IT Security News Blast 02-05-2018

Healthcare Cybersecurity

Woman at top of her game seeks girls with a cyber-aptitude
The program, “Girls Go Cyberstart,” is being run by the SANS Institute, a security education organization. The online problem and puzzle-solving competition is open to high school-age girls in 18 states and American Samoa. The game, which starts Feb. 20, has participants protecting an imaginary headquarters and moon base by cracking codes, plugging security gaps and creating software tools. It is designed to test aptitude in areas such as cryptography and digital forensics.
http://business.financialpost.com/pmn/business-pmn/woman-at-top-of-her-game-seeks-girls-with-a-cyber-aptitude

Cyber attacks on Israeli banks rose in last six months -regulator
“In the last half year, we have seen an increase in attempts at fraud via phishing, aimed at banking system customers with the intent to steal funds from their accounts,” the central bank said, adding that the attacker initially tries to steal the customer’s login and other personal details aimed at transferring funds between accounts.
https://www.reuters.com/article/israel-cyber-cenbank/cyber-attacks-on-israeli-banks-rose-in-last-six-months-regulator-idUSL8N1PU09Y

2018 cybersecurity resolutions: check the health of your cyber compliance
As cybersecurity is making its way to the forefront of business conversations, it’s clear that we need to rethink how we approach compliance. Industries are starting to approach compliance from a proactive standpoint encouraging the use of frameworks, and the government is cracking down on those who deal with critical government data.
https://www.csoonline.com/article/3251798/compliance/2018-cybersecurity-resolutions-check-the-health-of-your-cyber-compliance.html

Why healthcare cybersecurity spending will exceed $65B over the next 5 years
As the healthcare space continues digitizing all of its information, it continues to attract more attention from cyber criminals. For anyone who needs some convincing on the magnitude of the problem the healthcare industry faces, consider this partial list of hacks, breaches and related activity that occurred in 2017.
https://www.csoonline.com/article/3252343/cyber-attacks-espionage/why-healthcare-cybersecurity-spending-will-exceed-65b-over-the-next-5-years.html

CIOs and CISOs working together as attack threats grow
Healthcare IT executives say it’s crucial for them to work closely and in coordination with CISOs to ensure cybersecurity strategies mesh effectively with an organization’s IT initiatives. Providers are realizing that the risks to their operations couldn’t be higher, particularly as healthcare organizations have become dependent on electronic clinical records for continuity of care and operations.
https://www.healthdatamanagement.com/news/cios-and-cisos-working-together-as-attack-threats-grow

In San Diego, a Rigorous Look at What’s Being Learned from the WannaCry and NotPETYA Attacks
Here in the US, we got lucky. I was at Millennium Healthcare then. SMB [Server Message Block] was blocked, that was the first thing. And then, how are our backups protected? And then patching. And it turns out, the basic security hygiene was needed. Look at what happened at NHS. And to be honest, we hadn’t patched as well as we could have. It’s hard to do, especially in the healthcare space, because you’ve got to test, and you don’t want to bring down patient care.”
https://www.healthcare-informatics.com/article/cybersecurity/san-diego-rigorous-look-what-s-being-learned-wannacry-and-notpetya-attacks

No, the US Won’t Respond to A Cyber Attack with Nukes
The idea that the U.S. is building new low-yield nuclear weapons to respond to a cyber attack is “not true,” military leaders told reporters in the runup to the Friday release of the new Nuclear Posture Review. […] When would the U.S. launch a nuclear attack in response to a non-nuclear event? The Defense Department says the threshold hasn’t changed since the Obama administration’s own nuclear posture review in 2010, but a draft of the new review that leaked online caused a bit of drama in its attempts to dispel “ambiguity.”
http://www.defenseone.com/technology/2018/02/no-us-wont-respond-cyber-attack-nukes/145700/

It’s super cheap to launch an effective cyber-espionage scheme
Over the course of nearly two years, Citizen Lab estimated that a hacking group possibly linked to the Chinese government had spent $1,068 in order to stand up computer systems that were used to target people primarily linked to Tibet; an autonomous territory bordering Nepal and Bhutan that is loosely controlled by the Chinese government.
https://www.cyberscoop.com/cheap-hacking-china-tibet-citizens-lab/

Hacking threats loom over 2018 Olympics
Experts are observing an uptick in phishing attacks orchestrated by run-of-the-mill cyber criminals that use the games as a hook to draw attendees and other would-be victims into scams. “It’s growing at an exponential rate,” said Paul Martini, CEO of network security company iboss. “The accessibility to technology to enable criminal activity is just easier and easier.”
http://thehill.com/policy/cybersecurity/371883-hacking-threats-loom-over-2018-olympics

Cyber debris: Outdated cameras risk stifling IoT boom
Just as in outer space, so a similar danger lurks in cyberspace. “Cyber debris” — routers, webcams and other devices that are no longer used but are still online — offer a tempting target for hackers. With the growth of the internet of things, the problem is set to spread to everyday appliances such as washing machines, microwave ovens and refrigerators. […] Devices that are online but have not been used for a while are particularly vulnerable to attack. This pile of outdated hardware is expected to continue growing.
https://asia.nikkei.com/Tech-Science/Tech/Cyber-debris-Outdated-cameras-risk-stifling-IoT-boom

Security Bug Affects Over 300,000 Oracle POS Systems
The flaw is nothing to ignore, according to Dmitry Chastuhin, the ERPScan security researcher who discovered the issue (tracked as CVE-2018-2636). […] The flaw can be exploited remotely via carefully crafted HTTP requests. A Shodan search shows that around 170 poor souls have misconfigured their POS systems, which are now available online and could be exploited if they have not been updated with Oracle’s patches.
https://www.bleepingcomputer.com/news/security/security-bug-affects-over-300-000-oracle-pos-systems/

Why cops won’t need a warrant to pull the data off your autonomous car
For now, law enforcement in one major hub of AV development and testing seems to have few clear ideas as to how they will integrate these vehicles into their traffic enforcement practices, much less their investigative process. But AVs could soon become—absent a notable change in the law—a TiVo-on-the-ground. In other words, as auto manufacturers and tech companies race to take AVs mainstream, they may become a gold mine for law enforcement.
https://arstechnica.com/tech-policy/2018/02/why-self-driving-cars-may-be-heaven-for-investigating-crimes-and-accidents/

Internet Crime Complaint Center Impersonated for Malware & Phishing Scam
The Federal Bureau of Investigation (FBI) has identified a new phishing scam where hackers have created a fake federal online crime complaint portal (Internet Crime Complaint Center (IC3) on social media to deceive users into giving out their private and confidential data. The FBI has also issued a security alert on 1st February informing that it has received complaints from numerous citizens who have reported about receiving emails from the Internet Crime Complaint Centre (IC3).
https://www.hackread.com/internet-crime-complaint-center-malware-phishing-scam/

Cryptocurrency botnets are rendering some companies unable to operate
Like cryptocurrency mining botnets known as Adylkuzz and Zealot, Smominru appropriates potent exploit code developed by the National Security Agency and later published online by a group calling itself the Shadow Brokers. Like Zealot, Smominru uses other exploit techniques to infect targeted computers, but it can fall back on the NSA-developed EternalBlue in certain cases, presumably for spreading from machine to machine inside infected networks or when other infection techniques fail on a machine that hasn’t been patched.
https://arstechnica.com/information-technology/2018/02/cryptocurrency-botnets-generate-millions-but-exact-huge-cost-on-victims/

Gas station software flaws offer cheap gas, admin rights, and more
The faulty software is installed in more than 35,000 service stations and 7 million vehicles in 60 countries, according to Orpak System’s marketing literature however, not all of the systems are connected to the internet or exposed. “If a company with multiple gas stations has just one system connected to the internet, an attacker who gains access to that one system can then control other gas stations not accessible through the internet as well as access other systems connected to that network, such as business systems and surveillance cameras,” the report said.
https://www.scmagazine.com/gas-pump-vulnerabilities-in-widespread-software-grant-low-prices-and-credit-card-data/article/741764/

Hey, you know what the internet needs? Yup, more industrial control systems for kids to hack
The growing prevalence of vulnerable ICS kit is a problem because any would-be miscreant can find unprotected industrial control systems simply by searching on Google or Shodan. The release of a new point-and-hack tool, dubbed AutoSploit, that searches for vulnerable devices online using Shodan before using Metasploit’s database of exploits to potentially hijack vulnerable devices make an already unpleasant picture even uglier.
https://www.theregister.co.uk/2018/02/02/industrial_control_system_security/

139 Malware Samples Identified that Exploit Meltdown & Spectre Flaws
However, the majority of these samples are based upon already existing proof-of-concept coding from numerous security experts but it is indeed concerning that the number of unique samples has increased considerably over the past few weeks. The number of samples collected by AV-Test on January 7th was rather low but by January 21st the company managed to collect a hundred samples and at the end of January, the total count of samples reached 139.
https://www.hackread.com/139-malware-samples-identified-that-exploit-meltdown-spectre-flaws/

New Western Digital My Cloud Bugs Give Local Attackers Root on NAS Devices
The two WD My Cloud vulnerabilities disclosed by Trustwave include an arbitrary command execution flaw and an arbitrary file deletion (via specific parameters) bug. Impacted are the following Western Digital models: My Cloud Gen 2, My Cloud PR2100, My Cloud PR4100, My Cloud EX2 Ultra, My Cloud EX2, My Cloud EX4, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100 and My Cloud DL4100.
https://threatpost.com/new-western-digital-my-cloud-bugs-give-local-attackers-root-to-nas-devices/129766/

Here’s the Solution to the 3-Year-Old, $50,000 Bitcoin Puzzle
Isaac detailed his process of solving the puzzle to me in a chat, and his solution was corroborated by @coin_artist. He shared screenshots of his conversations with other puzzle players, and to prove that he was in fact in control of the coins, Isaac also signed a message to the wallet address using the phrase that was placed before the start of the Bitcoin wallet private key coded into the painting. That phrase was “B34u7y, truth, and rarity.”
https://motherboard.vice.com/en_us/article/kzpqzz/heres-the-solution-to-the-3-year-old-dollar50000-bitcoin-puzzle

 

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.