IT Security News Blast 03-01-2018

Data Breaches National Security

Financial phishing accounts for over 50% of all phishing attacks for the first time
Moreover, attacks related to the global internet portal category – which includes global search engines, social networks, etc. – fell from the second place in 2016 to fourth position in 2017 with a decrease in share of more than 13 percentage points. This shows that criminals show less interest in stealing these types of accounts and are now focusing on accessing money directly.
https://www.finextra.com/pressarticle/72837/financial-phishing-accounts-for-over-50-of-all-phishing-attacks-for-the-first-time

SEC Launches Cryptocurrency Probe
Robert Cohen, head of the SEC’s cyberenforcement unit, last week said at least a dozen companies have put their offerings on hold after the agency raised questions. Many of the cryptocurrency-related subpoenas were issued in recent weeks, likely paving the way for what lawyers and industry insiders expect to be a dramatic upturn in enforcement activity.
https://www.wsj.com/articles/sec-launches-cryptocurrency-probe-1519856266

Training insurance agents and brokers in cyber risk
The exposure to risk may be compounded as a result of a recent decision by the U.S. Supreme Court to deny CareFirst a hearing on future harm being a new standard for having standing in a federal civil case. On Tuesday, February 20th, 2017-  the Supreme Court “denied certiorari” in the CareFirst vs. Attitas case. What this means in layman’s terms is that when a cyber breach of personally identifiable information (PII) occurs, the “harm” no longer has to be proven to have occurred.
https://www.csoonline.com/article/3258801/data-protection/training-agents-and-brokers-in-cyber-risk.html

Swinging the Cybersecurity Pendulum: Can New Strategies “Reverse the Curse?”
So what are some ways in which CISOs and other healthcare security leaders are working to fight off cyber attackers and better protect their data? None of the experts who Healthcare Informatics interviewed for this piece believe in any “magic bullet” approach, but more frequently now, leading minds are pointing to a few specific areas in which organizations can improve their strategies—namely, monitoring users’ behaviors and leveraging identity and access management (IAM) protocols.
https://www.healthcare-informatics.com/article/cybersecurity/swinging-cybersecurity-pendulum-can-new-strategies-reverse-curse

AEHIS asks OIG to exempt cybersecurity donations between healthcare providers from fraud enforcement
“We strongly believe an exemption to the antikickback statute that permits for donations of services that further an entity’s cyber posture is warranted,” AEHIS Board Chair Erik Decker, who serves as chief information security officer at the University of Chicago Medicine wrote in the request (PDF). “We recognize there may be limitations around how such an exemption is crafted; however, if it followed many of the requirements that the OIG laid out around the exceptions permitted for donating an electronic health record (EHR), this would be helpful.”
https://www.fiercehealthcare.com/tech/aehis-oig-cybersecurity-donations-fraud

Trickle-Down Cyberwarfare Is Harming Just About Every Industry
The document, “2018 Global Threat Report: Blurring the Lines Between Statecraft and Tradecraft,” was published this week. Scouring threat data from CrowdStrike’s experts and monitoring tools, including a cloud-based graph database that processes “nearly 100 billion events a day across 176 countries,” the report outlines cybercrime trends, adversary targeting, and related metrics. But the analysts spill much ink on the rise of cyberwarfare and its collateral—or intentional—damage.
http://www.hcanews.com/news/trickledown-cyberwarfare-is-harming-just-about-every-industry

Cyber-security: A necessary component of railway businesses in the digital age
The downside of equipping the railways for the modern age is the associated threats that accompany the adoption of new technology – threats that have thus far eluded them. The threat landscape and the attack surface of railways are naturally increasing as the boundaries between the various actors and different sections of railway businesses are becoming increasingly integrated.
https://www.globalrailwayreview.com/article/66228/cybersecurity-railway-digital-age/

Understanding Data Breaches as National Security Threats
Russian operatives purchased stolen U.S. identities, which they used to open U.S. bank and PayPal accounts and to buy access on U.S.-based servers; they then purchased Facebook ads and “buttons, flags, and banners” for political rallies. Employing VPNs to disguise that they were connecting to these U.S.-based servers from Russia, the agents posed as Americans on social media accounts. Consider U.S. privacy protections in light of this statement from the indictment: “Defendants also used the stolen identities of real U.S. persons to post on [Internet Research Agency]-controlled social media accounts.
https://www.lawfareblog.com/understanding-data-breaches-national-security-threats

Rogers: US cyber defenses ‘not optimized for speed’
“Right now, the time it takes to deploy capability, the time it takes to coordinate a response across multiple organizations — when those well-meaning and hard-working organizations exist in separate structures — that’s not optimized for speed. So to me, the biggest challenge is how to integrate this more at an execution level. There’s an ongoing dialogue about what’s the right way ahead, and there’s no lack of opinions on this topic.”
https://federalnewsradio.com/defense-main/2018/02/rogers-u-s-cyber-defenses-not-optimized-for-speed/

Russia behind compromise of seven states’ voter registration systems
While at least two of the states compromised – Wisconsin and Florida – voted for Trump by slim margins, one and 1.2 percent, respectively, NBC News cited three intelligence officials as saying that no votes had been altered nor had anyone been deleted from voter rolls. The other states affected were California, Arizona, Illinois, Alaska and Texas. Obama’s had ordered the top secret report as his administration drew to a close.
https://www.scmagazine.com/russia-behind-compromise-of-seven-states-voter-registration-systems/article/747250/

Russia is going rogue; the US must contain it
Although special counsel Robert Mueller has avoided implicating the Russian government, the Internet Research Agency obviously works for it. This must have consequences for U.S. policy on Russia. Under President Vladimir Putin, the Russian Federation has abandoned the framework of international law that was established with the foundation of the United Nations and elaborated upon in the Helsinki Final Act of 1975.
http://thehill.com/opinion/national-security/375885-russia-is-going-rogue-the-us-must-contain-it

Fancy Bear targeting North American, European diplomats
No matter what the intent, any attack from Fancy Bear will stir up questions about Russia and the U.S.’s inaction after the 2016 election. Though cyber espionage is generally considered fair game by most foreign countries — it’s the leaking of information and other malicious damage associated with Russian campaigns that is problematic — Fancy Bear’s 2016 exploits make it harder to treat as a traditional espionage actor.
https://www.axios.com/fancy-bear-targeting-north-american-european-foreign-1519841075-a910f00e-226f-4fe8-adf1-0788c9239f40.html

Another massive DDoS internet blackout could be coming your way
While older, more established companies are still more likely to host their own DNS, the emergence of cloud as infrastructure means that newer companies are outsourcing everything to the cloud, including DNS. “The concentration of DNS services into a small number of hands…exposes single points of failure that weren’t present under the more distributed DNS paradigm of yesteryear[.] “The Dyn attack offers a perfect illustration of this concentration of risk–a single DDoS attack brought down a significant fraction of the internet by targeting a provider used by dozens of high profile websites and CDNs [content delivery networks].”
https://www.csoonline.com/article/3258545/cyber-attacks-espionage/another-massive-ddos-internet-blackout-could-be-coming-your-way.html

Defying Pai’s FCC, Washington state passes law protecting net neutrality
The bill comes in response to the Federal Communications Commission decision in December 2017 to scrap federal net neutrality rules. The state bill still needs the signature of Governor Jay Inslee, who previously pledged to enforce net neutrality “under our own authority and under our own laws,” calling it “a free speech issue as well as a business development issue.” Washington is apparently the first state whose legislature has passed a law that imposes net neutrality rules on all ISPs.
https://arstechnica.com/tech-policy/2018/02/fccs-attempt-to-kill-net-neutrality-challenged-by-new-washington-state-law/

Intel Releases Updated Spectre Fixes For Broadwell and Haswell Chips
According to Intel documents, an array of its older processors, including the Broadwell Xeon E3, Broadwell U/Y, Haswell H,S and Haswell Xeon E3 platforms, have now been fixed and are available to hardware partners. The company’s new microcode updates come a week after Intel also issued updates for its newer chip platforms like Kaby Lake, Coffee Lake and Skylake.
https://threatpost.com/intel-releases-updated-spectre-fixes-for-broadwell-and-haswell-chips/130144/

Misconfigured Memcached Servers Abused to Amplify DDoS Attacks
Cybercriminals behind distributed denial of service attacks have added a new and highly effective technique to their arsenal to amplify attacks by as much as 51,200x by using misconfigured memcached servers accessible via the public internet. The technique was reported by Akamai, Arbor Networks and Cloudflare on Tuesday. All said they have observed an uptick in DDoS attacks using User Datagram Protocol (UDP) packets amplified by memcached servers over the past two days.
https://threatpost.com/misconfigured-memcached-servers-abused-to-amplify-ddos-attacks/130150/

‘First true’ native IPv6 DDoS attack spotted in wild
Barrett Lyon, head of research and development, Neustar, told SC Media UK: “We’ve been expecting this event for a while, but it has now happened. We’ve also seen a real ramping up of IPV4 attacks this year too – nearly double compared to the same period in 2017 – but IPV6 attacks present some unique issues that can’t be easily solved. One example is the sheer number of addresses available to an attacker can exhaust the memory of modern security appliances…”
https://www.scmagazineuk.com/first-true-native-ipv6-ddos-attack-spotted-in-wild/article/747217/

Unprotected AWS Bucket Exposes 50.4 GB of Financial Giant’s Data
The database belonged to Birst, a Cloud Business Intelligence (BI) and Analytics firm. The exposed database contained 50.4 GB worth of data of one of Birst’s users Capital One, a McLean, Virginia based financial services giant and eighth-largest commercial bank in the United States. The leaked data contained technical information on Birst appliance specially configured for Capital One’s cyberinfrastructure.
https://www.hackread.com/unprotected-aws-bucket-exposes-50-gb-of-financial-giants-data/

Got that itchy GandCrab feeling? Ransomware decryptor offers relief
The newly developed (free) antidote works for all known versions of the ransomware. The nasty encrypts personal data on victims’ machines. Security firm Bitdefender developed the GandCrab ransomware decryption tool in collaboration with Europol and Romanian Police. The effort is the latest under the No More Ransom project.
https://www.theregister.co.uk/2018/02/28/gandcrab_decryptor/

 

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.