IT Security News Blast 02-23-2018

Top 5 Financial Markets Open to Cyber Attacks

The Top 5 Financial Markets That Are Open To Attack
Cyber security now has to be among the considerations for investors. When people pore over a forex calendar plotting their currency trades or scour financial news sites gauging the best assets and investments, they might well want to weigh up how secure the market is when it comes to the threat of cybercrime.

The global cyber war is heating up: Why businesses should be worried
Nation-state attackers typically go after political targets: the Democratic National Committee, government agencies, critical infrastructure, and defense contractors. It’s become increasingly clear that any company, in any industry, could be affected, either as a result of being a deliberate target or as collateral damage in a wider attack. Campaigns like NotPetya can hit any company, of any size, and even deliberate, targeted, advanced attacks can hit any industry.

SWIFT Grift: Fake financial messaging service emails deliver Adwind RAT
Comodo explains that disguising malicious emails as SWIFT communications is particularly effective because money can sometimes provoke can emotional response that overrides critical thinking, making it more likely someone will open the attachment. “If an employee receives an email, they will be afraid to not open it,” the blog post states. “What if they pass up something very important for the enterprise? Could they be punished for not looking into that email? Consequently, the chances that a potential victim will click on the infected file grow.”

SEC Issues New Guidance for Cyberattack Disclosure
The guidance does not outline specific timeframes for disclosure, nor does it provide exact requirements for what information should be reported. It also acknowledges the potential sensitivity of information that companies should disclose: “We do not expect companies to publicly disclose specific, technical information about their cybersecurity systems…in such detail as would make such systems, networks, and devices more susceptible to a cybersecurity incident,” it states.

The price of failure: How budget impacts cyber risk
Many C-suite managers have declared cyber-security a, if not the, chief concern, with spending expected to exceed $1T over the next four years. That sounds like a lot, until you dig a little deeper. First, $1T represents a miserly 1% of revenue per year. Second, damages related to cyber-attacks are predicted to soar to $6T per annum over the same period. Damages, in other words, are on track to outstrip costs by a factor of 24:1.

Securing the Network: What Three Key Verticals Require
The new Internet of Medical Things (IoMT) poses an especially significant challenge. These devices, along with the web applications patients use to interact with them, are often programmed to access classified information stored on hospital networks. Too often, these IoMT devices are not built with security as a primary consideration, which makes them an attractive entryway into healthcare networks for cybercriminals.

Health Care Providers Battling Cyber Attackers
Health care IT experts say these incidents are part of a constant digital skirmish taking place across computer networks as criminals, terrorists, “hacktivists” and sometimes even foreign nations attempt to access patient records and employee information and, sometimes, even hack into medical devices.

Intel did not tell U.S. cyber officials about chip flaws until made public
Intel did not tell the United States Computer Emergency Readiness Team, better known as US-CERT, about Meltdown and Spectre until Jan. 3, after reports on them in online technology site The Register had begun to circulate. US-CERT, which issues warnings about cyber security problems to the public and private sector, did not respond to a request for comment.

Air Force Plans to Recruit More Members Skilled with Drones, Cybersecurity and Tech
A shortage of drone and manned aircraft pilots, cyber and intelligence, surveillance and reconnaissance airmen and other science and technology skills are high priorities among expectations to add 4,000 active-duty airmen by 2020, the Air Force says. At the same time, 500 would be added to the Air National Guard and 200 to Air Force Reserve.

How airplane crash investigations can improve cybersecurity
As cybersecurity incidents proliferate around the country and the globe, businesses, government agencies and the public shouldn’t wait for an inevitable disaster before investigating, understanding and preventing these failures. Nearly a century after the original Air Commerce Act in 1926, calls, including my own, are mounting for the information industry to take a page from aviation and create a cybersecurity safety board.

Interpol warns IoT devices at risk
As attacks proliferate, law enforcement struggles to keep up, according to a report in the Express. “Attacks on IoT devices such as internet connected fridges, TVs, smart home devices etc. are down to flaws in the software running on them, and attacks will continue to happen until those flaws are dealt with. Good practices by vendors around configuration and authentication need to be initiated or matured to prevent this in future[.]”

National security officials’ letter supporting bipartisan Secure Elections Act
The legislation, introduced by Senators James Lankford (R-OK), Amy Klobuchar (D-MN), Lindsey Graham (R-SC), Kamala Harris (D-CA), Susan Collins (R-ME), and Martin Heinrich (D-NM), would empower states to address rising cybersecurity risks to American elections without undermining their control over the administration of those elections.

Election cybersecurity is a race with no finish line
Cybersecurity strategies are now a necessary part of election administration everywhere. They’re time-consuming, and they’re expensive. Maintaining our election excellence demands maximum effort. That’s why my office will seek help from the Legislature to make sure that we have the tools we need to keep our system secure. We can’t afford to let our efforts lag for lack of resources. Fortunately, the Legislature has shown bipartisan leadership on this issue in the recent past, providing funds to help local governments replace aging election equipment.

Why states might win the net neutrality war against the FCC
The FCC says it can preempt state net neutrality laws because broadband is an interstate service (in that Internet transmissions cross state lines) and because state net neutrality rules would subvert the federal policy of non-regulation. But the FCC’s preemption powers are limited, and not everyone is convinced the FCC can actually stop states from protecting net neutrality. Even among legal experts who support net neutrality, there is no consensus.

That microchipped e-passport you’ve got? US border cops still can’t verify the data in it
To be clear: America’s border cops can wirelessly read a traveler’s personal data from the implanted chip. The officials just don’t have the tools to check if the records are, you know, legit, and therefore check whether a person queuing to enter the Land of the Free is who they say they are, when using this embedded tech.

Hackers spread Android spyware through Facebook using Fake profiles
Upon analyzing the scam, researchers quickly identified that the profiles used in the scam were fake, stolen images from real people and used without their knowledge or consent. The women lured the victim to click on the link and install the latest version of Kik Messenger app on their device in order to continue their “flirty conversations”.

Cryptojacking Attack Found on Los Angeles Times Website
Researchers said they found cyptojacking code hidden on the Los Angeles Times’ interactive Homicide Report webpage that was quietly harnessing visitors’ CPUs to mine Monero cryptocurrency. The cryptojacking incident was found by Troy Mursch, a security researcher at Bad Packets Report, on Wednesday. He said the cryptominer has since been killed off. The cryptominer in question was made by Coinhive, a company that offers a Monero JavaScript miner to websites as a nontraditional way to monetize website content.

Dispelling The Fantasy That Cybersecurity Is Sexy
In truth, security is about methodology and analytics. It requires patience and discipline. It’s about applying repeatable business processes to detect and mitigate threats and forever training ourselves to keep our eyes on the ball and ignore the noise, no matter how loud or seemingly exciting that noise is. This is an unfortunate reality for those of us who scrounge for a slice of that corporate budget by hook or by crook.

Bad news: 43% of login attempts ‘malicious’ Good news: Er, umm…
“Credential abuse” is an increasingly popular line of attack, thanks in large part to the readily availability of huge user/password databases that has been stolen and are sold online. Akamai identifies two main types of such attacks: “bursty, high-speed login attempts” to break into people’s accounts, and “low and slow attempts to avoid apprehension by spreading login tries across longer time periods,” again to gain unauthorized access to profiles and systems.



Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.