IT Security News Blast 02-22-2018

Inside the mind of a hacker

[INFOGRAPHIC] Inside the Mind of a Threat Actor: Tactics, Techniques, and Procedures Explained
They lure their victims with the bait of a seemingly innocent email or landing page in an attempt to steal their user credentials. And they only need to succeed once to get in. Once they have hooked their victim hooked, a cybercriminal can literally take over an entire network in a matter of minutes. Or worse yet, they can lurk quietly on a connected device for months, unbeknownst to the IT team, plotting how to extract the most profit and/or cause disruption from the now compromised network.

Cyber-security attestations now required for leadership at NY’s financial firms
Financial Services Superintendent Maria Vullo also announced that DFS will now incorporate cyber-security in all examinations, adding questions related to cyber-security to “first day letters,” notices the Department issues to commence its examinations of financial services companies, “including examinations of banks and insurance companies for safety and soundness and market conduct.”

World’s cyber attacks hit us much harder in past year – major infosec chief survey
Some 32 per cent of breaches affected more than half of an organisation’s systems in 2017, up from 15 per cent the previous year, according to 3,600 security bods surveyed in Cisco’s annual cyber security report. […] The survey found one-fifth of UK respondents identified between 250,000 and 500,000 security alerts a day in 2017.

The $600 billion cost of global cyber crime
Global losses in 2014 were estimated at $445 billion and the report puts the increase down to criminals quickly adopting new technologies, the ease of engaging in cyber crime — including an expanding number of cyber crime centers — and the growing financial sophistication of top-tier criminals. Banks are still the favored target of cyber criminals, and nation states are the most dangerous source of cyber crime, the report finds. Russia, North Korea and Iran are identified as the most active in hacking financial institutions, while China is the most active in cyber espionage.

US regulator warns companies over cyber attack delays
The Securities and Exchange Commission said firms must provide “timely” disclosure of “material” about cyber risks and incidents. But critics say the move, which comes after some firms delayed disclosing hack attacks, does not go far enough. SEC chair Jay Clayton said the guidance should “promote clearer and more robust disclosure” to investors. But two Democratic commissioners said they had hoped for more progress on the issue. Commissioner Kara M Stein dubbed it a “rebrand” of rules the SEC issued in 2011.

Study Reveals Why CISO Should Report To The CEO
At the same time, most CISOs report to the Chief Information Officer (CIO) or the Chief Risk Officer (CRO), not the Chief Executive Officer (CEO). FS-ISAC is of the view that CISOs should report to the highest on the hierarchy to ensure the company is on track for securing the business.It is predicted that as the cyber security threat increases, 75% of Chief Security Officers and CISOs will be reporting directly to the CEO by 2018.

Recent OCR Newsletter Highlights Growing Cyber Extortion Threat for Healthcare Organizations
The OCR’s January 2018 newsletter details specific types of cyber extortion that healthcare organizations are currently encountering, including ransomware, denial of service attacks, distributed denial of service attacks and theft of protected health information (PHI). Each type of attack poses unique challenges that may affect an organization in different ways. However, all cyber extortion disrupts a healthcare organization’s day-to-day operations on some level and, in some cases, its ability to care for its patients.

Life-saving Pacemakers, Defibrillators Can Be Hacked and Turned Off
It is also worth noting that heart devices that require software to run or depend upon wireless communications are most likely to be vulnerable to hack attacks and these attacks can be life-threatening for the patients. These devices are hacked for political or financial benefits. Therefore, doctors and government regulators must implement ‘aggressive’ methods to prevent hack attacks to ensure the safety of patients.

Healthcare Cybersecurity Threats Hinder HIT Development
“Cyber risk is an escalating management priority as the use of technology in business increases and the threat environment gets more complex,” Marsh Global Risk and Digital President John Drzik said in a statement. “It’s time for organizations to adopt a more comprehensive approach to cyber resilience, which engages the full executive team and spans risk prevention, response, mitigation and transfer.”

Allentown Struggles with $1 Million Cyber-Attack
According to local paper The Morning Call, the city’s critical systems have been hit by the malware known as Emotet, impacting both financial and public safety operations, according to Mayor Ed Pawlowski. Allentown’s finance department can’t complete any external banking transactions, the city’s 185 surveillance cameras are impacted and the police department can’t access Pennsylvania State Police databases, Pawlowski said.

Savannah still suffering effects from cyberattack
Savannah, Ga., is still in the process of recovering from a malware attack that took place last week that forced the city to shut down part of its computer system in an attempt to limit damage. […] The lingering effects are still being felt with the city saying late last week that it is blocking any emails with attachments in order to thwart any additional attacks. The 911 system not affected, but the city’s finance, purchasing and payroll units were taken temporarily offline at the time of the attack.

Simplifying security: Know your risk, invest well
As is always the case, security has had to play catch up with new technologies. With the multidirectional cyberthreat landscape, the response has been to throw a lot of money at the problem. With more than a thousand security technologies and solutions on the market today, enterprise has been investing in an increasingly sophisticated set of defensive solutions—resulting in a monster stack of protocols and solutions that have added cost and complexity.

Justice Department sets up new Cyber-Digital Task Force
Attorney General Jeff Sessions created a Cyber-Digital Task Force to make recommendations on policy and process changes across the Justice Department. The task force will review efforts to interfere with the nation’s elections and critical infrastructure, and how the Internet is used to spread violent ideologies and to recruit followers. It also will look at how technology is being used to avoid or frustrate law enforcement.

Satellite communications firms remain vigilant as cyber threats evolve
“Any system needs to have some degree of continuous review because as new vulnerabilities and new threats come to light, you may have to adjust,” said Patrick Rayermann, director for space and national intelligence, surveillance and reconnaissance at Semper Fortis Solutions, a technology consulting company based in Leesburg, Virginia. “You may have to take a system offline until certain corrections can be applied.”

Twitter “bot” purge causes outcry from trollerati as follower counts fall
A number of “alt-right,” pro-Trump, and self-described conservative social media personalities awoke this morning to find that they had a lot fewer followers on Twitter than they had the night before. The apparent cause was the latest culling by Twitter of accounts that in some way violated the company’s terms of service, a Twitter spokesperson told Ars, including “behaviors that indicate automated activity or violations of our policies around having multiple accounts, or abuse.” The sweep has some on the right accusing Twitter of politically motivated censorship.

Killer drones, cyber attacks and targeted propaganda will undermine national security as ‘malicious AI’ grows increasingly powerful, warn experts
Terrorists, rogue states and criminals could soon use artificial intelligence to undermine national security, warns a new report. Superhuman hacking, surveillance and persuasion are just some of the terrifying ways ‘malicious’ AI could threaten our freedom. In a 100-page report, 26 AI experts have outlined the security implications of ’emerging technologies’. They predict ‘bots’ to interfere with news gathering and penetrate social media among a host of plausible scenarios in the next five to 10 years.

Eleven member states back EU controls on selling spyware
Germany led the initiative, and is supported by Croatia, the Czech Republic, France, Italy, Poland, Portugal, Romania, Slovakia, Slovenia and Spain. Diplomats from the 11 countries signed off on a six-page document embracing the Commission’s plan to create “effective EU cyber-surveillance controls for the protection of human rights”. Their paper is dated 29 January.

Intelligence propels evolution within the global enterprise
As modern businesses continue to seek out new opportunities in emerging commercial centers and even high-risk geographic locations, CSOs require more effective and efficient intelligence-gathering processes to combat cybercrime, insider threats, terrorism, and more. Consistent evaluation of the current risk environment is mission-critical to ensuring a safe and secure environment. Without comprehensive situational awareness,  mitigating risk is difficult at best.

uTorrent bugs let websites control your computer and steal your downloads
The vulnerabilities, according to Project Zero, make it possible for any website a user visits to control key functions in both the uTorrent desktop app for Windows and in uTorrent Web, an alternative to desktop BitTorrent apps that uses a Web interface and is controlled by a browser. The biggest threat is posed by malicious sites that could exploit the flaw to download malicious code into the Windows startup folder, where it will be automatically run the next time the computer boots up.

New BEC Spam Campaign Targets Fortune 500 Businesses
Researchers have identified a wave of new business email compromise campaigns targeting Fortune 500 companies that are designed to trick victims into fraudulent wire transfers. Researchers said the campaigns originate from Nigeria and are targeting companies in the retail, healthcare and financial markets. […] These emails, which use publicly available company information to look believable, contain an attached link that looks like a business document, which then redirect victims to a fraudulent DocuSign portal.

Why aren’t we using SHA-3?
First, be aware of the coming SHA-3 migration. When will you be forced to do it, no one knows. It depends on how the practical attacks against SHA-2 keep stacking up. One day, Google or someone else will announce that SHA-2 has been broken and we’ll all need to move. You don’t need to be one of the surprised ones. Second, keep your old SHA-2 migration plans and documents handy. An SHA-3 migration will look much like your SHA-2 migration efforts.



Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.