IT Security News Blast 03-16-2018

Healthcare Internet of Things

Special Report: The policies, processes and technologies to guard the IoT for healthcare
“These devices often are procured and connected to the network without oversight by IT or the security team, and they may contain vulnerabilities straight out of the box,” he said. “This could be as simple as the device having a well-known default password that needs to be changed, but if that’s not done, an attacker will quickly find that device and use it to their advantage.”
http://www.healthcareitnews.com/news/special-report-policies-processes-and-technologies-guard-iot-healthcare

Potential PHI Exposure at BJC HealthCare Impacts 33K
Information included copies of patient driver’s licenses, insurance cards, and treatment-related documents that were collected during hospital visits spanning 2003 to 2009. Additionally, patient names, addresses, telephone numbers, dates of birth, Social Security numbers, driver’s license numbers, insurance information and treatment-related information may have been accessible.
https://healthitsecurity.com/news/potential-phi-exposure-at-bjc-healthcare-impacts-33k

IoT security warning: Cyber-attacks on medical devices could put patients at risk
While noting that connected and implanted medical devices — including cardiac pacemakers, drug administration devices, and monitoring devices, as well as infusion pumps, defibrillators, glucometers, and blood pressure measurement devices — can help patient care, the Cyber safety and resilience report also highlights the connectivity inherent in these devices also bring risks.
http://www.zdnet.com/article/iot-security-warning-cyber-attacks-on-medical-devices-could-put-patients-at-risk/

Cyber security: trends and implications in financial services
In one fell swoop, these all intermingled regulations aim to protect and enable consumers (as in India) to foster technology innovation (as in China), and to preserve the integrity of the ecosystem (like everywhere). […] Unfortunately, the combination of data proliferation and technology advances has also created more risk. Fighting fraud and cybercrime effectively means being serious about information security and fraud prevention, managing the extended supply chain and understanding how new technologies can streamline operations (and the Regtech industry is currently flourishing…).
https://www.thepaypers.com/expert-opinion/cyber-security-trends-and-implications-in-financial-services/772327

World Economic Forum Announces Fintech Cyber Security ‘Consortium’
In describing the solutions in the report, Stephen S. Poloz, Governor of the Bank of Canada, said, “Cyber risk is a large and rapidly expanding subject, of critical importance to the financial system. The way forward involves breaking cyber risk down into more granular components, and developing practical risk management practices and solutions at that granular level. This report offers a solid step in that direction.”
https://www.cshub.com/news/world-economic-forum-announces-fintech-cyber

More countries are learning from Russia’s cyber tactics
A recent report from US intelligence, seen by the Financial Times, sets out the cyber threats faced by western countries. In the briefing document, American spymasters describe cyber threats as the “new normal”. It criticises Russia and North Korea but also highlights Iran and China as being “sensitive to international political events”, which can influence the level of malicious activity.
https://www.ft.com/content/b7dbc0de-1b04-11e8-aaca-4574d7dabfb6

China’s quest for political control and military supremacy in the cyber domain
China’s 2015 national defence white paper on military strategy—which included the PLA’s commitment ‘to remain a staunch force for upholding the CCP’s ruling position’ and to preserve ‘social stability’—also called for the PLA to ‘expedite the development of a cyber force’ and to enhance its capabilities in ‘cyberspace situation awareness’ and cyber defence. The stated objectives of these forces are ‘to stem major cyber crises, ensure national network and information security, and maintain national security and social stability’.
https://www.aspistrategist.org.au/chinas-quest-political-control-military-supremacy-cyber-domain/

Take that, com-raid: US Treasury slaps financial sanctions on Russians for cyber-shenanigans, 2016 election meddling
“The targeted sanctions are a part of a broader effort to address the ongoing nefarious attacks emanating from Russia,” said Treasury Secretary Steve Mnuchin. “Treasury intends to impose additional CAATSA sanctions, informed by our intelligence community, to hold Russian government officials and oligarchs accountable for their destabilizing activities by severing their access to the US financial system.”
https://www.theregister.co.uk/2018/03/15/us_treasury_sanctions_russia_for_cybershenanigans/

NSA Pick Will Develop Cyber Retaliation Plans But Don’t Expect Government to Use Them
During Thursday’s confirmation hearing, Trump’s NSA pick, Lt. Gen. Paul Nakasone, repeatedly stressed that, while he expects to prepare possible military responses to enemy cyber strikes, he expects political leaders will often prefer non-military responses, such as sanctions, indictments and diplomatic pressure. “I think it’s important to state that it’s not only cyber or military options that may be the most effective, and, in fact, it may be less effective than other options,” he said.
http://www.nextgov.com/cybersecurity/2018/03/nsa-pick-will-develop-cyber-retaliation-plans-dont-expect-government-use-them/146707/

If the US and Russia had a cyberwar, Russia would win: Cybersecurity CEO
In cyberspace, there are no rules of engagement, FireEye Chief Executive Officer Kevin Mandia said Thursday on CNBC. As a result, “everyone is trying to figure out how to act,” Mandia told “Mad Money” host Jim Cramer live in San Francisco. This means the U.S., which relies heavily on the internet, has a great potential for attacks from countries such as Russia, Mandia said. “The reality is if all of Russia’s cyber weapons went against us and all of our cyber weapons went against Russia, they would win,” Mandia said on “Closing Bell.”
https://www.cnbc.com/2018/03/15/fireeye-ceo-if-the-us-and-russia-had-a-cyber-war-russia-would-win.html

Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors
DHS and FBI characterize this activity as a multi-stage intrusion campaign by Russian government cyber actors who targeted small commercial facilities’ networks where they staged malware, conducted spear phishing, and gained remote access into energy sector networks. After obtaining access, the Russian government cyber actors conducted network reconnaissance, moved laterally, and collected information pertaining to Industrial Control Systems (ICS).
https://www.us-cert.gov/ncas/alerts/TA18-074A

A Cyberattack in Saudi Arabia Had a Deadly Goal. Experts Fear Another Try
The attack was a dangerous escalation in international cyberwarfare, as faceless enemies demonstrated both the drive and the ability to inflict serious physical damage. And United States government officials, their allies and cybersecurity researchers worry that the culprits could replicate it in other countries, since thousands of industrial plants all over the world rely on the same American-engineered computer systems that were compromised.
https://mobile.nytimes.com/2018/03/15/technology/saudi-arabia-hacks-cyberattacks.html

Can AMD Vulnerabilities Be Used to Game the Stock Market?
The researchers, who work for CTS Labs, only reported the flaws to AMD shortly before publishing their report online. Typically, researchers give companies a few weeks or even months to fix the issues before going public with their findings. To make things even stranger, a little bit over 30 minutes after CTS Labs published its report, a controversial financial firm called Viceroy Research published what they called an “obituary” for AMD. “We believe AMD is worth $0.00 and will have no choice but to file for Chapter 11 (Bankruptcy) in order to effectively deal with the repercussions of recent discoveries,” Viceroy wrote in its report.
https://motherboard.vice.com/en_us/article/bj5wy4/amd-flaws-viceroy-short-selling-stock-market

(ISC)2 Report: Glaring Disparity in Diversity for US Cybersecurity
Minority cybersecurity professionals in the US hold higher academic degrees than their Caucasian counterparts, yet make less money and hold fewer managerial and leadership positions. Such is the state of diversity in the industry today, according to a first-ever study of the topic by the (ISC)2. Minority representation is actually slightly higher in cybersecurity – 26% – than in the US workforce overall, which is 21%.
https://www.darkreading.com/careers-and-people/%28isc%292-report-glaring-disparity-in-diversity-for-us-cybersecurity-/d/d-id/1331281?

Walmart Jewelry Partner Exposes Data of Millions of Customers
Kromtech Security’s head of communications Bob Diachenko revealed that when the discovered file was further assessed, it was learned that it contained private and sensitive data belonging to more than 1.3 million people (1,314,193 to be precise). The data included sensitive personal information like residential addresses, e-mail IDs, IP addresses and zip-codes along with plaintext passwords of such a massive number of people.
https://www.hackread.com/walmart-jewelry-partner-exposes-millions-customers-data/

Does Mosquito air-gapped computer exploit lack real-world bite?
SC Media UK put it to Dr. Mordechai Guri, Head of R&D, Cyber-Security Research Centre at Ben-Gurion University of the Negev, who co-authored the Mosquito paper, that it’s pretty much game over once physical access has been gained to an air-gapped computer anyway. “From a security point of view, getting into an air-gapped computer is one issue and exfiltrating data is a different issue”[…] It is infected, malware inside, but no way to exfiltrate data out. This is where the air-gap covert channel is relevant.”
https://www.scmagazineuk.com/does-mosquito-air-gapped-computer-exploit-lack-real-world-bite/article/751216/

Malware attack on 400k PCs caused by backdoored BitTorrent app
The failed campaign is the latest example of what researchers call a supply-chain attack, which aims to infect large numbers of people by compromising a popular piece of hardware or software. Other examples of recent supply-chain attacks include a backdoored update of the CCleaner disk-maintenence program delivered to 2.27 million people, a tainted version of the Transmission BitTorrent client that installed ransomware on Macs, and a collection of malicious Android apps that came preinstalled on phones from two different manufacturers.
https://arstechnica.com/information-technology/2018/03/malware-attack-on-400k-pcs-caused-by-backdoored-bittorrent-app/

New POS Malware PinkKite Takes Flight
PinkKite is less than 6k in size and similar to other small POS malware families such as TinyPOS and AbaddonPOS. Similar to those small-sized malware families, PinkKite uses its tiny footprint to avoid detection and comes equipped with memory-scraping and data validation tools. “Where PinkKite differs is its built-in persistence mechanisms, hard-coded double-XOR encryption (used on credit card numbers) and backend infrastructure that uses a clearinghouse to exfiltrate data to,” Dayter said.
https://threatpost.com/new-pos-malware-pinkkite-takes-flight/130428/

Smart home devices can be hacked within minutes through Google search
The most upsetting aspect of the research is that while there were several ways to compromise these devices, most of them had default passwords available on the Internet and buyers are never advised to change default credentials. “Once hackers can access an IoT device, like a camera, they can create an entire network of these camera models controlled remotely,” noted Dr. Oren and his team. Moreover, researchers were also able to login to entire Wi-Fi networks simply by retrieving the password stored in a device to gain network access.
https://www.hackread.com/smart-home-devices-hacked-in-google-search/

 

 

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.