IT Security News Blast 03-30-2018

You've Got Malware

OIG Confirms HCCIC Investigation, HHS’ Cyber Efforts Moving Forward
An OIG spokesperson provided a statement via email: “The OIG has a general practice of neither confirming nor denying the existence of an investigation being conducted by our office. However, because information has come to light that suggests that the OIG was conducting an investigation involving the Healthcare Cybersecurity and Communications Integration Center (HCCIC), we are willing to acknowledge that an OIG investigation involving HCCIC is/was ongoing. We are not at liberty to provide any further details at this time.’

You’ve got malware! Email remains the greatest data breach concern so what should you do?
All organisations now need a strategy of cyber resilience for email. This includes taking stock of where patient information is held and breaking down the silos in respective departments that hold client data. Once IT teams understand where data is located, they are able to create strategies to protect it.
Cyber resilience also means conducting threat dress rehearsals in which all the teams, including IT, security, clinical, marketing and administration, come together to practice what would happen in the event of a data breach.

The Seemingly Random and Definitely Worrisome Cyberattack on Atlanta
The Atlanta hack has, among its many consequences, interrupted wireless Internet at the busiest airport in the country; made courts unable to validate warrants; created parking-system problems; and, perhaps most consequentially, initiated the loss—maybe permanent—of digital city files. A week after the hack started, Atlanta’s recently elected mayor, Keisha Lance Bottoms, still has not confirmed whether the ransom has been paid in this “hostage situation,” as she has called it. “Everything is up for discussion,” she told reporters.

Hard Choice for Cities Under Cyberattack: Whether to Pay Ransom
It has surfaced in the suburbs of Dallas and in Birmingham, Ala., in North Carolina and in New Mexico, and twice in a matter of weeks at the Colorado Department of Transportation. And for the past week it has gripped Atlanta, where the municipal government has been struggling with one of the gravest cyberattacks on record against a major American city. […] “They’re a target of opportunity for criminals, because people feel it’s easier to hack into them than it is private systems and companies,” said Alan R. Shark, the executive director of the Public Technology Institute, which offers training to local governments.

City: Cyber attack against Baltimore’s 911 computer-aided dispatch system was ransomware
Ransomware perpetrators were behind Sunday’s cyber attack on the Computer Aided Dispatch (CAD) system that supports Baltimore’s 911 operations, according to Baltimore City Chief Information Officer Frank Johnson. In a statement released Wednesday, Johnson said federal investigators are working with the city to determine the source of the attack, which forced the CAD system offline for 17 hours on Sunday. Officials have said that service was not disrupted during that time, as calls were dispatched by voice.

WA election cybersecurity gets $8 million boost from feds
The new money comes from the federal Consolidated Appropriations Act. As part of the act, Washington must also provide nearly $400,000, bringing the total to about $8.3 million. “With this funding, we’ll be able to bring new resources and technology together to improve our ongoing cybersecurity efforts,” said Wyman in a statement. Washington state has 90 days to provide the federal Election Assistance Commission with a proposed plan on how it will use the funding and improve the integrity of the election process.

California develops its own cybersecurity metrics
The metrics address policy, system categorization and governance and measure security maturity in five categories and across 34 controls:
Identify: Governance, data and system categorization and vulnerability scanning.
Protect: Account management, encryption and system configurations.
Detect: Network and end-point monitoring.
Respond: Incident response plans and testing.
Recover: Technology recovery plans and testing.

Stricter regulation and financial penalties on the cards for social media platforms
Social media giants already under siege over privacy concerns would face stiff financial penalties and tougher legal requirements to remove abusive material under the recommendations of a parliamentary inquiry into cyber bullying. The inquiry into the adequacy of existing criminal laws around cyber bullying by the Senate’s legal and constitutional affairs committee was triggered late last year by the suicide of Adelaide schoolgirl Libby Bell after an alleged bullying campaign that took place in person and on Facebook, Instragram and Snapchat.

Cyber security: Telecom sector set to have own emergency response team
Elaborating on the need for a CERT in telecom, a senior government official said keeping in view the dynamic nature of technology, organisations and individuals have a limited response window to detect and respond to cyber attacks. Besides, there is a need for near real-time situational awareness to handle attacks. “CERT for the sector will provide stakeholders with timely information to take appropriate proactive and preventive actions against breaches.”

Europol operation nabs another 20 cyber criminals
Those arrested are believe to be responsible for defrauding hundreds of customers at two major banking institutions using spear phishing emails impersonating tax authorities to harvest the online banking credentials of their victims. […] The investigation of the group operating in Italy and Romania found that the criminals used the stolen online banking credentials to transfer money from the victims’ accounts into accounts under their control.

Cybersecurity agency warns of ‘extremely dangerous’ risks of 5G technology
Telecoms companies have scrambled to patch up security gaps in SS7 and the more advanced Diameter protocol system. But “it is expected that new vulnerabilities will be discovered”, ENISA said. European telecoms companies are starting to run tests of 5G technology this year. While they gear up to invest huge sums of cash in the new networks, ENISA wants the Commission to earmark public funds to “develop proper protection tools for the private sector”.

Boeing says no impact to military aircraft business after WannaCry cyberattack
“Our cybersecurity operations center detected a limited intrusion of malware that affected a small number of systems,” Linda Mills, vice president of communications for Boeing Commercial Airplanes, said in a written statement. “Remediations were applied and this is not a production or delivery issue.” Mills later told The Seattle Times that, in fact, the ransomware had never actually caused any of the 777 tooling to shut down. Instead, the virus was contained to a small number of computers used by the Commercial Airplanes division in North Charleston, S.C., with no effect to Boeing Defense, Space and Security.

National Guard Cyber Security Units Proposed By WA Congressman
Representative Derek Kilmer, D-Wash., has proposed a new bill that would boost the National Guard’s role nationwide in combating the threat. It’s an area in which the Washington National Guard has long been a leader. Given the region’s military and tech talent, the National Guard in this state developed a specialized cybersecurity unit. “We were involved in cyber before cyber was even a word,” said Col. Gent Welsh, Commander of the 194th Wing. “We have a number of folks at Microsoft and Amazon who bring those skills that they learn in military to industry and then bring industry best practices back into the military.”

Inside the Ring: China Cyber Spy Chief Revealed
The role of People’s Liberation Army (PLA) Maj. Gen. Liu Xiaobei, until recently the director of the Third Department of the PLA General Staff known as 3PLA, was disclosed. The Chinese military hacking group has been linked by U.S. intelligence agencies to massive cyberattacks and data theft from the U.S. government, military and private sector for more than a decade. Gen. Liu’s current status is not known, but 3PLA is now the core unit of a new service-level military organization known as the Strategic Support Force whose main component is called the Cyber Corps. The Cyber Corps also absorbed the PLA’s psychological warfare unit called 311 Base, which conducts information warfare — disinformation and influence activities.

A More Cyber-Conscious Supply Chain Management
As such, Col. Stephens called on the industry to make sure that they are bringing cybersecurity-viable commercial products for homeland defense. He stressed that those companies coming forward need to be ready and able to stand behind their products and services from a cybersecurity stand point. “Kaspersky has gone to the court system to try to resolve this,” he said. “But the reality of it is that minimally it is a short-term big pain that the industry would have to work with, and no one is a winner in it.”

Facebook will (soon) yank third-party ad data in the name of privacy
“We want to let advertisers know that we will be shutting down Partner Categories,” Graham Mudd, a product marketing director, said in a statement. “This product enables third-party data providers to offer their targeting directly on Facebook. While this is common industry practice, we believe this step, winding down over the next six months, will help improve people’s privacy on Facebook.”

Drupal Issues Highly Critical Patch: Over 1M Sites Vulnerable
Drupal released a patch for a “highly critical” flaw in versions 6, 7 and 8 of its CMS platform that could allow an attacker to take control of an affected site simply by visiting it. […] “This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised,” warned the MIRTE Common Vulnerabilities and Exposures description (CVE-2018-7600). There is no known public exploit code in the wild and no reports of the vulnerability being exploited.

Why you shouldn’t trust a stranger’s VPN: Plenty leak your IP addresses
WebRTC allows requests to be made to STUN servers which return the ‘hidden’ home IP-address as well as local network addresses for the system that is being used by the user,” he said in a post on Tuesday. Such requests aren’t normally visible because they aren’t part of standard XML/HTTP interaction, he explains, but they can be made via JavaScript. Stagno says the technique can be employed in any browser that supports both WebRTC and JavaScript.

Top 10 vulnerabilities used by cybercriminals
According to the report, the most commonly abused vulnerability last year was CVE-2017-0199, a remote code execution vulnerability in Microsoft Office and WordPad that is associated with a wide variety of malware and exploits, including Latentbot, Microsoft Word Intruder, Hancitor, Dridex, FinFisher, Silent Doc Exploit, REMOCS, PoohMilke, Freenki, FreeMilk and Cerber.



Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.