IT Security News Blast 02-26-2018

Yarrow Point Phishing Cyber Attack

Wire-transfer scheme, ransomware attack — tiny Yarrow Point finds itself in criminals’ crosshairs
Yarrow Point Mayor Richard “Dicker” Cahill usually goes by his nickname in messages. But that escaped the notice of the town’s financial coordinator when he wired $49,284 to an unidentified con artist as part of an email scam in August. […] What worries Hamilton, who was Seattle’s chief information security officer, is that theft of money is only a glimpse of what criminals can do to a city. Records, city services, communication and infrastructure also are at risk. “That is the real exposure,” he said. “This is really a canary in the coal mine, and local governments need to wake up.”
https://www.seattletimes.com/seattle-news/eastside/wire-transfer-scheme-ransomware-attack-tiny-yarrow-point-finds-itself-in-criminals-crosshairs/

New York is quietly working to prevent a major cyber attack that could bring down the financial system
·       With a lack of leadership from the federal government, New York is one of the first states to implement new cyber regulations.
·       The state is quietly working to prevent a major cyber attack that could bring down Wall Street’s financial system.
·       But even with the strictest cybersecurity regulations in the country, experts warn New York’s efforts may still not be enough.
http://www.businessinsider.com/new-york-cybersecurity-regulations-protect-wall-street-2018-2

North Korea resumes cyber attacks in desperate search for foreign currency
The North Korean state-sponsored hacker group Lazarus appears to have resumed its efforts to steal desperately needed foreign currency for the rogue regime, according to recent evidence uncovered by the U.S. computer security software company McAfee.
https://asia.nikkei.com/Politics-Economy/Economy/North-Korea-resumes-cyber-attacks-in-desperate-search-for-foreign-currency

Sinovel Wind Group found guilty of IP theft valued at $800 million
From January 2011 through December 2012, Sinovel (their employees) and Karabasevic worked together to purloin the trade secrets of AMSC with the intent to produce Low Voltage Ride Through (LVRT)-compliant wind turbines and to retrofit existing turbines with LVRT technology. AMSC notes that the value of the stolen technology and business loss was in excess of $800 million.
https://www.csoonline.com/article/3256305/loss-prevention/sinovel-wind-group-found-guilty-of-ip-theft-valued-at-800-million.html

Tech and telecom lobbying groups announce joint cybersecurity initiative
Lobbying groups representing major technology and telecommunications firms are teaming up to jointly tackle cybersecurity issues. The Information Technology Industry Council (ITI) and USTelecom on Friday announced the creation of the Council to Secure the Digital Economy. The goal of the group is to combat cyber threats such as hacking and to address technological vulnerabilities that could lead to data breaches and other compromises to sensitive information among other things. Partners in the council include Akamai, AT&T, CenturyLink, Ericsson, IBM, Intel, NTT, Oracle, Samsung, SAP, Telefonica and Verizon.
http://thehill.com/policy/technology/375287-lobbying-groups-for-tech-and-telecom-announce-joint-cybersecurity

People-powering Chinese cyber power
The strong civil–military dimension of Chinese military power has existed since the formation of the People’s Republic of China. Mao’s ‘people’s war’ doctrine stressed that China’s military advantage lay in mobilising the vast Chinese population. The push to leverage the civilian sector for the development of China’s military cyber capabilities is gaining steam outside of military circles as well.
http://www.eastasiaforum.org/2018/02/24/people-powering-chinese-cyber-power/

Russian hackers posed as North Koreans to launch cyberattack on Winter Olympics, claims US
Russian hackers attacked South Korean government computers during the Winter Olympics, but made it look like the attack was carried out by the North, US intelligence agencies believe. […] During the Opening Ceremony, Russian hackers operating from the GRU – the Russian military intelligence agency – allegedly masked their IP addresses to make it look like their hack had come from North Korea.
http://www.telegraph.co.uk/news/2018/02/25/russian-hackers-pose-north-koreans-launch-cyberattack-winter/

DOJ Forms Cyber Task Force To Tackle Election Interference
The task force will be chaired by a senior official appointed by Deputy Attorney General Rod Rosenstein, and its membership will include representatives from DOJ offices including the department’s Criminal and National Security Divisions, the ATF, FBI and DEA, among others, Mr. Sessions wrote in a two-age memorandum touting its creation sent to department heads last week and released to the public Tuesday.
https://www.toptechnews.com/article/index.php?story_id=12100EQIERXV

US Federal Contractors Lag in Cyber Best Practices
“US government contractors, subcontractors and other third parties can be the cause of significant losses of government data,” the report notes. “Agency leadership must ensure that these organizations are protecting the sensitive government data with which they have been entrusted. Political, technology and civil service leaders within an agency all must be involved in addressing this risk.”
https://www.infosecurity-magazine.com/news/us-federal-contractors-lag-in-cyber/

Iran’s cyber warfare against its people must not stand
Indeed, protesters’ use of cyber proved to be the regime’s Achilles heel: It could not, despite a show of force, stop the expansion of demonstrations. The protests expanded even as the regime desperately cut off access to the Internet and blocked key mobile apps, such as Telegram, at considerable cost and international embarrassment. A new wave of domestic cyber warfare, led by the Islamic Revolutionary Guard Corps (IRGC), in collaboration with the Ministry of Intelligence and Security (MOIS), accelerated significantly after the eruption of the nationwide protests.
http://thehill.com/opinion/international/375220-irans-cyber-warfare-against-its-people-must-not-stand

Supporters of Net Neutrality Vow to Fight Rule Changes
On Thursday, Mozilla and Vimeo pushed back, each filing legal challenges to the FCC’s repeal of net neutrality rules. “The decision does not simply ‘roll back’ to an unregulated internet, instead, it removes affirmative protections for the public despite the fact that many people in the U.S. suffer from a lack of choice in broadband high speed internet access,” Mozilla said in a statement. “To make matters worse, the FCC didn’t adequately consider the impact such a removal would have on small businesses that rely on the open internet to sell their products and services and the free expression rights of internet users.”
https://threatpost.com/supporters-of-net-neutrality-vow-to-fight-rule-changes/130052/

Mueller’s Russia Indictments Show Scale of Putin’s Cyberwar
Specifically, Bolton writes: […] One way to do that is to engage in a retaliatory campaign against Russia. This should not be proportional to what we have experienced. It should be decidedly disproportionate. The lessons we want Russia (on anyone else) to learn is that the cost to them from future cyberattacks against the United States will be so high that they will simply consign all cyberwarfare plans to their computer memories to gather electronic dust.
http://www.newsweek.com/muellers-russia-indictments-show-scale-putins-cyberwar-818022

Tor pedo’s torpedo torpedoed: FBI spyware crossed the line but was in good faith, say judges
Werdene, whose Playpen username was “thepervert,” argued that the FBI broke the rules by getting a warrant to install the NIT. Usually, a search warrant requires the judge to know the location of the suspect before it can be issued, however, prosecutors persuaded a court to give the bureau blanket search rights. It didn’t matter where the users were, according to the warrant, the FBI was allowed to unmask and collar them.
https://www.theregister.co.uk/2018/02/24/tor_fbi_hacking_appeal/

Developer gets prison after admitting backdoor was made for malice
Taylor Huddleston, 27, of Hot Springs, Arkansas, admitted in July that he was the developer of NanoCore, a remote-access trojan that he sold online[.] […] Huddleston also agreed with prosecutors that NanoCore and available plugins offered a full set of features including:
·       a keylogger that allowed customers to record all keystrokes typed
·       a password stealer that extracted passwords saved and sent them over the Internet to the customer
·       the ability for customers to remotely turn on webcams and spy
·       the ability to view, delete, and download files
·       the ability to lock infected computers until users paid customers a ransom
·       a “booter” or “stresser” that allowed infected computers to participate in distributed denial-of-service attacks
https://arstechnica.com/tech-policy/2018/02/developer-of-the-prolific-nanocore-backdoor-gets-prison/

Annabelle ransomware a horror show for users
Though built on Stupid Ransomware and easily decryptable, Annabelle can disable Windows Defender and turn off the firewall, encrypt files and shut down some security programs, such as Process Explorer and Chrome, according to a report from Bleeping Computer. If that’s not enough it attempts to spread via USB drives, disables some programs and, just to prove it’s every bit as evil as its movie counterpart, Annabelle overwrites a computer’s master boot record with a boot loader.
https://www.scmagazine.com/annabelle-ransomware-a-horror-show-for-users/article/746141/

FTC warning users to do homework before using VPN apps
The consumer protection agency cited a report which studied 300 VPN apps and found that many of the applications didn’t use encryption and requested sensitive information or unexpected privileges, according to a Feb. 22 blog post. Some of the apps even sold user information to third parties to serve advertisements or to analyze user data to see how people are using particular sites and services.
https://www.scmagazine.com/vpn-shoppers-warned-to-do-their-homework-before-using-vpn-apps/article/746475/

FBI Warns of Spike in W-2 Phishing Campaigns
The Federal Bureau of Investigation is warning businesses about a spike in phishing campaigns requesting W-2 information from payroll personnel. […] “This scam is just one of several new variations of IRS and tax-related phishing campaigns targeting W-2 information, indicating an increase in the interest of criminals in sensitive tax information,” said the FBI’s advisory.
https://threatpost.com/fbi-warns-of-spike-in-w-2-phishing-campaigns/130057/

Chase ‘glitch’ grants customers access to random accounts
Wexler said she was sure the incident wasn’t the result of malicious actors but said she didn’t know what caused the glitch. Some researchers claimed the mishap was somehow related to the bank’s mobile apps noting that Chase released an updated app by Thursday morning.
https://www.scmagazine.com/chase-customer-accounts-were-exposed-after-what-was-described-as-a-glitch-allowed-customers-to-access-random-accounts/article/746459/

‘OMG’: New Mirai Variant Converts IoT Devices into Proxy Servers
“One way to earn money with proxy servers is to sell the access to these servers to other cybercriminals,” Fortinet said in a blog post this week. Proxies give cybercriminals a way to remain anonymous when carrying out malicious activity like cyber theft, or breaking into systems. “Adversaries could also spread multiple attacks through a single source. They could get around some types of IP blocking and filtering,” as well, according to a Fortinet spokesperson.
https://www.darkreading.com/vulnerabilities—threats/omg-new-mirai-variant-converts-iot-devices-into-proxy-servers/d/d-id/1331122

 

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.