IT Security News Blast 02-13-2018

How do you measure Cyber Risk?

Businesses ignore climate, cyber threats at their own peril 
This year’s edition paints a particularly bleak picture of a chaotic future where humankind is waging battles on two fronts: preserving the environment and managing rapid advancements in technology. Environmental and technological risks lead the WEF Global Risks Perception Survey, taking the top five spots in a list of most-likely risks: extreme weather events; natural disasters; cyberattacks; data fraud or theft; failure of climate-change mitigation and adaption.
http://thehill.com/opinion/energy-environment/373461-businesses-ignore-climate-cyber-threats-at-their-own-peril

Importance of Banking Relationships In The Age of Hacking
It is impossible for any security solutions vendor to guarantee you will be able to thwart 100% of the attacks waged by hackers to gain access to your systems. At the same time, consumers expectations of 24/7 access to services from any connected device are not diminishing. Just the opposite, in fact. Therefore, your focus needs to be on mitigating the risk of a data breach by protecting sensitive information, should an attacker get past your defenses.
https://thefinancialbrand.com/70371/relationship-banking-crm-cybersecurity-hacking-trends/

Equifax Confirms ‘Probable’ Breached Data Was Indeed Stolen
The breach, which began on March 10, 2017, led to the ousting of the company’s CIO, CSO as well as CEO Richard Smith, who blamed “human error” for the company’s failure to patch the Apache Struts web application that hackers exploited (see Equifax Ex-CEO Blames One Employee For Patch Failures). The U.S. Federal Trade Commission and the Department of Justice, state of New York, and regulators in Canada and the United Kingdom are investigating the Equifax breach. The breach has also sparked numerous class action lawsuits.
https://www.bankinfosecurity.com/equifax-confirms-probable-breached-data-was-indeed-stolen-a-10644

How do you measure cybersecurity risk? [Podcast]
Howard talks about using tools to reduce the manual response aspect of reacting to a cybersecurity event. He details his definition of terms like extensibility and flexibility when it comes to managing federal resources. During the interview, he talks about concepts like the cyber kill chain, doxing, and threat intelligence sharing.
https://federalnewsradio.com/federal-tech-talk/2018/02/how-do-you-measure-cybersecurity-risk/

Implementing the NIST CSF for Improved Healthcare Data Security
The diversity of the healthcare landscape is a cybersecurity challenge, Barrett stated. For example, there are small medical practices where one physician might be the bookkeeper, the CEO, and other positions. But there are also the incredibly intricate hospital systems. Larger hospitals typically have an exquisitely complicated technology landscape and architectures inclusive of IoT in the form of medical devices. There is an emerging technology space and emerging threat space. Small physician practice will also have IT concerns though, whether they’re in-house or on how things are hosted outside of the strict boundary of the organization.
https://healthitsecurity.com/news/implementing-the-nist-csf-for-improved-healthcare-data-security

Increasing hacker threats to the healthcare industry
According to a recent report from cybersecurity firm Norton, hackers stole a total of £130 billion from consumers in 2017. These attacks hit over 978 million victims around the world and include large scale attacks on the NHS like WannaCry. However, surprisingly, still more than a quarter of those compromised believe they are safe from future attacks. Norton warns cybercrime victims that they’re not doing enough to protect themselves against these types of attacks and that attacks of this nature are only set to increase as new threat vectors are sought in 2018.
https://www.med-technews.com/news/increasing-hacker-threats-to-the-healthcare-industry/

Helping insureds reach ‘corporate levels of cyber security’ at home
An open home Wi-Fi connection versus a password protected system could make all the difference if a bad actor attempts to hack a personal bank account or bitcoin wallet. High net worth (HNW) individuals with deep pockets are particularly at risk of personal cyberattacks. Member-owned PURE Insurance, which serves HNW clients, has developed an innovative cyber fraud offering to protect PURE members from falling prey to cybercrime.
https://www.insurancebusinessmag.com/us/news/cyber/helping-insureds-reach-corporate-levels-of-cyber-security-at-home-91983.aspx

Trump requests $3.3B for DHS cyber unit in 2019
The administration’s new fiscal 2019 funding proposal for the National Protection and Programs Directorate (NPPD) includes over $700 million to operate and support the directorate’s cybersecurity branch, according to documents released by the administration on Monday. Roughly $225 million would go toward cyber readiness and response efforts and $460 million for federal cybersecurity.
http://thehill.com/policy/cybersecurity/373457-trump-requests-33-billion-for-homeland-security-cyber-unit-in-2019

America lost a cyberwar to Russia in 2016. When will we have truth? 
The problem today is that the United States has not just won a war, but lost one. Carl von Clausewitz, the great student of war, defined its aim as altering the will of the enemy. In the 21st century, in the age of cyber, this can be achieved without combat. America lost a cyberwar to Russia in 2016, the result of which was the election of Trump. Defeat is hard to face; but every delay in facing the hard facts makes matters worse. This is no time for parades.
https://www.theguardian.com/commentisfree/2018/feb/12/america-cyberwar-russia-2016-memo-truth

Cyber experts identify destructive malware used against Olympics
Experts at Cisco’s threat intelligence arm Talos have dubbed the malware “Olympic Destroyer,” saying that initial analysis indicates that the malware was designed to destroy data. […] Organizers have not disclosed much publicly about the incident, which disrupted internet access and Wi-Fi during the opening ceremonies and also took the Olympics website offline. It remains unclear who was behind the attack.
http://thehill.com/policy/cybersecurity/373493-cyber-experts-identify-destructive-malware-used-against-olympics

Maintaining Shareable Content Privacy in the Age of Social Media Intelligence 
Consumer information and postings can be turned against social media users and potentially become cyber threats. For example, U.S. government cyber analysts can synthesize open-source “actionable information” from social media to improve threat analysis, link matrix of targets and tactical elements. The examination of social media for intelligence purposes is a budding field of collection.
https://incyberdefense.com/news/maintaining-shareable-content-privacy-age-social-media-intelligence/

Corporate espionage: it’s real and it’s terrifying
“They targeted the company’s quality management system and a lot of their business process information was being taken out, as well as their research papers. “The briefing that was given to the company by external consultants was, ‘Well, you need to understand that these third world countries, they can copy the product, but what they don’t have is your history. They don’t have the reputation. They wouldn’t know how you run a business that’s a multinational and extremely successful.’”
https://ia.acs.org.au/article/2018/corporate-espionage–its-real-and-its-terrifying.html

Why is Cyber Threat Intelligence Sharing Important?
The primary debates at present pertain to what is being shared, how, and with whom. The “what” question arises out of concerns around striking the right balance between effective network defense (including facilitating law enforcement actions against attackers), and respecting the confidentiality of dual-use PII that might be abused in certain contexts, but which is invaluable when used benevolently for the purpose of thwarting network attackers.
https://www.infosecurity-magazine.com/opinions/cyber-intelligence-sharing/

4 reasons forensics will remain a pillar of cybersecurity
1. Alerts produced by AI may actually increase incident response workload
2. Orchestration and automation won’t replace forensic practitioners
3. IoT, mobile and cloud don’t change the fundamental issue
4. There’s always a new detection approach…and sophisticated actors bypassing it
https://www.csoonline.com/article/3254180/data-protection/4-reasons-forensics-will-remain-a-pillar-of-cybersecurity.html

The harmful drive-by currency mining scourge shows no signs of abating
Malwarebytes researchers estimated that the five domains collectively received an average of 800,000 visits per day. […] “Because of the low hash rate and the limited time spent mining, we estimate this scheme is probably only netting a few thousand dollars each month,” Malwarebytes lead malware intelligence analyst Jérôme Segura wrote in Monday’s report. “However, as cryptocurrencies continue to gain value, this amount could easily be multiplied a few times over.”
https://arstechnica.com/information-technology/2018/02/the-harmful-drive-by-currency-mining-scourge-shows-no-signs-of-abating/

Still not on Windows 10? Fine, sighs Microsoft, here are its antivirus tools for Windows 7, 8.1
Microsoft has back-ported its Windows Defender Advanced Threat Protection (ATP) antivirus tool from Windows 10 to Windows 7 and 8.1. The release will allow those holding out with older versions of the OS to get some of the same exploit and malware-infection prevention and event reporting features it offers on Windows 10, particularly when used with Windows Defender.
https://www.theregister.co.uk/2018/02/12/microsoft_windows_atp/

Washington State Marijuana Tracking System Hacked to Steal Route Data
The pot industry in Washington has suffered massive setback after the state’s marijuana-tracking system dubbed as Leaf Data Systems got hacked on February 3rd and the hacker managed to steal route-related information of marijuana deliveries for the next four days apart from delivery vehicle information, approx. travel time, VIN numbers and license plate numbers, etc. According to the spokesperson for the Liquor and Cannabis Board (LCB), Brian Smith, the intruder “did something in the system,” to compromise it and transfer the data.
https://www.hackread.com/washington-state-marijuana-tracking-system-hacked/

Study shows which phishing attacks most successful
Researchers also saw an increased click rate with certain email subjects as well with missed deliveries and false security notifications gaining the most clicks. The top subject lines of included “A Delivery Attempt Was Made” with an 18 percent click rate, “UPS Label Delivery 1ZBE312TNY00015011” with a 16 percent click rate, “Change of Password Required Immediately” with a 15 percent click rate, “Unusual sign-in activity” with a 9 percent click rate, and “Happy Holidays! Have a drink on us.” With an 8 percent click rate.
https://www.scmagazine.com/study-shows-most-clicked-phishing-attempts/article/743513/

7 Ways to Maximize Your Security Dollars
Many have had to sharply increase their security spending in recent years to address new threats and meet compliance requirements. The proportion of the IT budget that is allocated to security has grown steadily at many organizations and now averages over 5.6%, according to Gartner. Some spend as much as 13% of their overall IT budget on security, the analyst firm has noted.
https://www.darkreading.com/operations/7-ways-to-maximize-your-security-dollars/d/d-id/1330977

 

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.