IT Security News Blast 03-12-2018

Cybersecurity on the High Seas

North Korea Inflicts Financial Cyber Attack on Turkey
McAfee states that no money was stolen in the cyber attacks, but that these could be laying the groundwork for large-scale hacks on Turkey in the future. The crime, first detected between March 2 and March 3, used a sample in the “Bankshot” malware family. Bankshot can linger on networks and servers, allowing continued exploitation long after the initial infection.

Cyber risks to your finances are rising as big banks rely on the oligopoly of big tech
The idea of third-party tech-related vulnerability problems comes as banks undergo a great digital transformation, shuttering brick-and-mortar branches and pouring billions of dollars into technologies to manage and upgrade their businesses. The future for financial institutions involves mobile and online banking, as well as the potential use of artificial intelligence and automation to reduce costs.

Cyber Security at Sea: The Real Threats
The good news is that only 30 percent of those responding to the survey had no appointed information security manager or department, meaning that the majority of companies have a resource able to respond and mitigate any attack. However, the survey did reveal that there are still a lot of employees who have not received cyber awareness training of any kind, which means the shipping industry must try harder, for its own security. Additionally, only 66 percent of those questioned said that their company had an IT security policy, which is a serious cause for concern; IT security cannot be approached on an ad hoc, incident by incident basis.

TLS 1.3: better for individuals – harder for enterprises
The IETF will soon publish version 1.3 of the TLS specification. Version 1.3 addresses a number of things to make the protocol fit for the future[.] […] What this means is that enterprises will have to proxy each and every TLS 1.3 connection – whether they need to or not – and for the entire duration of the connection. This reduces the privacy of the employees in that enterprise, massively increases equipment and power costs, and probably increases overall technical risk for the enterprise and its employees. Clearly, that’s not a great outcome.

Cybersecurity for connected healthcare
The key tenets of the cybersecurity are the Inventory of hardware and software, Prioritization of the critical data and applications, Monitoring, Advanced Defense with Secure SDLC and Testing. We will also focus on a few of the key regulations for the healthcare devices and in the value chain.

HIMSS18: Cybersecurity Take-Aways
What all healthcare entities – big and small, urban and rural – seem to be finally realizing is that they’re all sitting ducks unless they act, stat. My general impression from an all-day cybersecurity forum held March 5, for example, is that security is progressively becoming a much bigger worry for most organizations, including smaller entities that have no CISO and aren’t familiar with nomenclature such as the “NIST cybersecurity framework” or acronyms, including DDoS.

What Keeps Healthcare Cybersecurity Innovators Up at Night
The rise of body sensors, networked devices, artificial intelligence, and whatever else Silicon Valley may dream up is bringing medicine to a new point in its growth. Leslie Saxon, MD, called this convergence a “unique handshake” between machines and humans—one that might augment healthcare or foster poor decisions. But a clear danger exists. “Cybersecurity is really the Achille’s heel of this vision,” she said.

Cyberattack Worries: Tennessee Campaign Fears It Was Hacked
The U.S. Senate campaign of former Tennessee Gov. Phil Bredesen has told the FBI it fears it has been hacked by someone who tried to scam it into wiring money. In the letter dated Thursday and obtained by The Associated Press, campaign lawyer Robert E. Cooper Jr. says someone pretending to be the campaign’s media buyer asked for money to be wired to an international account. The report comes amid growing concern that candidates in the 2018 election could be targets of cyberattacks.

Russia will launch ‘major cyber attack’ if UK applies new sanctions, experts warn
BRITAIN should brace itself for a major cyber attack by Russia if Theresa May applies tough new sanctions against Moscow following the attempted assassination of Sergei Skripal, experts warned last night. […] “We must retaliate by seizing all Russian assets, especially in London, but the Government must then prepare us for retaliation by Russia. In my view we will be hit by a cyber attack in the UK just as we’ve seen in France, Germany, Bulgaria, Ukraine and Estonia.” Last month General Sir Nick Carter, head of the Army, warned that Britain was dangerously exposed to Russian cyber attacks, adding: “The time to address these threats is now.”

China’s national vulnerability database is merely a tool for its intelligence agencies
The database (CNNVD) is on average two times faster in posting vulnerabilities, and it is significantly more comprehensive than its U.S. counterpart, but researchers showed in November that China’s intelligence community effectively runs the database. The Ministry of State Security (MSS), where the CNNVD is housed, evaluates vulnerabilities before they are published to see if they can be used in intelligence operations. Now, Chinese officials are doctoring initial vulnerability publication dates in what appears to be a sloppy cover-up, researchers say.

Senators demand cyber deterrence strategy from Trump
A bipartisan group of senators is pressing President Trump to issue a national strategy for deterring malicious activity in cyberspace “as soon as possible,” accusing successive administrations of not giving enough urgency to the issue. “The lack of decisive and clearly articulated consequences to cyberattacks against our country has served as an open invitation to foreign adversaries and malicious cyber actors to continue attacking the United States,” the senators wrote in the letter, obtained by The Hill.

Trump is right to move carefully on Russian cyber attacks
A White House official told me on Tuesday that these measures are contentious within the wider government. Rogers and the NSA for example are looking for more authority to begin staging these kinds of attacks, asking for what the NSA in a recent strategy paper called greater “agility” to quickly approve operations as threats gather. Meanwhile others inside the administration, like Secretary of State Rex Tillerson and Secretary of Defense James Mattis, are wary. There are risks to America’s broader reputation if a cyber weapon causes broader damage to the digital infrastructure of allies or countries that were not the target of the attack. This is what happened in the case of a Russian virus, NotPetya, deployed initially against Ukraine’s banking infrastructure that spread into the wider internet.

How Will New Cybersecurity Norms Develop?
Norms can be suggested and developed by a variety of policy entrepreneurs. For example, the new non-governmental Global Commission on Stability in Cyberspace, chaired by former Estonian foreign minister Marina Kaljurand, has issued a call to protect the public core of the internet (defined to include routing, the domain name system, certificates of trust, and critical infrastructure). Meanwhile, the Chinese government, using its Wuzhen World Internet Conference series, has issued principles endorsed by the Shanghai Cooperation Organization calling for recognition of the right of sovereign states to control online content on their territory.

NRA Websites Targeted by DDoS Attack, Cyber Security Report Shows
Given the timing, it’s likely that NRA-directed attacks are politically motivated. The pro-gun organization has been under heavy fire in recent weeks following the Parkland school shooting on February 14 when a gunman shot and killed 17 people with a legally purchased AR-15. Over the past month, brands have dropped discount deals with the NRA, teenagers have lambasted the organization on television, and celebrities have heavily criticized the NRA on social media.

Fight cyber attacks with cyber retaliation
What if one wintry day the Kremlin’s power grid suddenly blew out? Or if Moscow’s air traffic control system failed as Putin prepared to travel? We know from satellite images when Pyongyang is preparing a missile test. What if, oh, say, a future missile exploded on the launch pad? Or better yet, flew up, turned around and came back down on its own launch site? Well, gee, you know, making ICBMs is dangerous business.

Potent malware that hid for six years spread through routers
“The discovery of Slingshot reveals another complex ecosystem where multiple components work together in order to provide a very flexible and well-oiled cyber-espionage platform,” Kaspersky Lab researchers wrote in a 25-page report published Friday. “The malware is highly advanced, solving all sorts of problems from a technical perspective and often in a very elegant way, combining older and newer components in a thoroughly thought-through, long-term operation, something to expect from a top-notch well-resourced actor.”

The Slingshot APT FAQ
While analysing an incident which involved a suspected keylogger, we identified a malicious library able to interact with a virtual file system, which is usually the sign of an advanced APT actor. This turned out to be a malicious loader internally named ‘Slingshot’, part of a new, and highly sophisticated attack platform that rivals Project Sauron and Regin in complexity. The initial loader replaces the victim´s legitimate Windows library ‘scesrv.dll’ with a malicious one of exactly the same size. Not only that, it interacts with several other modules including a ring-0 loader, kernel-mode network sniffer, own base-independent packer, and virtual filesystem, among others.

Vulnerability in Robots Can Lead To Costly Ransomware Attacks
“It stands to reason, then, that service and/or production disruption is another strategy for attackers. Instead of encrypting data, an attacker could target key robot software components to make the robot non-operational until the ransom is paid,” according to an IOActive Labs whitepaper on the vulnerability, released at SAS on Friday. The NAO and Pepper robots, priced around $10,000, are some of the most widely used research and education robots in the world, with 20,000 Pepper robots deployed in 2,000 businesses worldwide, and 10,000 NAO robots in use globally.

Police issue warning after cameras at women’s apparel shop hacked
According to police, an unidentified 41-year-old man was arrested on Wednesday after he allegedly used his computer to hack into the CCTV system at a high-end boutique in northern Tel Aviv and recorded customers as they undressed and tried on bathing suits. While details of the incident remain unclear due to a gag order, police said the suspect subsequently posted the videos to a social media page.



Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.