IT Security News Blast 01-19-2018

Nuclear Weapons as Cyber Defense

Exchange body issues cyber security best practice guidelines
The guidelines from the World Federation of Exchanges, which represents more than 200 exchanges, clearing houses and other market infrastructure providers, come after Deloitte warned last month that two-thirds of global financial institutions are finding it difficult to manage cyber risks.


Trump’s Bank Regulator Flags Cyber Risks in First Threat Report
More sophisticated hackers are finding “back doors into client businesses’” through firms they do business with, the Office of the Comptroller of the Currency said in its Semiannual Risk Perspective. Attackers are stealing customer information and intellectual property, and are misappropriating funds, the national bank regulator said in the report.


Healthcare records of three million Norwegians compromised in “professional” cyber attack
Nilsen said that the data could have been hacked to use for cyber espionage, or perhaps it is likely to be used by someone who provides services based on healthcare information. However, as the health records would also include people who work in government, secret services, military and intelligence staff, politicians and other public individuals, there are some that believe the data could be used for other purposes.


Hancock Health Ransomware: Attacking Through the Supply Chain
After payment of four Bitcoins, worth approximately $55,000, the files were released and hospital operations were restored. Hospital leaders learned that the hacker used  an administrative account setup by one of the hospital’s vendors to gain unauthorized access to a system managed by the vendor and infected its systems with the SamSam ransomware variant.


Cyber attackers upped their game in 2017, warns report
“Access to BRI [Business Risk Intelligence] provides unique insight into threat actors’ motivations and what is being prioritised on the DDW [deep and dark web],” the report said. The threat of kinetic attacks on the Korean peninsula loom, the report said, as does the possibility they could be accompanied by cyber attacks, while hacktivists and jihadists continue to use the internet as a platform for influence and potentially physical violence.


Nuclear weapons are a risky defence against cyber attacks
Introducing nuclear weapons into the equation is, however, a new departure. It demonstrates how seriously the US is now taking the threat of cyber warfare; and is clearly designed to massively increase America’s deterrence capacity. At the same time, however, the policy shift carries considerable risks. By lowering the bar to the first use of nuclear weapons, it makes nuclear war more thinkable.


Lebanese spies exposed in cyber hacking campaign
Hackers with links to Lebanon’s main intelligence agency left hundreds of gigabytes of intercepted data on the open internet, per a report from security firm Lookout, Inc. and the Electronic Frontier Foundation. Victims of the hack span 21 different countries, including in the U.S. and European countries, per the report, which is calling the hacking campaign “Dark Caracal.”


Fighting Fire With Fire: Air Force’s Cyber Weapons Protect its Networks
One example is the Air Force Cyberspace Defense (ACD) weapon system, a custom-built, $543 million suite that automates monitoring and analysis of activity on the Air Force Network (AFNET). ACD, comprising hardware devices and software programs, provides continuous monitoring of classified and unclassified networks, focusing on four basic areas of cyber defense: incident prevention, detection, response, and computer forensics.


Russia, China’s Cyber-Capabilities Are ‘Catastrophic’
The capabilities they have are thus alarmingly advanced, according to Flashpoint: “Kinetic and cyber-attacks conducted by the threat actor(s) have the potential to cause complete paralysis and/or destruction of critical systems and infrastructure. Such attacks have the capacity to result in significant destruction of property and/or loss of life. Under such circumstances, regular business operations and/or government functions cease and data confidentiality, integrity, and availability are completely compromised for extended periods,” the report noted.


Tracking and reacting to Russian attacks on democracy
Last week, a U.S. government report outlined attacks made by Russian President Vladimir Putin on democratic institutions over nearly two decades. The report details the many ways in which the Russian government has combined Soviet-era approaches with today’s technological tools. […] What is striking about the Russian effort is the extent to which it employed actors and approaches that clearly and routinely transgress Russian, international, and domestic laws in the places they operate. To me, the extralegal nature of Russian influence efforts was just striking.”


How the Government Hides Secret Surveillance Programs
The cops in McKenzie’s case had ultimately failed to successfully carry out a troubling technique called “parallel construction.” First described in government documents obtained by Reuters in 2013, parallel construction is when law enforcement originally obtains evidence through a secret surveillance program, then tries to seek it out again, via normal procedure. In essence, law enforcement creates a parallel, alternative story for how it found information. That way, it can hide surveillance techniques from public scrutiny and would-be criminals.


U.S. Senate approves the renewal of a warrantless surveillance program
On Thursday, January 18, the U.S. Senate voted to approve the Foreign Intelligence Surveillance Act (FISA) Amendments Reauthorization Act of 2017, which expands the U.S. government’s ability to pursue warrantless surveillance of U.S. citizens. […] “With backdoor search, intelligence agencies can monitor the communications of any American that has been in touch with any foreigner the agency deems a target,” Motherboard reports, “About collection allows intelligence agencies to monitor the electronic communications of any American that mentions information, such as a phone number or email address, about a foreign target, even if they have never communicated with that foreigner.”


FCC Chairman Admits Cell Phone Data Is Not the Same as Broadband Internet
But in August, the FCC proposed conflating the two by redefining its standards to include mobile services—as in using your phone’s data plan to access the internet—in its definition of “broadband access.” In other words, if this change was made, using your phone would be considered just as good as having high-speed fiber to your door. Along with barely making any sense, this would seriously overrepresent the number of Americans who actually had internet access, making it harder for many of those communities to get assistance fixing the problem.


Menacing Malware Shows the Dangers of Industrial System Sabotage
A recent digital attack on the control systems of an industrial plant has renewed concerns about the threat hacking poses to critical infrastructure. And while security researchers offered some analysis last month of the malware used in the attack, called Triton or Trisis, newly revealed details of how it works expose just how vulnerable industrial plants—and their failsafe mechanisms—could be to manipulation.


Someone is touting a mobile, PC spyware platform called Dark Caracal to governments
Dark Caracal appears to be controlled from the Lebanon General Directorate of General Security in Beirut – an intelligence agency – and has slurped hundreds of gigabytes of information from devices. It shares its backend infrastructure with another state-sponsored surveillance campaign, Operation Manul, which the EFF claims was operated by the Kazakhstan government last year.


Attackers Use Microsoft Office Vulnerabilities to Spread Zyklon Malware
The first vulnerability is a .NET framework bug (CVE-2017-8759) patched by Microsoft last October. Targets that open an infected document allow attackers install programs, manipulate data and create new privileged accounts, Microsoft said. In the context of the attack described by FireEye, the infected DOC file contains an embedded OLE Object that, upon execution, triggers the download of an additional DOC file from a stored URL.


Researcher reports how to hack Facebook account with Oculus Integration
He identified that using especially designed GraphQL queries, an attacker can easily connect the Facebook account of any user to attacker’s Oculus account. GraphQL query language was developed by Facebook in 2012. It was, therefore, observed by Franjković that it was possible to hijack Facebook accounts through abusing the social network’s integration with Oculus VR headset. The flaw is basically a cross-site request forgery (CSRF) vulnerability that allows the hijacking on a user’s Facebook account.


Crime-Predicting Algorithms May Not Fare Much Better Than Untrained Humans
That’s the question that Dartmouth College researchers Julia Dressel and Hany Farid set out to answer in a new paper published today in the journal Science Advances. They found that one popular risk-assessment algorithm, called Compas, predicts recidivism about as well as a random online poll of people who have no criminal justice training at all.



Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.