IT Security News Blast 01-26-2018

Norway Healthcare Cyber Attack

Ransomware was most popular cyber crime tool in 2017
Between July and September 2017, there was a 700% rise in ransomware, according to Malwarebytes’ telemetry data, with GlobeImposter and WannaCry making up most of that statistic. GlobeImposter increased by 341% from July to August 2017, and WannaCry surged by 375% from August to September 2017. However, Malwarebytes reported a drop in ransomware detections towards the end of the year, when there was a shift back to banking Trojans, spyware and adware, and a move to cryptocurrency miners.
http://www.computerweekly.com/news/252433761/Ransomware-was-most-popular-cyber-crime-tool-in-2017

Harris County tightens cybersecurity after almost losing $900K in phishing attack
On Sept. 21, not three weeks after Houston was ravaged by Hurricane Harvey, the Harris County auditor’s office received an email from someone named Fiona Chambers who presented herself as an accountant with D&W Contractors, Inc. The contractor was repairing a Harvey-damaged parking lot, cleaning up debris and building a road for the county, and wanted to be paid. Chambers asked if the county could deposit $888,000 into the contractor’s new bank account. […] The incident now has become wrapped into an FBI investigation into a group that has attempted to extort local governments around the world, law enforcement officials said.
http://www.houstonchronicle.com/news/houston-texas/houston/article/Harris-County-looks-to-boost-cyber-security-after-12524738.php

Norway healthcare cyber-attack ‘could be biggest of its kind’
The attack appears to have been a concerted highly professional effort to target electronic patient data, connected to a Nato exercise scheduled for later this year.  The attach may have originated with a foreign state’s spy agency. One line of inquiry investigators are said to be following is that the hackers were aided by somebody inside one of Health South East RHF’s hospital partners. […] “It wouldn’t surprise me if it followed the route of simple attack to gain initial access to the relevant networks, followed by much more skilled post-breach exploitation to get at the health records,” Colman said.
https://www.digitalhealth.net/2018/01/norway-healthcare-cyber-attack-could-be-biggest/

Air combat commander: We depend on space systems, and we train to fight without them
In a future war against a technologically advanced military foe, the U.S. Air Force may have to fight as it did in the industrial age: With little to no access to high-speed communications or big data pipes. Air combat forces are hugely reliant on information networks and space systems, and adversaries are expected to target those capabilities regardless of how hard the U.S. military tries to defend them, said Air Force Gen. James Holmes, commander of Air Combat Command.
http://spacenews.com/air-combat-commander-we-depend-on-space-systems-but-we-train-to-fight-without-them/

Tech firms let Russia probe software widely used by U.S. government
The practice potentially jeopardizes the security of computer networks in at least a dozen federal agencies, U.S. lawmakers and security experts said. It involves more companies and a broader swath of the government than previously reported. In order to sell in the Russian market, the tech companies let a Russian defense agency scour the inner workings, or source code, of some of their products. Russian authorities say the reviews are necessary to detect flaws that could be exploited by hackers.
https://www.reuters.com/article/us-usa-cyber-russia/tech-firms-let-russia-probe-software-widely-used-by-u-s-government-idUSKBN1FE1DT

2 cybersecurity issues that companies and governments must tackle together
As cybersecurity becomes a focus for world leaders, Yahoo Finance is running a series of posts detailing ideas from top cybersecurity experts. […] “Perform joint projects to solve pressing problems, which has the simultaneous benefit of creating ‘muscle memory’ between the public & private sector, which will serve nations well if/when those two sectors have to work closer together in a crisis situation.”
https://finance.yahoo.com/news/2-cybersecurity-issues-companies-governments-must-tackle-together-153153024.html

Biden doesn’t want cyber war with Russia
“I think we should be on the offensive in making clear exactly what we know Russia and [Vladimir] Putin are doing, and that we should be working much more closely with [allies.] That message gets through,” said Biden. “Part of it is just pulling the band aid off,” he added, arguing that when the public becomes aware of foreign meddling, its “influence diminishes precipitously, like it did in France in this past election.”
https://fcw.com/articles/2018/01/24/biden-russia-the-cyber.aspx

Here we go again… UK Prime Minister urges nerds to come up with magic crypto backdoors
At the heart of the issue is software using truly end-to-end encryption – where not even the biz that developed the app is able to read messages sent between users. Governments fear that such applications will be used by extremists to plot attacks on Western targets without tipping off the intelligence agencies. Similarly, devices these days use tough filesystem encryption so not even the manufacturer can decrypt the data on demand without the password or passcode.
https://www.theregister.co.uk/2018/01/25/uk_prime_minister_encryption/

Fake news kicks into high gear in Czech presidential runoff
In the first round of the Czech presidential election earlier this month, Jiri Drahos was variously portrayed — without substantiation — as a pedophile, a thief, and a communist collaborator. The smears were part of a string of unfounded allegations in social media and on websites suspected of dealing in fake news.
http://www.homelandsecuritynewswire.com/dr20180125-fake-news-kicks-into-high-gear-in-czech-presidential-runoff

Dutch team infiltrated Russian hacker group, witnessing U.S. election meddling, DNC attack: report
“The NSA defenders, aided by the FBI, prevailed over the intruders, who were working for a Russian spy agency,” the Washington Post wrote of the U.S. counter-attack, which took over a day to thwart. “The NSA was alerted to the compromises by a Western intelligence agency. The ally had managed to hack not only the Russians’ computers, but also the surveillance cameras inside their workspace, according to the former officials,” the Post noted.
https://nltimes.nl/2018/01/25/dutch-team-infiltrated-russian-hacker-group-witnessing-us-election-meddling-dnc-attack

Census wants help evaluating its privacy-preserving software
In a request for information, the Census Bureau said the open source software it’s developing for the count  is designed to work with confidential data and will perform privacy-preserving data analysis. But because it hopes to freely redistribute its software with test datasets, it wants a third party to audit the software for privacy vulnerabilities. The software will be used for the 2020 Census of Population and Households, the 2017 Economic Census and other data products.
https://gcn.com/articles/2018/01/25/census-data-privacy-audit.aspx?admgarea=TC_SecCybersSec

Facebook Cracks Down, Hires Ex-White House Cyber Expert
The cops are in the house as Facebook ups its cybersecurity hiring former White House official to regulate the wave of hate speech and fake news spewed by Facebook users around the world. […] The cops are in the house as Facebook ups its cybersecurity hiring former White House official to regulate the wave of hate speech and fake news spewed by Facebook users around the world.
https://www.telesurtv.net/english/news/Facebook-Cracks-Down-Hires-Ex-White-House-Cyber-Expert-20180124-0042.html

Google expands controls to let you mute those annoying ads that follow you on every site
At first, it may seem an odd move. Google makes money on its ads business, and giving advertisers free rein to stalk you on every site seems really good for companies hoping to remind you of that thing you checked out one time. But the search giant wrote in a blog post out today that it wants to give you, the consumer, more transparency and control. […] It also plans to roll out the new controls on more platforms in the future, like YouTube, Search and Gmail.
https://techcrunch.com/2018/01/25/google-expands-controls-to-let-you-mute-those-annoying-ads-that-follow-you-on-every-site/

Florida cop bought cyberespionage software on own dime
The software, FlexiSpy, is marketed to jealous lovers and requires physical access to a user’s device in order to execute. The software was bought without the knowledge of the officer’s agency and it is unclear why the investigator purchased the software although some speculate the intentions weren’t malicious. The purchase was “probably a program I used on a case or tried it to understand how it worked. Nothing nefarious[.]”
https://www.scmagazine.com/florida-officer-purchased-cyberespionage-software-on-own-dime-without-agency-knowledge/article/739105/

Perv raided college girls’ online accounts for nude snaps – by cracking their security questions
Court documents do not reveal how Powell managed to guess over a thousand security questions correctly. But a LinkedIn account for Jonathan C. Powell in Phoenix, Arizona, that matches educational details cited in court documents suggests a possible explanation: he appears to have worked as a financial recruiter for staffing firm Robert Half. His work experience may have provided insight into how to find answers to common security questions.
https://www.theregister.co.uk/2018/01/25/college_nude_selfie_hacker_jailed/

Beware! Undetectable CrossRAT malware targets Windows, MacOS, and Linux systems
According to researchers, Dark Caracal hackers do not rely on any “zero-day exploits” to distribute its malware; instead, it uses basic social engineering via posts on Facebook groups and WhatsApp messages, encouraging users to visit hackers-controlled fake websites and download malicious applications. CrossRAT is written in Java programming language, making it easy for reverse engineers and researchers to decompile it.
https://thehackernews.com/2018/01/crossrat-malware.html

Hide ‘N Seek IoT botnet caught using Peer-to-Peer communication
Hide ‘N Seek is the second known botnet to date, after Hajime, that has a decentralized, peer-to-peer architecture. Bitdefender Senior E-threat Analyst Bogdan Botezatu said the virulence of the Hide ‘N Seek botnet shows how easy it is for cyber-criminals to take over IoT devices. “It also shows that cybercriminals are looking into (or experimenting with) decentralized botnet architectures to prevent possible takedowns,” Botezatu said. “Last but not least, it also shows that botmasters are looking at changing the consecrated business model of IoT botnets, moving them away from DDoS and into cyber-espionage.”
https://www.scmagazine.com/hide-n-seek-used-custom-built-peer-to-peer-communication-to-exploit-victims/article/739293/

14 flaws found that could take over industrial control systems
According to security researchers at Kaspersky Labs, 14 flaws have been discovered in Gemalto’s SafeNet Sentinel. The product is used in many industrial and mission-critical IT systems around the world. The vulnerabilities potentially open remote access to intruders and allow them to hide their presence. Researchers were looking at the security of such control systems and came across the Hardware Against Software Piracy (HASP) licence management system which is part of the SafeNet Sentinel and is responsible for verifying licencing restrictions on the use of the software.
https://www.scmagazine.com/14-flaws-found-that-could-take-over-industrial-control-systems/article/739569/

How Containers & Serverless Computing Transform Attacker Methodologies
As the network perimeter eroded and data moved into software-as-a-service offerings, smart attackers shifted to endpoint compromise and ransomware. With the rise of cloud-based systems, attackers now seek to exploit the massive quantities of data available via Web applications, microservices, and APIs. The pace of hacker innovation never slows. Now security technologies and methods must adapt with equal urgency.
https://www.darkreading.com/cloud/how-containers-and-serverless-computing-transform-attacker-methodologies/a/d-id/1330896

The Democratic National Committee hired a Yahoo executive to beef up its cyber security
After being brought into Yahoo, Lord discovered a series of data breaches amounting to the largest known hack in history. Lord was then tasked with cleaning up the mess and working with the FBI to find the culprits. “We’re excited to welcome Bob to the team and can’t wait to work with him on shoring up the DNC’s institutional cyber defenses,” DNC Chairman Tom Perez said in a statement. “When I took this job, I made it crystal clear that our organization’s cybersecurity required immediate attention and resources.”
http://www.businessinsider.com/dnc-hires-yahoo-executive-bob-lord-to-beef-up-cyber-security-2018-1

 

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.