IT Security News Blast 02-12-2018

Equity Surveillance Cybersecurity
US equity surveillance system gets new security chief
The long delayed surveillance system to monitor trading in the world’s largest equity market is getting a security watchdog in an effort to address security concerns and push the plan forward.  […] The move comes in response to concerns among the main US exchanges — including the New York Stock Exchange, Nasdaq and Cboe Global Markets — that the project to collect the data for millions of orders and quotes on US equity and options markets in real time could be compromised by cyber crime.
https://www.ft.com/content/edadb70c-0d86-11e8-839d-41ca06376bf2

Financial institutions need to prepare against cyber attacks
“To meet changing regulatory requirements, companies in the financial space need to access infrastructural expertise, to generate a working, real-time picture of the entire framework. Only after gaining this level of visibility can the right security policies be fitted to each application in a way that fits within the functioning of the existing system, allowing components to communicate as they need to whilst closing them off from external threats.”
https://www.openaccessgovernment.org/financial-institutions-need-prepare-cyberattacks/42378/

Equifax says more private data was stolen in 2017 breach than first revealed
The exposure of tax identification numbers was likely because they were found in the same portion of the database where other tax numbers, like Social Security numbers, were stored. Commenting in several tweets, Warren said: “In October, when I asked the CEO about the precise extent of the breach, he couldn’t give me a straight answer. So for five months, I investigated it myself.” “My investigation revealed the depth of the breach and cover-up at Equifax,” she added. “And since I published the report, Equifax has confirmed it is even worse than they told us.”
http://www.zdnet.com/google-amp/article/hackers-stole-more-equifax-data-than-first-thought/

Businesses with Apple and Cisco products may now pay less for cybersecurity insurance
Apple and Cisco announced this morning a new deal with insurer Allianz that will allow businesses with their technology products to receive better terms on their cyber insurance coverage, including lower deductibles – or even no deductibles, in some cases. Allianz said it made the decision to offer these better terms after evaluating the technical foundation of Apple and Cisco’s products, like Cisco’s Ransomware Defense and Apple’s iPhone, iPad and Mac.
https://techcrunch.com/2018/02/05/businesses-with-apple-and-cisco-products-may-now-pay-less-for-cybersecurity-insurance/

Cyber Extortion Schemes Undermining Patient Care
In some cases, a hacker can freeze a health organization’s entire computer system, preventing doctors from reviewing patient records and performing procedures. Medical records can also be held hostage, with a hacker promising to sell them if payment isn’t received. For example, Hancock Regional Hospital in Greenfield, Ind., was targeted by hackers in early January and ended up paying $50,000 to recover use of its computer systems.
https://www.bna.com/cyber-extortion-schemes-n57982088492/

Tennessee Hospital Hit With Cryptocurrency Mining Malware
On November 27, 2017, the hospital received a security incident report from its EMR system vendor, which said unauthorized software, designed to mine cryptocurrency, had been installed on the server supported by the vendor. An ongoing investigation has indicated an unauthorized attacker accessed the server with the EMR system and injected the software. The hospital’s EMR server contained data including patient names, addresses, birthdates, and social security numbers, as well as diagnosis and treatment data.
https://www.darkreading.com/attacks-breaches/tennessee-hospital-hit-with-cryptocurrency-mining-malware/d/d-id/1331014?piddl_msgid=330692#msg_330692

Time’s Just About Up to Secure the 2018 Midterm Elections
Virginia memorably took the plunge this fall, rushing to finish a decade-long process of replacing all of its digital-only touchscreen voting machines with voter-marked paper ballots. Shortly after at the end of November, Colorado completed a large-scale election system integrity audit (known as a “risk-limiting audit”) first mandated by the state legislature in 2009 and delayed from an original 2014 goal. Rhode Island is working to implement risk-limiting audits for this year’s elections. And Michigan is on track to replace all of its aging and unsupported voting machines with new paper ballot systems in time for the state’s August primaries.
https://www.wired.com/story/time-about-up-to-secure-2018-midterm-elections/

Cryptocurrency Mining Malware Hits Monitoring Systems at European Water Utility
“A cryptocurrency malware attack increases device CPU and network bandwidth consumption, causing the response times of tools used to monitor physical changes on an OT network, such as HMI and SCADA servers, to be severely impaired,” the company explained. “This, in turn, reduces the control a critical infrastructure operator has over its operations and slows down its response times to operational problems.”
https://www.securityweek.com/cryptocurrency-mining-malware-hits-monitoring-systems-european-water-utility

U.S., UK government websites infected with crypto-mining malware: report
More than 4,200 sites were infected with a malicious version of a widely used tool known as Browsealoud from British software maker Texthelp, which reads out webpages for people with vision problems, according to The Register. The news comes amid a surge in cyber attacks using software that forces infected computers to mine crypto currencies on behalf of hackers. The prevalence of these schemes has increased in recent months as the volume of trading in bitcoin and other crypto currencies has surged.
https://www.reuters.com/article/us-bitcoin-cyber/u-s-uk-government-websites-infected-with-crypto-mining-malware-report-idUSKBN1FV0VO

Pyeongchang Olympics Hit By Cyber Attack, With Widespread Rumors Russia to Blame
Per the paper, officials have been vague about the suspected attack but rumors are swirling that it could be Russian in origin following the country’s displeasure at serious penalties for its athletes following a massive doping scandal: Pyeongchang 2018 spokesperson Sung Baik-you refused to confirm the country behind the attack but said: “There was a cyber-attack and the server was updated yesterday during the day and we have the cause of the problem.”
https://gizmodo.com/pyeongchang-olympics-hit-by-cyber-attack-with-widespre-1822909628

NATO Introduces Cyberspace into Kinetic Battlefield
”This year we used the mobile network technologies for identifying a target, drone surveillance and 5G sensors for acquiring its location and gathering further information enabling to accomplish the goal. Operations in cyberspace, no matter how vast it is, can reach only as far as it has some form of connectivity,” said Bernhards Blumbergs, cybersecurity expert from CERT.LV.
https://i-hls.com/archives/81300

DHS Needs More Cybersecurity Workers—It Just Doesn’t Know Where Or What Kind
“Your report basically says DHS has missed all kinds of deadlines,” said Sen. Rob Portman, R-Ohio, addressing GAO Managing Director for Homeland Security and Justice George Scott during a Feb. 7 roundtable on the DHS Reauthorization Act. “I understand the need to help state and local [cybersecurity]. I understand the need to harden our own [cybersecurity]. But if you don’t have the personnel to do it, that makes it challenging,”
http://www.nextgov.com/cio-briefing/2018/02/dhs-needs-more-cybersecurity-workersit-just-doesnt-know-where-or-what-kind/145802/

The cyber secrets that are too good to reveal
Spying, internet surveillance and hacking are secretive worlds, but sometimes the need for secrecy can get in the way of their ultimate goals. Being asked to show how you have obtained evidence can mean giving up an asset that is worth more than the actual evidence itself. The predicament was highlighted last year in the US, when FBI officials used a previously unknown exploit to infiltrate, take over and investigate a dark web child abuse ring.
http://www.itpro.co.uk/exploits/30494/the-cyber-secrets-that-are-too-good-to-reveal

That mega-vulnerability Cisco dropped is now under exploit
The update didn’t say how widespread the attacks are, whether any of them are succeeding, or who is carrying them out. On Twitter on Thursday, Craig Williams, a Cisco researcher and director of outreach for Cisco’s Talos security team, wrote of the vulnerability: “This is not a drill..Patch immediately. Exploitation, albeit lame DoS so far, has been observed in the field.”
https://arstechnica.com/information-technology/2018/02/that-mega-vulnerability-cisco-dropped-is-now-under-exploit/

Lenovo Warns Critical WiFi Vulnerability Impacts Dozens of ThinkPad Models
Both vulnerabilities are tied to controllers used by Broadcom’s wireless LAN driver that contain buffer overflow flaws, which can be exploited by an attacker that can gain arbitrary code execution on the adapter, but not the targeted system’s CPU.  Both CVEs are rated “critical” and have scores of 10 on Mitre’s CVSS scale.
https://threatpost.com/lenovo-warns-critical-wifi-vulnerability-impacts-dozens-of-thinkpad-models/129860/

New Tech Support Scam Freezes Chrome, Firefox & Brave Browser
A new scam campaign has been discovered by Malwarebytes researchers that targets the most reliable internet browsers in the world including Google Chrome Firefox and Brave. The campaign involves sending of a fake error message that contains malicious coding and leads to locking up the browser. According to Malwarebytes’ lead intelligence analyst Jerome Segura, the bug in the error message renders the browser “unresponsive” and makes the Windows OS “unstable” if it is allowed to run for a specific time period.
https://www.hackread.com/tech-support-scam-freezes-chrome-firefox-brave-browser/

UDPoS malware spotted exfiltrating credit card data via DNS server 
The malware’s most distinguishing feature is its use of DNS requests for data exfiltration which researchers described as an unusual technique albeit one that has been seen in other POS malware. The malware also uses a Command & Control server located in Switzerland which is not a location malicious actors typically use for their infrastructure. It is unclear whether or not the malware is currently being used in campaigns in the wild although the malware’s coordinated use of LogMeIn-themed filenames and C2 URLs coupled with evidence of an earlier Intel-themed variant suggest that may be the case.
https://www.scmagazine.com/udpos-malware-first-new-malware-spotted-in-a-while/article/743172/

Cloud computing chaos is driving identity management changes
So much is happening so quickly that it’s driving cloud computing chaos — massive and constant change. This flies in the face of the old cybersecurity adage that change is the enemy of security. This chaotic situation is especially pronounced with identity management, which tends to be a patchwork infrastructure that is touched by many but that no one really owns. In other words, cloud computing expansion is stressing an already-brittle IAM system.
https://www.csoonline.com/article/3252092/security/cloud-computing-chaos-is-driving-identity-management-changes.html

Russian nuclear weapons engineers caught ­­­­minting blockchange with supercomputer
Because of the nature of the work at the Institute, technically none of the Institute’s computers—including its 1-petaflop capable supercomputer, used for simulating tests of nuclear weapons designs—is supposed to be connected to the Internet. According to the Russian news service Mash, someone at the Institute attempted to connect the supercomputer to the Internet, and that attempt was detected by the FSB, launching an investigation.
https://arstechnica.com/tech-policy/2018/02/russian-nuclear-weapons-engineers-caught-%c2%ad%c2%ad%c2%ad%c2%adminting-blockchange-with-supercomputer/

 

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.