IT Security News Blast 02-21-2018

Cybersecurity Incident Response

Cybercrime weighs most heavily on financial service firms
The financial services industry was found to incur cyberattack-induced cost of nearly $18.3 million per firm in 2017 following on from an increase of 10 percent year-over-year, and 40 percent since 2014, according to the report, called “2017 Cost of Cyber Crime Study”. Fifteen sectors in seven countries were measured, with utilities and energy ($17.2 million) coming in second in this regard, followed by aerospace and defense ($14.5 million).
https://www.welivesecurity.com/2018/02/20/cybercrime-weighs-financial-services/

The Five Questions Bank Security And IT Leaders Need To Answer About Cybersecurity
Should We Collaborate To Mitigate These Threats Effectively?
How Can I Pinpoint The Important Data For Addressing Cyber Threats?
How Can I Inform Of The Importance Of Cybersecurity?
Is My System Secure?
What Solutions Are Best To Help Mitigate Risks?
https://www.securityinformed.com/insights/questions-bank-security-leaders-answer-cybersecurity-co-1753-ga.1519107821.html

Cybersecurity incident response: Plan now to avoid finger-pointing later
“Most orgs incident response plans are severely lacking or not even followed,” Garrett said. “This leads to more spending on incident response and longer periods of time elapsing before a breach is detected and contained, thus jeopardizing more patient info and risking higher OCR fines.” Additionally, he said healthcare is still relatively immature from an information security perspective, with most info security officers still focusing on the basics of buying software security tools. They don’t always think about processes needed to make sure tools are used properly and optimally, Garrett said.
http://www.healthcarefinancenews.com/news/cybersecurity-incident-response-plan-now-avoid-finger-pointing-later

Healthcare, pharma, and biotech organisations report high levels of fraud, cyber and security incidents
An overwhelming majority of respondents stated that customers had been negatively impacted by all three risk factors – 92% by a fraud incident, 92% by a cyber incident, and 80% by a security incident. A similar proportion said that the impacted company’s reputation had suffered due to a fraud (90%), cyber (75%), or security (74%) incident.
https://practicebusiness.co.uk/healthcare-pharma-and-biotech-organisations-report-high-levels-of-fraud-cyber-and-security-incidents/

Healthcare GPs must take broader view of portfolio firms’ cyber risks: ACA’s Neale
·       OCR fines to healthcare organizations exceeded $17 mln in 2017
·       HITRUST adoption grows, but risks extend beyond framework
·       More firms diligence cybersecurity risks pre-deal versus post-deal
While healthcare investors are placing increasing emphasis on cybersecurity and privacy, the scope through which GPs assess risks facing their portfolio companies should be broadened[.]
https://www.pehub.com/buyouts/healthcare-gps-must-take-broader-view-of-portfolio-firms-cyber-risks-acas-neale/#

County suffers cyber attack
Davidson County agencies are still suffering the after effects of a Feb. 16 cyber attack that shut down county networks, crippling operations of multiple government agencies. Davidson County Commissioners held an emergency meeting Friday to determine the extent of the damage, as well as the best methods to recover from it. During the meeting invocation Steve Jarvis prayed for help to navigate the current challenges, as well as retribution for the individuals who brought it down on the county’s agencies.
http://www.hpenews.com/tvilletimes/county-suffers-cyber-attack/article_5295174a-1689-11e8-9c61-07e04f75894d.html

Homeland Security chief touts effort on election cybersecurity
As part of the meetings, Homeland Security and officials with the Office of Director of National Intelligence and the FBI gave state officials a classified briefing on foreign threats to U.S. election infrastructure. According to The New York Times, some state officials were disappointed by the classified briefing on Friday because it did not offer clear information about the Russia threat.
http://thehill.com/policy/cybersecurity/374600-homeland-security-chief-touts-effort-on-election-cybersecurity

Lesser-Known North Korea Cyber-Spy Group Goes International: Report
The reappraisal came after researchers found that the spy group showed itself capable of rapidly exploiting multiple “zero-day” bugs – previously unknown software glitches that leave security firms no time to defend against attacks, John Hultquist, FireEye’s director of intelligence analysis said. “Our concern is that their (international) brief may be expanding, along with their sophistication,” Hultquist said. “We believe this is a big thing”.
https://www.usnews.com/news/world/articles/2018-02-20/lesser-known-north-korea-cyber-spy-group-goes-international-report

US preparing ‘bloody nose’ cyber attacks on North Korea
A cyber assault could cripple Pyongyang’s online communications and ability to control its military, causing huge disruption but avoiding the loss of life. It may also assuage concerns that a conventional attack against missile sites or nuclear facilities by the US could trigger a massive counter-strike by Kim Jong-Un. Quoting senior US intelligence sources, Foreign Policy magazine said there has been a “nearly unprecedented scramble inside the agencies responsible for spying and cyber warfare” aimed at the Korean Peninsula.
http://www.telegraph.co.uk/news/2018/02/20/us-preparing-bloody-nose-cyber-attacks-north-korea/

Russia Must Pay for NotPetya Cyberattack, Trump Cybersecurity Official Warns
“We’re going to work on the international stage to impose consequences. Russia has to understand that they have to behave responsibly on the international stage,” Rob Joyce, the White House cybersecurity coordinator and special assistant to the president, said Friday. “So we’re going to see levers the U.S. government can do to impose those costs.”
http://www.newsweek.com/russia-must-pay-its-notpetya-cyber-attack-trump-cybersecurity-official-warns-809880

Commentary: Russian general plots our cyber downfall
“A perfectly thriving state can, in a matter of months, and even days, be transformed into an arena of fierce armed conflict, become a victim of foreign intervention, and sink into a web of chaos, humanitarian catastrophe, and civil war. … the role of nonmilitary means of achieving political and strategic goals has grown, and, in many cases, have exceeded the power and force of weapons in their effectiveness.” In some military circles this is now known as “The Gerasimov Doctrine.” Gerasimov has risen to the position of chief of staff of the Russian military.
https://www.sltrib.com/opinion/commentary/2018/02/17/commentary-russian-general-plots-our-cyber-downfall/

The Army is putting cyber, electronic warfare teams in its BCTs
Years of training led Army Cyber Command to develop expeditionary cyber-electromagnetic teams that can be tailored to the needs of brigade commanders for specific missions and deployments. […] The teams include soldiers to handle network operations, electronic warfare and both offensive and defensive cyber operations.
https://www.armytimes.com/news/your-army/2018/02/20/the-army-is-putting-cyber-electronic-warfare-teams-in-its-bcts/

US suspicious of Mexico’s request for help in spyware investigation: report
Mexican President Enrique Peña Nieto ordered a federal investigation into the matter after the Times published a bombshell report in June detailing an extensive spy campaign against distinguished human rights lawyers, journalists and academics in Mexico. The surveillance was conducted with government-acquired spying technology. […] But American officials rebuffed the requests over suspicions that the Mexican government wanted to publicly tout U.S. involvement to make the government probe seem credible.
http://thehill.com/policy/cybersecurity/374620-us-suspicious-of-mexicos-request-for-help-in-spyware-investigation

Twitter Was Warned Repeatedly About This Fake Account Run By A Russian Troll Farm And Refused To Take It Down
@TEN_GOP gained enough support from the far right that when it was finally shut down, commentators like Reddit’s pro-Trump r/the_donald forum expressed outrage. Jack Posobiec, a pro-Trump internet activist who himself has more than 213,000 Twitter followers, questioned the action when Twitter temporarily suspended the account in July. “Fascinating,” Posobiec told BuzzFeed News this week. “We have to learn more about their operations. It’s been their tactic since the KGB in the ’70s to turn Americans against one another.”
https://www.buzzfeed.com/kevincollier/twitter-was-warned-repeatedly-about-this-fake-account-run

Fake news “vaccine”: online game may “inoculate” by simulating propaganda tactics
Players build audiences for their fake news sites by publishing polarizing falsehoods, deploying twitter bots, photo-shopping evidence, and inciting conspiracy theories in the wake of public tragedy – all while maintaining a “credibility score” to remain as persuasive as possible. The psychological theory behind the research is called “inoculation”: “A biological vaccine administers a small dose of the disease to build immunity. Similarly, inoculation theory suggests that exposure to a weak or demystified version of an argument makes it easier to refute when confronted with more persuasive claims,” says a researcher.
http://www.homelandsecuritynewswire.com/dr20180220-fake-news-vaccine-online-game-may-inoculate-by-simulating-propaganda-tactics

Cybersecurity ETFs to Go a Long Way
As per the source, the latest budget proposal assigns $210 million to the Technology Modernization Fund for the transition of federal IT from legacy systems to modern platforms. The budget also allots $45.8 billion for civilian IT funding in fiscal 2019, a moderate rise from fiscal 2018’s $45.6 billion. According to Gartner, global enterprise security spending will reach $ 96.3 billion in 2018 – marking 8% growth from the 2017 expected level of $89 billion.
https://www.nasdaq.com/article/cybersecurity-etfs-to-go-a-long-way-cm924031

Flight-sim devs say hidden password-dump tool was used to fight pirates [Updated]
“We found through the IP addresses tracked that the particular cracker had used Chrome to contact our servers, so we decided to capture his information directly—and ONLY his information (obviously, we understand now that people got very upset about this—we’re very sorry once again!) as we had a very good idea of what serial number the cracker used in his efforts.”
https://arstechnica.com/gaming/2018/02/flight-sim-devs-say-hidden-password-dump-tool-was-used-to-fight-pirates/

APTSimulator – A toolset to make a system look as if it was the victim of an APT attack
APT Simulator is a Windows Batch script that uses a set of tools and output files to make a system look as if it was compromised. Use Cases:
·       POCs: Endpoint detection agents / compromise assessment tools
·       Test your security monitoring’s detection capabilities
·       Test your SOCs response on a threat that isn’t EICAR or a port scan
·       Prepare an environment for digital forensics classes
https://www.kitploit.com/2018/02/aptsimulator-toolset-to-make-system.html

Macro-Based Multi-Stage Attack Delivers Password Stealer
“Indeed, this approach can be very risky for the malware author. If any one stage fails, it will have a domino effect on the whole process. Another noticeable point is that the attack uses file types (DOCX, RTF and HTA), that are not often blocked by email or network gateways unlike the more obvious scripting languages like VBS, JScript or WSF,” Trustwave concludes.
https://www.securityweek.com/macro-based-multi-stage-attack-delivers-password-stealer

Exclusive: Researchers say Kaspersky web portal exposed users to session hijacking, account takeovers
More specifically, the LMNTRIX report notes that my.kaspersky.com suffered from a lack of protections against automated brute force and credential stuffing attacks (which can lead to an account takeover), allowed weak or default passwords (such as admin/admin), employed insecure credentials recovery processes (e.g. knowledge-based security questions), and had missing or ineffective multi-factor authentication.
https://www.scmagazine.com/exclusive-researchers-say-kaspersky-web-portal-exposed-users-to-session-hijacking-account-takeovers/article/745105/

 

 

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.