-provider-protonmail-says-it-hacked-back-then-walks-claim-back?update

 Racist Daily Stormer goes down again as CloudFlare drops support

The site re-appeared online on Wednesday morning at a new domain name, dailystormer.ru. But within hours, the site had gone offline again after it was dropped by Cloudflare, an intermediary that defends customers against denial-of-service attacks. […] Theoretically, you don’t need a service like Cloudflare to publish a website. In practice, however, a site as controversial as the Daily Stormer is going to be swamped by distributed denial of service attacks if it doesn’t enjoy the protection of a service like Cloudflare. The Daily Stormer, which takes its name from a newspaper published by the Nazis from 1923 until World War II, is one of the most openly racist sites on the Internet. It regularly attacks Jews and celebrates the Holocaust. Attacks on racial minorities, feminists, and gays and lesbians are common.

https://arstechnica.com/tech-policy/2017/08/racist-daily-stormer-goes-down-again-as-cloudflare-drops-support/

 Internet turns on white supremacists and neo-Nazis with doxing, phishing

But that’s just the start of a growing online campaign mounted by members of an Anonymous collaboration called OpDomesticTerrorism and others. With sites like the Daily Stormer being driven offline and having their social media accounts suspended, Andrew “weev” Auernheimer warned followers of his Gab account that they might become targets of phishing attacks using lookalike social media accounts. “The Daily Stormer status account on Twitter got suspended,” he wrote. “There are some impersonating accounts made now. Don’t click on any links they give.”

https://arstechnica.com/gadgets/2017/08/internet-turns-on-white-supremacists-and-neo-nazis-with-doxing-phishing/

 No Surprise: Black Hat Survey Reveals that Government Enforced Encryption Backdoors Alarm IT Professionals

During this year’s Black Hat convention, Venafi was curious to see if IT security professionals had similar opinions on encryption backdoors. We surveyed over 290 attendees and found that the majority of industry professionals believe encryption backdoors are ineffective and potentially dangerous. For example, 91% of the respondents said cybercriminals could take advantage of government-mandated encryption backdoors. In addition, 72% of the respondents do not believe that encryption backdoors would make their nations safer from terrorists

https://www.venafi.com/blog/no-surprise-black-hat-survey-reveals-government-enforced-encryption-backdoors-alarm-it

 Nigeria: Global Hunt for Nigerian Cyber Criminal Spreading Malware

A Nigerian working alone around Abuja has stirred a global hunt as he orchestrated numerous malware infection campaigns targeting more than 4,000 organisations globally over the past four months, a cyber security company claimed. www.Securityweek.com quoting Check Point security researchers said the attacks targeted various companies in industries such as oil & gas, manufacturing, banking, and construction, in an attempt to steal data and commit fraud.

http://allafrica.com/stories/201708160519.html

 What to know before buying AI-based cybersecurity tools

Some artificial intelligence and machine learning proponents present the technologies as if they were manna from heaven, tools that have the capability to replace humans. And it’s not unusual for mere mention of the term “artificial intelligence” to evoke images of futuristic machines that can think for themselves. The truth is simpler than that. Artificial intelligence and machine learning are tools healthcare executives, technical staff and clinicians can use to enhance operations and improve healthcare.

http://www.healthcareitnews.com/news/what-know-buying-ai-based-cybersecurity-tools

 Why the Next Great War is Likely to be Fought in Space

In 1967, the US, UK and Soviet Union signed the Outer Space Treaty, which has been signed by 105 countries (including China). It set in place laws regarding the use of outer space and banned any nation from stationing nuclear warheads, chemical or biological weapons in space. However, the treaty does not prohibit the placement of conventional weapons in orbit, so weapons such as kinetic bombardment (i.e. attacking Earth with a projectile) are not strictly prohibited.

https://intpolicydigest.org/2017/08/16/why-the-next-great-war-is-likely-to-be-fought-in-space/

 3 Methods for Defending Against Cyber Attacks on 3D Printers

With cyber attacks on 3D printers likely to threaten health and safety, a team of researchers has developed three novel methods to combat them. “They will be attractive targets because 3D-printed objects and parts are used in critical infrastructures around the world, and cyber attacks may cause failures in health care, transportation, robotics, aviation and space,” said Saman Aliari Zonouz, an associate professor in the Department of Electrical and Computer Engineering at Rutgers University-New Brunswick.

http://www.engineering.com/DesignerEdge/DesignerEdgeArticles/ArticleID/15480/3-Methods-for-Defending-Against-Cyber-Attacks-on-3D-Printers.aspx

 Researchers Uncover Infrastructure Behind Chthonic, Nymaim Trojans

Further analysis of the initial 171 documents revealed a set of 8 domains, while the analysis of POST and HTTP requests to them led the researcher to identifying over 5,000 observed samples as the Nymaim downloader Trojan. Most of the samples came from only four sites: ejtmjealr[.]com, gefinsioje[.]com, gesofgamd[.]com, and ponedobla[.]bit. The ejtmjealr[.]com domain, the researcher points out, is clearly associated with ejdqzkd[.]com, a site discussed in a CERT.PL analysis of Nymaim earlier this year. […] Some of the IPs had a shared infrastructure, and the researcher used reverse DNS to uncover more sites linked to them, including an “idXXXXX.top” pattern supposedly associated Nymaim (similar to the “ejXXXXX.com” domains).

http://www.securityweek.com/researchers-uncover-infrastructure-behind-chthonic-nymaim-trojans

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.

//]]>