IT Security News Blast 03-07-2018

World Economic Forum Cybersecurity

World Economic Forum leads creation of fintech cyber security consortium
The group will create a framework to assess the security level of fintech companies and data aggregators, whose preparedness against hacks is seen as increasingly important to the stability of the wider financial industry, the companies said. The financial services sector is among the most vulnerable to cyber crime because of the vast amount of money and valuable data that banks and investment firms process each day.

Cybersecurity Is ‘Top Risk’ for Financial Services Industry
The long-term approach for the SEC in terms of cybersecurity is for the markets to develop robust protocols and dedicate sufficient resources to make firms and the markets more broadly uninviting. […] The SEC’s thinking on cybersecurity is anchored to a broad set of four principles, according to Hetner. The first is that cybersecurity should be aligned to the business strategy with support from the board all the way downstream to staff.

SEC Cybersecurity Enforcement at Watershed Moment: How Companies Should Prepare
Notwithstanding ongoing investigations, outside the broker-dealer context, the SEC has yet to file charges against a public company or its directors and officers over a cybersecurity breach or incident. That said, SEC Chairman Jay Clayton upped the ante recently, announcing that, “[p]ublic companies have a clear obligation to disclose material information about cyber risks and cyber events. I expect them to take this requirement seriously.”

Weak Healthcare Cybersecurity Employee Training Affects IT Security
Recent studies continue to show that the human factor can have a great impact on an organization’s healthcare cybersecurity measures. A lack of training could create defensive weaknesses, either through employees purposely compromising data or through inadvertent data exposure. Eighteen percent of healthcare employees are willing to sell confidential data to unauthorized parties for as little as between $500 and $1,000, according to an Accenture survey.

Healthcare Experiences Twice the Number of Cyber Attacks As Other Industries
The cybersecurity maladies afflicting healthcare manifest themselves in several ways:
·       M&A Activity Creates Vulnerabilities
·       Threat Volume
·       Threat Velocity and Variety
·       New Challenges Arising from IoMT
·       Encryption and the Need for Inspection

Healthcare Leaders Admit Serious Gaps in Data Breach Response, Survey Finds
In a survey of 154 healthcare and life sciences leaders, KPMG found that more than half (51 percent) of respondents said that written operating procedures about how to respond to a cyber attack either don’t exist or they are unaware of what those standards are for responding to varying types of cyber events and elevated incidence that impact an organization.

8 Best Practices for Working Remotely
Companies of all sizes are under attack. It is true that threat actors primarily attack large companies, but they may also target small and medium companies. Smaller companies are often more vulnerable and in a connected world, the compromise of a small company or even an individual may lead to the compromise of a larger target. Additionally, broad, untargeted attacks hit all networks, regardless of size. In this threat environment, companies use a combination of prevention, detection, and insurance solutions to mitigate the risk of breach. While good technologies and policies help, the truth is that the very employees who make the business go are a primary avenue of risk.

US senator grills CEO over the myth of the hacker-proof voting machine
Exhibit A in the case built by freelance reporter Kim Zetter was an election-management computer used in 2016 by Pennsylvania’s Venango County. After voting machines the county bought from Election Systems & Software were suspected of “flipping” votes―meaning screens showed a different vote than the one selected by the voter―officials asked a computer scientist to examine the systems. The scientist ultimately concluded the flipping was the result of a simple calibration error, but during the analysis he found something much more alarming―remote-access software that allowed anyone with the correct password to remotely control the system.

On Offer: An Integrated Dashboard for Cyber Warfare
“Like the cyber equivalent to an aircraft carrier, the Henosis prototype could incorporate and integrate cyber effects into multi-domain, air, land, maritime, and space operations,” read a Lockheed press release. “It functions as a command and control battle management visualization tool that coordinates defense cyber operations, offensive cyber operations, and cyber intelligence, surveillance and reconnaissance.”

N Korea Using Bitcoin Wealth to Fund Military Program, Ex-NSA Officer Claims
A former officer of the US National Security Agency (NSA) said that North Korea had amassed an estimated 11,000 Bitcoins and may have collected as much as $210 million by converting those into fiat money in 2017 to procure funds for its military machine. […] She theorized that North Korea had cashed in its Bitcoin hoard in December, when the value was at its peak. If the regime waited until January, then it would have collected only about $120 million. The Bitcoin price peaked at almost $20,000 on December 22.

Dutch Intel Agency: Volume, Complexity of Cyberattacks Rises
Adding its voice to fears around the world of a rise in covert digital influence and espionage, the Dutch General Intelligence and Security Service said in its 2017 report a growing number of foreign powers are using cyber espionage “to acquire information that they use for (geo) political gain.” It highlighted Russia, which it said is “extremely driven in the covert digital influencing of (political) decision making processes.” It added that the agency also has seen similar attempts by China.

False Flags in Cyberspace: Targeting Public Opinion and Political Will
In the digital age, determining the origins of cyberattacks is already difficult, but cyber actors can further muddy attribution by diverting blame for attacks to others. The intention is not necessarily to trick intelligence services – who are able to access information beyond technical forensics of the hack – but rather undermine public confidence in attribution and therefore undercut political will to respond to belligerent activity in cyberspace. This appears to be the motivation behind Russian hackers imitating North Korean hackers when attempting to disrupt the opening ceremony of the Winter Olympics in Pyeongchang, according to the Washington Post.

Google helps Pentagon analyze military drone footage—employees “outraged”
According to the Gizmodo report, some Google employees are not taking the news well: “Some Google employees were outraged that the company would offer resources to the military for surveillance technology involved in drone operations… while others argued that the project raised important ethical questions about the development and use of machine learning.”

New documents reveal FBI paid Geek Squad repair staff as informants
The aim of the FBI’s Louisville division was to maintain a “close liaison” with Geek Squad management to “glean case initiations and to support the division’s Computer Intrusion and Cyber Crime programs,” the documents say. According to the EFF’s analysis of the documents, FBI agents would “show up, review the images or video and determine whether they believe they are illegal content” and seize the device so an additional analysis could be carried out at a local FBI field office. That’s when, in some cases, agents would try to obtain a search warrant to justify the access.

Law Enforcement as a Counterintelligence Tool
[The] value of law enforcement as a counterterrorism tool doesn’t necessarily mean it has equal value as a counterintelligence tool. In fact, there are reasons to be skeptical about the value of indictments, at least, in dealing with state actors such as foreign military personnel engaged in cyber espionage from their home countries. One of the key arguments I made in proposing the value of law enforcement efforts against terrorism was that “we should use the tool that is best suited for the problem we face.”

Call for more women speakers spurs rival California cyber security conference
Sandra Toms, vice president and curator at RSA Conference, said in an interview that critics may see the situation differently once her team finishes unveiling speakers soon. The event drew 43,000 attendees last year. Diversity is “something we’re all keenly aware of and trying to influence more positively,” Toms said. But OURSA organizers decided in recent days to launch anyway after deeming the assurance insufficient.

World’s biggest DDoS attack record broken after just five days
Last week, the code repository GitHub was taken off air in a 1.3Tbps denial of service attack. We predicted then that there would be more such attacks and it seems we were right. Arbor Networks is now reporting that a US service provider suffered a 1.7Tbps attack earlier this month. In this case, there were no outages as the provider had taken adequate safeguards, but it’s clear that the memcached attack is going to be a feature network managers are going to have to take seriously in the future.

POS Malware Found at 160 Applebee’s Restaurant Locations
RMH Franchise Holdings, which owns and operates more than 160 Applebee’s stores across the U.S., said that it recently discovered malware infecting its point of sale systems (POS). The malware may have enabled hackers to steal certain guests’ names, credit or debit card numbers, expiration dates and card verification codes processed during limited time periods. Stores were impacted on varying dates, with most POS systems first hit in either November or December 2017 until January, according to RMH’s website.

ComboJack Malware Steals Cryptocurrency by Modifying Addresses
The malicious emails contain the subject line “Re: passport…” The attackers trick recipients into opening a PDF attachment that supposedly contains a scanned copy of a passport the recipient has mistakenly left in the email sender’s office. The file does not show the scanned passport image but displays a request to open another file, which is actually an embedded RTF file. This RTF file contains an embedded remote object.

Miner vs miner: Attack script seeks out and destroys competing currency crafters
Pre-infection, the attack script checks whether a target machine is 32-bit or 64-bit and downloads files known to VirusTotal as hpdriver.exe or hpw64 (they’re pretending to be HP drivers of some kind).If successfully installed, the attack then lists running processes and kills any it doesn’t like. Mertens noted that alongside ordinary Windows stuff, the list of death-marked processes includes many associated with cryptominers, some of which are listed below.



Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.