IT Security News Blast 03-14-2018

Longview Cyber Attack

Port of Longview hit with major cyberattack
An investigation led by SecureWorks, the port’s cybersecurity firm, found the attack had the potential to affect 370 past and current employees — including past Port of Kalama employees — and 47 vendors. (The Port of Longview used to manage Port of Kalama employees’ benefits.) The attack may also have affected 22 longshoremen, the memo said. Investigators traced the attack to internet service provider addresses in Russia, Liberia and Kazakhstan, according to the memo.

Hospital hacks: Default passwords and no patching leaves healthcare at risk
Typical security holes in healthcare organisations include hardcoded, embedded passwords, remote code execution, unsigned firmware, or failures to address known vulnerabilities in medical software. Default accounts, cross-site scripting, and vulnerabilities in web servers were also found to be issues, with many systems found to be running on old software.

Increasingly Destructive Cyber Attacks on Healthcare Expose 5M Patient Records
And what are the bad guys after? When asked, respondents highlighted the top five items:
·       Patient medical records (77 percent)
·       Patient billing information (56 percent)
·       Log-in credentials (54 percent)
·       Passwords and other authentication credentials to systems, servers or applications (49 percent)
·       Clinical trial and other research information (45 percent)

Healthcare industry: Attacks outpacing investments in personnel, education and resources
On top of the lack of education, training and resources, only half of organizations (51 percent) have any type of incident response program at all. This means half of all organizations have no process or remediation plan in place to respond to, mitigate, or prevent attacks from happening again and causing extensive damage. And with respondents noting that the average compromise costs roughly four million dollars – increasing investment in and attention to education, resources and procedures appears long overdue.

Is the financial sector the most vulnerable to cyber attacks?
This raises serious questions about the foundations on which the financial services sector is built. As the push to embrace digital technologies continues, everyone in the sector – from big banks to Fintech disruptors – cannot lose sight of the need for security. The survey above acts as something of a cry for help from professionals who clearly feel we aren’t taking this seriously enough.

Half of asset managers to increase cybersecurity expenditure in 2018 following rise in cyber attacks
The need for stronger security is becoming increasingly prevalent. A report conducted by security, private advice and comparison website found companies that experience cyber attacks are likely to underperform the market by 40% in the following three years. Jonathan Wiser, director at Osney Media, said: “Cybersecurity is clearly in focus for asset managers right now.

US military cyber group tried to ‘manipulate the thinking’ of ISIS followers, says general
“Have you conducted operations in Task Force Ares designed to manipulate the thinking of ISIS adherents?” Nelson asked. Nakasone confirmed he had, saying, “I would offer that that is perhaps the piece of Ares that I’ve learned most about, being able to provide a message, being able to amplify a message to impact our adversaries.” The information operations were conducted at the military’s tactical and operational level, rather than the higher levels of command, Nakasone said.

Top officials: U.S. must shift to more aggressive cyber approach
Senior cyber representatives from the U.S. Army Cyber Command, Marines Corps, Navy, and Air Force appeared before the Senate Armed Services Committee’s Cybersecurity Subcommittee to testify about the challenges and needs they are encountering. […] Weggeman argued that the U.S. military must become “more oriented on mission outcomes, risk models, and threat driven operations” in order to allow the U.S. “to become the challenger instead of the challenged.”

How Israel is becoming the world’s top cyber superpower
Although Israel makes no cars of its own, the world’s top auto-security companies are all Israeli. The country also receives roughly one-fifth of the world’s global private investment in cyber security. As independent and state-sponsored hackers wreak havoc, Israel continues to revolutionize its military and lead the way in the field. To start, the Israeli Defense Force recruits the best and brightest coders and hackers as teens, to funnel them into their elite cyber warfare units.

Cyber-attacks against Russia may follow attempted nerve agent killing in UK
Talking on BBC TV News at Ten last night, diplomatic correspondent James Landale explained to viewers that potential responses  included, “Possibly even conducting offensive cyber-operations against Russia,” adding that, “none of these have been ruled out.” In addition he suggested that responses could also include expulsion of many Russia diplomats, a clampdown on Russian TV station RT, and seizing of UK assets of Russians guilty of human rights abuses.

Negotiations With North Korea May Have Cyber Consequences
While the North Koreans have reportedly agreed to a moratorium on missile and nuclear tests during inter-Korean and US-DPRK talks, they are likely to see clandestine offensive cyber operations as a potential response to continued debilitating sanctions, as well as for further intelligence gathering. Given the North’s capabilities and past targets, future offensive cyber campaigns are likely to focus on western financial, media, and government sector targets, including the defense industrial base.

Senators Introduce New Bill to Protect Digital Privacy at the Border
For “manual” searches of electronic devices, the bill requires that border agents—whether from U.S. Customs and Border Protection (CBP) or U.S. Immigration and Customs Enforcement (ICE)—have reasonable suspicion that the traveler violated an immigrations or customs law and that the electronic device contains evidence relevant to the violation. The bill defines a manual search as an examination of an electronic device without the use of forensic software or the entry of a password.

A raft of flaws in AMD chips makes bad hacks much, much worse
Among other things, the feats include:
·       Running persistent malware inside the AMD Secure Processor that’s impossible—or nearly impossible—to detect
·       Bypassing advanced protections such as AMD’s Secure Encrypted Virtualization, Firmware Trusted Platform Module, and other security features, which are intended to secure systems and sensitive data in the event that malware infects a computer’s operating system
·       Stealing credentials a vulnerable computer uses to access networks
·       Physically destroying hardware by attackers in hardware-based “ransomware” scenarios

Hackers can steal data from Air-Gapped PCs with microphones & speakers
The research team created a custom protocol to carry out data transmission between two computers. One of them would be air-gapped while the other is connected to the internet and used to further relay the data. Through the attack, researchers claim to carry out speaker-to-headphone, headphone-to-headphone, and speaker-to-speaker data exfiltration.

Dangerous CredSSP flaw opens door into corporate servers
According to the researchers, the vulnerability is mathematically and technically complex, but also very easy to utilize and has a nearly 100 percent success rate. In many real-world scenarios where a network has vulnerable network equipment, the vulnerability could result in an attacker gaining the ability to move laterally and infect critical servers (including domain controllers) with malicious software, they say.

Are Cybersecurity Stocks the Next Big Buyout Targets?
While nobody knows for sure the next sector target, we found four companies in the cybersecurity world that are all rated Buy at Merrill Lynch and would be very logical targets. Mostly they are small in size, have specific niche products others don’t provide, and probably would be open to a buyout proposal. Even if they don’t end up in the hands of a bigger player, they are solid plays for aggressive growth accounts looking for more exposure to this fast-growing sector.

Hacking group threatens researchers’ lives after they discover attack servers
A hacking group commonly linked to the Iranian government threatened to kill security researchers who came across their cyber espionage operation, according to a new report. […] “It seems that the attackers are actively monitoring the incoming connections to the C&C,” a blog by Trend Micro reads. “In one of our attempts, we sent an improper request to the C&C server, which replied with the following message: ‘Stop!!! I Kill You Researcher.’ This level of personalized messaging implies that the attackers are monitoring what data is going to and from their C&C server.”

Life is cheap! Well it is on Dark Web where your entire identity is for sale
According to the findings of a team of security experts from the UK-based Virtual Private Network comparison service Top10VPN, fraudsters on Dark Web are now after all your accounts on the web. Reportedly, malicious cybercriminals operating on the Dark Web can buy someone’s entire identity (which cybercrooks refer to as Fullz) for as low as £820. The startling revelations were made in the first ever Dark Web Market Price Index by Top10VPN.

Fitbit will start tracking your period in an attempt to add more value to Fitbit
You won’t be able to manually annotate anything in the app, but it will ask you to tap on a series of icons describing premenstrual symptoms, the consistency of your bodily fluids, whether you have headaches or acne, your sexual activity, and more. If you happen to become pregnant or you take the morning-after pill — both period disruptors — the app will want to know that, too.


Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.