IT Security News Blast 04-30-2018

GDPR Apocalypse?

GDPR — Another Y2K or Real Apocalypse?
If you’ve been in this business long enough, you will have lived through multiple Hype Cycles. They start with some vaguely defined problem that if not addressed will lead to the end of the world, or at least, you and your organization’s world. We’ve seen this before, and now we’re about to see another wave of hype from GDPR, the EU’s latest personal privacy regulation set to take effect on May 25, 2018. The world is holding its breath for that day, much like another hyped event we were holding our collective breath on New Year’s Eve in 1999 — Y2K. After our own thorough evaluation of the GDPR security requirements, we’ve compiled the essential information U.S. companies need to know.
https://criticalinformatics.com/resources/blog/gdpr-another-y2k-or-real-apocalypse/

Likely Ransomware Attack Exposes 85K Patient Records in CA
California-based Center for Orthopaedic Specialists (COS) admitted that a recent cybersecurity incident, which was described similar to a ransomware attack, succeeded in encrypting 85,000 patient records. “The patient data that was encrypted by the unauthorized party could have included a patient’s name, date of birth, details about their medical records, and Social Security number. To the best of our knowledge, no patient information was downloaded or removed by the unauthorized party,” COS said in its April 18 web notice.
https://healthitsecurity.com/news/likely-ransomware-attack-exposes-85k-patient-records-in-ca

Heart attack and major trauma patients being diverted away from Stevenage’s Lister Hospital after ‘major’ computer issue
A spokesman for the Trust said that the hospital was operating as business as usual – but that some critically ill patients were being diverted away while the computer issues remain. […] In a statement on its website the Trust said: “Our hospitals are experiencing a major computer problem which is affecting a range of our clinical and non-clinical systems – including telephones.
https://www.hertfordshiremercury.co.uk/news/hertfordshire-news/heart-attack-major-trauma-patients-1498165

Preparing Markets for Russian Financial Retaliation
Manipulating or disrupting international financial markets would be a risky move. Putin’s Russia has shown remarkable risk tolerance though, and could feel further emboldened by its ability until now to weather Western reaction—or lack thereof—to brazen moves such as murdering enemies in Britain or tilting the U.S. electoral field. Moreover, visibly standing up to Western pressure and wrong-footing the “main enemy” (aka, the United States) remains a key element of Putin’s popular appeal and elite support.
https://www.thecipherbrief.com/preparing-markets-russian-financial-retaliation

U.S. Financial Institution Regulators Issue Guidance About Cyber Insurance
The statement emphasizes that cyber insurance does not remove the need for financial institutions to have sound operational risk management practices, and warns against overreliance on insurance as a substitute for those practices. The statement acknowledges that while cyber insurance may be a component of a broader cyber risk management strategy, an effective system of controls remains the primary defense against cyber threats.
https://www.lexology.com/library/detail.aspx?g=682f9aa4-e74e-481e-8064-c355a6910b11

Mexican Banks Targeted in Cyber Attack
Three banks experienced “incidents” in recent days when operating the SPEI, Mexico’s interbank electronic transfer system, and will be connecting to the central bank’s network under “contingency schemes,” Banco de Mexico said in a statement Friday evening. That could cause delays in money transfers, according to the statement, which noted that the central bank’s SPEI infrastructure and client money haven’t been affected.
https://www.bloomberg.com/news/articles/2018-04-28/mexican-banks-are-said-to-have-been-targeted-in-cyber-attack

Atlanta’s recovery highlights the costly mistake of being unprepared
Now, during the aftermath of the Samsam incident, it was recently revealed that the city of Atlanta earmarked $1.4 million dollars for recovery and incident response. While it might not spend all of the money, the allocated funds tell a powerful story about clean-up and preparedness when it comes to security. Originally, it appeared that Atlanta had posted final figures, but when speaking to ZDNet, a city spokesperson said the figures listed on the city’s procurement portal were projected expenses that were not to be exceeded.
https://www.csoonline.com/article/3269315/security/atlantas-recovery-highlights-the-costly-mistake-of-being-unprepared.html

Gold Galleon Hacking Group Plunders Shipping Industry
“There’s a couple reasons [Gold Galleon] would target this industry… it’s a perfect storm between the lack of security and an interesting cultural piece,” said Bettke in an interview with Threatpost. “Many shipping companies that are very small are not worried about security – they don’t have two factor authentication and are running Windows XP. The second piece is that many of these small companies are doing international business and communicating primarily with email, so it’s hard to know if someone is being impersonated.”
https://threatpost.com/gold-galleon-hacking-group-plunders-shipping-industry/131203/

DHS to roll out national cybersecurity strategy in mid-May.
A few tidbits surrounding the upcoming strategy announcements were discussed at RSA 2018 in a keynote address given by Nielsen. Here she said the DHS would adopt a more forward-leaning posture and that could include implementing a more forceful response when it came to deterring nation-state cyberattacks, FCW.com said.
https://www.scmagazine.com/dhs-to-roll-out-national-cybersecurity-strategy-in-mid-may/article/761859/

This giant cyber defence exercise has teams defending power grids, 4G networks, drones from hacker attack
Locked Shields is an annual cyber defence game based in Estonia, and puts teams from NATO member states in the position of defending a fictional island against a sustained cyber attack across a range of vital systems. According to the game scenario, the fictional country of Berylia suffers coordinated cyber attacks against its major internet service provider and a military airbase. The attacks cause severe disruptions to the electric power grid, 4G public safety networks, drone operations and other critical infrastructure components.
https://www.zdnet.com/article/this-giant-cyber-defence-exercise-has-teams-defending-power-grids-4g-networks-and-drones-from-hacker/

Secret no more: North Korea the likely culprit in complex GhostSecret cyber espionage campaign
“The campaign is extremely complicated, leveraging a number of implants to steal information from infected systems and is intricately designed to evade detection and deceive forensic investigators,” states researcher and blog post author Raj Samani. These malicious implants communicate with a control server using what’s known as the “fakeTLS” protocol (because packets are sent in a custom format and not standard SSL, before being transmitted over SSL).
https://www.scmagazine.com/secret-no-more-north-korea-the-likely-culprit-in-complex-ghostsecret-cyber-espionage-campaign/article/761856/

DARPA wants to arm ethical hackers with AI
The program aims to incorporate automation into the software analysis and vulnerability discovery process by enabling humans and computers to reason collaboratively. If successful, the program could enhance existing hacking techniques and greatly expand the number of personnel capable of ethically hacking DoD systems. […] While DARPA sees artificial intelligence as an important tool for enhancing cybersecurity efforts, officials emphasize the essential role humans play in the collaborative process.
https://www.c4isrnet.com/it-networks/2018/04/27/darpa-wants-to-arm-ethical-hackers-with-ai/

Amazon’s Alexa Hacked To Surreptitiously Record Everything It Hears
Checkmarx set the flag to remain open after Alexa gave the expected response in their malicious calculator app. When the flag remains open, Alexa executes a function that prompts the user for the additional information it needs to complete the app. In the example, Alexa asks for clarification about whether the alarm should be set for the morning or evening. The prompt for further information tells the user that Alexa is still listening.
https://www.forbes.com/sites/kevinmurnane/2018/04/25/amazons-alexa-hacked-to-surreptitiously-record-everything-it-hears/#c97d5704fe23

Cops take dead man’s smartphone to his corpse in attempt to unlock it
In a very unusual move, police detectives in Largo, Florida, recently went to a local funeral home and located the body of a man named Linus Phillip. The 30-year-old had died days earlier at the hands of a different Largo officer. The detectives then attempted to use the fingers on Phillip’s body to unlock his own smartphone, which had been recovered from the scene. Their efforts were not successful.
https://arstechnica.com/tech-policy/2018/04/cops-take-dead-mans-smartphone-to-his-corpse-in-attempt-to-unlock-it/

SamSam Ransomware Evolves Its Tactics Towards Targeting Whole Companies
The latest version of SamSam has taken the malware road less traveled, ditching widespread spam campaigns for unusually targeted, whole-company attacks. According to an analysis by Sophos, in a reversal of previous tactics, SamSam operators are now launching thousands of copies of the ransomware at once into individual organizations, each of which has been carefully selected.
https://threatpost.com/samsam-ransomware-evolves-its-tactics-towards-targeting-whole-companies/131519/

‘Zero Login:’ The Rise of Invisible Identity
This is a major milestone in the gradual move toward password eradication. Passwords provide an awful user experience, and they’re a terrible form of security. But what if your devices were smart enough to recognize you instantly and provide a secure, personalized experience based on trusted information, with no password needed? This technology is called zero login, and it just might solve the password problem forever.
https://www.darkreading.com/endpoint/zero-login-the-rise-of-invisible-identity/a/d-id/1331531

Massive phishing campaign targets half a billion users in the first quarter 2018
The attacks managed to go under the radar as they weren’t detected by many existing email security solutions since the phishing emails use IP addresses, servers, and domain names appear to be leased and therefore legitimate. Threat actors are also using URL shortening tools to and are linking several hundred URLs together, in order to hide the ultimate destination address and jam detection tools, researchers said.
https://www.scmagazine.com/massive-phishing-campaign-targets-half-a-billion-users-in-the-first-quarter-2018/article/761541/

Researchers Dissect Tool Used by Infamous Russian Hacker Group
Dubbed Zebrocy, the tool serves as a first-stage malware in attacks and is comprised of a Delphi downloader, an AutoIt downloader and a Delphi backdoor. Used in multiple attacks, the malicious program often acts as a downloader for the actor’s main backdoor, Xagent. Also referred to as APT28, Fancy Bear, Pawn Storm, Sednit, and Strontium, and active since around 2007, the group is focused on cyber espionage and has hit government, military, and defense organizations worldwide.
https://www.securityweek.com/researchers-dissect-tool-used-infamous-russian-hacker-group

Army researchers find the best cyber teams are antisocial cyber teams
Our results indicate that the leadership dimension and face-to-face interactions are important factors that determine the success of these teams,” the researchers found. But while teams with strong leadership were more successful, “face-to-face interactions emerged as a strong negative predictor of success,” the research team noted. In other words, the less time team members spent interacting with each other, the more successful the team was as a whole.
https://arstechnica.com/information-technology/2018/04/army-researchers-find-the-best-cyber-teams-are-antisocial-cyber-teams/

 

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.