IT Security News Blast 03-27-2018

Vanderbilt Cyber Patient Death

Vanderbilt University researcher’s claim breaches linked to patient deaths
A Vanderbilt University researcher is claiming more than 2,100 patient deaths are linked to hospital data breaches each year. Sung Choi of the university’s Owen Graduate School of Management said data breaches trigger remediation activities, regulatory inquiries and litigation in the years following a breach, that disrupt and delay hospital services leading to a decline in care, according to the Wall Street Journal.

Threat Intelligence Sharing Essential for Healthcare Cybersecurity
It’s only recently that healthcare has become such a target, he explained, and the sector has had to mobilize pretty quickly. […] At a more strategic level in the sector council we are recognizing that we have a responsibility to the sector and to our customers, the patients, that we have to recognize those cross sector interdependencies and work together to solve some of the problems,” he said. “All of this is really on a fairly rapid growth trajectory in terms of awareness and activity.”

CMS Deputy CIO Janet Vogel to step into HHS CISO role: 4 things to know
Ms. Vogel has spent more than half of her 30-year federal government career with CMS. She previously led Medicare and Medicaid’s financial management systems group and held positions with the U.S. Department of Transportation and the U.S. Agency for International Development. “Her broad spectrum of skills in information technology, information security, organizational change, acquisition and risk mitigation will be key to transforming and expanding HHS’ cyber programs into the healthcare sector,” the HHS spokesperson told Nextgov.

Three Myths About Cyber Insurance
Of the five industry sectors that ITRC tracks, the business category topped the list for the third year in a row with 55 percent of the total number of breaches, while the medical/healthcare industry followed in second place with 23.7 percent. Yet most businesses don’t carry cyber insurance. According to The Council of Insurance Agents & Brokers (CIAB), about 31 percent of respondents’ clients purchased some form of cyber liability and/or data breach coverage in the last six months of 2017, compared to 32 percent in its May 2017 survey, and 29 percent in October 2016.

Financial cyber survey
Marcin Swiety, Global Head of Luxoft’s Information Security practice, says: “IT departments in banks are being pulled in two directions. Banks want to focus on digital innovation, but IT professionals feel unable to escape from the ever-present cyber threat. Budget cuts are leaving smaller teams with fewer spare hours in the day. Unable to plan ahead, they spend their days firefighting problems and upgrading legacy systems.”

Spain breaks up cybercrime gang after $1.2 billion spree
The hackers — whose activities have long been tracked by security researchers — used malware to target more than 100 financial institutions worldwide, sometimes stealing up to 10 million euros in each heist. Almost all of Russia’s banks were targeted, and about 50 of them lost money in the electronic robberies, authorities said. The gang used well-worn techniques such as booby trapped emails to break into banks and compromise the networks controlling ATMs, effectively turning the machines into free cash dispensers.

Protecting weapons systems against cyber attack: It’s all about resilience
The goal, as with the other military services, is to not only “bake-in” cybersecurity in its developing weapons systems and mitigate critical vulnerabilities in already fielded weapons, but to ensure that cyber resilience is a major part of the DNA of all airmen and service members. Cyber resiliency is the ability to prepare for, and adapt to, changing conditions and to withstand and recover rapidly from disruptions.

Cyber + Kinetic Forces = Intensified Threats
While stopping weapons of mass destruction and cyber attacks are high security priorities, the kinetic effects from cyber forces are a looming threat today. Malevolent uses for artificial intelligence combined with autonomous systems provide frightening new levels of capabilities to potential adversaries, and the U.S. Defense Department and the intelligence community are being called upon to address them with extraordinary vigor.

5 ways the 2018 omnibus promotes IT modernization, cybersecurity
Cyber readiness and response. The National Cybersecurity and Communications Integration Center (NCCIC) gets  $244 million, including $174 million for the Computer Emergency Response Teams (CERT) and $17 million for training, malware analysis, safety systems vulnerability analysis, incident response and assessments of Industrial Control Systems in emerging sectors and subsectors.

Combating cyber threats in critical infrastructure through due diligence
Aside from your existing frameworks – ISO, NERC, DFARS, COBIT – there is one framework that covers the depth and breadth necessary to organize and execute an effective and thorough cyber program. This framework, the NIST Cybersecurity Framework (CSF), is built upon NIST 800-53. According to a filing by the Telecommunications Industry Association,  the telecommunications sector has identified the NIST CSF as “a great model for consideration of how to begin developing a flexible, voluntary, viable mechanism for cybersecurity readiness and resilience.”

Increasing International Cooperation in Cybersecurity and Adapting Cyber Norms
There is an urgent need for cooperation among states to mitigate threats such as cybercrime, cyberattacks on critical infrastructure, electronic espionage, bulk data interception, and offensive operations intended to project power by the application of force in and through cyberspace. Emerging cyber threats could precipitate massive economic and societal damage, and international efforts need to be recalibrated to account for this new reality.

Why cybersecurity pros should pay attention to recent warnings about Russian attacks
Regardless of whether you work in the affected industries, it’s important to understand the details of the attack and what advice has been provided by CERT to help organizations better secure their perimeters. Yesterday they might have targeted the energy industry, but tomorrow it could be finance, education, healthcare, or other sectors. […] [Organizations] should “review the IP addresses, domain names, file hashes, and YARA and Snort signatures [provided in the CERT link] and add the IPs to their watch list [as well as review network perimeter traffic] to determine whether malicious activity is occurring within their organization.”

Two-Thirds of Organizations Struggle to Find Professionals With Necessary Cybersecurity Skills, Survey Reveals
As a result, 68 percent of respondents said they doubt their employer’s ability to defend against advanced threats. Furthermore, one-third of IT personnel revealed that their organization has already suffered at least one security breach. […] Participants in the survey were candid about their own cybersecurity skills: 4 out of 5 professionals admitted that they don’t feel qualified to protect their organizations.

Cybersecurity needs women
Women comprise only 11% of these professionals worldwide, and only 14% in North America (see ‘Women in cybersecurity’). By comparison, women make up 57% of the US workforce. […] Cybersecurity’s future depends on its ability to attract, retain and promote women, who represent a highly skilled and under-tapped resource. The discipline also needs to learn about women’s experiences as victims of cybercrime and the steps needed to address the imbalance of harm.

The Aggregate IQ Files, Part One: How a Political Engineering Firm Exposed Their Code Base
Revealed within this repository is a set of sophisticated applications, data management programs, advertising trackers, and information databases that collectively could be used to target and influence individuals through a variety of methods, including automated phone calls, emails, political websites, volunteer canvassing, and Facebook ads. Also exposed among these tools are numerous credentials, keys, hashes, usernames, and passwords to access other AIQ assets, including databases, social media accounts, and Amazon Web Services repositories, raising the possibility of attacks by any malicious actors encountering the exposure.

SamSam ransomware attacks have earned nearly $850,000
This somewhat shocking figure is based on current value of Bitcoin (BTC), which was $8,620.22 at the time this story was written. However, because the market is constantly changing, the actual value of the ransoms paid will go up or down, as the final value is determined on the rate at cash-out. Also, this figure is based on the previously known SamSam wallet (used during the Allscripts attack in January) and the wallet used in their most recent attack against the City of Atlanta.

Facebook Woes Continue as FTC Opens Data Privacy Probe
“Companies who have settled previous FTC actions must also comply with FTC order provisions imposing privacy and data security requirements. Accordingly, the FTC takes very seriously recent press reports raising substantial concerns about the privacy practices of Facebook,” said Tom Paul, acting director of the FTC’s Bureau of Consumer Protection, in a statement. “Today, the FTC is confirming that it has an open non-public investigation into these practices.”

We need to go deeper: Meltdown and Spectre flaws will force security further down the stack
“If a low-level remote code execution issue is discovered that for some reason cannot be properly mitigated or fixed without replacements, it would be a huge problem.” What constrains mitigation is the number of moving parts. For Meltdown and Spectre, the hardware maker (Intel) had to push the mitigation to work with what the OS maker (Microsoft) deemed possible. The latter then had to tell antivirus vendors about this in case their products were making unsupported calls into memory that might interfere with OS Kernel Patch Protection (KPP), setting a registry key to indicate compatibility.

Google starts blocking “uncertified” Android devices from logging in
The message pops up when you try to log in to Google’s services, which usually happens during the device setup. Users who purchased the device are warned that “the device manufacturer has preloaded Google apps and services without certification from Google,” and users aren’t given many options other than to complain to the manufacturer. At this point, logging in to Google services is blocked, and non-tech-savvy users will have to live without the Google apps.



Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.