IT Security News Blast 02-02-2018

CISO Map out Cybersecurity Plans

Consistent growth fuels Future Fund cyber fears
Future Fund chairman Peter Costello said in a portfolio update this morning that the sovereign wealth fund considers cybersecurity risk to be a major threat as it’s difficult to stay ahead of attacks. He said the fund is fortunate to be able to work with other government agencies in formulating defensive strategies and employs the most sophisticated programs to combat such threats.

CISOs map out their cybersecurity plan for 2018
“There are always more opportunities to make more impact and add more controls than there are the resources and time to do so,” he said. “So how do we create a decision-making framework so we get [our priorities in order]? And we’re not doing things because it’s a shiny object, but instead because it [has] real business impact?”

UL Develops Standard for ICS Cybersecurity Assurance
Programs such as the UL Cybersecurity Assurance Program (UL CAP) minimize risk for manufacturers by helping ensure that software is secure and remains secure throughout its use. By deploying consistent testable criteria, companies can begin to reduce exploitation, address known malware, enhance security controls and expand security awareness; all essential steps for conducting business in today’s connected world.

Healthcare’s Secret Weapon for Securing the IoMT
Real-time threat detection is made possible by SIEM solutions because they gather data and analytics from every solution deployed across the network to secure and protect it. This information is then cross-correlated and stored in a single location, providing healthcare IT teams with greater visibility into security incidents happening anywhere across the distributed network environment. But detecting a threat isn’t enough. It’s just as important that IT teams have a mitigation plan in place in order to immediately and automatically respond once the SIEM detects a security incident.

Industrial cyber security continues to be poor, warns report
This is especially worrying in light of the fact that ICS components left exposed to the public internet is increasing every year, and that these components typically run factories, transport networks, power plants and other facilities. The researchers found a nearly 10% increase to 64,287 in the past year of IP addresses for ICS components in the US, which along with the Germany, China, France and Canada have the largest number of internet-accessible ICS components.

Cyber officials warn of unipharm plague, nuke meltdown, future dangers
Margalit said pharmaceutical companies all over Europe were hacked in a massive cyber attack in June 2017, and that the hackers, presumed to be Russian, “could have changed the makeup of chemicals in the manufacturing of drugs… which could have brought a cyber plague to Europe.” Instead, the hackers just stole IP addresses, but he said that did not change what they could have done or what other hackers might do in the future if companies do not up their cyber defense game.

Thinking about a Career Move in Cybersecurity?
The most recent “Annual Cybersecurity Jobs Report” (2017 edition) from Cybersecurity Ventures posits that 100% of large companies globally will have a CISO by 2021. Given the scarcity of experienced people to fill these positions, there will be a lot of first-time CISOs heading up security for their employers over the next decade, an altogether different problem. But this does remove some barriers in the way of climbing the corporate security ladder.

Automation proves useful for agencies’ cyber defense strategies
“Once we get to that utopia — once 90 percent of that generally is being handled in an automated fashion, then I can really use the vast majority of my workforce to focus on what I really need them to do, which is the 10 percent of really bad guys,” Beckman said Jan. 29 at the Institute for Critical Infrastructure Technology’s Winter Summit in Arlington, Virginia.

Tending Goal: the U.S. Cyber Command’s Network Defense Headquarters
DOD also reported that all 133 of the command’s Cyber Mission Force teams are on target to be fully operational by September. The force includes 13 National Mission teams, which defend the United States and its interests against cyber attacks; 68 cyber protection teams, which defend DOD’s priority networks and systems; 27 combat mission teams, which support the combatant commands with integrated operational cyberspace effects; and 25 support teams, which offer analytical and planning support to the National Mission and Combat Mission teams.

Hezbollah Goes on the Cyber Offensive with Iran’s Help
Maturing under Tehran’s tutelage, Hezbollah’s hackers are quickly learning the art of cyber warfare. The formidable militant organization is increasingly turning its attention to the digital realm to engage in espionage, psychological operations, disruption of critical services and criminal activity to fund its activities on the ground.

Size Doesn’t Matter for Spies Anymore
From the Brits to the Australians, everyone wants to say they were the ones to tip off the Americans about Russian hacking. […] The Dutch Joint Sigint Cyber Unit has about 300 staff members, but fewer than 100 are in its digital intelligence team, and most of those are actually handling cyber defense. This is not a large outfit by any standards, and yet they apparently managed not just to break into Cozy Bear’s systems for over a year but also to hack the security camera at their front door, so they could take pictures of everyone working there or even visiting.

Dutch Banks, Tax Agency Under DDoS Attacks a Week After Big Russian Hack Reveal
Citing sources, Dutch security researcher Rickey Gevers claimed the attacks reached a peak of 40 Gbps in volume. He also said the attacks came mainly from IP addresses associated with home routers. A report by NL Times citing sources with antivirus vendor ESET claimed some of the DDoS attacks were also carried out using the Zbot malware, a known (desktop-based) banking trojan based on the old ZeuS banking trojan. The same report claimed the command and control servers for this botnet were based in Russia.

Appeals court: Twitter can’t be sued for “material support” of terrorism
A three-judge panel unanimously ruled that the plaintiffs had not shown that Twitter was close enough to the violence that tragically ended the lives of their loved ones. “We conclude that Twitter has the better of the argument and hold that to satisfy the ATA’s ‘by reason of’ requirement, a plaintiff must show at least some direct relationship between the injuries that he or she suffered and the defendant’s acts,” the judges wrote.

Adobe Flash Player Zero-Day Spotted in the Wild
“Adobe is aware of a report that an exploit for CVE-2018-4878 exists in the wild, and is being used in limited, targeted attacks against Windows users. Adobe will address this vulnerability in a release planned for the week of February 5,” according the advisory.

New Monero mining malware infected 500K PCs by using 2 NSA exploits
Dubbed Smominru by researchers, the is highly sophisticated malware has infected 526,000 Windows-based computers since May 2017 and is capable of mining around 24 Monero (XMR) per day which is currently $5,657. So far, the malware has generated 8,900 Monero which is around $2 million from targets in India, Russia, and Taiwan.

New cryptocurrencies offer better anonymity, new security challenges
Bitcoin is a mature and crowded ecosystem, and miners typically need specialized computing equipment to make any money. Monero is intended to be mined by regular computers, says Mike Price, CTO at cybersecurity vendor ZeroFox. That means the mining isn’t concentrated in a few big mining operations, but distributed more widely across people’s personal computers.

New IoT botnet offers DDoSes of once-unimaginable sizes for $20
Calling itself Los Calvos de San Calvicie, the group is advertising several services on this site. Among the services are distributed denial-of-service attacks of 290 to 300 gigabits per second for $20 each. While a third the size of some of the biggest recorded attacks, 290Gbps is still enough to bring most sites down unless they seek DDoS mitigation services, which in many cases cost considerable amounts of money. Just five years ago, 300Gbps was considered enough volume to shut down the Internet’s core infrastructure.

Stolen adult site login credentials help fuel dark web economy
The top five most most-often sold credentials were those for accounts on Naughty America (2,575 sales offers), Brazzers (1,228 sales offers), Mofos (789 sales offers), Reality Kings (294 sales offers), and Pornhub (153 sales offers). Researchers said it’s important to not view the ranking as some sort of testament to the security of the sites, but more so as a testimony to the popularity of the sites.



Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.