IT Security News Blast 8-4-2017

Can Engineers Build Networks Too Complicated for Humans to Operate?

Part I: Scope of the Problem

The bad guys depend on hiding in the noise. Much like a chameleon that actively tries to look like its innocuous surroundings, threat actors hide in the enormous volume of events. The challenge in detecting threats becomes not just seeing the lizard on a rock; it’s seeing the rock-colored lizard on a mountain of rocks on planet rock. So, figuratively speaking, we use image processing techniques to look for lizard eyeballs in the vast swath of rock we care about, and those detections will all be lizards… except for the lichen that looks like eyes, the two bugs that look like eyes, the billboard with a lizard on it, etc. To get to the real truth, we need context. And to interpret that context, in many cases, we need humans.

https://f5.com/labs/articles/cisotociso/trends/can-engineers-build-networks-too-complicated-for-humans-to-operate-part-i-scope-of-the-problem

 Why Cybersecurity Needs a Human in the Loop

Another key benefit: atificial intelligence will help address the talent management issue of “infosec burnout.” One analyst who documented how long it takes to fill open senior-level security positions theorizes that people bail early in their security careers after getting a taste of what the job is all about. Stress in this job is real but can be reduced if analysts work at a more strategic level by curating, not just reacting, and by consulting with a cognitive system that can share what others have done.  In the face of an increasingly hostile environment, keeping humans in the loop and backing them up with a data-rich cognitive system is what will give businesses their best shot.

https://www.darkreading.com/vulnerabilities—threats/why-cybersecurity-needs-a-human-in-the-loop/a/d-id/1329505

 Global Logistics: No Shortcuts to Security

Months before the infamous malware attack known as “Petya” hit Maersk, Fedex and other logistics companies in June, commercial insurer Allianz Global Corporate & Specialty (AGCS) warned logistics and supply chain managers that breaches in cyber security were of utmost concern. As stated in its annual “Safety & Shipping Review 2017,” the threat of cyber attacks continues to be real—and quite significant.

http://www.logisticsmgmt.com/article/global_logistics_no_shortcuts_to_security

 Invisible Man Malware Targets Banking Services On Android Devices

The malware dubbed Invisible Man is a keylogger that lurks in the Google Play Store as a bogus update for Adobe’s Flash Player. Once downloaded, Invisible Man exploits permissions to accessibility settings whereby it then gains control over functions such as creating invisible overlays on banking apps and setting itself up as the default messaging app. With such access the malware can suck up usernames and passwords by intercepting keystrokes.  Invisible Man also pops up an overlay on the Play Store to trick users into inputting their credit card details, which it then snatches.

http://www.silicon.co.uk/security/invisible-man-malware-219201?inf_by=59838377681db89c0f8b496d

 WannaCry researcher arrested by FBI for his role in Kronos malware campaign

A noted security researcher has been arrested by the FBI, as first reported by Motherboard. Marcus Hutchins (better known as MalwareTech) appears to have been stopped by the FBI yesterday afternoon as he prepared to board a flight from Las Vegas back to his home in London. […] Hutchins was arrested for his role in “creating and distributing the Kronos banking trojan,” according to a federal indictment against him and an unnamed co-defendent. Kronos was a malware program that harvested online banking credentials and credit card data, first discovered in July 2014.

https://www.theverge.com/2017/8/3/16090144/malware-tech-marcus-hutchins-arrested-kronos-fbi-wannacry-kill-switch

 Hackers Cash Out WannaCry Bitcoin Wallets

According to Elliptic’s data, the hackers amassed more than $144,000 worth of bitcoin in the three accounts. But on Wednesday evening, they quickly emptied them. A Twitter bot set up by Quartz to monitor the WannaCry-affiliated bitcoin wallets showed that the owners of the accounts started withdrawing the money around 11:10 p.m. ET last night in increments of around $20,000 to $30.000. After 15 minutes and seven withdrawals, the accounts were empty.

https://www.pcmag.com/news/355390/hackers-cash-out-wannacry-bitcoin-wallets

 New Web tool tracks Russian “influence ops” on Twitter

The Alliance for Securing Democracy, a bipartisan project backed by the German Marshall Fund of the United States (GMF), has launched a Web tool to keep tabs on Russia’s ongoing efforts to influence public opinion in the United States and abroad. Called Hamilton 68—named for the 68th edition of the Federalist Papers, in which Alexander Hamilton discussed how to prevent foreign meddling and influence in America’s electoral process—the Web dashboard tracks 600 Twitter accounts “linked to Russian influence activities online.”

https://arstechnica.com/gadgets/2017/08/new-web-tool-tracks-russian-influence-ops-on-twitter/

 Europe’s Cyber Victims Are Racking Up Hundreds of Millions in Costs

The fallout for companies affected is proving costlier. Nivea skin-cream maker Beiersdorf AG said Thursday that Petya cost 35 million euros ($41.5 million) in first-half sales. The company has yet to report the costs of held inventory and halted production in 17 plants. Computers at its Hamburg headquarters and nearly 160 global offices were also knocked off-line. “We have worked here day and night, 24/7, across the globe,” Chief Executive Officer Stefan Heidenreich told analysts.

https://www.bloomberg.com/news/articles/2017-08-03/europe-s-cyber-victims-racking-up-hundreds-of-millions-in-costs

 The Cybersecurity Strategies Governments Need

A recent Accenture report based on a survey of 150 government executives in the United States suggests that most agencies don’t have adequate technologies in place. Only 13 percent of respondents believe their existing technology is effective for responding to cybersecurity breaches, and only one-third say they are confident in their ability to monitor, identify and measure these breaches. Almost half of state and local government respondents say that it can take months to identify sophisticated breaches.

http://www.governing.com/gov-institute/voices/col-cybersecurity-strategies-governments-need.html

 GAO: Pentagon hasn’t met conditions for separating NSA and Cyber Command

“Congress fully expects the Trump administration to comply with the law by updating the Unified Command Plan [to make Cyber Command a full-fledged combatant command], and is dismayed elevation has not yet occurred. Such a delay poses great risk to national security,” Rep. Adam Smith, the ranking Democrat on the House Armed Services Committee, told CyberScoop by email. Tuesday’s GAO report was requested by Congress in the committee reports accompanying both the NDAA and the Intelligence Authorization Act last year.

https://www.cyberscoop.com/nsa-cyber-command-split-gao-report/

 US in Talks with the World’s “Most Irresponsible Surveillance Tech Company”

NSO Group is an Israeli cyberarms dealer that sells its digital surveillance tools exclusively to governments. According to these emails obtained through a Freedom of Information Act request, WestBridge, the US sales arm of NSO, approached DEA in early 2015.  “From here, the DEA’s Office of Special Intelligence (NS) set up a meeting where WestBridge ‘conducted a demonstration of their technology/product,’ an email from Willard Bond Wells Jr., deputy assistant administrator at the Office of Special Intelligence, reads,” Motherboard reports. While the email also implies that DEA has previously “worked” with WestBridge, the publication couldn’t find any records for contracts.

http://wccftech.com/us-talks-nso-group-iphone-spyware/

 Secret Service drone may compromise privacy while protecting Trump

A drone being tested to provide added security when Donald Trump visits his golf club in Bedminster, N.J., may violate the privacy of nearby residents, the U.S. Secret Service said Wednesday. While the agency will notify members of the Trump National Golf Course that a drone flying at an altitude of 300-400 feet around the outer perimeter of the property will be in use, others in the area might not be aware that the surveillance tool is nearby, according to a report by Reuters.

https://www.scmagazine.com/secret-service-drone-may-compromise-privacy-while-protecting-trump/article/679772/

 Dumbo: WikiLeaks reveals CIA system to take over webcams, microphones

Dumbo can identify, control and manipulate monitoring and detection systems on a target computer running the Microsoft Windows operating system, according to the documents. The earliest Dumbo document released by WikiLeaks is dated June 25, 2012. The Tool Delivery Review document states that the system’s capabilities are being requested by the CIA’s special branch to “deter home security systems that may identify officers or prevent operations.” 

https://www.rt.com/viral/398411-cia-wikileaks-webcam-surveillance/

 China holds drill to shut down ‘harmful’ websites

Internet data centers (IDC) and cloud companies – which host website servers – were ordered to participate in a three-hour drill to hone their “emergency response” skills, according to at least four participants that included the operator of Microsoft’s cloud service in China. China’s Ministry of Public Security called for the drill “in order to step up online security for the 19th Party Congress and tackle the problem of smaller websites illegally disseminating harmful information”, according to a document circulating online attributed to a cyber police unit in Guangzhou.

http://www.reuters.com/article/us-china-internet-idUSKBN1AJ1XL?il=0

 North Korean hackers came close to hacking Hillary Clinton’s presidential campaign

The hackers were able to break into the email accounts of employees of at least one prominent D.C.-based think tank; some of them were involved with the East Asia foreign policy advisory group. These individuals occasionally communicated with staff of the Democratic candidate’s official Hillary for America (HFA) campaign, based on an incident response report obtained by CyberScoop and authored by security experts who worked for the presidential campaign.

https://www.cyberscoop.com/hillary-clinton-north-korea-phishing-spoofing-2016-presidential-campaign/

 Cyber criminals make it difficult to follow the money

Cyber extortionists typically demand payment in bitcoin because they believe it cannot be traced, but in recent years law enforcement has begun using software designed to link bitcoin sources and recipients. Bitcoin tracking firm Chainalysis is a supplier of technology that enables law enforcement organisations to find the services that cyber criminals are using to convert bitcoin to cash or other digital currencies. However, Ilia Kolochenko, CEO of web security company High-Tech Bridge, said those behind the WannaCry attacks may have enough resources to avoid discovery.

http://www.computerweekly.com/news/450423875/Cyber-criminals-make-it-difficult-to-follow-the-money

 Critical Infrastructure Protection Market by Security Technology

The CIP market size is estimated to grow from USD 110.41 billion in 2017 to USD 153.16 billion by 2022, at an estimated Compound Annual Growth Rate (CAGR) of 6.8%. The CIP market includes various security technologies, which are essential for safeguarding critical assets, enterprises, and territories from physical and cyber-attacks. Increased instances of physical attacks, such as terrorist activities, thefts, and intrusion drones, and cyber-attacks which include malware, ransomware, virus, and Advanced Persistent Threats (APTs) have driven the need for large-scale adoption of CIP security devices and services.

http://markets.businessinsider.com/news/stocks/Critical-Infrastructure-Protection-Market-by-Security-Technology-Network-Security-Physical-Security-Radars-CBRNE-Vehicle-Identification-Secure-Communication-SCADA-Building-Management-1002227624

 Triada Trojan Creates Fresh Security Headache for Android Users

Triada is an advanced form of malware that can insert itself into Zygote, which is an essential system component used to run programs, reported SecurityWeek. By infecting Zygote, the Trojan can launch malicious modules without the user’s knowledge. Since it is embedded in the libandroid_runtime.so system library, the Triada Trojan is present in the memory of all running apps. This enables it to penetrate the processes of all apps without root privileges.

https://securityintelligence.com/news/triada-trojan-creates-fresh-security-headache-for-android-users/

 Two Popular IP Cameras Riddled With Vulnerabilities

Two consumer-grade IP-enabled security cameras manufactured by Loftek and VStartcam are riddled with nearly two dozen vulnerabilities that expose them to remote attacks. According to researchers, more than 1.3 million of the cameras are in use today, with 200,000 models located in the United States. Based on a report released Tuesday by Checkmarx, the Loftek DSS-2200 and VStarcam C7837WIP allow a malicious user to easily exploit the devices. Not only can adversaries enlist them into DDoS botnets, but they can also gain control of additional devices that share the same network.

https://threatpost.com/two-popular-ip-cameras-riddled-with-vulnerabilities/127172/

 JS_POWMET malware is 100% fileless, from infection to payload

A newly observed Windows malware called JS_POWMET features an end-to-end fileless infection chain, installing itself without a trace on the hard drive by compromising an autostart registry procedure. Such discoveries are rare, explains Trend Micro in a Wednesday blog post, because most fileless malware programs are technically only fileless when first infecting a user’s system. Upon actually executing the main malicious payload, they typically end up themselves, the post continues. But not JS_POWMET, which leaves no evidence of on the machine itself, making it difficult for researchers to analyze it.

https://www.scmagazine.com/js_powmet-malware-is-100-fileless-from-infection-to-payload/article/679357/

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.

//]]>