IT Security News Blast 03-05-2018

Cybersecurity Hyperbole

Ethereum fixes serious “eclipse” flaw that could be exploited by any kid
So-called eclipse attacks work by preventing a cryptocurrency user from connecting to honest peers. Attacker-controlled peers then feed the target a manipulated version of the blockchain the entire currency community relies on to reconcile transactions and enforce contractual obligations. Eclipse attacks can be used to trick targets into paying for a good or service more than once and to co-opt the target’s computing power to manipulate algorithms that establish crucial user consensus.

Hyperbole won’t help us address cyberthreats
In order to attract attention to the issue, the IT security commentators exaggerate the problem in popular discourse. They highlight worst-case scenarios, or attacks in the millions, failing to distinguish between the consequential and insignificant. They refer to the sinister capabilities of China and Russia, yet refer less to the inherent resilience of the system, the capabilities of Western democracies to defend themselves or counterattack.

Six Common Misconceptions About Cybersecurity
Interest in cybersecurity is escalating across the legal profession, reflecting the complex and potentially catastrophic threats that clients, particularly financial services firms, now face. […] Because these risks are deep and potentially disastrous, lawyers are increasingly tasked with counseling clients about how to contain them. Frequently this requires dispelling clients’ misconceptions about those risks and effective countermeasures. Below we explore each of six such misconceptions that often beset organizations.

New Cyber Security Style Guide helps bridge the communication gap
It doesn’t matter how great the research is, or the pentest, or the report, or your new security policy if no one reads it or understands it. When politicians make bad laws because they don’t understand cryptography, society suffers. When random retirees start pouring their nest eggs into ICOs (because “crypto”), society suffers. When rank-and-file employees ignore security policies because they don’t understand them or find them too restrictive, business suffers.

Securing Healthcare Data and Applications
In the end, the attacker’s ability to monetize is predicated upon either disrupting operations or stealing data. A data and application security solution provides the tools to protect your site and specifically to protect the privacy of patient records. These solutions protect the healthcare site from hackers who attempt to breach or disrupt the site and also provide protection to safeguard patient data.

Healthcare sector’s biggest threats come from insiders, report
Workers driven by financial gains such tax fraud or opening lines of credit with stolen information accounted for 48 percent of those incidents; fun or curiosity in looking up the personal records of celebrities or family members accounted for 31 percent, and simple convenience accounted for 10 percent. Corrupt insiders weren’t the only threat to healthcare organizations. Of the incidents involving malicious code, the report found 70 percent were the result of ransomware, a figure similar across all business sectors.

A Risk-Based Security Approach Helps Healthcare Protect Data Beyond HIPAA
Obligations under Health Insurance Portability and Accountability Act (HIPAA) and other regulations often leave a healthcare organization implementing security controls in “check-the-box” mode. While this approach may lead to improved security, it fails to look at the operation in a comprehensive manner. Regulatory bodies have narrow scopes of interest, designing regulations specifically to protect the confidentiality of certain pieces of regulated information.

ICS vulnerabilities could be exploited to cause ‘severe operational impact,’ report warns
Research from Dragos, released in a trio of reports under the umbrella “A Qualitative View of 2017,” revealed that 61 percent of 163 industrial control vulnerabilities discovered last year could be exploited to cause “severe operational impact.” And the results showed that a new group, dubbed Covellite, has been using code and infrastructure similar to the North Korean-backed Lazarus Group to launch spearphishing campaigns against electric utilities in Europe, Asia and the U.S.

German government hack was part of worldwide campaign: sources
A powerful cyber attack on Germany’s government computer network was part of a worldwide campaign likely carried out by a Russian hacker group known as Snake, sources briefed on the incident said on Friday.  […] German media reported that the attackers installed malicious software on 17 computers, including one that belonged to a defense ministry official who was seconded at the time to the foreign ministry.  […] It said the attack was targeted at Ukraine and other former Soviet republics, countries in South America, the Baltic states and Scandinavia.

Trump doesn’t want to escalate Russian cyber war, says Eli Lake
Finally, there is the very real prospect of escalation. Columbia University researcher and cyber expert Jason Healey made this point in a piece this week. He wrote that Russian President Vladimir Putin saw his election interference in 2016 as a response to what he perceived was the U.S. government’s role in releasing the Panama Papers, a trove of secret bank records that exposed offshore wealth hidden by a number of high government officials, including Putin.

Putin doubled down on a familiar and misleading claim when he explained why he’ll ‘never’ extradite the Russians charged in the Mueller investigation
·       Russian President Vladimir Putin told NBC’s Megyn Kelly last week that he would “never” extradite the 13 Russian nationals who were charged by special counsel Robert Mueller with conspiring to interfere in the 2016 US election.
·       He denied any knowledge of their actions and added that the defendants “do not represent the Russian state” or “the Russian authorities.”
·       The assertion spoke to a key tactic the Kremlin often employs: using “cyber proxies” who operate outside the government to carry out its goals, allowing the Russian government to maintain plausible deniability.

Israel Covertly Contacted American Cyber Companies to Purchase Hacking Tools, Letter Reveals
“The Government of Israel Ministry of Defense (GOI-MOD) is interested in advanced Vulnerabilities R&D and zero-day exploits for use by its law enforcement and security agencies for a wide variety of target platforms and technologies,” reads the document, which was reportedly sent out by Israel’s acquisition team in the U.S.

Warrantless surveillance a big disadvantage for the US tech sector
Foreign companies are becoming increasingly concerned about working with U.S. businesses where their user’s data may be subject to U.S. surveillance. The European Parliament’s civil liberty committee, for example, was presented with a proposal stating that every American website place a disclaimer to EU citizens alerting them that their conversations could be monitored.

Girl Scouts fight cybercrime with new cybersecurity badge
For the first time, millions of Girl Scouts nationwide are taking on hacking and cybercrime as they work towards earning newly introduced cybersecurity badges. Girl Scouts of the USA teamed up with security company Palo Alto Networks to devise a curriculum that educates young girls about the basics of computer networks, cyber attacks, and online safety.

Women cybersecurity leaders: RSA Conference can’t find you
At a major cybersecurity event in April, the only woman out of 20 keynote speakers is a social commentator. Her name is Monica Lewinsky, and she advocates to prevent cyberbullying. […] The dustup reflects a persistent problem in tech that happens to be even worse in cybersecurity. Women work in just 11 percent of jobs in this field (PDF). That’s bad because security companies say they can’t hire skilled people fast enough. Alienating women with the potential to excel at cybersecurity could make us all less safe, especially as hackers continually hammer computer networks to steal our sensitive information.

In Wake of ‘Biggest-Ever’ DDoS Attack, Experts Say Brace For More
“This massive DDoS attack was possible because organizations operating memcached servers failed to implement some very basic security practices,” said Sammy Migues, principal scientist at Synopsys. “Unless the unwitting operators of these memcached servers take corrective action, it is inevitable that other ill-equipped targets will fall victim to similar DDoS attacks and suffer a much longer outage.”

DDoS Attacks Now Launched with Monero Ransom Notes
“The payload is the ransom demand itself, over and over again for about a megabyte of data. We then request the Memcached ransom payload over and over, and from multiple Memcached servers to produce an extremely high volume DDoS with a simple script and any normal home office Internet connection. We’re observing people putting up those ransom payloads and DDoSsing people with them.”

RedDrop nasty infects Androids via adult links, records sound, and fires off premium-rate texts
The RedDrop nasty also harvests and uploads files, photos, contacts, application data, config files and Wi-Fi information from infected kit. Both Dropbox and Google Drive are being used as temporary storage by the attackers. Infected devices submit expensive SMS messages to a premium service, enriching crooks in the process. Hundreds of infections related to the malware have been spotted by security firms, with Chinese users among the most heavily affected.

Bitcoin thirst spurs Icelandic heist—“Grand theft on a scale unseen before”
Eleven people have been arrested in Iceland as a result of what local media are calling the “Big Bitcoin Heist”—600 mining computers were recently stolen from Icelandic data centers in four separate burglaries between December 2017 and January 2018. […] So far, a Reykjanes District Court judge ordered two of the 11 arrested individuals to remain in custody. Apparently, the specialized machines have not yet been located and are worth approximately $2 million.



Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.