IT Security News Blast 04-12-2018

Healthcare Cybersecurity Breach

Healthcare Industry Worst in Stopping Insider Data Breaches
The report found that the healthcare industry was the only sector that had more internal actors (56 percent) behind data breaches than external actors (43 percent). This isn’t always malicious. Errors made up the most common type of cyber incident in healthcare, followed by malware, hacking, and privilege misuse.  In addition, medical information is the target of two-thirds of data breaches in the healthcare industry, while personal information made up 37 percent and payment information 4 percent of breaches, the report found.
https://healthitsecurity.com/news/healthcare-industry-worst-in-stopping-insider-data-breaches\

How to Address Medical Device Cyber Attacks
In the medical device world, the FDA has looked to NIST in developing their own recommendations and has come out with two guidance documents specific to medical devices and cybersecurity.
·       Content of Premarket Submissions for Management of Cybersecurity in Medical Devices – Guidance for Industry and Food and Drug Administration Staff was released October 2014. The focus is on information the FDA requires in a premarket submission that demonstrates effective cybersecurity management for the device’s software component.
·       Postmarket Management of Cybersecurity in Medical Devices – Guidance for Industry and Food and Drug Administration Staff was released January 2016. This document takes a lifecycle approach and provides guidance on how to continually manage cybersecurity concerns once a medical device is on the market.
https://www.healthcarepackaging.com/article/how-address-medical-device-cyber-attacks

Imagine you’re having a CT scan and malware alters the radiation levels – it’s doable
Researching the security of medical devices in 50 US hospitals, ZingBox discovered that, sure enough, MIDs contributed half of the high-risk security issues. The underlying cause? Almost all of these systems were being controlled through Windows workstations, often flaw-ridden versions going back to XP and even 98, which reflects the age of the scanning hardware. “Because they’re using a full-blown OS, they have the capability to use a browser, download applications and to do lots of thing you are not supposed to do on an OS controlling an X-ray machine.”
https://www.theregister.co.uk/2018/04/11/hacking_medical_devices/

Aviation Industry May Be Vulnerable To Cyberattack Through Its Global Supply Chain
Needless to say, the scenario should send chills throughout the aviation industry. While major aircraft manufacturers and airlines make obvious targets because of the potential they represent to conspicuously disrupt international commerce, they also rank high on hackers’ to-do lists because they maintain global, highly interconnected supply chains that over the past few years have been aggressively digitizing operations.
https://www.forbes.com/sites/oliverwyman/2018/04/11/how-aviations-global-supply-chain-may-open-up-the-industry-to-cyberattack/

WannaCry – Why cyber resilience is just as important as cyber security?
Up until now, cyber security has been the main focus and, with the introduction of legislation such as the General Data Protection Regulation (GDPR), organisations are concentrating even more on creating processes to protect their data. However, as we’ve now reached a point where cyberattacks are almost impossible to prevent, this focus needs to shift towards cyber resilience.
https://www.virtual-college.co.uk/news/virtual-college/2018/04/wannacry-why-cyber-resilience-is-just-as-important-as-cyber-security

FFIEC issues joint statement on cyber insurance and its potential role in risk management programs
The FFIEC members do not require financial institutions to maintain cyber insurance. The evolving cyber insurance market and the shifting cyber threat landscape may, however, prompt financial institutions to consider whether cyber insurance would be an effective part of their overall risk management programs. […] As with any insurance coverage, cyber insurance does not diminish the importance of a sound control environment. Rather, cyber insurance may be a component of a broader risk management strategy that includes identifying, measuring, mitigating, and monitoring cyber risk exposure.
https://www.cuinsight.com/press-release/ffiec-issues-joint-statement-on-cyber-insurance-and-its-potential-role-in-risk-management-programs

Insiders compromised FDIC data; GAO audit finds FDIC working to improve IT security
The importance of FDIC IT security can’t be understated. FDIC uses IT systems and applications to perform its several mission goals regarding safety and soundness for financial institutions, consumer protection, managing the DIF, and resolution and receivership of failed institutions. As GAO explained, “These systems and applications hold significant amounts of sensitive data. For example, the FDIC’s Failed Bank Data System contains more than 2,500 terabytes of sensitive information from more than 500 bank failures.”
https://www.biometricupdate.com/201804/insiders-compromised-fdic-data-gao-audit-finds-fdic-working-to-improve-it-security

Lt. Gen. Paul Nakasone: US military ready to deter peer adversaries in cyberspace
Lt. Gen. Paul Nakasone, the White House’s nominee to lead the National Security Agency and the U.S. Cyber Command, has said the U.S. military is prepared to launch cyber attacks on peer adversaries’ critical infrastructure through network intrusions during a future conflict, the Washington Free Beacon reported Tuesday. […] “To be operationally effective in cyber space, U.S. forces must have the ability to conduct a range of preparatory activities which may include gaining clandestine access to operationally relevant cyber systems or networks,” he added.
http://www.executivegov.com/2018/04/lt-gen-paul-nakasone-us-military-ready-to-deter-peer-adversaries-via-foreign-infrastructure-cyber-attacks/

Marines Working to Deploy Tactical Cyber Forces From the Sea
Marines are studying putting teams of cyber Marines alongside infantry, logisticians and aviators on amphibious ships at sea. The work by Marine Corps Forces Cyberspace Command will evaluate the best way to include defensive cyber operations (DCO) detachments on an amphibious warship to deploy with Marine Expeditionary Units, MARFORCYBER commander Maj. Gen. Loretta Reynolds said on Tuesday.
https://news.usni.org/2018/04/11/marines-working-deploy-tactical-cyber-forces-sea

Command and control: A fight for the future of government hacking
Following years of effort and billions of dollars’ worth of research and planning, the nation finally has a fully operational force of cyberwarriors at U.S. Cyber Command.  […] While lawmakers push the Trump administration to exact revenge for years of cyberattacks on U.S. targets, a quiet but constant tug of war is raging between the intelligence community and the military over the future of government-backed hacking operations.
https://www.cyberscoop.com/us-cyber-command-nsa-government-hacking-operations-fight/

UK hit by 49 cyberattacks from Russian groups in six months says Amber Rudd
The Home Secretary also announced a crackdown on the dark web, fronted by increased resources in the fight against hackers and other criminals who operate on underground forums – although some have questioned if a few million is enough to make a difference. But in addition to crime gangs, Rudd warned that nation-states are also eager to use the internet to cause as much destruction and disruption as possible.
https://www.zdnet.com/article/uk-hit-by-49-cyberattacks-from-russian-groups-in-six-months-says-amber-rudd/

A new target for hackers? Satellites
Government and commercial satellite operators are increasingly the target of hackers, who are looking for inexpensive, but effective ways to limit space capabilities, according to a new report from the Secure World Foundation. “A growing number of non-state actors are actively probing commercial satellite systems and discovering cyber vulnerabilities that are similar in nature to those found in non-space systems,” the report read. “This indicates that manufacturers and developers of space systems may not yet have reached the same level of cyber hardness as other sectors.”
https://www.fifthdomain.com/dod/2018/04/11/a-new-target-for-hackers-satellites/

Cyber Threat Intelligence: “The Government Doesn’t Have a Monopoly”
And so the broader challenge is how do I not only integrate all those married pieces across the federal cyber community, but also think about how the federal government can partner with the private cybersecurity companies who have that very unique insight that the U.S. government is not going to have. But do so in a way that we protect privacy, protect civil liberties. This is where technology will need to be leveraged so that we can adequately protect, for example, U.S. person information[.]
https://www.thecipherbrief.com/column_article/cyber-threat-intelligence-government-doesnt-monopoly

DHS Is Falling Short on Securing Its Classified Intelligence Systems
The tools that continuously monitor those systems for cyber threats aren’t interoperable with each other, the auditor found. The department also has not established qualitative or quantitative measures for whether that continuous monitoring is effective or ineffective, the report said. The U.S. Secret Service, a Homeland Security division, also hasn’t ensured its employees and contractors are completing required annual security training.
http://www.nextgov.com/cybersecurity/2018/04/dhs-falling-short-securing-its-classified-intelligence-systems/147377/

How many can detect a major cybersecurity incident within an hour?
Special threat detection programs are another indicator of security maturity. This study found that most decision makers—more than 70 percent of respondents—have programs in place to detect specific threats, such as ransomware, insider or employee threats, and denial of service attacks. The vast majority of IT decision makers—95 percent—also use security software to prevent and react to threats. And more than a quarter deploy at least 10 security software solutions to manage security threats.
https://www.helpnetsecurity.com/2018/04/11/detect-major-cybersecurity-incident/

How to know if your Facebook data was shared with Cambridge Analytica?
Facebook has developed a new tool that lets users know if they or their friends had their data accessed by Cambridge Analytica. Here are some easy and quick steps to follow:
·       Log into your Facebook account because in order to confirm if you were part of the scandal you need to login to your Facebook profile.
·       Open this link (do not worry, it is an official Facebook link, not a third-party link).
·       Now you will see “Was My Information Shared?” tab under which Facebook will confirm if your data was accessed by Cambridge Analytica.
https://www.hackread.com/how-to-know-if-your-facebook-data-was-shared-with-cambridge-analytica/

AMD systems gain Spectre protection with latest Windows fixes
Both Intel and AMD have released microcode updates to alter their processor behavior to give operating systems the control necessary to protect against Spectre variant 2. Microsoft has been shipping the Intel microcode, along with the operating system changes necessary to use the microcode’s new features, for several weeks now; with yesterday’s patch, similar protections are now enabled on AMD machines The patch is currently only for Windows 10; an equivalent fix for Windows Server 2016 is still undergoing validation and testing.
https://arstechnica.com/gadgets/2018/04/latest-windows-updates-bring-spectre-protection-to-amd-systems/

HTTP injectors used to steal mobile internet connectivity
An HTTP injector works by connecting to an SSH/Proxy with a customer header. Flashpoint said in the cases it has observed the connection is made using a device with a zero remaining balance on its SIM card. Then using the device’s mobile browser they connect to a data-free website to avoid connecting to a captive portal where payment would be required. The next is to establish a connection using the SSH proxies, thus obtaining free internet access.
https://www.scmagazine.com/http-injectors-used-to-steal-mobile-internet-connectivity/article/757706/

Boffins pull off quantum leap in true random number generation
It starts with entangling a pair a photons. These are then sent to individual detectors separated by about 187 meters, where the polarization of the light is measured. The long distance means that the photons cannot interact with one another. Since the photons are entangled, there is a strong correlation between both polarisation states. Peter Bierhorst, lead author of the study and NIST mathematician, explained to The Register that this property violates Bell’s inequalities, a proof that describes the unpredictable nature of quantum mechanics.
https://www.theregister.co.uk/2018/04/11/nist_random_numbers_quantum_mechanics/

 

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.