IT Security News Blast 03-13-2018

Forensic Analysis of Digital Media

Forensic Analysis of Digital Media – 4 Methods Explained
Imagine your computer getting infected with malware or getting compromised, and you suspect evidence of a crime that you’d like to see prosecuted. After taking the necessary steps to securely obtain a forensically-sound and legally-defensible image, we must conduct an analysis to determine the suspected series of events. While true forensic methodologies can be extremely time-consuming and complex, let’s discuss four of the most common techniques and methodologies used during an image analysis.

Get hit by internet crime? Good luck getting help from some local police
International cyber gangs prey upon U.S. victims by hacking their computers to obtain credit card and Social Security numbers to defraud banks and retail outlets. But other crimes are also on the rise. “They are things like, ‘My ex is tracking me with spyware on my phone,’ or ‘My neighbor has hijacked my wireless and is doing illegal things.’ There’s nobody to tell about this,” said Michael K. Hamilton, founder and president of Critical Informatics, an information security firm that operates out of Bremerton, Washington.

Cybersecurity must be a hands-on boardroom concern, expert says
Despite signs that risk management in the healthcare space is maturing, dangerous cybersecurity gaps still loom and provider confidence in their own ability to stop an attack is flat, according to the third annual HIMSS Analytics and Symantec IT Security and Risk Management report, unveiled at the HIMSS18 global conference this week. In order to enable lasting and meaningful change, providers must move cybersecurity out of IT and into the boardroom, the study said.

Cybersecurity Report: Stakes are High, but Healthcare Orgs Ill-Equipped
What’s more, hackers, who are eager to cause chaos, steal or hold data for ransom subject healthcare organizations to all types of attacks. The exploitation of existing software vulnerabilities greater than three months old leads the way at 71 percent, followed closely by Web-borne malware attacks at 69 percent. While the report found many traditional attack types being used, the rise of ransomware—at 37 percent—”should raise alarm as this is a new and lucrative attack vector.

Healthcare cyber-attacks doubled in last year
Looking at the healthcare sector; the number of publicly disclosed security incidents in the healthcare industry decreased by 78% in the fourth quarter of last year. However overall figures demonstrate a severely concerning number of attacks across the entire year, totalling a 211% increase overall in 2017. The majority of these incidents were found to be caused by organisations failing to comply with security practices.

3 Ways Small Businesses Can Overcome the Dearth of Cybersecurity Talent
Outsourcing can be particularly appealing because it allows SMBs to hire expert providers to manage security serv­ices on their behalf, meaning less likelihood of potential missteps by a smaller, more burdened team. […] For SMBs looking to overcome the current shortage of cybersecurity talent, it’s important to explore all ­available options to ensure privacy and reliability for customers, partners and all stakeholders.

Small Business Employees, ‘Frenemies’ Threaten Cybersecurity
31 percent of small businesses across the globe have been the victim of a cyberattack, meaning Canadian SMBs are more likely than their international peers to have been hit. 47 percent of external agents of fraud were ‘frenemies’ of the SMB, meaning the small businesses that fell victim to external fraud had some type of partnership with the perpetrator. The fraudster, PwC found, may have been an agent, supplier, service provider or customer.

BankThink Government needs to rethink cybersecurity approach
Consider that if a major U.S. bank suffered an anthrax or missile attack, no one would ask its regulators to testify about the attack, and no one would expect them to write more regulations to prevent a recurrence. But if a major U.S. bank were to suffer a cyberattack, that is precisely what would happen — even though the most serious attacks now generally come from foreign actors, including nation states and foreign crime syndicates.

Cybersecurity Challenges For The Boardroom: What Publicly Traded Companies Should Consider
[The] most common type of computer hackers, those motivated by financial gain, see enormous opportunities in this space because of the ability to learn non-public information and then either trade on that information themselves, or sell the insider information on exclusive online criminal forums. In fact, there have been known instances of hackers compromising public entities not to steal and monetize their data, but to leak news of the compromise to the world while they cash in on their short-selling scheme.

Having a boardroom conversation about cybersecurity and material risk
The table is set for CSOs and CISOs to enter the board room and redirect the conversation about cyber risks away from the worst possible scenario, and toward the risks that are most likely to result in material impact to the business. […] [If] hackers could steal product or growth plans, then use that information to build a competitive product or influence market decisions, that would harm the organization, that would be material. We do this kind of analysis to concentrate on the risks to the business that are most likely.

“North Korea’s cyber army is ready to deliver a new strike. Will the command be given to attack?”
According to IT-specialists, with every passing year the technologies of North Korean hackers have become more advanced and their appetites increased rapidly. Pyongyang cyber sections studied practice of other cyber criminals, copied their methods, chunks of code and simply pattern. Currently cyber army of Pyongyang indeed has technical possibilities, allowing hi-level attacks on objects of critical mission infrastructure.

How the Government’s Cyber Agency Rates on Cybersecurity
“Per the FY 2017 reporting instructions, Level 4, ‘managed and measureable,’ represents an effective cybersecurity function,” Homeland Security’s inspector general wrote. “Where an agency achieves Level 4 in the majority of the five cybersecurity functions evaluated, its information security program may be considered effective overall.” The department fell just short of that target. Of the five categories assessed—identify, protect, detect, respond and recover—Homeland Security achieved Level 4 in two and Level 3 in the remaining three areas.

There’s more to Russia’s cyber interference than the Mueller probe suggests
Russian political interference is about keeping an adversary nation domestically divided for a long period of time. Russia looks to spread division, exacerbate any conflict possible and ultimately destabilize the political system and erode trust in the government and institutions. Therefore, had Clinton been elected president, Russia arguably could have achieved these same goals, given the rancorous and divisive campaign.

New attacks spark concerns about Iranian cyber threat
“What we’ve noticed of the overall picture that the quantity of attacks that are originating from that geography are much, much higher than seven or eight years ago,” Thakur said. “In the coming years, we’d expect Chafer as well as other cyber actors originating from Iran to continue increasing their volumes of attack as well as their list of victims.” In many cases, Iran-linked cyber activity is limited to intelligence operations. But some groups have also shown signs of destructive capabilities.

Amazon Partnership with British Police Alarms Privacy Advocates
To David Murakami Wood, a scholar of surveillance, the program serves as a startling reminder of the growing reach that technology companies have into our daily lives, intimate habits, and vulnerable moments — with and without our permission. Alexa is hardly the first of our personal devices to be transformed into a police hotline. And given the sensitive nature of crime reporting, civil liberties experts wonder whether storing reports with a third party like Amazon might pose an obstacle to citizens hoping to report crimes anonymously.

On World Wide Web’s 29th Birthday, Its Inventor Warns of Threats to Digital Rights
“The fact that power is concentrated among so few companies has made it possible to weaponize the web at scale,” he warns, pointing to how we have recently “seen conspiracy theories trend on social media platforms, fake Twitter and Facebook accounts stoke social tensions, external actors interfere in elections, and criminals steal troves of personal data.”

Security Flaw Spawns 10 New Kinds of 4G LTE Attacks, Researchers Report
With relatively inexpensive hardware, cybercriminals could intercept calls and track where users are at a given time. Other potential 4G LTE attacks include connecting to the network without authorized usernames and passwords, stealing a user’s identity, forcing other devices off the network and sending phony messages from someone else’s device. Bleeping Computer sketched out a scenario in which threat actors could commit a crime in the U.S. and use location spoofing to make it appear as though they were connected to a network in Europe.

Hacking Back & the Digital Wild West
If Congress opens the hacking-back Pandora’s Box, defenders’ jobs become even harder. It will become impossible to differentiate malicious activity. Far from helping organizations defend themselves, hacking back will escalate an already chaotic situation. Companies should not be initiating even basic fact-finding missions if unauthorized access is required.

MY TAKE: Necurs vs. Mirai – what ‘classic’ and ‘IoT’ botnets reveal about evolving cyber threats
IoT botnets, like Mirai and Reaper, are comprised of infected home routers, surveillance cameras and other IoT devices. Monitoring the badness emanating from the likes of Necurs, Mirai and Reaper can tell us a lot about where cyber criminals’ attention is focused – and where it might turn next. “The cyber threat landscape is constantly changing; fashions come and go,” observes Carl Leonard, principal security analyst at Forcepoint. “Cyber criminals are always seeking to increase their return on investment and they’re only going to perform an activity if it’s worthwhile for them and if they can still continue to see success over time.”

Smart Eye: Kaspersky Lab Discovers Severe Flaws That Could Transform Smart Cameras into Surveillance Tool
By exploiting these vulnerabilities, malicious users could execute the following attacks:
·       Access video and audio feeds from any camera connected to the vulnerable cloud service;
·       Remotely gain root access to a camera and use it as an entry-point for further attacks on other devices on both local and external networks;
·       Remotely upload and execute arbitrary malicious code on the cameras;
·       Steal personal information such as users’ social network accounts and information which is used to send users notifications;
·       Remotely “brick” vulnerable cameras.

There’s a currency miner in the Mac App Store, and Apple seems OK with it
The app is Calendar 2, a scheduling app that aims to include more features than the Calendar app that Apple bundles with macOS. In recent days, Calendar 2 developer Qbix endowed it with code that mines the digital coin known as Monero. The xmr-stack miner isn’t supposed to run unless users specifically approve it in a dialog that says the mining will be in exchange for turning on a set of premium features. If users approve the arrangement, the miner will then run.



Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.