IT Security News Blast 03-09-2018

Cyberattack on Turkey

North Korea linked to cyberattack on Turkey’s financial sector
The attacks used a new variant of malware known as “Bankshot.” No money appears to have been taken in the attacks, but the researchers warned that they could be a precursor of future heists. “Bankshot is designed to persist on a victim’s network for further exploitation; thus the Advanced Threat Research team believes this operation is intended to gain access to specific financial organizations,” the researchers wrote in the report released Thursday.

IRS Warns About New Cyber Scam Targeting Taxpayers
In one version of the scam, criminals posing as debt collection agency officials acting on behalf of the IRS contact taxpayers to say a refund was deposited in error, and ask the taxpayers to forward the money to their collection agency. In another version, the taxpayer who receives the erroneous refund gets an automated call with a recorded voice saying the person is from the IRS.

Japan to punish cryptocurrency exchanges for flaws in customer protection and anti-money laundering measures
The move would be the second such order given by regulators to Coincheck since the hack in late January, which was one of the largest thefts of digital money ever. The FSA will mete out the punishments after uncovering flaws in customer protection and anti-money laundering measures during on-site checks at the exchanges. It was unclear exactly which exchanges would be targeted, or what form the punishments would take.

Chinese company Huawei ‘a substantial risk’ to cyber security, expert says
The Australian Prudential Regulation Authority has called on banks, insurance companies and superannuation funds to improve their cyber security policies. It comes just days after the US Director of National Intelligence Dan Coats also issued a similar warning. And as both the US and Australia face increasing cyber security threats, there are calls for the two nations to cooperate on cyber security in the Indo-Pacific region.

Health-Care Extortion Goes Digital
Cyber extortion can also go well beyond financial demands. “Beyond the threat of crippling financial demands from a hacker, there’s the terrifying prospect of denial of service attacks on certain medical devices that could interfere with a facility’s clinical capabilities and disrupt treatment,” Jeremy D. Sherer, a health-care attorney with Hooper, Lundy & Bookman PC in Boston, told me.

Connected medical device security, AI battle health hackers
Health IT security executives need to create an inventory of wireless diagnostic equipment if they want to carry out an effective program to ensure connected medical device security. “A good inventory of a hospital’s medical devices is important because, from that inventory, you can do all of the typical security checks like risk assessment, mitigation management, patch management, network isolations and updating security software,” Kusche explained.

Corporate boards will face the spotlight in cybersecurity incidents
The impact of a data breach should not be underestimated. A breach can lead to regulatory investigations by a number of agencies, including the Federal Bureau of Investigation, Secret Service, Immigration and Customs Enforcement as well as through enforcement actions by regulators including State Attorneys General, the Federal Trade Commission (FTC) and the Securities and Exchange Commission (SEC), among many others.

Healthcare ransomware attacks threaten patient safety
Of course, the traditional cybersecurity specter is still hovering: hacker-triggered health data breaches that have terrorized healthcare organizations since electronic health records proliferated in the industry in the 2000s. […] Not so with healthcare ransomware attacks. Patients’ physiological health is at stake here — even if patients are only collateral damage in cybercriminals’ blackmail campaigns and there’s no evidence of any concerted attack on a specific person.

It is becoming increasingly unclear how the US is countering Russian cyber attacks
Speaking to lawmakers on Thursday, the top U.S. general in Europe told lawmakers that the U.S. does not have a satisfactory understanding of Russian cyber infrastructure nor an effective approach to deal with cyber threats. […] The general’s comments came after multiple military and intelligence officials have said that they have yet to receive directives from President Donald Trump to combat the online onslaught from Russia.

Cyber Operations and the U.S. Definition of “Armed Attack”
The greater extent to which the United States, in particular, is engaged in cyber activities across the world that will be considered a use of force by other States, the greater license the United States may be handing those States to use force—whether in the cyber or kinetic realm—in response. That is, if those States adopt a view similar to the United States that “the inherent right of self-defense potentially applies against any illegal use of force.”

How To Recruit Young Cyber Warriors When There Aren’t Enough
Deloitte, which is building a substantial cyber warfare portfolio, put on a Capture the Flag game where five teams of college hackers had to find code clues and evade traps. […] How deep is the hunger for talented hackers? Ryan Roberts, a senior manager for Deloitte, said he was passionate about the Hackathon “because we really do have a shortage of the sort of people that can help defend the nation.” He confirmed the hackathon does help the company find “likely hires.”

African Union Bugged by China: Cyber Espionage as Evidence of Strategic Shifts
Although this sort of spycraft is fairly routine, it signals Africa’s growing strategic importance to China. In a world of finite resources, states spy on states that matter to them. China seems to have calculated that the hard power benefits of accessing internal AU data to gain the upper hand in negotiations with African leaders outweighed the soft power benefits that came with building them a headquarters.

Olympic Destroyer: A False Flag Confusion Bomb
“Perhaps no other sophisticated malware has had so many attribution hypotheses put forward as the Olympic Destroyer,” said Vitaly Kamluk, researchers with Kaspersky Lab who co-authored a report released today on the attacks.  “Given how politicized cyberspace has recently become, the wrong attribution could lead to severe consequences and actors may start trying to manipulate the opinion of the security community in order to influence the geopolitical agenda.”

Kill Switch Can Mitigate Massive DDoS Attacks Via Memcached Servers
Corero researchers have already tested it to be 100% effective on live attacking servers. Given that still there are over 12,000 exposed Memcached servers that can be accessed, it is indeed good news that Corero researchers are able to send back attackers’ commands. It is done by using simple commands like “shutdown\r\n”, or “flush_all\r\n” in a loop to prevent amplification; the flush_all command will flush the entire content including keys and their values that are stored in the cache.

Dutch police detail how they became the admins for Hansa dark web market
Thanks to Tor, these online souks are difficult to trace and shut down but – after getting the tip – the Dutch decided to go several stages further and try to destroy the reputation of these kinds of markets, get all of the vendors, and confiscate their BitCoin. “We wanted the world to know that you cannot count on staying anonymous online and commit a crime – even on the dark web,” Gert Ras, head of the Netherlands National High Tech Crime Unit, told the Kaspersky Security Analyst Summit.

GDPR – Three Things You Can Do Now to Prepare
To implement the changes required to comply, most companies will need to combine expert guidance, technology and employee training. But with 100 days until the deadline, companies that have not yet adequately prepared for it should focus on at least three critical steps to dramatically improve GDPR readiness and the ability to demonstrate compliance before the deadline. These include:
Determining the distinction between data controller and data processor
Determining high-risk data processing activities
Managing user consent at scale–three-things-you-can-do-now-to-prepare/article/749140/

Insecure by design: What you need to know about defending critical infrastructure
Sixty-four percent of all ICS-related patches issued in 2017 don’t fully address the risk because the components were designed to be insecure, Dragos concluded in a report submitted to the Senate. Worse, major vendors have bungled security patches in recent months, the Dragos report says, resulting in outages that have cost companies money. Patching an industrial control system that makes widgets or pumps water is more complicated than rebooting an office desktop PC, and OT networks are a lot less tolerant of downtime.

Russians are hacking our public-commenting system, too
For example, in the course of its deliberations on the future of Internet openness, the FCC logged about half a million comments sent from Russian email addresses – but, even more unnerving, it received nearly eight million comments from email domains associated with with almost identical wording. Researchers, journalists, and public servants have found a wide range of fake comments and stolen identities in the public proceedings of the Labor Department, Consumer Financial Protection Bureau, Federal Energy Regulatory Commission, and Securities and Exchange Commission.

Gozi Banking Trojan Uses “Dark Cloud” Botnet for Distribution
The campaigns Talos has observed over the past few months are relatively low-volume, target specific organizations, and reveal significqant effort into the creation of convincing emails. Not only are the distribution and the command and control (C&C) infrastructure active for short periods of time only, but the actors behind them also move to new domains and IP addresses fast, even for individual emails sent as part of the same campaign.

GOP tries to block state net neutrality laws and allow paid prioritization
The Open Internet Preservation Act would prohibit ISPs from blocking or throttling lawful Internet content but clear the way for paid prioritization or “fast lanes.” US Sen. John Kennedy (R-La.) declared that “some cable companies and content providers aren’t going to be happy with this bill because it prohibits them from blocking and throttling Web content.” In reality, Comcast and other ISPs have generally said they won’t block or throttle lawful Internet traffic. Allowing paid fast lanes would be a major concession to the broadband industry—see our previous story, “AT&T describes post-net neutrality plans for paid prioritization.”



Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.