IT Security News Blast 8-8-2017

The Health Care Industry Cybersecurity Task Force Prompts HHS to Issue a Revised HIPAA Breach Reporting Tool

Following up on the Task Force’s recommendation to provide health care officials with the knowledge and tools to manage cybersecurity threats, on July 25, 2017, the HHS Office for Civil Rights (“OCR”) launched a revised web tool, the HIPAA Breach Reporting Tool (“HBRT”). The HBRT helps individuals identify recent breaches of health information, and to learn how such breaches should be investigated and properly resolved.

http://www.lexology.com/library/detail.aspx?g=d8e2d071-abcd-4e27-b677-483ff585a702

 How ‘zero trust’ networks can help hospitals strengthen cybersecurity

“The primary reason zero-trust makes so much sense today is that our networks no longer have an outside,” Pollard explained. “The perimeter has disappeared and organizations of all sizes have multiple third-party connections, data-sharing agreements, hybrid cloud deployments and remote users. Relying on a model that assumes if you are inside the network you must be OK is a recipe for disaster.”

http://www.healthcareitnews.com/news/how-zero-trust-networks-can-help-hospitals-strengthen-cybersecurity

 How to become a cybersecurity superhero

Kim Jones, director of the cybersecurity education consortium at Arizona State University, outlined four attributes security professionals must possess and continue to perfect. The first, he said, is a high level of technical skills, as both the technology and the threats against the technology continue to evolve. The second is excellent critical thinking skills, he said, going beyond simple problem-solving and getting to an ability to truly “see” the “three-level chessboard” and maneuver on it masterfully.

http://www.healthcareitnews.com/news/how-become-cybersecurity-superhero

 One-Third of Businesses Hit with Malware-less Threats

The most common threats seen among businesses were phishing (72%), spyware (50%), ransomware (49%), and Trojans (47%). Phishing caused the greatest damage. Few respondents face zero-day threats; 76% said less than 10% of significant threats they faced were zero-days. “Today’s threats predominately leverage the same old vulnerabilities and techniques[.]”

https://www.darkreading.com/vulnerabilities—threats/one-third-of-businesses-hit-with-malware-less-threats/d/d-id/1329573?

 United States: SEC Increases Focus on Cyber Incident Response

By increasing regular examination of regulated entities, such as broker dealers and investment advisers, these entities will likely have more direct oversight and scrutiny of their information security programs. In addition, direct regulatory oversight of financial institutions subject to the SEC’s jurisdiction, and broader scrutiny of public companies and their security breach-related disclosures, seems probable.  “In the wake of a breach, we are going to ask questions and look at disclosures before and after an incident,” said Avakian.

http://www.mondaq.com/unitedstates/x/617122/Data+Protection+Privacy/SEC+Increases+Focus+on+Cyber+Incident+Response

 This Week’s “Planet Earth Report” –Threats, Solutions, Observations

The manual consists of a set of guidelines — 154 rules — which set out how the lawyers think international law can be applied to cyber warfare, covering everything from the use of cyber mercenaries to the targeting of medical units’ computer systems. The idea is that by making the law around cyberwarfare clearer, there is less risk of an attack escalating, because escalation often occurs when the rules are not clear and leaders over-react.

http://www.dailygalaxy.com/my_weblog/2017/08/this-weeks-planet-earth-report-threats-solutions-observations.html

 Engineering firm exposes SCIF plans and power vulnerability reports

On July 6, 2017, after scanning the internet for publicly available Rsync services, Vickery discovered the PQE data, including both internal and client records. The records were secured two days later after Vickery contacted PQE, but prior to that  anyone who connected to the IP and port directly could’ve downloaded the records for themselves. The files Vickery discovered included schematics that highlighted “potential weak points and trouble in customer electrical systems,” a report from UpGuard shared with Salted Hash explains.

http://www.csoonline.com/article/3212891/security/engineering-firm-exposes-scif-plans-and-power-vulnerability-reports.html

 350% more cybersecurity pros in Washington, D.C., area than rest of U.S.

Investors—especially angels and first round financiers—prefer to be close to their portfolio companies. Simply put, where there are VCs, there will be startups.  […] While the D.C. metro area is long on cybersecurity talent, it’s short on cybersecurity product companies, according to a paper written by Ackerman and Janke. They say Beltway cyber experts lack the commercial DNA essential to commercialize market growth.

http://www.csoonline.com/article/3214184/security-awareness/350-more-cybersecurity-pros-in-washington-dc-area-than-rest-of-us.html

 Military commanders get OK to shoot down drones over bases

“The increase of commercial and private drones in the U.S. has raised our concerns with regards to safety and security of our installations,” Davis said. “Protecting our force remains a top priority, and that’s why DoD issued this very specific but classified policy, developed with the FAA and our inter-agency partners, that details how DoD personnel may counter the unmanned aircraft threat.”

http://www.wpxi.com/news/politics/military-commanders-get-ok-to-shoot-down-drones-over-bases/584550233

 Radio navigation set to make global return as GPS backup, because cyber

Since GPS signals from satellites are relatively weak, they are prone to interference, accidental or deliberate. And GPS can be jammed or spoofed—portable equipment can easily drown them out or broadcast fake signals that can make GPS receivers give incorrect position data. The same is true of the Russian-built GLONASS system. Over the past few years, the US Coast Guard has reported multiple episodes of GPS jamming at non-US ports, including an incident reported to the Coast Guard’s Navigation Center this June that occurred on the Black Sea.

https://arstechnica.com/gadgets/2017/08/radio-navigation-set-to-make-global-return-as-gps-backup-because-cyber/

 UK cyber-researcher still held in Las Vegas in malware case

An official says a British cybersecurity researcher remains jailed in Nevada, a day before he’s due to face charges in federal court in Milwaukee that he created and distributed malicious software designed to steal banking passwords. Southern Nevada Detention Center spokeswoman Kayla Gieni (DJEE’-nee) said Monday that 23-year-old Marcus Hutchins remains at the facility about 60 miles (96.5 kilometres) outside Las Vegas.

http://business.financialpost.com/business-pmn/uk-cyber-researcher-still-held-in-las-vegas-in-malware-case/wcm/d6258204-582c-498b-af99-c9c66e5e97d9

 Cyber threatscape

Malware as a Service (MaaS), Cyber Criminals are selling individual pieces of Malware on Dark Net Marketplaces at a set cost; while others are providing a subscription-style service to the owners of the Crimepacks. Each subscriber has access to all new and updated Malware developed for the duration of their subscription which has been continuously tested against the latest defences from the security vendors who then confirm they are unable to detect it.

http://www.itproportal.com/features/cyber-threatscape/

 Cyber Risk, Market Failures, and Financial Stability

This paper considers the properties of cyber risk, discusses why the private market can fail to provide the socially optimal level of cybersecurity, and explore how systemic cyber risk interacts with other financial stability risks. Furthermore, this study examines the current regulatory frameworks and supervisory approaches, and identifies information asymmetries and other inefficiencies that hamper the detection and management of systemic cyber risk. The paper concludes discussing policy measures that can increase the resilience of the financial system to systemic cyber risk.

http://www.einnews.com/pr_news/396798269/cyber-risk-market-failures-and-financial-stability

 California man charged in Plainfield ‘Brian Kil’ cyber threats case says he used teen to ‘attack an entire town’

The threats were attributed to an individual on Facebook known as “Brian Kil.” […] The investigation was complex, Minkler said, requiring more than 100 state and federal search warrants along with electronic surveillance, wiretapping and sophistic computer forensics techniques. Minkler said more than 200 grand jury subpoenas were issued in an effort to find the “needle in a haystack.”

http://fox59.com/2017/08/06/attorney-to-announce-federal-charges-in-plainfield-cyber-threats-case/

 HITRUST, Trend Micro Partner to Create Cyber Threat Management and Response Center

Although cyber threat information sharing is generally defined in terms of a broad set of activities, ranging from collecting, analyzing and distributing indicators of threats and compromise to education and awareness around cyber hygiene and response, not much consideration is given to the ability of the recipient to consume the information and react, commensurate with the maturity of its information security resources, security technologies and processes, more specifically, how the information impacts their ability to mitigate a cyber threat.

https://www.healthcare-informatics.com/news-item/cybersecurity/hitrust-trend-micro-partner-create-cyber-threat-management-and-response

 Updated: Guidelines to ensure vehicle design includes cyber-security

The guidelines are aimed at everyone involved in the manufacturing supply chain, from designers and engineers, to retailers and senior level executives.  They include a series of key principles for use throughout the automotive sector, the CAV and ITS ecosystems and their supply chains – drawn up  by The Department for Transport, in conjunction with Centre for the Protection of National Infrastructure (CPNI).

https://www.scmagazineuk.com/smart-anything-is-hackable–including-cars/article/680123/

 FTC must scrutinize Hotspot Shield over alleged traffic interception, group says

A privacy advocacy group has filed a formal complaint with the Federal Trade Commission, alleging that Hotspot Shield, a popular free VPN service, collects numerous pieces of data and intercepts traffic in contrast to the company’s claim that it provides “complete anonymity.” In its 14-page filing, which was submitted Monday morning, the Center for Democracy and Technology claims that the company displays persistent cookies and works with various other entities for advertising purposes, among other alleged unsavory practices.

https://arstechnica.com/tech-policy/2017/08/ftc-must-scrutinize-hotspot-shield-over-alleged-traffic-interception-group-says/

 Flaws in ISP gateways let attackers remotely tap internet traffic

“We discovered a wide array of critical vulnerabilities in ISP-provided, RDK-based wireless gateways and set-top boxes from vendors including Cisco, Arris, Technicolor, and Motorola. Our research shows that it was possible to remotely and wirelessly tap all Internet and voice traffic passing through the affected gateways, impacting millions of ISP customers.”

https://www.hackread.com/critical-flaws-in-isp-gateways-lets-attackers-remotely-tap-internet-traffic/

 Email malware, phishing and spam attempts hit new highs for 2017

The number of emails carrying malware increased to a new high in July with one in every 359 emails carrying a malicious payload, according to Symantec’s July Intelligence Report. […] In July most email malware targeted the agricultural, forestry, mining and public administration industries with companies employing between 1 and 250 and 1,001 to 1,500 people being hit most often. […] Phishing emails are also hitting recent highs with one in every 1,968 emails falling into this category in July, up ever so slightly from the one in 1,975 emails in June, but well above the one in every 9,138 emails that was reported in March 2017. The mining industry was the most phished and was the top spam recipient, the report stated.

https://www.scmagazine.com/email-malware-phishing-and-spam-attempts-hit-new-highs-for-2017/article/680281/

 Man Who Hacked his Former Employer Gets 18-Month Prison Sentence

The former Allen & Hoshall employee also acknowledged he accessed his former colleague’s email account to glean information about the company’s project proposals, marketing plans, fee structures, and account credentials for Allen & Hoshall’s internal document-sharing system. The information that Needham accessed carried an estimated worth of $500,000.

https://www.darkreading.com/threat-intelligence/man-who-hacked-his-former-employer-gets-18-month-prison-sentence/d/d-id/1329574

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.

//]]>