IT Security News Blast 02-09-2018

CISO Using Artificial Intelligence

CISOs Look to Machine Learning to Augment Security Staffing Shortages
Mike Simon, CTO at Critical Informatics, describes how we integrate machine learning analysis to parse out the most interesting results for our security analysts to review. “We chose to embrace the carbon/silicon stack and focus our efforts on making the humans efficient as we present them with truly interesting things to investigate. By focusing on combining ML and human interaction, rather than trying to eliminate the human loop, we produce an astoundingly low false positive rate and continue to challenge our best-in-the-industry analysts with ever more interesting things that don’t quite make AI ring the bell but may still be worth noticing. Computers are good at boring; people are good at interesting.”

Cybersecurity job fatigue affects many security professionals
This skills shortage has multiple implications. Organizations don’t have the right sized teams and operate in a perpetually understaffed mode. Often, the cybersecurity team lacks some advanced skills in areas like security analytics, forensic investigations, or cloud computing security, putting more pressure on the most experienced staffers to pick up the slack.

International cyber crime ring smashed after more than $530 million stolen
In a statement, US investigators claimed the accused were taking part in a massive operation known as the Infraud Organization, which stole and then sold other people’s personal information, including credit card and banking information. […] Cronan said it was believed the group had intended to cause losses totaling more than $2.2 billion during their seven years of operation.

GDPR readiness low, insurer Chubb warns
“Preparedness is low, even today,” revealed Xavier Leproux (pictured), senior underwriter for technical lines at Chubb, who leads the insurer’s cyber risk practice in Paris. “Some firms are only just starting to think about important GDPR issues, such as setting up dedicated databases, with a dedicated person in charge,” Leproux warned.

Health-Care Extortion Goes Digital
Cyber extortion can also go well beyond financial demands. “Beyond the threat of crippling financial demands from a hacker, there’s the terrifying prospect of denial of service attacks on certain medical devices that could interfere with a facility’s clinical capabilities and disrupt treatment,” Jeremy D. Sherer, a health-care attorney with Hooper, Lundy & Bookman PC in Boston, told me.

Tips to tackle the biggest cyber challenge hospitals face: medical device security
When asked what actions health systems could take now to boost medical device security, he didn’t have to think about it. “Have an appropriate inventory of your medical devices,” he said. “It’s nearly impossible to effectively patch and protect medical devices without this kind of information.” When buying medical devices, he cautioned hospital executives to make sure they are buying them with the security they need.

Now that’s taking the p… Sewage plant ‘hacked’ to craft crypto-coins
The malicious software was, we’re told, chewing up processor time, noisily shifting data over the network, and potentially exploiting the fact that industrial networks tend not to be running the latest security patches – typically because they oversee critical processes that cannot be interrupted or knocked out by bad updates. In short, it’s not particular great to see malicious code running that near important systems.

Faraday rooms, air gaps can be compromised, and leak highly sensitive data
In two newly released reports, the team demonstrated how attackers can bypass Faraday enclosures and air gaps to leak data from the most highly secured computers. The Odini method, named after the escape artist Harry Houdini, exploits the magnetic field generated by a computer’s central processing unit (CPU) to circumvent even the most securely equipped room. Click here to watch the demonstration.

How Dutch Spies Were Able To Outwit Russian Hackers
According to a report in de Volkrsrant, a highly regarded daily paper in the Netherlands, Dutch intelligence hackers had gained access to Cozy Bear’s computers in 2014 and remained there for between one and two-and-a-half years. The hackers were reportedly even able to monitor Cozy Bear team members’ comings and goings through a compromised security camera, comparing their images to those of already known Russian spies.

The Netherlands just revealed its cyber-capacity. So what does that mean?
There’s a new cyberpower in the world. Last month, Dutch reporters from Nieuwsuur and de Volkskrant revealed that in mid-2014 the Dutch Joint Sigint Cyber Unit (JSCU) infiltrated the computer networks of the infamous Russian hacker group “Cozy Bear.” By sharing information with their U.S. counterparts, JSCU helped oust the Russian government-linked group thought to be responsible for the Democratic National Committee breach during the 2016 U.S. presidential campaign.

Russian Tumblr trolls posed as black activists to stoke racial resentment ahead of 2016 U.S. election
As was the case with the fake accounts created by Russian government operatives on other social media platforms such as Facebook, Twitter, and Instagram, the fake Tumblr accounts aimed to help Donald Trump win the 2016 election by spreading messages which stoked racial and ethnic resentment and intensified political polarization. The Russian accounts on Tumblr disseminated content on issues such as police violence against young African-Americans.

DHS needs more cybersecurity workers while also figuring out where to put them
Shutdowns and continuing resolutions don’t just impact the military’s readiness. The Department of Homeland Security said its mission is also affected by stopgap funding. DHS deputy secretary Elaine Duke told senators her agency feels constrained and unable to begin new projects without getting new funding authorized by Congress. Claire Grady, the undersecretary for management, also said a slew of short-term CRs has delayed DHS on everything from new hiring efforts to major acquisitions.

Today’s Revolution: Cybersecurity and the International Order
The final and most fundamental type of revolution is first-order revolution, or what Kello terms “systems change” (13). This phenomenon “concerns not the balance of power but the balance of players” (251), and it occurs when “new players (hacktivists and technology firms, for instance) challenge the traditional supremacy of states, thus altering the system’s very building blocks” (13).

Trump can end the ISIS cybersecurity threat once and for all
Since President Trump’s inauguration, terrorist organizations have expanded their online activities. As ISIS’s physical caliphate has crumbled, its cyber caliphate has strengthened. It has intensified its recruiting outreach to Westerners — and more Americans are joining. Jihadis’ dependence on the Germany-based encrypted app Telegram has increased and gone unchallenged, as jihadis test a new generation of products from social media companies, most of them offering encryption.

Sorry, FCC: Charter will lower investment after net neutrality repeal
Charter, the second largest US cable company after Comcast, “is investing more in its broadband network and workforce because of the FCC’s Restoring Internet Freedom Order [that repealed net neutrality rules] and last year’s tax reform legislation,” FCC Chief of Staff Matthew Berry claimed in a tweet Friday. But as we noted earlier this week, Charter raised its capital investment in 2017 while the net neutrality rules were in place. And with the repeal soon to take effect, Charter says it is preparing for a “meaningful decline” in spending on building and upgrading broadband networks.

John Perry Barlow, The Thomas Jefferson of Cyberspace, R.I.P.
Governments of the Industrial World, you weary giants of flesh and steel, I come from Cyberspace, the new home of Mind. On behalf of the future, I ask you of the past to leave us alone. You are not welcome among us. You have no sovereignty where we gather. We have no elected government, nor are we likely to have one, so I address you with no greater authority than that with which liberty itself always speaks. I declare the global social space we are building to be naturally independent of the tyrannies you seek to impose on us…..

81% of Cybersecurity Pros See Value in Threat Intelligence
According to the report, some of the most popular security operations tasks that threat intelligence programs support include detection (79%), incident response (71%), blocking threats (70%) and threat hunting (62%). Many of the survey responses indicated that the increased emphasis on threat intelligence and information sharing was key to allowing operations teams to quickly search for existing compromises and proactively block access from external clients.

Apple’s top-secret iBoot firmware source code spills onto GitHub for some insane reason
The source was swiftly taken down following a DMCA complaint by Apple, which means the code must be legit or else Cupertino would have no grounds to strip it from the website. However, at least one clone of the software blueprints has remerged on GitHub, meaning you can find it if you look hard enough.

Apple Downplays Impact of iBoot Source Code Leak
“Old source code from three years ago appears to have been leaked, but by design the security of our products doesn’t depend on the secrecy of our source code. There are many layers of hardware and software protections built into our products, and we always encourage customers to update to the newest software releases to benefit from the latest protection,” Apple said in a statement.

Coinhive being spread by hackers hacking back other hackers
Malwarebytes’ researcher Nathan Collier detailed one such campaign that is designed to attract a nefarious actor who is searching for a way to hack into a specific app. These hacking apps are usually used to obtain an app for free or gain, but the person who created the Trojan uses a combination of excellent social engineering in combination with some rather initial execution that comes together to inject the miner without the victim knowing what has happened. Along with some other malware.

Wish you could log into someone’s Netgear box without a password? Summon a &genie=1
Some 17 Netgear routers have a remote authentication bypass, meaning malware or miscreants on your network, or able to reach the device’s web-based configuration interface from the internet, can gain control without having to provide a password. Just stick &genie=1 in the URL, and bingo. That’s pretty bad news for any vulnerable gateways with remote configuration access enabled, as anyone on the internet can exploit the cockup to take over the router, change its DNS settings, redirect browsers to malicious sites, and so on.



Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.