IT Security News Blast 04-19-2018

FDA Cybersecurity

FDA Proposes Action to Enhance Medical Device Cybersecurity
The FDA is seeking “additional authorities and funding for Congress to consider, which would build on [FDA’s] work to date and further minimize medical device cybersecurity vulnerabilities and exploits,” Scott Gottlieb, M.D., FDA commissioner, says in a statement. “Although medical devices provide great benefits to patients, they also present risks. With FDA’s plan, we are focusing equal attention on advancing new frameworks for identifying risks and protecting consumers,” he says.
https://www.govinfosecurity.com/fda-proposes-action-to-enhance-medical-device-cybersecurity-a-10838

NIST Unveils Latest Version of Its Popular Cybersecurity Framework
Version 1.1 of the Framework for Improving Critical Infrastructure Cybersecurity (The Framework) includes updates on authentication and identity, self-assessing cybersecurity risk, managing cybersecurity within the supply chain, and vulnerability disclosure. The new version adds a section explaining how the Framework can be used by organizations to understand and assess their cyber risk and sections on risks associated with the supply chain and purchasing commercial off-the-shelf products and services.
https://healthitsecurity.com/news/nist-unveils-latest-version-of-its-popular-cybersecurity-framework

Applying Inogen Data Breach Lessons to Healthcare Providers
Following a forensics investigation, the company has decided to implement MFA for remote email access and provide additional security training to employees. MFA uses multiple “factors” to verify a person’s identity. Factors are broken into three categories: something you know (password), something you have (security token), and something you are (fingerprint). MFA uses at least two of those factors to control access to applications and systems.
https://healthitsecurity.com/news/applying-inogen-data-breach-lessons-to-healthcare-providers

Playing it safe: The increasing issue of cyber-security
“The vulnerabilities span from simple vulnerabilities such as insecure storage of the Wi-Fi password and hard-coded secret credentials for remote maintenance, to more severe vulnerabilities such as communication interception (e.g. changing the dosage of a drug) and full-on denial-of-service (e.g. making the device stop functioning at all). “This poses a threat, not only to corporate businesses, but to human life. The good news is that there are possible mitigations for these attacks, and they are quite easy to implement.
https://www.medicalplasticsnews.com/news/opinion/playing-it-safe/

Executive Panel On “CYBER SECURITY: MANAGING THE BREACH”
Cyber-attacks and cyber risk can threaten financial stability and are of critical concern to governments, central banks, supervisory and regulatory authorities, financial institutions and individuals. As cyber risk is not limited by political or geographical barriers, international coordination is needed. The panel will discuss existing regulations, guidance and supervisory practices applied by governments and what needs to be done to create cyber-resilient financial systems
http://markets.businessinsider.com/news/stocks/media-advisory-executive-panel-on-cyber-security-managing-the-breach-1021449828

Tech groups push ‘Geneva convention’ to help foil cyber attacks
The commitment includes a pledge to help governments and others that come under attack themselves — potentially putting the tech companies on the side of customers who are the targets of cyber attack from the US. The initiative, dubbed the cyber security tech accord, was the brainchild of Brad Smith, president and general counsel of Microsoft. Backers of the agreement include Cisco, HP and Facebook, along with European concerns like Nokia, ABB and ARM.
https://www.ft.com/content/269349ba-425c-11e8-803a-295c97e6fd0b

Marsh Enhances Cyber Risk Products to Address Business Interruption Risks
Marsh’s Cyber CAT 3.0, the next generation of its cyber policy, provides broad coverage backed by nearly $2 billion in total potential capacity for critical cyber risks such as cyber BI, cyber contingent BI, Internet of Things (IoT), and breach of the EU General Data Protection Regulation. Policy enhancements and expansions include available coverages for reputational loss, IoT device “bricking,” and costs for post-event computer system upgrades and rebuilding expense.
https://www.insurancejournal.com/news/national/2018/04/18/486688.htm

Atlanta spending $2.7 million on ransomware cyber attack; ransom was $50,000
[The] city has signed eight emergency contracts in response to the attack, including two $1 million agreements with private technology firms to assist the city’s information management and municipal court systems. Atlanta has been grappling with the impact of the attack since late March. Systems that allowed customers to pay bills or access court-related information were down and most city workers were told not to turn on their computers.
http://www.al.com/news/index.ssf/2018/04/atlanta_spending_27_million_on.html

Sources: Atlanta police files wiped in cyber attack
While many parts of Atlanta city government are back up and running, CBS46 has learned exclusively that the issues at the Atlanta Police Department are dire following a cyber attack. While the department stresses their ability to respond to emergencies has not been affected, sources tell us it has not been easy on the inside.Sensitive case files containing evidence for prosecuting crimes have been wiped in the attack. And it’s unclear if and when they will ever be recovered.
http://www.cbs46.com/story/37987639/sources-atlanta-police-files-wiped-in-cyber-attack

As cities get high-tech, hackers become more dangerous
A survey taken by the International City/County Management Association and the University of Maryland, Baltimore County, found a quarter of local governments reported experiencing attacks, a vast majority unsuccessful, as often as once an hour. “It’s somewhat surprising it doesn’t happen more,” says Justin Cappos, a NYU computer science professor who studies cyber security. “Many of the teams working on the local level don’t end up with a lot of resources. If someone is going for a soft target, cities tends to be a soft target.”
https://www.curbed.com/2018/4/18/17254382/hack-hackers-smart-city-cybersecurity

North Korea to UNLEASH army of spies to hack USA and UK in cyber war
The dictator has recruited a group of highly intelligent cyber warfare graduates from a top military institution, Mangyongdae Revolutionary Academy to work “undercover” in North Korean embassies overseas and raid financial institutions. The young recruits have been set missions in major countries – one of them on home soil. Students must be high “songbun”, meaning they must be children of North Korea’s top ranked officials or be descendants to exceptionally well-known fighters.
https://www.express.co.uk/news/world/947439/north-korea-army-spies-usa-uk-cyber-warfare

Grid Cybersecurity Bills Advanced by House Energy Subcommittee
One of the security bills would codify a recent departmental reorganization announced by Energy Secretary Rick Perry in his fiscal 2019 budget request that creates a new assistant secretary position devoted to cybersecurity issues. The bill would ensure position remains part of department leadership in future administrations. Two of the cyber bills would establish voluntary programs to encourage the private sector and the Energy Department to share research and cybersecurity implementation plans. The fourth bill requires the department to adopt pipeline and LNG export facility cybersecurity plans.
https://www.rollcall.com/news/policy/grid-cybersecurity-bills-advanced-by-house-energy-subcommittee

The ‘New Science’ of Cybersecurity [Video]
In a video interview at RSA Conference 2018, they discuss:
·       A new approach to information security, asset protection and the acquisition of new business solutions;
·       The necessity of machine learning, augmented analysis, and automation to secure large infrastructures of OT and IoT;
·       NTT Security’s contributions to NIST’s new framework for improving critical infrastructure cybersecurity.
https://www.bankinfosecurity.com/new-science-cybersecurity-a-10834

Troubling Mobile Surveillance is Occurring in Washington, DC and U.S. Senators Demand Answers
While its too soon to speculate on who is behind this, it wouldn’t surprise me if foreign adversaries or cyber criminals are utilizing these devices for troubling purposes.  During an FCC commission meeting earlier this week, FCC Commissioner Jessica Rosenworcel stated that the issue was serious and these surveillance tools could be used “by foreign or criminal actors.”
http://www.shearsocialmedia.com/2018/04/troubling-mobile-surveillance-is-occurring-in-washington-dc-and-u-s-senators-demand-answers.html

Technology developed for Super Bowl LII has created an expansive new capability for police surveillance
During the week of the Super Bowl, FieldWatch video was used to monitor protesters at the Xcel Energy Center and at the Green Line’s West Bank station (the command center also displayed video from the latter protest being streamed by Unicorn Riot, the volunteer run media collective). “One of the advantages with the live stream is we’re not only able to see the location of that officer, but what they are seeing,” Gerlicher said. “From a situational awareness perspective, that’s extremely advantageous to see exactly what they are looking at.”
https://www.minnpost.com/politics-policy/2018/04/technology-developed-super-bowl-lii-has-created-expansive-new-capability-pol

How’s your Wednesday? Things going well? OK, your iPhone, iPad can be pwned via Wi-Fi sync
Once an iOS device is plugged into a PC or Mac, and the user has opted to trust the machine, those aforementioned access credentials can be used via Wi-Fi to perform the same tasks possible if the device were connected with a USB-Lightning cable. What’s worse, said the eggheads, those credentials are permanently saved by the computer, meaning they can be used to get into the smartphone weeks or months after it was paired. An attacker could infect the PC – or just buy a used machine that wasn’t wiped – and reuse those credentials on a targeted victim.
https://www.theregister.co.uk/2018/04/18/ios_itunes_wi_fi_sync/

This isn’t the first time a tech boom has interfered with democracy
First, we talked about what a “tech boom” is and how they happen. DeLong took us on a trip back through history and explained how even the invention of horseback riding created social ruptures and job loss. He also explained that tech and industrial revolutions in the modern world are often correlated with new ways of communicating and publishing. So the Facebook scandal is, in a sense, nothing new. “Our brains and societies are being hacked in different ways,” DeLong said, but the pattern is the same.
https://arstechnica.com/video/2018/04/this-isnt-the-first-time-a-tech-boom-has-interfered-with-democracy/

Surprise! Wireless brain implants are insecure, and can be hijacked to kill you or steal thoughts
Scientists in Belgium have tested the security of a wireless brain implant called a neurostimulator – and found that its unprotected signals can be hacked with off-the-shelf equipment. And because this particularly bit of kit resides amid sensitive gray matter – to treat conditions like Parkinson’s – the potential consequences of successful remote exploitation include voltage changes that could result in sensory denial, disability, and death.
https://www.theregister.co.uk/2018/04/18/boffins_break_into_brain_implant/

Tens of thousands of Facebook accounts compromised in days by malware
Criminals have compromised tens of thousands of Facebook accounts in the past few days using malware that masquerades as a paint program for relieving stress. “Relieve Stress Paint” is available through a domain that uses Unicode representation to show up as aol.net on search engines and in emails, researchers from security firm Radware said in a post published Wednesday morning. (This query showed the trojan was also available on a domain that was designed to appear as picc.com.) The researchers suspect the malware is being promoted in spam emails.
https://arstechnica.com/information-technology/2018/04/tens-of-thousands-of-facebook-accounts-compromised-in-days-by-malware/

50,000 Minecraft users infected with hard drive wiping malware
The malware was discovered by IT security researchers at Avast’s Threat Labs who noted that its prime target is those Minecraft users who have downloaded “skins” in PNG file format to alter the default look of a character in Minecraft. Apparently, these malicious “skins” contain a malicious Powershell script prompting the malware to delete user data and reformat their system’s hard drive. The malware infection also starts tourstart.exe loop which thwarts the performance of the target system.
https://www.hackread.com/50000-minecraft-users-infected-with-hard-drive-wiping-malware/

 

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.