IT Security News Blast 02-16-2018

The High Cost of Cyber Crime

Inside Venture Capital Spotlight: CEO Garrett Silver Shares the Story behind CI’s Series A Funding
“Spend in 2018 on security products and services is estimated to be $93B! Yet we continue to see the headlines about breaches. Investing in more and more technology is not solving the problem.”  CEO Garrett Silver discusses the startup story of CI’s Series A funding and what makes CI’s value proposition different with Inside Venture Capital.

The High Cost of Cybercrime to Insurers and Banks
The report, “Cost of Cyber Crime Study,” examines the costs that organizations incur when responding to cybercrime incidents and applies a costing methodology that allows year-over-year comparisons. It found that the average cost of cybercrime for financial services companies globally has increased by more than 40 percent over the past three years, from US$12.97 million per firm in 2014 to US$18.28 million in 2017 — significantly higher than the average cost of US$11.7 million per firm across all industries included in the study.

Cybersecurity is not something; it is everything
Unfortunately, the agency responsible for the commercial networks that connect us, the Federal Communications Commission, is AWOL on cyber. It is a policy gap so great that the National Security Council recently found it important to propose their own solutions for the security of next generation wireless networks. […] The opening lines of the Communications Act that gives the FCC its authority are far from the alleged “circumscribed” and “limited” smokescreen the Trump FCC hides behind. The statute instructs the FCC to act in furtherance of “national defense, [and] for the purpose of promoting safety of life and property through the use of wire and radio communications.”

Additional Actions Are Essential for Assessing Cybersecurity Framework Adoption
[Officials] from the Department of Homeland Security, NIST, SSAs, and the sector coordinating councils identified four challenges to cybersecurity framework adoption, as reported by entities within their respective sectors. Specifically, some entities
·       May be limited in their ability to commit necessary resources towards framework adoption.
·       May not have the necessary knowledge and skills to effectively implement the framework.
·       May face regulatory, industry, and other requirements that inhibit adopting the framework.
·       May face other priorities that take precedence over conducting cyber-related risk management or adopting the framework.

UK and US blame Russia for ‘malicious’ NotPetya cyber-attack
The White House said June’s NotPetya ransomware attack caused billions of dollars in damage across Europe, Asia, and the Americas. UK Defence Secretary Gavin Williamson said Russia was “ripping up the rule book” and the UK would respond. Moscow denies being behind the attack, calling such claims “Russophobic”.

Protecting your practice from cyber threats
Unfortunately, not all businesses can recoup what they lose from cyberattacks. Major corporations can usually recover any losses as they have the financing, in-house skills and manpower to address the problem and recover lost data. But small businesses aren’t always as equipped to respond. […] Even if your practice does not own a website or make financial transactions online, you can still be at risk simply by using the internet and working in a digitally connected office.

Contractors pose cyber risk to government agencies
The study by security rankings specialist BitSight sampled over 1,200 federal contractors and finds that the security rating for federal agencies was 15 or more points higher than the mean of any contractor sector. It finds more than eight percent of healthcare and wellness contractors have disclosed a data breach since January 2016. Aerospace and defense firms have the next highest breach disclosure rate at 5.6 percent.

Mountain of sensitive FedEx customer data exposed, possibly for years
In all, Kromtech Security Center said, researchers found 119,000 scanned documents stored in a publicly available Amazon S3 bucket. The photo ID scans were accompanied by completed US Postal Service forms that included names, home addresses, and phone numbers of people who requested to have mail delivered by an authorized agent. “Citizens from all over the world left their scanned IDs—Mexico, Canada, EU countries, Saudi Arabia, Kuwait, Japan, Malaysia, China, Australia—to name a few,” Kromtech researchers wrote.

China and Russia ‘preparing for war with West’
The opening of China’s first overseas military base in Djibouti will enable it to carry out missions over vast distances, and has been viewed as a major statement of intent. While the pace of militarisation is slower in Russia, partly due to a shortage of funding and industrial capacity, the country is “benefiting from experience of real life combat in Syria and Ukraine and has shown extensive capabilities in the field of hybrid warfare including cyber attacks”, says The Independent.

‘NATO Has To Adapt’: Defence Secretary On Russian Cyber Threat
Defence Secretary Gavin Williamson has spoken to Forces Network after the British government publicly blamed Russia for a cyberattack that affected companies and organisations across the world in June last year. Speaking to Laura Makin-Isherwood from Brussels, he said: “It’s dealing with the reality of how warfare is changing. It’s making sure that we have the right ability to deal with the increasing threats. “It’s no longer about the warfare that we’ll fight just on land, sea and air but increasingly it will be [about] cyber and space as well. NATO has to adapt… [to] increasing threats through state actors like Russia.”

Iran spying on MILLIONS worldwide using ‘military-made apps on iTunes and Google’
Campaigners from the National Council of Resistance of Iran (NCRI) – which is branded a terrorist organisation by Tehran – have now laid out the scope of Iran’s cyber-developing capabilities in a report obtained by Daily Star Online. Published today, the damning repot Iran: Cyber Repression accused the IRGC of developing apps which are unwittingly installed on people’s phones and then used as spying tools. NCRI alleges these Iranian military-developed apps have also found their way onto iTunes, Google and Github – exposing “millions of users worldwide to the IRGC’s spyware and surveillance”.

Cyber espionage: China wants Japanese firms’ intellectual property
The report notes how attribution enables China to operate within the gray zone, which makes deterrence challenging. The Japanese government recognizes that cyber groups within China — acting independently or with the covert support of China —are working on an “as needed basis at the behest of the Chinese government” to attack Japanese websites and conglomerates. As long as the efforts do not create a national emergency, they will continue to fall within the area of criminal activity.

Olympics Malware attack may have been part of larger cyberespionage scheme
Cyberscoop researchers came to a similar conclusion and found that Atos, the IT provider for the Olympics, was hacked months before the Olympics compromising Atos employee usernames and passwords suggesting the most recent attack was part of a larger cyberespionage initiative, according to a Feb. 14 report. Researchers said the breach was most likely by the same hackers that targeted the Olympics and that the hackers were in Atos systems until at least December 2017.

Vice President Pence’s claim that U.S. spy agencies found no impact from Russian meddling
Asked about Pence’s remarks, a White House official declined to comment but pointed us to similar statements from CIA Director Mike Pompeo in October 2017. “Pompeo … was asked at an event in Washington if he could say with absolute certainty that the election results were not skewed as a result of Russian interference,” according to Reuters. “Pompeo replied: ‘Yes. Intelligence community’s assessment is that the Russian meddling that took place did not affect the outcome of the election.’” The top spokesman for the CIA, Dean Boyd, later made a clarification to Pompeo’s remarks. “The intelligence assessment with regard to Russian election meddling has not changed, and the director did not intend to suggest that it had,” Boyd said.

Securing U.S. election: Congressional panel release report, recommendations
The Congressional Task Force on Election Security released its Final Report, including ten specific recommendations on what the federal government and states can and should be doing to secure U.S. elections. “Russia’s unprecedented assault on the country’s elections in 2016 – including targeting twenty-one states’ voting systems – exposed serious national security vulnerabilities to our election infrastructure – which includes voting machines and voter registration databases,” the Task Force said.

12 years in prison for man who hacked Nasdaq, helped swipe 160M credit cards
“Drinkman and Smilianets not only stole over 160 million credit card numbers from credit card processors, banks, retailers, and other corporate victims, they also used their bounty to fuel a robust underground market for hacked information,” said acting Assistant Attorney General John Cronan in a statement.

Word-based Malware Attack Doesn’t Use Macros
The attack uses malicious Word attachments that activate a four-stage infection process that ultimately exploits the Office Equation Editor vulnerability (CVE-2017-11882), patched last year by Microsoft. The payload is designed to steal credentials from the victim’s email, FTP and browsers. Researchers emphasized the layered nature of the attack, comparing it to a turducken, a holiday dish that stuffs a chicken into a duck, and then into a turkey.

Former ICE top lawyer raided US govt database to steal aliens’ identities
Unusually, the perp was, at the time, serving as the head lawyer for the US government’s Immigration and Customs Enforcement’s (ICE) Office of Principal Legal Advisor (OPLA) at the time. And rather than turning to the dark web for people’s personal information, he instead plundered ICE’s database of non-Americans. Raphael A. Sanchez, 44, former chief counsel of the OPLA, which provides legal services to ICE, pleaded guilty today to wire fraud and aggravated identity theft for using information stolen from numerous non-citizens for personal enrichment.

Hackers use Google Ads to steal $50 million of Bitcoin
The similarity between this scam and the previous one is that in both cases hackers bought advertisement slots using Google Adwords, meaning if a user searched for terms like “blockchain” or “bitcoin wallet,” the search results would display spoofed website carrying the exact same design as the original one. This tricked users into believing that they are on the official website and logged in with their credentials allowing hackers to access their wallets and steal cryptocurrency.

Reported Critical Vulnerabilities In Microsoft Software On the Rise
The number of vulnerabilities in Windows 10 jumped 64 percent last year, and critical vulnerabilities in Microsoft browsers rose 46 percent since 2013. Some of this can be attributed to the fact that Windows 10 and Microsoft’s Edge browser are both fairly new products and therefore subject to ongoing refinement, along with extra scrutiny from security researchers.

That terrifying ‘unfixable’ Microsoft Skype security flaw: THE TRUTH
Far be it from us to run to Microsoft’s rescue, but the vulnerability is present in Skype for Windows versions 7.40 and lower. In October 2017, Microsoft released version 8 without the flaw, so if you kept up to date, you’re fine. If you’re running version 7 for some reason, get version 8.

Hate to ruin your day, but… Boffins cook up fresh Meltdown, Spectre CPU design flaw exploits
In short, the team have discovered new ways for malware to extract sensitive information, such as passwords and other secrets, from a vulnerable computer’s memory by exploiting the Meltdown and Spectre design blunders in modern processors. The software mitigations being developed and rolled out to thwart Meltdown and Spectre attacks, which may bring with them performance hits, will likely stop these new exploits.




Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.