IT Security News Blast 04-05-2018

1 percent confident in their cybersecurity

Encryption & Controls: Reducing Insider Threats In Healthcare
Data from Verizon’s 2018 Protected Health Information Data Breach Report (PHIDBR) suggests that personal information is vulnerable in healthcare – perhaps more so than other industries. The findings showed 58% of cyber security incidents in healthcare involved insiders. The insider motivation: 48% of the time it was financial gain. Some users sought data for fun/out of curiosity (31%), and convenience (10%). What’s more, 70% of cyber security incidents with malicious code were classified as ransomware attacks, suggesting that these strains remain a top concern for enterprise teams.
https://www.cshub.com/news/encryption-controls-reducing-insider-threats-in

How to Cure the Healthcare System’s ‘Cyberflu’
But, to those criticisms of the healthcare system, add another; a marked lack of security on servers in doctors’ offices, hospitals and clinics, as busy medical staff ignore strictures on logins and passwords, leaving accounts open and email in plain sight. This gives hackers the opportunity to wreak havoc – by installing malware or ransomware on networks, often using fileless malware attacks, which are largely immune to standard security systems, call it a case of ‘cyberflu.’
https://www.infosecurity-magazine.com/blogs/healthcare-systems-cyber-flu/

New health data uses and cyber threats pose challenge for HIPAA in meeting security demands
Industry lawyers say new government guidance or policies aren’t coming any time soon, even as the healthcare industry faces a steady barrage of cyber attacks and the regulatory structure designed to protect patient information predates new data uses that exacerbate these cyber risks. “It’s a perfect storm of Washington” in terms of producing white papers and advice on meeting the regulatory requirements and cyber vulnerabilities of an increasingly data driven and reliant healthcare industry[]
https://insidecybersecurity.com/daily-news/new-health-data-uses-and-cyber-threats-pose-challenge-hipaa-meeting-security-demands

Better Cyber Security Problematic, Says US Financial Industry: Power Struggle Over Encryption
A decision to keep third party listeners out of communications on the internet taken by the Internet Engineering Task Force (IETF) at their recent meeting in London elicited an alarmist message from the US financial industry. The premier internet standardisation body would provide “privacy for crooks,” and practically prohibit “bank security guards from patrolling and checking particular rooms” online, BITS, the technology division of the Financial Services Roundtable, argued in a press release last week. Has standardisation gone rogue?
https://www.ip-watch.org/2018/04/04/better-cyber-security-problematic-says-us-financial-industry-power-struggle-encryption/

Inside the takedown of the alleged €1bn cyber bank robber
Each time a hit happened, there was one thing in common: members of the group were inside the bank’s internal systems. “Carbanak [malware] contains an espionage component that allows the attackers to take control of video capabilities on the victim systems,” Golovanov’s 2015 report said. The surveillance allowed attackers to understand what genuine transactions would look like, making their theft look genuine.
http://www.wired.co.uk/article/carbanak-gang-malware-arrest-cybercrime-bank-robbery-statistics

Insecure SCADA Systems Blamed in Rash of Pipeline Data Network Attacks
“It was on a third-party service provider that a number of energy companies use, including us,” said the spokesperson. “Our operations were not impacted by their breach. We were back online with them [Monday] evening.” […] “There is a critical need that all supply chain network providers that connect to your assets be held to the same high security standards,” said Singer. “You’ve got to audit those third parties regularly and ensure that all third parties take security as seriously as you do. I see third parties all the time that are not nearly as secure as the actual company themselves — they’re trusted connections but unfortunately, nobody is paying much attention to them,” he said.
https://threatpost.com/insecure-scada-systems-blamed-in-rash-of-pipeline-data-network-attacks/130952/

Only 1% of media companies are ‘very confident’ in their cybersecurity
Attacks facing the media are increasingly going beyond content piracy to those presenting a real danger to the business, the report noted. It’s important for business and IT leaders in the field to pay attention to cybersecurity, and ensure that employee education and adequate protections are in place. Only 1% of media organizations reported that they are “very confident” in their current security measures, the report found. More than half were on the fence about whether or not they are fully prepared to protect against threats.
https://www.techrepublic.com/article/only-1-of-media-companies-are-very-confident-in-their-cybersecurity/

CEO says Facebook will impose new EU privacy rules “everywhere”
Facebook CEO Mark Zuckerberg took an apologetic tone in a call with reporters Wednesday afternoon, weeks after the Cambridge Analytica debacle that has put a new level of pressure on the social media giant. “We didn’t think about how people could use these tools for harm as well,” Zuckerberg said. The call, which lasted nearly an hour, came just after the company’s chief technology officer issued a lengthy statement outlining numerous changes the company is making in the name of privacy and information security. Facebook is also updating its privacy policy.
https://arstechnica.com/tech-policy/2018/04/ceo-says-facebook-will-impose-new-eu-privacy-rules-everywhere/

Cyber-Protection for Smart Cities
When it comes to smart city initiatives, the rising IoT adoption has presented a number of vulnerabilities, especially in systems that contain legacy components using old software, which have not been regularly patched. Security is usually positioned as a business obligation. It is defined as a cost to pay to be compliant, or a cost to pay to reduce risk. In order to utilize security as an enabler, organizations must move to a model of security as risk and trust management. For example, managing public data access leverages the monetary value of the data instead of focusing on the protection of the data itself.
https://smartcity.cioreview.com/news/cyberprotection-for-smart-cities-nid-25972-cid-134.html

The Department of Cyber?
In February, Microsoft put out a white paper laying out best practices for a single national cybersecurity agency that drew from the company’s experiences dealing with governments around the world. Such agencies should have a clear statutory mandate to manage policy, the ability to conduct outreach to industry and allies, oversee regulation of private industry and coordinate emergency incident response. Paul Nicholas, Microsoft’s senior director of digital trust, said in a blog post that his team’s research indicates that “today over half of the world’s countries are leading some sort of national level initiative for cybersecurity, with countless other efforts at sectoral, state, city, or other levels.”
https://fcw.com/articles/2018/04/03/department-of-cyber-johnson.aspx

Intel chief wants to ‘play offense’ on cyber warfare
“I’m publicly onboard with the idea that you can’t just play defense, you have to play offense. How we play offense, what kind of offense, is under serious consideration,” the cyber chief told reporters. “Cyber falls under that grey zone of is this warfare or not warfare?” he continued, in part. “In that grey zone — I use the word ‘attack.’ I wanted people’s attention that we have a cyber problem, a cyber issue that we need to deal with. It is affecting a lot of elements of our society and our economy.”
http://thehill.com/policy/cybersecurity/381645-intel-chief-indicates-us-seriously-mulling-offensive-cyber-warfare

With trade war looming, Chinese cyberattacks may follow
“Potential tariff implementation could raise uncertainty over the possibility of a trade war between the two countries and possibly drive a further uptick in Chinese cyber espionage,” said Dmitri Alperovitch, chief technology officer of cybersecurity firm CrowdStrike, in a email to CyberScoop. “CrowdStrike has seen some pickup in Chinese cyber espionage activity over the last year, and we expect this trend to continue … There tends to be a shift in activity from nation-state adversaries when major geopolitical events occur.”
https://www.cyberscoop.com/us-china-trade-war-cyberattacks/

Chinese cyber spies pose challenge for Trump admin
In September 2015, then-President Obama and Chinese President Xi Jinping reached a watershed agreement to stop supporting cyber-enabled intellectual property theft against businesses in their respective borders. Since the agreement, security experts have observed a significant decline in Chinese cyber-enabled intellectual property theft from U.S. companies, and the pact has been largely cheered as a diplomatic accomplishment. […] But last month, Trump accused China of continuing to conduct and support “unauthorized intrusions into, and theft from” U.S. company networks when announcing new tariffs on China — raising the specter that Beijing may have run afoul of the agreement.
http://thehill.com/policy/cybersecurity/381601-chinese-cyber-spies-pose-challenge-for-trump-admin

How artificial intelligence went from an advantage to a worldwide threat
For many years, machine learning and artificial intelligence have been held up as one answer to preserving U.S. military superiority. But now, with other nations making significant investments in that technology, it’s easier for peers to make sense of the copious data and sensors in the field. With that benefit, nation states can shrink the decision space and create actionable decisions faster than before. […] Because many of the tools in the computing world that make analysis possible are available commercially — and thus available to all — operational concepts will be key as these modern capabilities become available worldwide[.]
https://www.c4isrnet.com/it-networks/2018/04/04/how-artificial-intelligence-went-from-an-advantage-to-a-worldwide-threat/

Iran cyberespionage strengthens in quality, quantity
The U.S. recently indicted members of an Iranian government contractor for hacking universities and companies to steal research. Cybersecurity firm Mandiant, which highlighted Iran as a growing force in 2017 in an annual report released today, has seen an uptick in believed government affiliated Iranian hackers stealing intellectual property from businesses. Why it matters: Once among the world’s most amateurish cyber-powers, Iran has become a mature, aggressive player in digital espionage.
https://www.axios.com/iran-cyberespionage-strengthens-in-quality-quantity-f7e0279b-a9ba-423b-9b5e-1490f0cf4e69.html

How Detection and Response Affect Risk Management
A HIMSS 2018 survey of healthcare IT CIOs and CISOs suggests that the health sector is beginning to treat information security as general risk management. Increasingly, risk managers assess the threat of a potential “cyber” event much like the threat of an earthquake or active shooter. First, they quantify the loss expectancy using existing systems in terms of impact to the organization. The next step is to assess if additional actions can be taken to minimize the impact. At the same time, risk management programs are recognizing that the impact is expanded by regulatory oversight, such as the HIPAA security rule. In fact, risk management is becoming the lingua franca of the C-Suite in the boardroom.
https://criticalinformatics.com/resources/blog/how-detection-and-response-affect-risk-management/

Magento sites hacked with cryptominers & credential stealing malware
Websites run on Magento platform are compromised via brute-forcing. Hackers use common and already known credentials to compromise the website. According to Flashpoint’s findings, nearly 1,000 admin panels from Magento have been compromised so far. A majority of compromised Magento panels belong to firms in the education and healthcare sector while maximum targets were identified in the US and Europe. Flashpoint researchers wrote that attacks that are launched using brute-force method are successful only when administrators fail to change the credentials after installing the platform. Hackers can easily create automated scripts using known credentials for facilitating panel access.
https://www.hackread.com/magento-websites-hacked-with-cryptominers-malware/

National Cyber Security Alliance to Ring The Nasdaq Stock Market Opening Bell
NCSA is the nation’s leading nonprofit, public-private partnership promoting cybersecurity and privacy education and awareness. NCSA works with a broad array of stakeholders in government, industry and civil society.
https://globenewswire.com/news-release/2018/04/04/1459802/0/en/National-Cyber-Security-Alliance-to-Ring-The-Nasdaq-Stock-Market-Opening-Bell.html

 

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.