IT Security News Blast 04-09-2018

A.I. Cyber Warfare

Health care data breach costs account for 28% of total
Health care claims comprised 17% of claims in 2017, but represented 28% of total breach costs, or $65 million out of a total of $229 million, says Gladwyne, Pennsylvania-based NetDiligence, in a report issued Thursday. […] The total average breach cost for protected health information was also correspondingly lower, at $475,000 vs. $1.85 million for personally identifiable information. Among other survey findings, the average notification costs for the sector were 11 times higher than the combined average of all other sectors, at $1 million vs. $92,000, according to the report.

GAO: CMS needs better security for its Medicare beneficiary data
Recent data breaches in the health care industry have the chairmen of three congressional committees concerned about the security of health information, including the personally identifiable information of Medicare beneficiaries.  A recent report from the Government Accountability Office found the Center for Medicare & Medicaid Services isn’t doing enough to secure the Medicare beneficiary data that is accessed by external entities.

Hospitals Exposed by Connected Devices
Senior threat researchers and report authors Numaan Huq and Mayra Rosario Fuentes claimed that hospital cybersecurity may be lacking because of several reasons. These include: a lack of dedicated IT security staff, limited budget, diagnostic equipment which is outdated, and can’t be taken offline to patch and large numbers of mobile workers who need seamless access to systems. The report also claimed that hospital supply chains are increasingly opening them up to cyber-risk, with 30% of breaches publicly reported to the US Department of Health and Human Services (HHS) in 2016 due to breaches of business associates and third-party vendors.

Artificial Intelligence: The Next Frontier of Cyber Warfare?
“The average attacker will have a success rate of about 0.3 percent, meaning that our systems are blocking 99.7 percent of their phishing URLs,” says chief data scientist Alejandro Correa Bahnsen. […] Researchers then assumed the role of hackers, creating an AI URL generator that could create unique phishing URLs. Using this technique, they found that their penetration attempts were significantly more successful; in one case, attack efficiency increased from 0.69 percent to 20.9 percent—a 3,000 percent increase. In another, AI boosted the success rate from 5 percent to 40 percent.

Mirai Variant Targets Financial Sector With IoT DDoS Attacks
A variant of the Mirai botnet was used to launch a series of distributed denial of service campaigns against financial sector businesses. The attacks utilized at least 13,000 hijacked IoT devices generating traffic volumes up to 30 Gbps, considerably less intense than the original Mirai assaults clocked at 620 Gbps. […] Financial targets are geographically spread across Russia, Brazil and Ukraine, where vulnerable IoT devices are concentrated, researchers said.

Pennsylvania rolls out risk-based authentication to agencies
To access cloud-based email or Office 365, commonwealth employees working remotely may be required to provide additional information in the form of a PIN sent via text or email.  The decision to require multifactor authentication is based on various factors including the sensitivity of the data or application, the geographical location of the request, the nature of the device being used and the number of times that user has sought access in a given time period.

Paper trails and random audits could secure all elections – don’t save them just for recounts in close races
As states begin to receive millions of federal dollars to secure the 2018 primary and general elections, officials around the country will have to decide how to spend it to best protect the integrity of the democratic process. If voters don’t trust the results, it doesn’t matter whether an election was actually fair or not. Right now, the most visible election integrity effort in the U.S. involves conducting recounts in especially close races. A similar approach could be applied much more broadly.

Ground zero in Russia’s hack of U.S. election infrastructure
“This could be the Iranians next time, could be the North Koreans next time,” says Lankford. “This is something that’s been exposed as a weakness in our system that we need to be able to fix that, not knowing who could try to test it out next time,” he tells Whitaker. The sweep of the Russian operation in 2016 caught the Obama administration off guard. Michael Daniel, President Obama’s cyber czar, envisioned a troubling scenario: hacked voter rolls causing chaos on Election Day.  “Lines begin to form. Election officials can’t figure out what’s going on,” says Daniel. “You would only have to do it in a few places. And it would almost feed on itself.”

“Don’t Mess With Our Elections”: Vigilante Hackers Strike Russia, Iran
On Friday, a group of hackers targeted computer infrastructure in Russia and Iran, impacting internet service providers, data centres, and in turn some websites. In addition to disabling the equipment, the hackers left a note on affected machines, according to screenshots and photographs shared on social media: “Don’t mess with our elections,” along with an image of an American flag. Now, the hackers behind the attack have said why they did it. “We were tired of attacks from government-backed hackers on the United States and other countries[.]”

Russia Uses Cyberweapons to Overwhelm U.S. Tanks—In This Comic Book
According to Breaking Defense, the comic takes place nine years in the future. The union of Moldova and NATO member Romania triggers a Russian invasion, and U.S. M-1 Abrams tanks are ordered to defend the frontier. Russian forces launch a pair of cyber attacks against NATO, disabling scout drones and blinding Army tankers to the Russian onslaught. Moments before the attack, Russian hackers exploit an unpatched software vulnerability in the Abrams, preventing the American tanks from firing their guns and jamming their steering. Advancing Russian tanks and unmanned ground vehicles shoot the helpless American tanks to pieces. The comic closes with Russian forces advancing menacingly on a U.S. consulate.

North Korea’s missiles to be able to hit UK within 18 months – but cyber strike more likely, MPs warn
“We consider Kim Jong-un, though undoubtedly ruthless, is nevertheless rational. As such, he could be dissuaded and deterred from launching a nuclear weapon,” the report said. Far more likely was the threat of a cyber strikes, such as the WannaCry attack that crippled the NHS in 2017. Experts examining the code found technical clues linking North Korea with the attack, which infected more than 300,000 computers around the world and was described as “the biggest ransomware outbreak in history.”

Trump administration planning to ‘monitor’ journalists and bloggers
Although press freedoms declined under the Obama administration, President Donald Trump has had an openly hostile relationship with the media — notably toward those who do not report favorably on his administration. Trump has called totally accurate reporting by outlets such as CNN and the New York Times “fake news.” The president also has gone after Amazon CEO Jeff Bezos, who also owns The Washington Post, over the newspaper’s coverage of his administration. The government’s plan to monitor journalists has prompted concern among those who report critically on President Trump or share such views on social media.

ATMJackpot Malware Stealing Cash From ATMs
It has been dubbed as ATMJackpot (named after the technique called ATM jackpotting). Initial investigation revealed that the malware originated from Hong Kong while the time stamp binary is identified to be 28th March 2018. Apparently, the malware is in its developmental phase yet because, in comparison to other, previously discovered malware, ATMJackpot has limited features. Such as its graphical UI is quite basic and only displays the hostname and information about the service providers (e.g. PIN pad, card reader and cash dispenser service providers).

Authentication Bypass Vulnerability Found in Auth0 Identity Platform
A critical authentication bypass vulnerability has been discovered in one of the biggest identity-as-a-service platform Auth0 that could have allowed a malicious attacker to access any portal or application, which are using Auth0 service for authentication. […] With over 2000 enterprise customers and managing 42 million logins every day and billions of login per month, Auth0 is one of the biggest identity platforms.

1.5 BEEELLION sensitive files found exposed online dwarf Panama Papers leak
During the first three months of 2018, threat intel firm Digital Shadows detected 1,550,447,111 publicly available files across open Amazon Simple Storage Service (S3) buckets, rsync, Server Message Block (SMB), File Transfer Protocol (FTP) servers, misconfigured websites, and Network Attached Storage (NAS) drives. […] The most common data exposed was payroll and tax return files, which accounted for 700,000 and 60,000 files respectively. However, consumers were also at risk from 14,687 instances of leaked contact information and 4,548 patient lists.

Delta, Sears Breaches Blamed on Malware Attack Against a Third-Party Chat Service
The incident is reminiscent of the 2013 Target breach, which spilled the information of up to 70 million customers. That breach was targeted not through Target systems, but through a third-party HVAC system that was vulnerable. […] “The Sears and Delta breaches precisely show how interconnected companies digital ecosystems are and why attacks on third parties are so prevalent. Whether it’s chat services or using ADP for payroll, over the last several decades companies are no longer self contained and they don’t have tight controls over the other companies they work with,” Kneip said.

“Open sesame”: Industrial network gear hackable with the right username
This week, two separate security alerts have revealed major holes in devices from Moxa, an industrial automation networking company. In one case, attackers could potentially send commands to a device’s operating system by using them as a username in a login attempt. In another, the private key for a Web server used to manage network devices could be retrieved through an HTTP GET request. […] “Exploitation of this vulnerability has been confirmed via Telnet, SSH, and the local console port,” Patrick DeSantis and Dave McDaniel of Cisco Talos wrote in their report.

General Data Protection Regulation (GDPR) requirements, deadlines and facts
The GDPR leaves much to interpretation. It says that companies must provide a “reasonable” level of protection for personal data, for example, but does not define what constitutes “reasonable.” This gives the GDPR governing body a lot of leeway when it comes to assessing fines for data breaches and non-compliance. Time is running out to meet the deadline, so CSO has compiled what any business needs to know about the GDPR, along with advice for meeting its requirements.

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.