IT Security News Blast 04-25-2018

Cybersecurity News Jacker with MK Hamilton

[VIDEO] NewsJacker 04-24-18
NewsJacker is back! Check out my recap on the latest cybersecurity news from my office in Bremerton. I cover how cryptocurrency mining has become organized crime’s preferred tactic over ransomware, the not-so-coincidental timing of the EU pipeline cyberattacks and Russian sanctions, the changing role of the CISO, and the biggest news… we are changing our name to CI Security. Be one of the first to know why.
https://criticalinformatics.com/resources/resources/blog/newsjacker-ci-security/

Reader Feedback — Help Focus the News Blast!
While Facebook and I got a divorce some time ago, I actively use Twitter and I’d love for you to take this poll regarding stories in the Daily Blast. I throw out about 75% of what I see, so there’s plenty of room to modify.
1.       Follow me on Twitter @seattlemkh
2.       Vote on your topic (link below)
The poll will be active for one week (7D) and I’ll announce results and modify the “traps” to be consistent with community feedback.
https://twitter.com/seattlemkh/status/988547007932387328

House seeks feedback on cyber challenges posed by legacy systems
The committee is chaired by Greg Walden (R-Ore.) and ranking member Frank Pallone (D-N.J.). “The healthcare sector and medical technologies face the same challenge that has vexed the information technology (IT) industry for decades; digital technologies age faster and less gracefully than their physical counterparts,” the panel’s document notes.
https://www.healthdatamanagement.com/news/house-seeks-feedback-on-cyber-challenges-posed-by-legacy-systems

Transcription Service Leaked Medical Records
On Friday, KrebsOnSecurity learned that the portion of MEDantex’s site which was supposed to be a password-protected portal physicians could use to upload audio-recorded notes about their patients was instead completely open to the Internet. What’s more, numerous online tools intended for use by MEDantex employees were exposed to anyone with a Web browser, including pages that allowed visitors to add or delete users, and to search for patient records by physician or patient name. No authentication was required to access any of these pages.
https://krebsonsecurity.com/2018/04/transcription-service-leaked-medical-records/

AI for cybersecurity? What hospitals should understand before investing
When he confers with clients, Harnish tells them not to be lured into a false sense of security by the big promises AI vendors are making. “The fact that we’ve deployed AI does not mean we can shut the lights off and walk out of the room,” he said. “It still requires care and feeding. In some ways, in addition to the end goal we still have to monitor – ‘Is there an intrusion on my network?’ – we also have to monitor the quality of the decision-making around that question.”
http://www.healthcareitnews.com/news/ai-cybersecurity-what-hospitals-should-understand-investing

Ransomware Attack Cost City Of Atlanta Over $2M
According to Engadget, while the ransom demand was about $51,000, the city spent a small fortune trying to correct the situation. Firms Secureworks and Ernst & Young were paid $650,000 and $600,000, respectively, for emergency services, while Edelman was paid $50,000 for crisis communication services. That brings the grand total to approximately $2.7 million.
https://www.pymnts.com/fraud-attack/2018/ransomware-attack-cost-atlanta-over-2m/

Improving cybersecurity visibility and state and local government agencies
For 38 percent of respondents, this shortcoming is further exacerbated by the need for security intelligence tools that prioritize vulnerability risks. Combined, these technology gaps make it harder for security personnel to optimize their time and effectiveness. Nearly half of respondents (46 percent) said that access to more skilled and knowledgeable information security professionals would improve the ability to spot security vulnerabilities — more than any other potential enabler.
https://statescoop.com/report-highlights-security-gaps-in-state-and-local-government-networks

SEC imposes $35m fine over Yahoo data breach
He said there was “a complete corporate failure to disclose information about the data breach that was widely known and readily available in the company”. The SEC did not announce any charges against executives at Yahoo. Mr Peikin said the agency’s investigation was continuing and it had not made any decisions about the conduct of individuals.
https://www.ft.com/content/07287890-47dc-11e8-8ee8-cae73aab7ccb

Combatting the New Normal
With so much personal information now available in the public domain, the threat of identity theft, application fraud and e-commerce fraud is replacing card payment scams at an alarming rate. Just like the old Hans Brinker story about the Dutch boy who saves the country by putting his finger in a leaking dike, we keep plugging the dike. But unfortunately, more leaks still appear, and there are plenty of new areas of concern. Can you say IoT?
http://paymentsjournal.com/combatting-new-security-normal/

Senate confirms Paul Nakasone to lead the NSA, U.S. Cyber Command
His ascension comes as the United States faces strategic threats from Russia, China, North Korea and Iran. During his confirmation hearings, Nakasone was grilled on how he would position the agencies to confront mounting Russian aggression in cyberspace, whether through attempted interference in U.S. elections or targeting the electric grid and other critical industrial systems.
https://www.washingtonpost.com/world/national-security/senate-confirms-paul-nakasone-to-lead-the-nsa-us-cyber-command/2018/04/24/52c95ca4-47e8-11e8-9072-f6d4bc32f223_story.html?noredirect=on&utm_term=.b2c01edf665e

New Entries in the CFR Cyber Operations Tracker: Q1 2018
The Cyber Operations Tracker has just been updated. This update includes the state-sponsored incidents and threat actors that have been made public between January 1, 2018 and March 31, 2018. We also modified some older entries to reflect the latest developments and added a few historical cases we had previously missed.
https://www.cfr.org/blog/new-entries-cfr-cyber-operations-tracker-q1-2018

Sounding The Alarm About A New Russian Cyber Threat
Of particular concern, according to a joint technical alert issued by the U.S. Computer Emergency Response Team, is a Russian cyberattack on network infrastructure devices such as routers, switches and firewalls. Compromised routers, the alert says, help Russia “support espionage, extract intellectual property, maintain persistent access to victim networks, and potentially lay a foundation for future offensive operations.”
https://www.npr.org/2018/04/24/604241476/sounding-the-alarm-about-a-new-russian-cyber-threat

Dawn of the smart surveillance cameras
Kogniz claims that its camera can maintain watchlists of known criminals, behaviors such as loitering, and even potentially dangerous objects such as weapons. The company claims that it is working with others toward recognizing “unique facial structures,” with the goal of removing racial bias that may creep into its algorithms. While Kogniz claims that it ultimately plans to support a range of cameras at different price points, its first product costs $995 but is also available on an installment plan of $99 per month.
https://www.zdnet.com/article/dawn-of-the-smart-surveillance-camera/

Cambridge Analytica whistleblower briefs House Dems
The Democrats said that Judiciary Republicans had refused an invitation to participate in the interview. Members leaving the briefing said they were struck by how Cambridge Analytica, which is based in London, operated with the sophistication of a military unit and worried that the U.S. was vulnerable to such firms manipulating elections.
https://www.msn.com/en-us/news/politics/cambridge-analytica-whistleblower-briefs-house-dems/ar-AAwhT3B?ocid=spartanntp

Don’t Know What Palantir Is? You Need To.
“In March,” Bloomberg reports, “a former computer engineer for Cambridge Analytica, the political consulting firm that worked for Donald Trump’s 2016 presidential campaign, testified in the British Parliament that a Palantir employee had helped Cambridge Analytica use the personal data of up to 87 million Facebook users to develop psychographic profiles of individual voters.” (Palantir told Bloomberg the employee was doing this work on his own time.)
https://www.thestranger.com/slog/2018/04/23/26087386/dont-know-what-palantir-is-you-need-to

Tech support scams are on the rise, up 24%, warns Microsoft
Scammers continue to resort to these tactics because they work so well to scare the pants off non-tech-savvy users. Of the 153,000 tech support scams reported to Microsoft, 15 percent of victims admitted to losing money in the scam. While most paid between $200 and $400 for the fake problems to be “fixed,” one scammer managed to drain the bank account of a user in the Netherlands. That poor person lost €89,000, which is about $108,838.54.
https://www.csoonline.com/article/3269230/security/tech-support-scams-are-on-the-rise-up-24-warns-microsoft.html

This malware targets Facebook log-in details, infects over 45,000 in just days
‘StressPaint’ first appeared a few days ago and at the time of writing has infected over 45,000 Facebook users. The attacks appear to specifically target users who operate Facebook pages and have configured a payment method into the account. Uncovered by Radware, the malware has quickly spread around the world with a high infection rate, indicating what researchers say “indicates this malware was developed professionally”.
https://www.zdnet.com/article/this-malware-targets-facebook-log-in-details-infects-over-45000-in-just-days/

New hacks siphon private cryptocurrency keys from airgapped wallets
The most effective techniques take only seconds to siphon a 256-bit Bitcoin key from a wallet running on an infected computer, even though the computer isn’t connected to any network. Guri said the possibility of stealing keys that protect millions or billions of dollars is likely to take the covert exfiltration techniques out of the nation-state hacking realm they currently inhabit and possibly bring them into the mainstream.
https://arstechnica.com/information-technology/2018/04/new-hacks-siphon-private-cryptocurrency-keys-from-airgapped-wallets/

Muhstik Botnet Exploits Highly Critical Drupal Bug
Researchers are warning a recently discovered and highly critical vulnerability found in Drupal’s CMS platform is now being actively exploited by hackers who are using it to install cryptocurrency miners and to launch DDoS attacks via compromised systems. At the time of the disclosure, last month, researchers said they were not aware of any public exploits. Now Netlab 360 researchers say they have identified a botnet, dubbed Muhstik, that is taking advantage of the Drupal bug.
https://threatpost.com/muhstik-botnet-exploits-highly-critical-drupal-bug/131360/

PyRoMine uses NSA exploits to mine Monero and disable security features
Fortinet researchers spotted a malware dubbed “PyRoMine” which uses the ETERNALROMANCE exploit to spread to vulnerable Windows machines, according to an April 24 blog post. The malware isn’t the first to mine cryptocurrency that uses previously leaked NSA exploits the malware is still a threat as it leaves machines vulnerable to future attacks because it starts RDP services and disables security services.
https://www.scmagazine.com/fortinet-researchers-spotted-a-malware-dubbed-pyromine-which-uses-the-eternalromance-exploit-to-spread-to-vulnerable-windows-machines/article/760842/

2018 RSA Conference: Execs Push Cooperation, Culture & Civilian Safety
The four tenets of the accord are: to undertake more collective action and information sharing; to help customers build their own capacities to protect themselves; to provide a stronger defense against cyberattacks for all customers across the globe, regardless of the motivation for the attacks; and to conduct no offensive actions. According to the Tech Accord announcement, “we will not help governments launch cyberattacks against innocent citizens and enterprises from anywhere.”
https://www.darkreading.com/risk/2018-rsa-conference-execs-push-cooperation-culture-and-civilian-safety-/d/d-id/1331563

New Georgia law criminalizes good-faith security research, permits vigilante action
The state of Georgia is trying to ban good-faith cybersecurity research, and the state’s cybersecurity businesses are hoppin’ mad. SB 315, The Unauthorized Computer Access Bill, currently sitting on Governor Nathan Deal’s desk, threatens to outlaw good-faith security research and enable “hack back” vigilante action. […] The bill, if signed into law, will hurt the state’s economy and drive jobs and talent out of state, Robert Graham, a Georgia-based security researcher, tells CSO.
https://www.csoonline.com/article/3269206/legal/new-georgia-law-criminalizes-good-faith-security-research-permits-vigilante-action.html

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.