IT Security News Blast 01-17-2018

Supply Chain Cybersecurity

Supply-Chain Security as a Market Force [Slideshow with insightful audio]
Audio of Mike Hamilton speaking at T-Mobile last November 30, along with the slides, discussing IoT landmines, executive negligence, and creepy ad tracking that are pointing us all toward market-based security. Highlights:
·       The entire internet is booby-trapped
·       Don’t click on anything, ever
·       That karaoke site you went to yesterday is no longer okay
·       There are no records left to steal
·       How government infosec regulations are similar to tostadas
https://criticalinformatics.com/resources/blog/bonus-video-mike-hamilton-discusses-your-favorite-infosec-trends-for-2018/

 

KillDisk Fake Ransomware Hits Financial Firms in Latin America
Just like previous versions, KillDisk purposely deleted files but included a ransom note in an attempt to fool victims that they’ve been infected with ransomware and not a malicious disk wiper known to be used in many past cyber-espionage operations. On the infosec scene, KillDisk is one of the most infamous malware families around. The malware was developed and used primarily by a Russian cyber-espionage group known as Telebots.
https://www.bleepingcomputer.com/news/security/killdisk-fake-ransomware-hits-financial-firms-in-latin-america/

 

Who should be responsible for cybersecurity?
C-suite abdication reveals a central but oft-overlooked error, one baked into the term “cyber-security” itself: though traditionally tucked away under the IT umbrella as a security concern, many if not most of the consequences of cyber-attacks are monetary, with severe and long-lasting financial implications. […] Moving forward, a chief concern must be not only how CFOs can participate in the design and implementation of cost-effective cyber-security systems and protocols, but more importantly how they can take the lead in fostering company-wide cultures of cyber-awareness, vigilance, and preparedness.
https://www.csoonline.com/article/3248824/data-protection/who-should-be-responsible-for-cybersecurity.html

 

Why healthcare CISOs need to revamp cybersecurity training
It is important for healthcare security teams to train together to defend against the top threats like ransomware. Teams that consistently practice their skills—particularly threat identification and incident response tactics—as an integrated team are more confident, quick and effective in their response to cyberattacks.
https://www.healthdatamanagement.com/opinion/why-healthcare-cisos-need-to-revamp-cybersecurity-training

 

MITRE crowdsourcing analytics to bolster cybersecurity
“Healthcare is one of the first examples of a sector or group doing this crowdsourcing approach to developing analytics,” said Julie Connolly, principal cybersecurity engineer for MITRE. “We have different ways to engage the community and we put the framework out there. It takes time, but it’s been very successful.” ATT&CK is really two things: A framework for organizations trying to characterize adversary behavior across the different phases of its lifecycle and a knowledge base of threats, said Connolly.
http://www.healthcareitnews.com/news/mitre-crowdsourcing-analytics-bolster-cybersecurity

 

Hackers Will Target Small Business Through the Internet of Things in 2018, New Report Says
A new report finds hackers are poised to target small businesses that use Internet of Things (IoT) technology to gain access to data from larger global firms in 2018. The  2018 Cybersecurity Predictions by Aon’s Cyber Solutions predicts a small business Internet of Things (IoT) breach will create a domino effect that damages a larger company. […] The report also sees the spotlight on regulation strengthening and widening as calls for a harmonized approach to cyber security get more intense.
https://smallbiztrends.com/2018/01/2018-cybersecurity-predictions.html

 

Cyber insurance in the 2018 regulatory landscape
So what is in store for 2018 and how might these factors impact underwriting practices or adoption rates? To begin with, the State of New York has the first deadline to contend with. Business entities that are operating within the State of New York in the financial services sector and have $5M in revenue must submit artifacts to support they have a cybersecurity plan of operations to include remote penetration testing, onsite vulnerability assessments, and even demonstrate a CISO is in place. GDPR becomes actionable in May where violations might subject the offender to penalties starting at 20 million Euros.
https://www.csoonline.com/article/3247834/risk-management/cyber-insurance-in-the-2018-regulatory-landscape.html

 

22 States Are Suing the FCC For Repealing Net Neutrality
In the petition, Schneiderman and his allies argue that the FCC’s decision can be deemed “arbitrary, capricious, and an abuse of discretion,” under the Administrative Procedures Act and therefore violates federal law. According to the petition, part of that argument includes the fact that the public comment period leading up to the decision was majorly botched. This is the first in what is expected to be a number of lawsuits challenging the FCC’s decision late last year to repeal net neutrality laws.
https://motherboard.vice.com/en_us/article/vbyq5a/22-states-are-suing-the-fcc-for-repealing-net-neutrality

 

Trust War: Dangerous Trends in Cyber Conflict
Cyber-attacks on trust are more worrying than those intended to produce physical effects. Attackers find it easier, and perhaps more effective, to weaken the bonds of a military alliance rather than go after fighter jets, or to corrupt financial data rather than destroy banks’ computers. Cyber-attacks on trust and integrity have a much lower threshold, are harder to detect and deter, and can cascade through interconnected systems.
https://warontherocks.com/2018/01/trust-war-dangerous-trends-cyber-conflict/

 

As Cyber Threats To The Electric Grid Rise, Utilities & Regulators Seek Solutions
Cybersecurity standards are lacking in the distribution system, where electricity is delivered to customers and operated by utilities. Since utilities own, operate and generate revenue by operating power resources, they should seek and fund cybersecurity solutions to ensure equipment and electricity availability are not compromised. […] Minimum cybersecurity standards need to be created by public utility commissions in every state to ensure that electricity availability is guarded.
https://www.forbes.com/sites/constancedouris/2018/01/16/as-cyber-threats-to-the-electric-grid-rise-utilities-regulators-seek-solutions/#6e9ac3bf343e

 

MEPs target exports of cyber surveillance tech
The European Parliament is set to vote on a bill on Wednesday (17 January) that aims to crack down on cyber surveillance technology sold to countries with dubious human rights records. The move follows widespread condemnation of autocratic regimes for lynching activists in the lead up to and during the ‘Arab Spring’. Some of those regimes relied on cyber surveillance technology to suppress dissidents. German companies are said to be among Europe’s biggest exporters, with clients in places like Pakistan, Russia, Saudi Arabia and Turkey.
https://euobserver.com/science/140568

 

5 Senators Are Filibustering an Attempt to Expand Warrantless Surveillance of Americans
The filibuster coalition is led by Republican Senator Rand Paul and Democratic Senator Ron Wyden, who have co-sponsored the USA Rights Act, a privacy-oriented alternative to the FISA Amendments Reauthorization Act that is widely supported by civil rights groups.The USA Rights Act would require strong oversight of intelligence agencies by an independent agency, require intelligence agencies to get a warrant to read the communications of US citizens, and make a far-reaching type of surveillance known as “about collection” illegal.
https://motherboard.vice.com/en_us/article/ne45jd/rand-paul-filibuster-fisa-702-senate

 

Researchers identify Android malware that can ‘spy extensively’
Kaspersky Lab on Tuesday sounded the alarm about the discovery of highly advanced surveillance software that it said can infiltrate Android mobile devices and gather “targeted” information without users’ consent. […] “Skygofree is a sophisticated, multi-stage spyware that gives attackers full remote control of an infected device,” the company said in a Tuesday press release.
http://thehill.com/policy/cybersecurity/369149-kaspersky-discovers-advanced-android-surveillance-software

 

New BitTorrent Flaw Puts Linux & Windows devices at risk of hacking
Tavis Ormandy, an IT security researcher at Google’s Project Zero has identified a critical flaw in Transmission BitTorrent app that if exploited lets attackers take full control of a targeted computer on Linux or Windows operating system. […] The proof of concept published by Ormandy explains that the flaw currently works on computers running Chrome and FireFox browsers on Linux and Windows operating system. However, there are chances that the flaw might also work on other platforms such as macOS browsers if the user has enabled remote access.
https://www.hackread.com/bittorrent-flaw-linux-windows-devices-hacking/

 

Hackers crack BlackWallet DNS server, steal $400,000
Thomas Fischer, threat researcher & global security advocate at Digital Guardian told SC Media UK: “The BlackWallet incident is actually an interesting and quite clever application of DNS hijacking, which can in itself be a relatively simple technique. Using social engineering techniques to access the login for the hosting provider account gave the attacker a very straightforward way to re-direct traffic to the malicious site.
https://www.scmagazine.com/hackers-crack-blackwallet-dns-server-steal-400000/article/737099/

 

1 in 9 Online Accounts Created in 2017 Was Fraudulent
Emerging industries, including ridesharing and gift card sharing, are particularly susceptible to fraud, according to the report. Account takeover attacks also increased by 170%; an account takeover attack occurs every 10 seconds, according to ThreatMatrix. Overall, ThreatMatrix detected a 100% increase in attack volume over the past two years, including “unprecedented spikes” of irregular behavior immediately after the Equifax breach.
https://www.darkreading.com/threat-intelligence/1-in-9-online-accounts-created-in-2017-was-fraudulent-/d/d-id/1330831

 

Operator of hacked password service Leakedsource.com arrested
According to a press release, in 2016 it came to RCMP’s knowledge that the servers hosting LeakedSource.com were located in Quebec and that is when their cybercrime unit initiated “Project Adoration” and raided LeakedSource.com which at that time contained over 3 billion personal identity records and associated emails, username, and passwords from large-scale data breaches including MySpace, Dropbox, LinkedIn.
https://www.hackread.com/hacked-password-service-leakedsource-operator-arrested/

 

The interface to send out a missile alert in Hawaii is, as expected, quite bad
One issue that prevented HI-EMA from correcting the missile alert immediately was that there was no automated way to send out a “false alarm” notification to the hundreds of thousands of people who received the Wireless Emergency Alert (WEA) or to the television and radio broadcast stations that also conveyed the grave warning. Instead, the agency had to send a correction manually.
https://arstechnica.com/information-technology/2018/01/the-interface-to-send-out-a-missile-alert-in-hawaii-is-as-expected-quite-bad/

 

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.