IT Security News Blast 04-10-2018

C Suite Cybersecurity Doubters

Healthcare CEO Prescribes 5 Ways to Fight Ransomware
·       Multifactor Authentication
·       Vulnerability Management
·       Vendor Management
·       AI Enabled Antivirus
·       Logging System Activity
http://bitcoinist.com/healthcare-ceo-fights-back-hackers/

Medical Devices Found Vulnerable
Health providers cannot rely on device manufacturers to protect their patients’ data and safety. Providers first need to make sure they have complete visibility to the medical device ecosystem, understanding the right medical context of the communications and the associated risk. This will enable them to better understand the risks on their clinical environment and will enable them to take proactive actions to ensure their patient safety and data protection.”
https://www.informationsecuritybuzz.com/expert-comments/medical-devices-found-vulnerable/

Ontario hospital’s exposure of tens of thousands of unused IP addresses was risky, says study
The unused IP addresses belonging to the Hamilton-area hospital were likely being stored for future assignment to connected devices, Greg Young, Trend Micro’s Ottawa-based vice-president of cyber security and cloud, said in an interview. However, an administrator poorly chose to put them in a domain called “unused.HOSPITALNAME.ca.”
https://www.itworldcanada.com/article/ontario-hospitals-exposure-of-tens-of-thousands-of-unused-ip-addresses-was-risky-says-study/403606

The CISO as an Internal Security Evangelist
In a video interview at Information Security Media Group’s recent New York City Fraud Summit, Petrie discusses:
·       Dealing with security budgeting and currency choice in a company with an international presence;
·       Articulating security priorities to the board;
·       Managing the security of a security company.
https://www.bankinfosecurity.com/ciso-as-internal-security-evangelist-a-10789

When Your Greatest Cybersecurity Doubters Are in the C-Suite
You and your fellow CISOs worry publicly that a breach is not if, but when. Your security teams are struggling to analyze and prioritize a never-ending cascade of security alerts. And all industry pundits say that cybersecurity is going nuclear soon with the weaponization of AI. It’s clear you’re going to need a different approach to navigate 2018 and beyond. So, let’s talk strategy for elevating your cybersecurity response—and winning the C-suite’s confidence.
https://securityboulevard.com/2018/04/when-your-greatest-cybersecurity-doubters-are-in-the-c-suite/

Bank of England to publish new cyber standards by summer to protect financial system under “almost constant attack”
The new standards could be published before the end of the first half of the year, although the timing has not been finalised. Writing in the PRA’s business plan for the next year, Woods said that “setting out clearly the level of operational resilience we expect of firms and how we will make sure it is delivered is a top priority for the PRA”, alongside preparations for leaving the EU. The business plan also provided for the reallocation of resources from “lower risk supervisory activity” to the Brexit preparations.
http://www.cityam.com/283621/bank-england-publish-new-cyber-standards-summer-protect

Malwarebytes sees signs of possible Trojan-based blackmail
“We’ve seen a sharp rise in the amount of Trojans, particularly in Australia,” Cook said. “Trojans sit on a machine and then exfiltrate information – so it may be more targeted,” he added. One potential explanation for the rise in Trojans is that instead of the ransomware approach of denying an individual access to their files, criminals are instead looking at threatening to make private information, public — “We’ve got your browsing history here – do you want me to publish it?”
https://www.computerworld.com.au/article/635856/malwarebytes-sees-signs-possible-trojan-based-blackmail/

Arizona hires cybersecurity firm to manage risk across state government
Arizona announced Monday that it will use a single cybersecurity firm to monitor and manage the risks to computer systems in all 133 state agencies. The company, RiskSense, is based in neighboring New Mexico and was chosen over other potential vendors in part because of its software that rates a network’s vulnerability to cyberattacks with a proprietary scoring metric modeled on personal-credit ratings.
https://statescoop.com/arizona-hires-cybersecurity-firm-to-manage-risk-across-state-government

New Army, Navy Cyber Mission teams deploy ahead of schedule
“All 40 of the Navy Cyber Mission Force teams achieved full operational capability (FOC) as of Oct. 6, as validated by U.S. Cyber Command, one year ahead of the designated target date. […] The Army reported comparable results, and also reached FOC with most of its teams a year ahead of schedule. In addition, the Army has commissioned Cyber Mission Forces elements within reserve and National Guard units.
https://federalnewsradio.com/cyber-exposure/2018/04/new-army-navy-cyber-mission-teams-deploy-ahead-of-schedule/

New cyber weapons are here and no one is prepared, experts say
A piece of malware called Trisis was used to sabotage an industrial control system of an electric company. But it was more than just an attack on electric power. “It was the first piece of malware specifically designed to kill people,” Lee said. The malware would allow hackers to access controls that could cause leaks or explosions, rather than simply switching off power to parts of the grid. But both in that incident and ones preceding it in recent years the actual events garnered little public acknowledgement by government leaders nor responses that would help deter such attacks.
https://www.armytimes.com/news/your-army/2018/04/09/new-cyber-weapons-are-here-and-no-one-is-prepared-experts-say/

The Moscow Midterms
Most of us can’t really picture what it would look like to tamper with an election, but security experts can. Even as you read this, voting systems, so dry and complicated and completely taken for granted, could well be in the midst of fending off attacks from foreign adversaries. Things could get bad — really bad. Bad like this: The following is a rendering of what a worst-case Election Day scenario could look like, based on FiveThirtyEight’s interviews with voting and cybersecurity experts and state election officials, along with news reports and documents in the public record.
https://fivethirtyeight.com/features/how-russia-could-steal-the-midterms/

Hackers abused Cisco flaw to warn Iran and Russia: ‘Don’t mess with our elections’
The flaw in Cisco Smart Install Client allows attackers to run arbitrary code on vulnerable switches. Kaspersky Lab said the attack hit data centers and internet providers across the globe; the attackers would “rewrite the Cisco IOS image on the switches and change the configuration file, leaving a message that reads ‘Do not mess with our elections’ there. The switch then becomes unavailable.”
https://www.csoonline.com/article/3267867/security/hackers-abused-cisco-flaw-to-warn-iran-and-russia-dont-mess-with-our-elections.html

Careful what you wish for—change and continuity in China’s cyber threat activities (part 2)
Arguably, US diplomacy has contributed to reshaping China’s cyber-espionage operations. However, despite the decline in activities, the results haven’t been entirely as intended. The pattern of activities undertaken by Chinese advanced persistent threat (APT) groups since the agreement reflects China’s exploitation of the leeway in its phrasing. For example, the condition that neither the US nor China will ‘knowingly’ support IP theft may have encouraged higher levels of plausible deniability in Chinese cyber espionage operations since.
https://www.aspistrategist.org.au/careful-wish-change-continuity-chinas-cyber-threat-activities-part-2/

Listening In: cyber security in an insecure age, by Susan Landau
Landau is an advocate for strong computer security, and uses this book to reject calls for “back doors” that would allow law enforcement access to encrypted hardware, like iPhones, or messaging apps, such as WhatsApp. But she also encourages governments to become better at proactive “front door” hacking. In the process, she warns, they should not rush to disclose security weaknesses they discover, which inevitably leaves them open for others to exploit.
https://www.ft.com/content/8ca98cec-38e7-11e8-8b98-2f31af407cc8

The necessity of a radical review of cybersecurity in space to avoid potentially catastrophic attacks
Rather than trying to physically protect the satellites, it is important to adopt a strategy based on the concept of resilience, which reflects the ability of a system to continue its mission against unpredictable hazards, even in a degraded mode. Resilience is not intended to block the hazard but to minimize the consequences. Thus, a resilient system is able to adapt its overall structure and dynamics even if some of its components are rendered unavailable.
http://www.thespacereview.com/article/3468/1

Oregon finalizes net neutrality law despite likelihood that ISPs will sue
Brown announced on Friday that she would sign the bill Monday during an event at a middle school. The bill was previously approved by the state House and Senate. The new law was written narrowly in an attempt to survive lawsuits from ISPs. Instead of imposing prohibitions on all Internet providers, the law forbids state agencies from purchasing fixed or mobile Internet service from ISPs that violate the core net neutrality principles laid out in the soon-to-be-dead FCC rules.
https://arstechnica.com/tech-policy/2018/04/oregon-finalizes-net-neutrality-law-despite-likelihood-that-isps-will-sue/

You. FCC. Get out there and do something about these mystery bogus cell towers, huff bigwigs
Senior Congressmen have demanded “immediate action” over mysterious fake cell phone towers in Washington DC that they worry could be being operated by foreign governments. House Reps Frank Pallone (D-NJ), Eliot Engel (D-NY) and Bennie Thompson (D-MS) this month sent a letter to Ajit Pai – the head of America’s comms watchdog, the FCC – asking him to “address the prevalence of what could be hostile, foreign cell-site simulators, or Stingrays, surveilling Americans in the nation’s Capital.”
https://www.theregister.co.uk/2018/04/09/fcc_stingrays_fake_cellphone_towers/

Word Attachment Delivers FormBook Malware, No Macros Required
When the document is simply viewed in Microsoft Office “Edit” mode (and not the default “Protected” mode), an embedded frame points to a TinyURL defined in the document’s webSettings.xml.rels file. A “.rels” file contains information about how different parts of a Microsoft Office document fit together, according to a description on File.org. “If a victim opens the malicious first stage document, Microsoft Word makes an HTTP request to download the object pointed to by the URL and renders it within the document[.]”
https://threatpost.com/word-attachment-delivers-formbook-malware-no-macros-required/131075/

Ransomware Up for Businesses, Down for Consumers in Q1
Cybercriminals go where the money is, and these days the money is in cryptomining. Researchers detected a 28% increase in cryptomining malware among enterprise victims in the first quarter of 2018, during which “virtually all other malware was on the decline.” […] Attackers also capitalized on the public disclosure of the Meltdown and Spectre vulnerabilities, which prompted software and hardware vendors to issue patches to mitigate the threat. Cybercriminals are taking advantage of the issue and using it as a scare tactic for social engineering scams.
https://www.darkreading.com/attacks-breaches/ransomware-up-for-businesses-down-for-consumers-in-q1/d/d-id/1331487

How to Delete Your Facebook Account Permanently – 2018 Guide
[The] fact is that unauthorized use of user content like posts, messages, pictures, and videos by Facebook is nothing new. However, it is a relatively new revelation that even the content that we believe is removed is actually not permanently deleted. So, what can be done in this situation? The only solution is to find a way to permanently delete the content. This guide will inform you about the most appropriate way to delete anything from Facebook permanently.
https://www.hackread.com/how-to-delete-your-facebook-account-permanently-2018-guide/

 

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.