IT Security News Blast 8-28-2017

IRS Crackdown; Tracking Bitcoiners with Chainalysis

Even though the IRS and companies such as Chainalysis are starting to hunt down blockchain users for evading taxes, enterprising individuals are adapting. They are now starting to use blockchains and cryptocurrencies that undermine current analytic techniques. For instance, the Wannacry hacker group supposedly moved their funds over into Monero to evade detection by law enforcement. Other crypto users may decide to use Zcash, which also employs more private and anonymous transaction measures.

https://news.bitcoin.com/irs-crackdown-tracking-bitcoiners-with-chainalysis/

New York State Of (Cybersecurity) Mind

As the Journal notes, the fact that a global industry is being regulated within a state has significant implications beyond New York’s borders. Financial services companies located within New York are covered by what is known as Part 500, but then again, so are the third-party service providers scattered across the globe that work with those New York-based entities. Simply put, each third-party provider must adhere to “minimum security practices” to be put in place over a two-year implementation period.

http://www.pymnts.com/news/regulation/2017/ny-cybersecurity-regulations-resonate-globally/

NHS trust hit by cyber attack cancels operations and asks patients not to come to hospital ‘unless it is essential’

Operations and appointments have been cancelled by NHS Lanarkshire and people are being warned they could be turned away, but a spokesperson insisted there were “no concerns around emergency treatments”. It is the second time the trust has been affected by malware within months, having been one of the worst-affected trusts during the global WannaCry ransomware attack in May.

http://www.independent.co.uk/news/uk/home-news/cyber-attacks-uk-nhs-lanarkshire-scotland-hospitals-affected-patients-operations-ransomware-wannacry-a7913896.html

Are we over-sharing our personal health data?

Make no mistake, those vast databases give healthcare providers a comprehensive view of their patients’ health, an advantage that easily could be lifesaving in an emergency. The down side is those databases put our most private information at risk for exposure. Hospitals, insurers, doctors and government agencies didn’t pay “much attention to privacy and security” in their rapid efforts to digitize a lot of health data and aggregate it electronically[.]

https://www.usatoday.com/story/tech/columnist/2017/08/27/we-over-sharing-our-personal-health-data/602312001/

Artificial intelligence cyber attacks are coming – but what does that mean?

As a scholar who has studied AI decision-making, I can tell you that interpreting human actions is still difficult for AI’s and that humans don’t really trust AI systems to make major decisions. So, unlike in the movies, the capabilities AI could bring to cyberattacks – and cyberdefense – are not likely to immediately involve computers choosing targets and attacking them on their own. People will still have to create attack AI systems, and launch them at particular targets. But nevertheless, adding AI to today’s cybercrime and cybersecurity world will escalate what is already a rapidly changing arms race between attackers and defenders.

http://wtop.com/tech/2017/08/artificial-intelligence-cyber-attacks-are-coming-but-what-does-that-mean/

Defray Ransomware Seen Targeting Education, Healthcare Industry

In one campaign the Word document purported to come from a UK-based hospital’s Director of Information Management and Technology. In the other, the Word doc billed itself as coming from a UK-based aquarium with international locations – likely SEA LIFE, an aquarium with locations in Birmingham, Brighton, and Manchester, with additional locations in the U.S., Australia, and China.

https://threatpost.com/defray-ransomware-seen-targeting-education-healthcare-industry/127656/

Cyberterrorism strategy for state is important in safeguarding election systems, voter databases

Cyberspace is a new frontier for terrorism, one that threatens far out of proportion to its cost. A non-traditional cyber attack on American infrastructure could happen without a single aircraft or boot on American soil. For example, one skilled Russian hacker sitting in a Moscow basement could potentially wipe out an entire city’s electrical grid here in the United States, causing indeterminate suffering for hundreds of thousands of people for an extended period of time.

http://www.fayettetribune.com/opinion/cyberterrorism-strategy-for-state-is-important-in-safeguarding-election-systems/article_3c49b77c-8bae-11e7-8ba8-97708af8cbcf.html

6 ways North Korea will lash out against America

Kim Jong Un will push back — and I’m not just talking about a few rockets. The questions we need to be asking is when will he push back and how? There are six obvious responses, all of which seem very plausible and likely to happen within the next several days to months. Some could come as a direct response to recent sanctions, but others will occur for the simple reason that they further North Korea’s perceived national interests.

http://theweek.com/articles/720463/6-ways-north-korea-lash-against-america

Exclusive: India and Pakistan hit by spy malware – cybersecurity firm

In a threat intelligence report that was sent to clients in July, Symantec said the online espionage effort dated back to October 2016. The campaign appeared to be the work of several groups, but tactics and techniques used suggest that the groups were operating with “similar goals or under the same sponsor”, probably a nation state, according to the threat report, which was reviewed by Reuters. It did not name a state. The detailed report on the cyber spying comes at a time of heightened tensions in the region.

https://www.reuters.com/article/us-india-cyber-threat-idUSKCN1B80Y2

The Companies That Will Track Any Phone on the Planet

Previous media reports focused on a handful of established surveillance vendors offering SS7 capabilities. In 2014, The Washington Post reported on ‘SkyLock’, a geolocation product from contractor Verint. And other firms have tried to break into this space: last year Forbes covered Ability Inc., an Israeli firm offering a global intercept service for some $20 million (the company faces financial difficulties, according to a recent Cyberscoop report).

http://www.thedailybeast.com/the-companies-that-will-track-any-phone-on-the-planet

Even WikiLeaks Haters Shouldn’t Want it Labeled a “Hostile Intelligence Agency”

Wyden press director Keith Chu added that even though the senator “has repeatedly criticized WikiLeaks for the role it played in the last election as a tool of Russia,” it’s “easy to imagine how this type of designation could be used against legitimate press outlets, or used to target journalists who may use materials published by WikiLeaks.” In short, regardless of any low opinion of Assange or his site, “the precedent of creating this new category of enemy to the United States is dangerous.”

https://theintercept.com/2017/08/25/even-wikileaks-haters-shouldnt-want-it-labeled-a-hostile-intelligence-agency/

NSA ramps up PR campaign to keep its mass spying powers

In a post on its website titled “Section 702 Saves Lives, Protects the Nation and Allies,” America’s surveillance nerve center argues it “relies” on the controversial part of the Foreign Intelligence Surveillance Act (FISA) to “uncover the identities or plans of terrorists.” The law has “played both a unique and decisive role in national defense,” it goes on, adding that it also “informs” the intelligence community’s “cybersecurity efforts.”

https://www.theregister.co.uk/2017/08/25/nsa_pr_campaign/

Someone Published a List of Telnet Credentials for Thousands of IoT Devices

The list — spotted by Ankit Anubhav, a security researcher with New Sky Security — includes an IP address, device username, and a password, and is mainly made up of default device credentials in the form of “admin:admin”, “root:root”, and other formats. The Pastebin list includes 143 credential combos, including the 60 admin-password combos from the Mirai Telnet scanner.

https://www.bleepingcomputer.com/news/security/someone-published-a-list-of-telnet-credentials-for-thousands-of-iot-devices/

Uncle Sam outlines evidence against British security whiz Hutchins

This week’s filing [PDF], to the Wisconsin court where Hutchins will be tried, shows that US prosecutors will submit two CDs of audio content – one from when the Brit was interrogated for 24 hours by FBI agents without access to a lawyer, and the other containing audio recordings from where he was held in county jail in Nevada. The FBI has also submitted a disturbingly non-specific “3-4 samples of malware” and 150 pages of transcripts from Jabber chats between Hutchins and an unidentified individual.

http://www.theregister.co.uk/2017/08/24/evidence_against_brit_security_whiz_hutchins/

MalwareTech’s legal defense fund bombarded with fraudulent donations

At least $150,000 in donations originated from stolen credit cards or fake credit card numbers, according to Tor Ekeland, a  criminal defense attorney who is not on Hutchins’ defense team. Ekeland, who became popular in hacking circles for successfully defending Andrew “weev” Auernheimer, had started a legal fund on Hutchins’ behalf.

https://arstechnica.com/tech-policy/2017/08/malwaretechs-legal-defense-fund-bombarded-with-fraudulent-donations/

DailyStormer’ new site booted off after hosting provider gets DDoSed

It all started with a neo-Nazi and racist website DailyStormer that was previously booted off by GoDaddy, Google, and even Russian domain provider for posting obvious content. Its admins then decided to take the site to the dark web; however, the site came back on the regular web with a new domain name “punishedstormer.com.” DreamHost was hosting the domain and this could be the reason for the DDoS attacks on its servers. The company’s customers also tweeted that DreamHost should get rid of Punishedstormer as soon as possible.

https://www.hackread.com/dailystormer-disappears-quickly-reappeared-hosting-firm-ddosed/

How to buy MacBook for $1, or hacking SAP POS

To exploit the missing authorization checks in SAP POS Xpress server, one needs an access to the network where SAP POS is located. This network can be exposed to the Internet, thus the attack can be conducted remotely. If not, it is still possible to obtain access, for example, by connecting Raspberry Pi to electronic scales inside a shop. It means to access the network of a retail giant you need a tool, which costs only $25.

https://erpscan.com/research/hacking-sap-pos/

Hash of the Titan: How Google bakes security all the way into silicon

“We harden our architecture at multiple layers, with components that include Google-designed hardware, a Google-controlled firmware stack, Google-curated OS images, a Google-hardened hypervisor, as well as data center physical security and services,” the team of senior Google techies explain. Titan is a secure, low-power micro-controller specially designed with Google hardware security requirements which was first announced at Google Cloud Next ’17 back in March.

https://www.theregister.co.uk/2017/08/25/google_titan_security_silicon/

Cryptocurrency Mining Malware Hosted in Amazon S3 Bucket

The Zminer executable is being dropped from an exploit kit, which in turn connects with an Amazon S3 storage bucket to grab two payloads called Claymore CryptoNote CPU Miner and Manager.exe. Claymore is the mining utility used to produce Monero, an open-source cryptocurrency that goes to lengths to obfuscate its blockchain, making it a challenge to trace any activity.

https://threatpost.com/cryptocurrency-mining-malware-hosted-in-amazon-s3-bucket/127643/

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.

//]]>