IT Security News Blast 8-9-2017

Ransomware 2.0: It’s coming, and healthcare needs to get prepared

“The latest variation on a theme regarding this threat is what can appropriately be called a ransomworm,” said Rich Curtiss, managing consultant at Clearwater Compliance, a former hospital CIO, and liaison for cybersecurity vulnerability projects with the National Cybersecurity Center of Excellence. “This is a combination of two types of malware, ransomware and a worm. While we have become all too familiar with ransomware in the healthcare sector, we have ignored other forms of malware.”

http://www.healthcareitnews.com/news/ransomware-20-its-coming-and-healthcare-needs-get-prepared

 United States: Cyber Threats To The Healthcare Industry: Best Practices To Help Protect Your Organization

Recent studies suggest that healthcare organizations are the most targeted sector – and breaches in the healthcare industry are costlier than any other sector. Although attack methods continue to evolve and become more sophisticated, we continue to see companies in the healthcare industry fall victim to the same types of attacks, most of which could have been prevented or mitigated by sound security practices.

http://www.mondaq.com/unitedstates/x/617442/Healthcare/Cyber+Threats+To+The+Healthcare+Industry+Best+Practices+To+Help+Protect+Your+Organization

 The first rule of FinTech security

Do security people understand the business?  If no, start immediately.  How can you secure that which you do not understand?  Like all other areas of the business, competency must be shown first before security engineering can begin. […] How many tools do you really need?  If you have more than seven toolsets that are large portions of IT spend, you may have a problem with a runaway security program.

https://www.cuinsight.com/first-rule-fintech-security.html

 Mondelez not yet ‘back to normal’ from cyber attack

For the second quarter, the company estimates that the malware incident had a negative impact of 2.3% on its net revenue growth and 2.4% on its organic revenue growth. The company also incurred incremental expenses of $7.1 million as a result of the incident.” In an Aug. 2 conference call with investment analysts, Irene Rosenfeld, chairman and chief executive officer, said Mondelez was not yet “back to normal.”

http://www.foodbusinessnews.net/articles/news_home/Business_News/2017/08/Mondelez_not_yet_back_to_norma.aspx?ID=%7BDED7DC26-4B26-4854-B1F5-B1284D919EFA%7D&cck=1

 Report: Destructive malware and targeted cyberattacks on the rise in 2017

The next big threat facing the enterprise is destructive malware disguised as a simple ransomware attack, according to Kaspersky Lab’s APT Trends report for Q2 2017, released Tuesday. The report also noted the rise of attacks targeted at energy companies, and a growing complexity of cyberespionage efforts. […] It was also alleged that both WannaCry and ExPetr were nation-state backed.

http://www.techrepublic.com/article/report-destructive-malware-and-targeted-cyberattacks-on-the-rise-in-2017/

 Mandating privacy safeguards for the insurance sector

On August 7, 2017, the National Association of Insurance Commissioners (NAIC) held their summer session at the Philadelphia Convention Center. While this event is multiple days in length, today was of notable interest as the Cybersecurity Working Group was one of the key focal points. Specifically, the proposed adoption of the most recent version of the NAIC’s Model Law. This proposed law would directly impact how “any” licensee protects client personally identifiable information (PII).

http://www.csoonline.com/article/3214466/privacy/mandating-privacy-safeguards-for-the-insurance-sector.html

 China Enforces First Action Under Developing Cyber Security Law

Chongqing’s Public Security Bureau  (PSB) issued a warning to a local Internet data center company for failure to preserve a blog.  The company was ordered to rectify that deficiency within 15 days. While this is a small violation, it marks the first enforcement action under the Law.  Chongqing’s PSB has said it will strengthen monitoring and inspection efforts as to the implementation of tiered protection, real-name authentication, and infringement on personal information.

https://www.forbes.com/sites/roncheng/2017/08/08/china-enforces-first-action-under-developing-cyber-security-law/#6a21cb5422bc

 National Security Council fills vacancy on cyber team

Grant Schneider, currently the acting federal chief information security officer (CISO), will become senior director for cybersecurity policy at NSC. Schneider will be responsible for the “homeland” cybersecurity portfolio at the NSC, including the defensive posture of federal and critical infrastructure systems and incident response. He will also retain the role of deputy federal CISO.

http://thehill.com/policy/cybersecurity/345805-national-security-council-fills-cyber-vacancy-with-fed-information

 US Homeland Security CIO hits ctrl-alt-delete after just three months

Richard Staropoli, the former US secret service agent who at one time vowed to run the department “like a hedge fund,” will be leaving at the end of the month. Staropoli had been appointed to the CIO position by the Trump White House in May of this year. Prior to that he had worked at hedge fund Fortress Investment group as the CISO and head of global security.

https://www.theregister.co.uk/2017/08/08/dhs_cio_steps_down/

 US arraignment of British cybersecurity expert postponed

Magistrate Judge Nancy Koppe said Hutchins would have to stay at a federal halfway house or under house arrest in Las Vegas with an ankle monitor until he travels to Milwaukee for arraignment on a six-count federal indictment. The judge didn’t find Hutchins a threat to the community or a risk not to attend court appearances. She nevertheless ordered him to surrender his passport to federal officials and not use any device that has access to the internet.

http://business.financialpost.com/business-pmn/uk-cyber-researcher-still-held-in-las-vegas-in-malware-case/wcm/d6258204-582c-498b-af99-c9c66e5e97d9

 Number Of Russian Spies In US Hits 15 Year High, But That’s Not What You Should Be Worried About

These cyber escalations include Russian-sponsored dissemination of false information via social media, hacking attempts throughout the 2016 U.S. presidential election, and ties to cyber criminals targeting American companies. […] “Russia, like its Soviet predecessor, has a history of conducting covert influence campaigns focused on US presidential elections that have used intelligence officers and agents and press placements to disparage candidates perceived as hostile to the Kremlin,” the report added.

http://dailycaller.com/2017/08/08/number-of-russian-spies-in-us-hits-15-year-high-but-thats-not-what-you-should-be-worried-about/

 Social media exploitation key in Trump’s ‘extreme vetting’ program

Quite a few of the interested vendors’ questions centered around the task of social media exploitation, as contractors are to be able to “analyze and apply techniques to exploit publicly available information, such as media, blogs, public hearings, conferences, academic websites, social media websites such as Twitter, Facebook, and LinkedIn, radio, television, press, geospatial sources, internet sites, and specialized publications with intent to extract pertinent information regarding targets, including criminals, fugitives, nonimmigrant violators, and targeted national security threats and their location.”

http://www.csoonline.com/article/3214390/security/social-media-exploitation-plays-key-role-in-trump-s-extreme-vetting-program.amp.html

 View: Dealing with cyber warfare

In the cyber field, Russia proposed a UN treaty to ban electronic and information weapons (including propaganda) in 1999. With China and other members of the Shanghai Cooperation Organization, it has continued to push for a broad UN-based treaty. The US resisted what it saw as an effort to limit American capabilities, and continues to regard a broad treaty as unverifiable and deceptive. Instead, the US, Russia, and 13 other states agreed that the UN Secretary General should appoint a Group of Governmental Experts (GGE), which first met in 2004.

http://www.euronews.com/2017/08/08/view-dealing-with-cyber-warfare

 Amid DHS leadership shuffle, voting systems remain vulnerable

“The cyber threat is going to get worse before it gets better in this country,” he added. “Bad cyber actors are becoming more aggressive, more ingenuous and more tenacious… Nothing would surprise me at this point in terms of their capabilities.” Despite pushback and confusion from states over the critical infrastructure designation, Johnson said that 33 states sought cybersecurity assistance from DHS during the lead-up to the election. “We identified a number of vulnerabilities in election infrastructure which were addressed,” he said. “But that process needs to continue.”

https://fcw.com/articles/2017/08/07/voting-systems-vulnerable-gunter.aspx

 Anti-Israeli wiper malware locks data that can’t be restored

The malware works in a way that upon infecting a targeted device, it replaces the file’s content with messages in broken English and Hebrew language. In a conversation with Israeli news site Haaretz, Ari Eitan, director of research at Intezer said that: “It’s not exactly encryption. It simply totally changes the files’ content.” […] [The] malware changes the desktop of a targeted device and also with some of the files present in the Downloads directories. However, Noar also found that by typing an empty “ClickMe.exe” command it can kill the process of this malware.

https://www.hackread.com/anti-israeli-wiper-malware-locks-data-that-cant-be-restored/

 It’s 2017 and Hyper-V can be pwned by a guest app, Windows by a search query, Office by…

Among the flaws are remote code execution holes in Windows, Internet Explorer/Edge and Flash Player, plus a guest escape in Hyper-V. Of the 48 patches issued by Redmond, 25 are rated as critical security risks. Those 25 critical issues include a remote code execution vulnerability for all supported versions of Windows (CVE-2017-8620) for which an exploit is already public, we’re told. That flaw allows an attacker to take over a target machine on the network via a malicious Windows Search or SMB query.

https://www.theregister.co.uk/2017/08/08/august_patch_tuesday/

 NIST Releases Cybersecurity Definitions for the Workforce

Employers and recruiters may have an easier time describing the type of infosec professionals they are seeking to hire or advance in their careers now that the government’s National Institute of Standards and Technology (NIST) has released the finalized draft version of its cybersecurity lexicon framework. NIST’s National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework aims to provide organizations with a common vocabulary when describing the role, area of specialty, category of work, and the knowledge, skills, and abilities (KSA) of cybersecurity professionals.

https://www.darkreading.com/threat-intelligence/nist-releases-cybersecurity-definitions-for-the-workforce/d/d-id/1329578

 HBO hackers leak Game of Thrones Stars data; demand multimillion dollar ransom

In the 5 minute video, the group also threatened to leak more TV shows and personal emails if a  “multimillion-dollar” ransom is not paid within three days from the date of sending the video message. The hackers also claimed that it took them around six months to steal data from HBO and $500,000 to get their hands on a security flaw which allows them to steal data from large enterprises. The “zero day flaw” is still unknown to Microsoft.

https://www.hackread.com/hbo-hackers-leak-game-of-thrones-stars-data-demand-ransom/

 True random numbers are here — what that means for data centers

Tapping into the quantum physics of matter and light to provide a source of entropy, the Entropy Engine produces numbers that:

  • Cannot be predicted … ever
  • Are based on the random behavior of photons
  • Can be produced through something as small as a piece of Starburst sitting on a circuit board that looks, well, like a fairly standard circuit board

http://www.networkworld.com/article/3211529/security/true-random-numbers-are-here-what-this-can-mean-for-all-of-us.html

 The Patching Dilemma: Should Microsoft Fix Flaws in Older Tech?

SMBLoris, which Dillon discovered while analyzing the EternalBlue exploit, could let a single machine take down a Windows server, he explains. Microsoft won’t issue a patch because the flaw is deeply ingrained in the way SMB works and many components rely on its behavior. “Microsoft’s refusal to patch is not limited to older tech,” says Dillon. “SMBLoris is an example of a modern Windows vulnerability, that can be exploited even with all versions of SMB disabled. A productive Windows network will have at least some version of SMB enabled. It is ripe for attack and extortion.”

https://www.darkreading.com/vulnerabilities—threats/the-patching-dilemma-should-microsoft-fix-flaws-in-older-tech/d/d-id/1329588?

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.

//]]>