IT Security News Blast 01-15-2018

Cybersecurity Protecting our Hospitals

Median ‘dwell’ time for cyber intrusion highest in APAC at 172 days: FireEye
According to Cyber Evolution: En Route to Strengthening Resilience in Asia-Pacific, the median number of days between network intrusion and the detection of the threat actor on a global scale is 99 days. By comparison, Europe, the Middle East, and Africa have a median dwell time of 106 days, while the Americas boast the same median as the global figure.
http://www.zdnet.com/article/median-dwell-time-for-cyber-intrusion-highest-in-apac-at-172-days-fireeye/

 

Cyber threats outpacing abilities of governments, companies, says WEF
The report, Cyber Resilience: Playbook for Public-Private Collaboration, seeks to facilitate capacity-building, policies and processes necessary to support collaboration, safeguard cyberspace and strengthen cyber-resilience. It precedes the launch of a new Global Centre for Cybersecurity at the Davos summit from January 22-26, 2018. “We need to recognise cybersecurity as a public good and move beyond the polarising rhetoric of the current security debate.
http://www.financialexpress.com/industry/cyber-threats-outpacing-abilities-of-governments-companies-says-wef/1014340/

 

Hackers increasingly target patient records as HCPs do little to protect data – research
The data also reveals a worrying disconnect between healthcare professionals’ confidence in protecting sensitive patient data and the actual protection of that data. Some 48% of RNs and 57 percent of administrative staff say they are “very confident” their institution can safeguard patient records against potential data theft. At the same time, only 25 percent of RNs and 40 percent of administrative staff cited data security & privacy improvements over the past year.
https://securityboulevard.com/2018/01/hackers-increasingly-target-patient-records-as-hcps-do-little-to-protect-data-research/

 

Hospital hit by ransomware: Attackers demand Bitcoin to release control of system
The attack was not the result of an employee opening a malware-infected email, a common tactic used to hack computer systems, he said. The attack was sophisticated, he said, adding FBI officials are familiar with this method of security breach. “This was not a 15-year-old kid sitting in his mother’s basement,” Long said. Notices posted Friday at entrances to Hancock Regional Hospital alerted visitors to a “system-wide outage” and asked any hospital employee or office using a HRH network to ensure all computers were turned off.
http://www.greenfieldreporter.com/2018/01/13/01132018dr_hancock_network_hack/

 

How to Attract More Women Into Cybersecurity – Now
And although a number of challenges exist in attracting women and young girls to a cybersecurity career, a number of similarities exist between the attributes these women and young girls seek in a career and what the cybersecurity profession can offer, according to a recent survey by Kaspersky Lab and interviews with female cybersecurity pros.
https://www.darkreading.com/careers-and-people/how-to-attract-more-women-into-cybersecurity—now/d/d-id/1330816?piddl_msgid=330478

 

Cyber-attack risk on nuclear weapons systems ‘relatively high’ – thinktank
US, British and other nuclear weapons systems are increasingly vulnerable to cyber attacks, according to a new study by the international relations thinktank Chatham House. […] It blames this partly on failure to keep up with fast-moving advances, lack of skilled staff and the slowness of institutional change.
https://www.theguardian.com/technology/2018/jan/11/cyber-attack-risk-on-nuclear-weapons-systems-relatively-high-thinktank

 

Update on Pawn Storm: New Targets and Politically Motivated Campaigns
We can often closely relate current and old Pawn Storm campaigns using data that spans more than four years, possibly because the actors in the group follow a script when setting up an attack. This makes sense, as the sheer volume of their attacks requires careful administration, planning, and organization to succeed. The screenshots below show two typical credential phishing emails that targeted specific organizations in October and November 2017. One type of email is supposedly a message from the target’s Microsoft Exchange server about an expired password. The other says there is a new file on the company’s OneDrive system.
http://blog.trendmicro.com/trendlabs-security-intelligence/update-pawn-storm-new-targets-politically-motivated-campaigns/

 

‘Very high level of confidence’ Russia used Kaspersky software for devastating NSA leaks
“I think there’s a very high level of confidence that the Shadow Brokers dump was directly related to Kaspersky … and it’s very much attributable,” David Kennedy, CEO of TrustedSec, told Yahoo Finance. “Unfortunately, we can only hear that from the intelligence side about how they got that information to see if it’s legitimate.” Dave Aitel, CEO of offensive-minded cybersecurity Immunity, previously explained that there is no “magical way where you can both show the evidence and protect sources and methods.”
https://finance.yahoo.com/news/experts-link-nsa-leaks-shadow-brokers-russia-kaspersky-144840962.html

 

Russian military was behind ‘NotPetya’ cyberattack in Ukraine, CIA concludes
The June 2017 attack, delivered through a mock ransomware virus dubbed NotPetya, wiped data from the computers of banks, energy firms, senior government officials and an airport. The GRU military spy agency created NotPetya, the CIA concluded with “high confidence” in November, according to classified reports cited by U.S. intelligence officials. The CIA declined to comment.
https://www.washingtonpost.com/world/national-security/russian-military-was-behind-notpetya-cyberattack-in-ukraine-cia-concludes/2018/01/12/048d8506-f7ca-11e7-b34a-b85626af34ef_story.html?utm_term=.25e3b30e41a8

 

North Korea and Cyber Catastrophe—Don’t Hold Your Breath
Someone who is worshipped as a god-king by millions, controls immense personal wealth, and has unchecked power will be loath to put this at risk. Second, North Korea is willing to use provocations, including low level attacks, as part of its diplomatic repertoire, but attempts to calculate the limits of what it can do without provoking major conflict. Finally, while North Korean decision-making on the use of cyber actions is murky, it is likely that all major programs or actions require Kim’s approval.
http://www.38north.org/2018/01/jalewis011218/

 

Senators Propose Heavy Fines for Credit Agencies Over Privacy Data Breaches
The bill would fine a company $100 for each consumer that had a piece of personal information compromised in a data breach, with an additional $50 for each additional piece of data put at risk for each consumer. Those fines could add up to 50 percent of a company’s gross revenue. But, that penalty doubles if company fails to disclose the breach to regulators in a timely manner or has insufficient cyber security in place, and can add up to as much as 75 percent of a company’s global revenue for the last fiscal year.
https://www.insurancejournal.com/news/national/2018/01/12/476959.htm

 

Feds may have to explain knowledge of security holes – if draft law comes into play
The “Cyber Vulnerability Disclosure Reporting Act,” sponsored by Rep Sheila Jackson Lee (D-TX), requires the Department of Homeland Security to issue “a report that contains a description of the policies and procedures developed for coordinating cyber vulnerability disclosures.”[…] “Perhaps the best thing about this short bill is that it is intended to provide some evidence for the government’s long-standing claims that it discloses a large number of vulnerabilities,” said EFF attorneys Nate Cardozo and Andrew Crocker in a blog post on Friday.
https://www.theregister.co.uk/2018/01/13/us_house_reps_security_holes/

 

Internal CSIS document details ‘mega trends’ set to alter economy, society, security
A take-home message of the document is that policy-makers must figure out how much they really know about these disruptive technologies, their potential national-security risks and how to ensure Canada stays secure and prosperous. […] A few areas highlighted on the CSIS list have already attracted some commitments from the federal government, while Ottawa insists others, such as the expected job-killing disruptions of technological change, remain a key focus as it prepares its spring budget.
https://www.theglobeandmail.com/news/national/internal-csis-document-details-mega-trends-set-to-alter-economy-society-security/article37599842/

 

8 trends in video surveillance for 2018
1. Creeping closer to the ‘edge’
2. There’s the global market and then there’s the Chinese market
3. More cloud-to-cloud integration
4. Deep and machine learning comes of age
5. Cybersecurity and GDPR loom large
6. Embryonic IoT market will mature
7. Drone detection to be a bigger priority than drones themselves
8. Fault tolerance taken more seriously
https://www.ifsecglobal.com/8-trends-in-video-surveillance-for-2018/

 

In ‘Listening In,’ a Surveillance Expert Warns That No Secret Is Safe
“Listening In” provides a detailed overview of the history of cybersecurity, dubbing the current debate the “second Crypto War.” By her account, the first Crypto War began in the 1970s and centered around export controls over the security of devices. It ended in the 2000s, she writes, when both the U.S. and the European Union lifted these controls with respect to devices fitted with the supposedly hack-proof technology called end-to-end encryption — an apparent victory for security. The current debate centers around “exceptional access” for government agencies like the FBI. Landau finds the idea highly problematic and makes several convincing arguments against it.
https://undark.org/article/book-review-landau-listening-in/

 

Telegram’s Privacy-Focused User Base Could Become TON Blockchain’s Killer App
“This paper outlines a vision for a new cryptocurrency and an ecosystem capable of meeting the needs of hundreds of millions of consumers, including 200 million Telegram users,” reads the white paper. “Launching in 2018, this cryptocurrency will be based on a multi-blockchain proof-of-stake system — TON (Telegram Open Network, after 2021 The Open Network) — designed to host a new generation of cryptocurrencies and decentralized applications.”
https://bitcoinmagazine.com/articles/telegrams-privacy-focused-user-base-could-be-ton-blockchains-killer-app/

 

Here’s how, and why, the Spectre and Meltdown patches will hurt performance
Meltdown was presumed to have a substantial impact, at least for some workloads, but Spectre was more of an unknown due to its greater complexity. With patches and microcode now available (at least for some systems), that impact is now starting to become clearer. The situation is, as we should expect with these twin attacks, complex.
https://arstechnica.com/gadgets/2018/01/heres-how-and-why-the-spectre-and-meltdown-patches-will-hurt-performance/

 

Intel AMT Loophole Allows Hackers to Gain Control of Some PCs in Under a Minute
“In this case, however, the attacker has a workaround: AMT. By selecting Intel’s Management Engine BIOS Extension (MEBx), they can log in using the default password ‘admin,’ as this hasn’t most likely been changed by the user. By changing the default password, enabling remote access and setting AMT’s user opt-in to ‘None’, a quick-fingered cyber criminal has effectively compromised the machine,” F-Secure wrote.
https://threatpost.com/intel-amt-loophole-allows-hackers-to-gain-control-of-some-pcs-in-under-a-minute/129408/

 

Oracle still silent on Meltdown, but lists patches for x86 servers among 233 new patches
Operators of the Sun ZFS Storage Appliance have been urged to brace for a severity 10.0 fix, while users of Oracle’s Fusion Middleware, PeopleSoft, Oracle Retail, Virtualization, Communications Applications and the Supply Chain Suite have 9.8-rated flaws to fight. Most of the patches are for applications*, but Solaris 10 and 11.3 made the list too, as did the Java Advanced Management Console and the Java ME SDK.
https://www.theregister.co.uk/2018/01/15/oracle_still_silent_on_meltdown_but_lists_patches_for_x86_servers/

 

Warning: New Undetectable DNS Hijacking Malware Targeting Apple macOS Users
Dubbed OSX/MaMi, an unsigned Mach-O 64-bit executable, the malware is somewhat similar to DNSChanger malware that infected millions of computers across the world in 2012. […] First appeared on the Malwarebytes forum, a user posted a query regarding unknown malware that infected his friend’s computer that silently changed DNS settings on infected macOS to 82.163.143.135 and 82.163.142.137 addresses.
https://thehackernews.com/2018/01/macos-dns-hijacker.html

 

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.