IT Security News Blast 04-24-2018

Cyber Worm Attack

Reader feedback- help focus the news blast!
While Facebook and I got a divorce some time ago, I actively use Twitter and I’d love for you to take this poll regarding stories in the Daily Blast. I throw out about 75% of what I see, so there’s plenty of room to modify.
1.       Follow me on Twitter @seattlemkh
2.       Vote on your topic (link below)
The poll will be active for one week (7D) and I’ll announce results and modify the “traps” to be consistent with community feedback.
https://twitter.com/seattlemkh/status/988547007932387328

New hacker group targets US health-care industry, researchers say
Among its victims are health-care providers and pharmaceutical companies, as well as IT companies and equipment manufacturers that work for health organizations. […] Symantec suspects that the Orangeworm hackers are breaching these organizations likely to carry out corporate espionage, such as the theft of trade secrets. The cyber firm found no evidence that the group is operating on behalf of a nation-state.
http://thehill.com/policy/cybersecurity/384409-new-hacker-group-targets-us-healthcare-industry-researchers-say

Mysterious cyber worm targets medical systems, is found on X-ray machines and MRI scanners
It also performs activities to help ensure it isn’t detected by anti-virus or security software by inserting randomly generated string into the middle of the decrypted payload before writing it to disk to prevent hash-based detections. […] Researchers suggest that Orangeworm use this information to decide if the system is used by a high value target, such as a researcher or someone with access to a lot of information. If the attackers determine this to be the case, they also spread the infection by copying the backdoor across open network shares to infect other computers.
https://www.zdnet.com/article/mysterious-cyber-worm-targets-medical-systems-found-on-x-ray-machines-and-mri-scanners/

Abbott releases firmware to fix cyber vulnerabilities in cardiac devices
The Food and Drug Administration approved the upgrade to Abbott’s implantable ICDs and CRT-Ds, which were originally manufactured by St. Jude Medical, which was bought by Abbott last year. The FDA recommends that all eligible patients receive the firmware update, which requires an in-person patient visit with a healthcare provider, at their next regularly scheduled visit or when appropriate.
https://www.healthdatamanagement.com/news/abbott-releases-firmware-to-fix-cyber-vulnerabilities-in-cardiac-devices

Mulvaney response to CFPB data security gaps baffles cyber experts
Mulvaney has said hundreds of CFPB-related data breaches justified his announcement in December that the agency would halt collecting personally identifiable information from companies it supervises. But industry experts say such a data freeze is unusual in the government, where security gaps are somewhat common. More unusual, they say, is that the CFPB apparently resumed data collection after only a few weeks, without investigating or remedying the cybersecurity problems that it identified.
https://www.americanbanker.com/news/mulvaney-response-to-cfpb-data-security-gaps-baffles-cyber-experts

The Next WannaCry Is Coming … Are You Ready?
While the motives behind WannaCry are still disputable, the spread of the “ransomworm” attack are not, and industries are vulnerable. In financial services, banking trojans such as Dridex, renowned for stealing banking credentials since 2014, adapt and change quickly. This considered, it is apparent that we need to be prepared for the next attack. Banking Trojans and ransomware are ever adapting and changing and are causing damage estimated in value of the hundreds of millions of dollars.
https://www.informationsecuritybuzz.com/articles/the-next-wannacry-is-coming-are-you-ready/

Welcome to CyberSpace Camps @ The Kennedy Space Center
The Kennedy Space Center this Summer will host the Launch of CyberSpace Camps for high school “Rocket Girls” training in CyberSecurity, Greater Online Privacy and Ethics, The Launch ‘Vehicle’ is the new “STEM(+)” Paradigm. Camps for “Rocket Girls” will be Blasting Off and Launched across the US wherever ‘FUEL’ and Facility Opportunities are opened up.
https://cyberspacecamps.org/

Digital Identity Makes Headway Around the World
Aiming to streamline government services and improve security, many countries are taking steps to implement digital identities. India, Japan, and the EU are all at the forefront of these efforts, but cultural differences might be standing in the way of the US catching up. Let’s take a closer look at the progress these countries have made.
https://www.darkreading.com/endpoint/authentication/digital-identity-makes-headway-around-the-world/a/d-id/1331576?

Georgia Plots Ambitious Course to Cyber Supremacy
“This community is going to be successful and grow just because of the very fact of what’s going on at the fort,” he said. “But what it can also be – if we do it the right way – is be transformative. We can really leverage that growth to span across all aspects of life here.” A top priority in creating an “ideal environment” for tech workers is improving the region’s spotty public school performance. Cazes said cyber professionals are typically well-educated and expect their children to have a similar, or better, education.
http://www.govtech.com/security/Georgia-Plots-Ambitious-Course-to-Cyber-Supremacy.html

[Idaho] State government beefs up cybersecurity
While some agencies will still have their own projects, like the Department of Transportation’s “Internet of Things” highway sensors, Weak’s goal is to provide commodities such as internet service and email, so agencies can focus on day-to-day business, he said. That could mean saving money through consolidating procurements, as well as improving security by having a single point of contact for installing and maintaining hardware and software.
https://idahobusinessreview.com/2018/04/23/state-government-beefs-up-cybersecurity/

The battlefield of information warfare has been leveled
Unlike Western nations, the Russians are not afraid to fail on the cyber battlefield. The Kremlin runs cyber operations using the model of a plucky technology startup. They are nimble, experimental and will try thousands of alternatives until one works. Unfortunately, one fruitful breach is all it takes. Moscow’s effectiveness with “fake news” is predicated on this startup methodology for cyberwarfare.
http://thehill.com/opinion/cybersecurity/384470-the-battlefield-of-information-warfare-has-been-leveled

AI Elevates Cyber Threat to New Level
He pointed out some verticals that could be seen as strong targets: hackers are starting to target video-conferencing rooms in law firms, and have set their sights on oil and gas companies as well. Palmer said that, while turning off an oil rig is a possibility, there were other things that could be done where the impact could be huge and take a long time for companies to notice they had been attacked. He said we are at an era where new criminal network business models will emerge.
http://interactive.satellitetoday.com/via/may-2018/ai-elevates-cyber-threat-to-new-level/

Ten legislative proposals to defend America against foreign influence operations
Many of Russia’s tactics have exploited vulnerabilities in our societies and technologies, and loopholes in our laws. Some of the steps necessary to defend ourselves will involve long-term work, others will require clear action by the Executive Branch to ensure Americans are united against the threat we face, and steps to both deter and raise the costs on such actions.
http://www.homelandsecuritynewswire.com/dr20180423-ten-legislative-proposals-to-defend-america-against-foreign-influence-operations

A Lack Of Cybersecurity Funding And Expertise Threatens U.S. Infrastructure
Most leaders in infrastructure-related industries take cyber risk seriously, but their public sector counterparts need to start addressing vulnerabilities with more urgency. Many experts and pundits are already pressuring lawmakers and regulators to take more decisive action across all of our physical systems. Despite this pressure, there are a number of obstacles that need to be addressed alongside the implementation of new policies.
https://www.forbes.com/sites/ellistalton/2018/04/23/the-u-s-governments-lack-of-cybersecurity-expertise-threatens-our-infrastructure/#6c09d11049e0

Next generation of SCADA industrial controls will protect against cyber attack
“Cyber security will be a big component from day one. They will have a system that is built with awareness of cyber security threats. Right now, they are in catch-up mode, trying to patch things to stay ahead of the hackers,” said Nunn. ExxonMobil, which reported sales of $237bn last year, kick-started the project in 2016 after seeing the US Airforce develop a similar open standards-based approach to avionics in military aircraft.
https://www.computerweekly.com/news/252439658/Next-generation-of-SCADA-industrial-controls-will-protect-against-cyber-attack

Polymorphic Monero-Mining RETADUP Worm keeps threat detection on its toes
The stealth techniques used by the malware underscores the importance of having insight into an organization’s online perimeter from endpoints and networks to servers. The malware also highlights the need for organizations to have 24/7 monitoring and in-depth research and correlation on similar incidents to enable threat analysts to provide further insight on a case-to-case basis.
https://www.scmagazine.com/polymorphic-monero-mining-retadup-worm-gets-an-autohotkey-variant/article/760520/

Single single-sign-on SNAFU threatens three Cisco products
As the advisory explained: “The vulnerability exists because there is no mechanism for the ASA or FTD Software to detect that the authentication request originates from the AnyConnect client directly. “An attacker could exploit this vulnerability by persuading a user to click a crafted link and authenticating using the company’s Identity Provider (IdP).”
https://www.theregister.co.uk/2018/04/23/cisco_saml_bug_hits_firepower_anyconnect_asa/

The “unpatchable” exploit that makes every current Nintendo Switch hackable
A newly published “exploit chain” for Nvidia Tegra X1-based systems seems to describe an apparently unpatchable method for running arbitrary code on all currently available Nintendo Switch consoles. Hardware hacker Katherine Temkin and the hacking team at ReSwitched released an extensive outline of what they’re calling the Fusée Gelée coldboot vulnerability earlier today, alongside a proof-of-concept payload that can be used on the Switch. “Fusée Gelée isn’t a perfect, ‘holy grail’ exploit—though in some cases it can be pretty damned close,” Temkin writes in an accompanying FAQ.
https://arstechnica.com/gaming/2018/04/the-unpatchable-exploit-that-makes-every-current-nintendo-switch-hackable/

Cops go into funeral home, attempt to unlock phone with dead man’s fingerprint
Phillip had been shot and killed by a Largo cop during a traffic stop. The attorney for the man’s family claims what the detectives did was illegal, yet others claim it was legal but ethically wrong. While Chaney said detectives didn’t think they’d need a warrant because there is no expectation of privacy after death — an opinion several legal experts affirmed — the actions didn’t sit right with Phillip’s family.
https://www.csoonline.com/article/3269246/security/cops-go-into-funeral-home-attempt-to-unlock-phone-with-dead-mans-fingerprint.html

 

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.