IT Security News Blast 03-02-2018

Preventative Cybersecurity Not Enough

Why Cybersecurity Is About More Than Prevention-Focused Products
“It’s not a matter of if but when” is a common industry warning to companies about the dangers they face of being breached. The truth, however, is even more sobering. “When” has come and gone — there’s a good chance you’ve already been compromised, and you need to find the breach. To do so requires shifting from a preventative mindset to one centered on threat detection and response and allocating your cybersecurity budget accordingly. Spending in this area is already a top priority for many organizations.

Equifax Releases Updated Information on 2017 Cybersecurity Incident
The methodology used in the company’s forensic examination of last year’s cybersecurity incident leveraged Social Security Numbers (SSNs) and names as the key data elements to identify who was affected by the cyberattack.  This was in part because forensics experts had determined that the attackers were predominately focused on stealing SSNs. Today’s newly identified consumers were not previously informed because their SSNs were not stolen together with their partial driver’s license information.

Financial Cyber Threat Sharing Group Phished
The Financial Services Information Sharing and Analysis Center (FS-ISAC), an industry forum for sharing data about critical cybersecurity threats facing the banking and finance industries, said today that a successful phishing attack on one of its employees was used to launch additional phishing attacks against FS-ISAC members.

Mergers, acquisitions and cyber risks
It has been standard procedure in the past to engage cybersecurity specialists later in the process. We now know the cybersecurity analysis should begin as early as possible in order to map out and understand areas of risk for both of the companies involved, with the merger and acquisition (M&A) team performing a thorough cybersecurity investigation.

Some Health Employees Willing to Sell Confidential Data, Survey Finds
Nearly one in five health employees (18 percent) said they would be willing to sell confidential data to unauthorized parties, according to a new survey from consulting and services company Accenture. The survey, of 912 employees of provider and payer organizations in the U.S. and Canada, found that the 18 percent of respondents willing to sell confidential data to unauthorized parties would do so for as little as between $500 and $1,000.

Imaging systems biggest security risk in healthcare
The report reveals that the most common types of security risks were found to originate from user practice issues such as using embedded browsers on medical workstations to surf the web, conduct online chat or download content, which accounted for 41% of all security issues identified. This was followed by outdated operating sytems or software such as the use of legacy Windows versions, obsolete applications and unpatched firmware.

OCR Highlights 8 Tips for Avoiding Healthcare Phishing Attacks
Healthcare phishing attacks are becoming more sophisticated, which is why organizations must remain vigilant in their detection measures, OCR explained in its recent cybersecurity newsletter. Hackers can take advantage of popular holidays to try and take advantage of individuals, and phishing attacks are also common during tax season, the agency stated. Spear phishing can also be especially damaging to healthcare.

Marines Create New Cyberwarfare Career Field
Among the newly created jobs are two officer MOSs, cyberspace officer and cyberspace warfare development officer; two warrant officer positions, offensive cyberspace weapons officer and defensive cyberspace weapons officer; and three enlisted jobs, cyberspace effects operator, cyberspace defensive operator, and cyberspace operations chief.

Dems press Trump on response to Russian cyber threat
Trump has provoked criticism from even those in his own party for not confronting Russia over its behavior. He has also drawn the ire of some Republicans for casting doubt on the U.S. intelligence community’s conclusion that Russia interfered in the 2016 presidential election in order to help him win against Democratic challenger Hillary Clinton.

Infamous Russian Cyber-Espionage Group Hacks German Government
APT28, an infamous cyber-espionage unit that many security firms believe is acting at the behest of the Russian government, has hacked various German government agencies for more than a year. According to German news agency dpa, Russian hackers infiltrated computers on the network of the German Foreign Ministry, the German Defence Ministry, the German Chancellery, and the Federal Court of Auditors.

US spy chiefs look to UK for guidance in cyber security battle
A US intelligence official told the Financial Times that US intelligence is braced for the cyber threat to “get worse”, likening the US to a city at the bottom of a dam that is fast developing cracks. […]
“The UK example is interesting,” said the US intelligence official, adding America has not been able to address the cyber threat. The official cited the UK’s effort to develop a national cyber strategy and house its own cyber security protection regime within each of the intelligence agencies, adding the US has “not yet done any of this”.

NATO and allies struggle over control of cyber capabilities during future crises
NATO and its 29 nations are grappling over how best to provide the alliance with the cyber capabilities its military leadership would need during times of crisis. The main issue revolves around control of the capabilities, and has not been resolved despite months of discussion. “There’s general agreement on the need, but not who should do it,” a NATO official told Jane’s on 27 February. “There are a lot of national sensitivities involved.”

How & Why the Cybersecurity Landscape Is Changing
1. Malware is becoming self-propagating.
2. Ransomware isn’t only for ransom
3. Adversaries are stepping up their evasion capabilities.
4. The Internet of Things (IoT) is becoming a significant threat vector.

70% of cybersecurity professionals are ‘open’ to a job change
Only 15% of cybersecurity professionals do not plan on leaving their current position, according to an (ISC)2 survey of 250 cybersecurity professionals in the U.S. Of that percent, most are mid-career professionals who are satisfied with their pay and feel “heard” in their smaller companies. While 70% of respondents are open to a “change,” they are not actively searching for a new job in 2018.

Cybersecurity at power plants needs advice it can actually use
More than 60 percent of vulnerability warnings said critical infrastructure could get hijacked, while 71 percent of reported vulnerabilities that year could disrupt a person’s ability to monitor systems, according to the report. In these warnings, up to 72 percent of the advisories told IT teams only to patch their systems. Except “patch your system” means nothing for 64 percent of critical infrastructure, according to the report.

Bug in HP Remote Management Tool Leaves Servers Open to Attack
Hewlett Packard Enterprise has patched a critical vulnerability in its remote management hardware called Integrated Lights-Out 3 that is used in its popular line of HP ProLiant servers. The bug allows an attacker to launch an unauthenticated remote denial of service attack that could contribute to a crippling on vulnerable datacenters under some conditions. The vulnerability (CVE-2017-8987) is rated “high severity”, with a CVSS base score of 8.6, and was discovered by Rapid7 researchers in September. HPE publicly reported the bug on Feb. 22 and has made patches available.

Intel’s latest set of Spectre microcode fixes is coming to a Windows update
Microcode updates have two main distribution channels. The first is system firmware; the firmware can update the processor during system boot. […] The second route to distribution is through the operating system installing new microcode. Windows has microcode drivers for Intel and AMD processors and will update their microcode when it starts up.

Github hit by 1.35 Tbps DDoS attack; the largest ever
The online version control and code distribution platform Github has suffered a series of massive distributed denial of service (DDoS) attacks on Wednesday, February 28, 2018, causing service disruption by forcing its website to go offline. In the first phase of the attack, Github’s website suffered a shocking 1.35 terabits per second (Tbps) spike while in the second phase Github’s network monitoring system detected 400Gbps spike. The attacks lasted for over 8 minutes and due to the massive traffic used by the attacks, this is the largest DDoS attack ever witnessed.

Ad Network Circumvents Ad-Blocking Tools To Run In-Browser Cryptojacker Scripts
Cryptojackers are getting resourceful and have figured out how to bypass ad-blocking software and deliver the Coinhive JavaScript miner via browser-based ads. Researchers at Qihoo’s Netlab 360 said it recently spotted an advertising network  that was using what is called a domain generation algorithm tool to evade ad-blocking tools and serve up ads that link to landing pages that contain the cryptominer Coinhive. Researchers are not identifying the ad network, but they said that since 2017 the provider has used domain generation algorithms (DGA) to effectively circumvent ad blockers.



Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.