IT Security News Blast 02-15-2018

Weaponizing Equifax Data Cybersecurity

[UPDATE] Weaponizing Equifax Data
I’ve added an update to this blog story originally published on October 10, 2017.  As the Equifax fall-out continues, it’ll be interesting to track the congressional response considering Senator Elizabeth Warren’s February 2018 Equifax report.  I’ll keep our readers informed of the what happens next with this evolving news story. In essence, the Equifax hackers have everything they need to pull off identity theft; and yet Equifax continues to do everything they can to avoid taking responsibility for the breach that will lead to an unquantifiable amount of financial fraud in the next few years.
https://criticalinformatics.com/resources/blog/weaponizing-equifax-data/

‘Cybercrime costs financial services sector more than any other industry, with breach rate tripling over past 5 years’
It found that the average cost of cybercrime for financial services companies globally has increased by more than 40% over the past three years, from US$12.97 million per firm in 2014 to US$18.28 million in 2017 — significantly higher than the average cost of US$11.7 million per firm across all industries included in the study. The analysis focuses on the direct costs of the incidents and does not include the longer-term costs of remediation.
http://www.information-age.com/cybercrime-costs-financial-services-sector-123470776/

FS-ISAC enables safer financial data sharing with API
FS-ISAC said the API specification is made available and licensed to financial institutions and financial technology firms free of charge to foster universal adoption of a more secure and robust data sharing framework. FS-ISAC member financial institutions can access the specifications and supporting materials through the secure FS-ISAC member portal. Non-member firms and fintech firms wishing to receive a copy may contact the FS-ISAC directly.
http://www.computerweekly.com/news/252434931/FS-ISAC-enables-safer-financial-data-sharing-with-API

Government, financial portals face 40 percent of all cyber attacks
Most of the breaches target google accounts (Gmail), as a lion’s share of the around 500 million internet users use smartphones to access their accounts, the official said adding that it is difficult to trace each and every user on Gmail, but the government is working on checking this. Confirming the development, another senior government official said during the session on cybersecurity, the Centre requested states to adopt more stringent measures to address data breaches, especially of sensitive and critical installations like nuclear and power plants, financial hubs, etc.
http://www.financialexpress.com/india-news/government-financial-portals-face-40-percent-of-all-cyber-attacks/1065227/

Poor patching, user education leave healthcare providers sitting ducks for cyber attacks
Despite the masses of highly sensitive data that healthcare companies manage, new analysis has warned that chronically poor endpoint security, weak patching practices and high exposure to social engineering make the industry one of the worst-performing sectors when it comes to protecting data. […] The firm’s analysis, contained in its 2018 Healthcare Cybersecurity Report, ranked healthcare 15 out of 18 industries in terms of overall information security practices.
https://www.cso.com.au/article/633426/poor-patching-user-education-leave-healthcare-providers-sitting-ducks-cyber-attacks/

Another International Survey Confirms Cybersecurity Issues–Across All Industries
Overall,” the RiskIQ announcement noted, “the survey revealed a coming “perfect storm”, where the problem of staff shortages collides with escalating cybercrime, leaving organizations ill-equipped to manage and respond to cyber risks and threats that are accelerating in an era of digital transformation, pervasive connections and increasingly sophisticated attack strategies sponsored by nation-states and rogue actors.”
https://www.healthcare-informatics.com/blogs/mark-hagland/cybersecurity/another-international-survey-confirms-cybersecurity-concerns-and

New cybersecurity measures to protect medical imaging devices required, warn researchers
“CTs and MRI systems are not well designed to thwart attacks,” says Dr. Nissim, who simulates MID cyberattacks together with his MSc student Tom Mahler. “The MID development process, from concept to market, takes three to seven years. Cyber threats can change significantly over that period, which leaves medical imaging devices highly vulnerable.”
https://www.enterpriseinnovation.net/article/new-cybersecurity-measures-protect-medical-imaging-devices-required-warn-researchers

Britain blames Kremlin for cyber attack that cost hundreds of millions of pounds
Defence Secretary Gavin Williamson added: “We have entered a new era of warfare, witnessing a destructive and deadly mix of conventional military might and malicious cyber attacks. “Russia is ripping up the rule book by undermining democracy, wrecking livelihoods by targeting critical infrastructure, and weaponising information. “We must be primed and ready to tackle these stark and intensifying threats.”
http://www.dailymail.co.uk/wires/pa/article-5393377/Britain-blames-Kremlin-cyber-attack-cost-hundreds-millions-pounds.html

White House 2019 Budget Backs Front-Burner Cyber Efforts, but Cools on Research
The budget targets $15 billion governmentwide for cybersecurity-related activities, a jump of $583.4 million, or 4.1 percent, over estimated fiscal 2018 levels. The biggest chunks of that money, not surprisingly, would go to the Department of Defense (DoD), with $8.5 billion (a $340 million, or 4.2 percent, hike) and the Department of Homeland Security (DHS) ($1.74 billion, a fractional jump from $1.72 billion).
https://www.meritalk.com/articles/white-house-2019-budget-backs-front-burner-cyber-efforts-but-cools-on-research/

New Report Indicates DOD Networks Still Vulnerable to Cyber Attacks
Operational tests over the last fiscal year showed continuous mission-critical vulnerabilities in DOD network defenses and acquisition programs, according to the report. DOT&E assessments have shown that, without immediate improvement to network defenses, skilled adversaries will be able to gain significant access to systems holding information on warfighter missions and future plans.
http://www.satellitetoday.com/government-military/2018/01/30/new-report-indicates-dod-networks-still-vulnerable-cyber-attacks/

Industry Weighs in on How the Government Can Fight Botnets
Cyber policy experts and telecommunications and technology trade groups weighed in on a draft report outlining the government’s plans to reduce cyber threats from internet-connected devices. The growing number of such devices worldwide has raised fears about cybersecurity and personal privacy. Online bad actors are increasingly hacking and harnessing those devices en masse for large distributed denial-of-service attacks that can knock websites and services offline by overwhelming them with bunk traffic.
http://www.nextgov.com/cybersecurity/2018/02/industry-weighs-how-government-can-fight-botnets/145964/

Our critical infrastructure isn’t ready for cyber warfare
According to the director of Intelligence in a 2015 report to Congress, major nations have bolstered their cyber operations against private industry for a number of reasons. Some of these nations are specifically developing or improving remote access to the CI in the United States. […] When these SCADA systems were fielded, “cyber,” let alone “cybersecurity” were not even in the lexicon. Therefore, there are design flaws and security vulnerabilities exposed to malware, insider threats, hackers and terrorists, as well as nation-state actors.
http://thehill.com/opinion/cybersecurity/373815-our-critical-infrastructure-isnt-ready-for-cyber-warfare

Democrats Push Hail Mary Plan to Secure the Midterm Elections
The Congressional Task Force on Election Security—which counts not a single Republican among its members—announced a findings report and new bill outlining a comprehensive plan for funding and enforcing minimum security standards for all US election systems. Three other election security bills have already been introduced, but neither the Senate nor the House has held an election security hearing so far.
https://www.wired.com/story/democrats-plan-to-secure-midterm-elections/

Democrats push $1 billion bill for election security
Lawmakers have introduced several bills, some with bipartisan support, to bolster election security since the 2016 polls in which Republican Donald Trump was elected president. None have become law. The new bill is the most comprehensive to date and is aimed at bolstering protection for the midterms and subsequent elections. It has no Republican co-sponsors in the House, which the party controls, and is therefore unlikely to succeed.
https://www.reuters.com/article/us-usa-election-cyber/democrats-push-1-billion-bill-for-election-security-idUSKCN1FY2S5

6 Ways To Make Smart Cities Future-Proof Cybersecurity Cities
Cybersecurity is a prerequisite for the smart city, argued Gadi Mergi, CTO at Israel’s National Cyber Directorate. That means pursuing security, privacy and high-availability (having a cyberattack recovery plan, backup facility, cloud management, and manual overrides) by design. As other presenters discussed at the event (see the list of presenters below), smart cities must adjust and adapt to the requirements of the new cybersecurity landscape[.]
https://www.forbes.com/sites/gilpress/2018/02/14/6-ways-to-make-smart-cities-future-proof-cybersecurity-cities/#483cff604240

Cybersecurity officers moving up the organizational chart
“CIOs may need to get things done quickly to realize financial goals, moving processing to the cloud environments for example — while CISOs are chiefly concerned with risk management,” Mr. Reber said. Bret Fund, the founder and CEO of SecureSet, a cybersecurity academy, said CISOs who report to CIOs tend to prioritize infrastructure upgrades and breach prevention, while those who report to COOs tend to prioritize employee training.
http://www.investmentnews.com/article/20180214/FREE/180219961/cybersecurity-officers-moving-up-the-organizational-chart

A potent botnet is exploiting a critical router bug that may never be fixed
In recent days, Satori has started infecting routers manufactured by Dasan Networks of South Korea. […] Queries on the Shodan search index of Internet-connected devices show there are a total of more than 40,000 routers made by Dasan. The company has yet to respond to an advisory published in December that documented the code-execution vulnerability Satori is exploiting, making it possible that most or all of the devices will eventually become part of the botnet.
https://arstechnica.com/information-technology/2018/02/a-potent-botnet-is-exploiting-a-critical-router-bug-that-may-never-be-fixed/

Researchers Find New Twists In ‘Olympic Destroyer’ Malware
Researchers at Cisco’s Talos unit said the sole purpose of the attack was to take down systems and not to steal information. Olympic Destroyer’s goal is to make systems unusable by “deleting shadow copies, event logs and trying to use PsExec & WMI to further move through the environment,” in similar fashion to the Bad Rabbit and Nyeyta ransomwares, Cisco Talos initially wrote.
https://threatpost.com/researchers-find-new-twists-in-olympic-destroyer-malware/129937/

Microsoft Patch Tuesday: Nearly 50 patches, most for privilege escalation
“This month there are also a number of elevation of privilege vulnerabilities with an exploitability index of 1, meaning they are more likely to be exploited,” Goettl said. “While these vulnerabilities cannot be exploited remotely, they could be used by a threat actor to gain elevated privileges on a system they have compromised through some other means.”
https://www.scmagazine.com/microsoft-february-patch-tuesday/article/744166/

Microsoft Won’t Patch a Severe Skype Vulnerability Anytime Soon
The exploitation of this preferential search order would allow the attacker to hijack the update process by downloading and placing a malicious version of a DLL file into a temporary folder of a Windows PC and renaming it to match a legitimate DLL that can be modified by an unprivileged user without having any special account privileges. When Skype’s update installer tries to find the relevant DLL file, it will find the malicious DLL first, and thereby will install the malicious code.
https://thehackernews.com/2018/02/hacking-skype.html

Artificial Intelligence Is Now Fighting Fake Porn
While most platforms that police deepfakes rely on keyword banning and users manually flagging content, Gfycat says it’s figured out a way to train an artificial intelligence to spot fraudulent videos. The technology builds on a number of tools Gfycat already used to index the GIFs on its platform. And the new tech demonstrates how technology platforms might try to fight against fake visual content in the future.
https://www.wired.com/story/gfycat-artificial-intelligence-deepfakes/

 

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.