IT Security News Blast 04-27-2018

Hackers Love Healthcare

Why Hackers Love Healthcare
From 2011 through 2014, the sector — including hospitals, labs, pharmacies, drug companies and outpatient clinics — experienced the highest number of data breaches of all industries. What makes these organizations such a popular target?
·       Highly Valuable Data
·       Lack of IT Investment and Training
·       Highly Connected Systems
https://www.darkreading.com/endpoint/why-hackers-love-healthcare/a/d-id/1331537?

FDA Rolls Out New Action Plan for Medical Device Cybersecurity
[The] FDA aims to provide both owners and users with a “Software Bill of Materials” — a list of all software components used by a device. Ideally, this should allow end users to “better manage their networked assets and be aware of which devices in their inventory or use may be subject to vulnerabilities.” FCW reported that the administration is also considering new rules around patching: Devices directly linked to patient safety, such as pacemakers and insulin pumps, would require the capacity for ongoing patches and upgrades to improve medical device cybersecurity.
https://securityintelligence.com/news/fda-rolls-out-new-action-plan-for-medical-device-cybersecurity/

North Korea-linked hackers stole data from 17 countries in an ongoing cyberattack that’s far bigger than we thought
A new report by McAfee Advanced Threat Research found a major hacking campaign, dubbed Operation GhostSecret, sought to steal sensitive data from a wide range of industries including critical infrastructure, entertainment, finance, healthcare, and telecommunications. Attackers used tools and malware programs associated with the North Korea-sponsored cyber unit Hidden Cobra, also known as Lazarus, to execute the highly sophisticated operation.
http://www.businessinsider.com/north-korea-lazarus-group-operation-ghostsecret-2018-4

As cities get high-tech, hackers become more dangerous
“It’s a fairly big problem because unfortunately, state and local governments are prime targets,” says Allen Liska, a senior intelligence analyst at Recorded Future, a company specializing in cyber threat assessment. “After what happened in Atlanta, cities are going to appear as big targets. And now, with so many constituent services online, cities have a huge exposure on the internet.”
https://www.curbed.com/2018/4/18/17254382/hack-hackers-smart-city-cybersecurity

Entrepreneurs Should Get Free Training, Tax Breaks To Boost Cybersecurity, Senate Told
The seriousness of the issue for entrepreneurs was emphasized by Committee Chair Jim Risch who has introduced legislation to create cybersecurity assistance units at Small Business Development Centers around the country. “A cyber attack is frequently the last nail in the coffin for a small business,” said the Idaho Republican.
https://www.forbes.com/sites/tedknutson/2018/04/26/entrepreneurs-should-get-free-training-tax-breaks-to-boost-cybersecurity-senate-told/#3e1418c06944

Bringing It All Together: NYS DFS, SWIFT, SEC and GDPR
The Federal Financial Institutions Examination Council (FINRA), Office of the Comptroller of the Currency (OCC), Financial Industry Regulatory Authority (FINRA) and other regulatory bodies have been at it for a while. More recently, New York State Department of Financial Services (NYS DFS), SWIFT and the SEC have gotten in the act and soon the European Union. For those trying to comply, especially smaller entities, it can be a daunting web of compliance that can end up overshadowing the cyber risk management that it is trying to promote.
https://securityboulevard.com/2018/04/bringing-it-all-together-nys-dfs-swift-sec-and-gdpr/

Two-thirds of online banking systems in 2017 contained high-risk vulnerabilities
Considering only high-severity vulnerabilities in 2017, 63 percent of banking systems suffered from insufficient authorisation compared to 57 percent in 2016, 25 percent had two-factor authentication flaws compared to 71 percent in 2016, 19 percent had insufficient process validation compared to 14 percent in 2016, and 13 percent were vulnerable to arbitrary code execution compared to 14 percent in 2016.
https://www.pcauthority.com.au/news/two-thirds-of-online-banking-systems-in-2017-contained-high-risk-vulnerabilities-489687

Cyber Risks in the Manufacturing Industry
Increased connectivity through Internet of Things (IoT) devices is transforming the manufacturing industry, allowing leaders to monitor and act upon data flowing between machines, devices and people. A multitude of sensors pour data into systems and build up a real-time picture of operations, however the added sensor touchpoints and more automated processes have left the industry with a more exposed attack surface.
https://www.globalbankingandfinance.com/cyber-risks-in-the-manufacturing-industry/

Regulate artificial intelligence to avert cyber arms race
Criteria are needed to determine proportional responses, as well as to set clear thresholds or ‘red lines’ for distinguishing legal and illegal cyberattacks, and to apply appropriate sanctions for illegal acts7. In each case, unilateral approaches will be ineffective. Rather, an international doctrine must be defined for state action in cyberspace. Alarmingly, international efforts to regulate cyber conflicts have stalled.
https://www.nature.com/articles/d41586-018-04602-6

The AI Cybersecurity Arms-Race: The Bad Guys Are Way Ahead
While enterprises are slow or reluctant to invest in cyber defenses that can make a difference, cyber criminals are rapidly adopting them. “There are already instances of threat actors and hackers using AI technologies to bolster their attacks and malware,” says Forrester Research in a new report titled Using AI for Evil: A Guide To How Cybercriminals Will Weaponize And Exploit AI To Attack Your Business.
https://www.forbes.com/sites/gilpress/2018/04/26/the-ai-cybersecurity-arms-race-the-bad-guys-are-way-ahead/#25e3c27a148e

Cyber warfare may be less dangerous than we think
Over the course of multiple war games, we found our mix of military officers and university students often sought to de-escalate the crisis and rarely used offensive cyber operations. Players assigned to the Chinese side often combined cyber espionage and more traditional intelligence activities to identify the U.S. players’ intentions and capabilities. Players replicating strategic decision-making in Beijing seemed to prefer a “wait and see” approach involving increased intelligence and diplomatic lobbying, rather than escalatory offensive cyber operations.
https://www.washingtonpost.com/news/monkey-cage/wp/2018/04/26/what-can-cybergames-teach-us-about-cyberattacks-quite-a-lot-in-fact/?noredirect=on&utm_term=.2861ee7c1b2c

Cyber Adversaries: It’s Not Just Russia
In cybersecurity, one key to defending U.S. national interests is understanding the nature and ultimate aims of the adversary: What are Iran’s regional foreign-policy goals? What does North Korea need to do to maintain its regime’s stability? What are China’s plans for reaching strategic parity with the United States, and does it even want to achieve dominance? Whether you are an individual, a private company, or the U.S. government, self-defense begins with strategic knowledge of the game.
https://www.realclearpolitics.com/articles/2018/04/26/cyber_adversaries_its_not_just_russia_136913.html

America vs the hackers: a cyber-security bootcamp
In this mock election (the third of its kind, with some officials attending more than once), the main threat comes from a group called “Kompromat” — a Russian political term for compromising material, often used for blackmail. This is an unsubtle reference to the Russian hackers who surprised the US by launching attacks on its electoral system in real life in 2016.
https://www.ft.com/content/fc99b6f2-4815-11e8-8ae9-4b5ddcca99b3

Ray Ozzie’s plan for unlocking encrypted phones gets a chilly reception
Ozzie portrays Clear as a potential breakthrough in bridging the widening gulf between those who say the US government has a legitimate need to bypass encryption in extreme cases, such as those involving terrorism and child abuse, and technologists and civil libertarians who warn such bypasses threaten the security of billions of people.
https://arstechnica.com/information-technology/2018/04/why-ray-ozzies-plan-for-unlocking-encrypted-phones-wont-solve-the-crypto-wars/

ISO blocks NSA’s latest IoT encryption systems amid murky tales of backdoors and bullying
The “Simon” and “Speck” cryptographic tools were designed for secure data to and from the next generation of internet-of-things gizmos and sensors, and were intended to become a global standard. But the pair of techniques were formally rejected earlier this week by the International Organization of Standards (ISO) amid concerns that they contained a backdoor that would allow US spies to break the encryption. The process was also marred by complaints from encryption experts of threatening behavior from American snoops.
https://www.theregister.co.uk/2018/04/25/nsa_iot_encryption/

Rubella Crimeware Kit: Cheap, Easy and Gaining Traction
A three-month license includes various encryption algorithm choices (XOR and Base64), download methods (PowerShell, Bitsadmin, Microsoft.XMLHTTP, MSXML2.XMLHTTP or a custom PowerShell payload), payload execution methods (executable, JavaScript, Visual Basic Script), and the ability to easily deploy social-engineering decoy themes.
https://threatpost.com/rubella-crimeware-kit-cheap-easy-and-gaining-traction/131474/

Win 7, Server 2008 ‘Total Meltdown’ exploit lands, pops admin shells
With Microsoft’s broken Meltdown mitigation in place, apps and users could now read and write kernel memory, granting total control over the system. This was due to Redmond’s engineers accidentally marking the page tables, which describe the computer’s memory layout, as readable-writable for usermode programs, allowing normal applications to rejig memory mappings as necessary to freely access kernel virtual memory.
https://www.theregister.co.uk/2018/04/26/total_meltdown_win7_server_2008_exploit/

Master Key Hack Exploits Flaw in Key System to Unlock Hotel Rooms
Researchers Tomi Tuominen and Timo Hirvonen at F-Secure discovered that Vision, the electronic keys’ software used by hotels worldwide, is vulnerable to exploitation. It lets cybercriminals produce master keys and easily open any door in the facility by using a single hotel room key and an RFID reader. Through the reader, they can keep trying different code combinations to decode the electronic key card.
https://www.hackread.com/master-key-hack-exploits-flaw-unlock-hotel-rooms/

70% of Security Pros Think Governments Should Regulate Social Media Data Collection: Venafi Survey
However, 72 percent believe their government officials do not have a good understanding of the threats impacting digital privacy. “These results are disturbing,” said Kevin Bocek, vice president of security strategy and threat intelligence at Venafi. “While security professionals agree that government officials do not understand the nuances of social media and digital privacy, they’re still looking to them to regulate the technology that permeates our daily lives.”
https://www.darkreading.com/endpoint/70–of-security-pros-think-governments-should-regulate-social-media-data-collection-venafi-survey/d/d-id/1331659
====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.