IT Security News Blast 05-03-2018

The Cybersecurity Metric to Watch

One Cybersecurity Metric To Dwell On
In cybersecurity, the metric known as dwell time is the measure of how long it takes an organization to identify a breach from the time an adversary gains access. In 2017, the global average time to detection was 191 days, according to a study by the Ponemon Institute and IBM, down from 201 days in 2016. For Rod Turk, Commerce Department acting chief information officer and former department chief information security officer, this metric can inform all the others.

For $4k/year, Moscow cyber-arms-dealer Gleg will sell you 25 0-day bugs for attacking hospital
In one video uploaded to Vimeo, Gleg shows an exploit being used against a hospital health information management system (HHIMS). A list of MedPack updates includes a zero-day to replace files in a piece of software from a company called MediTEX. MediTEX makes scheduling software as well as a platform for documenting therapy and quality assurance for reproductive medicine, according to the company’s website.

Helping Struggling Hospitals Recover from Ransomware Attacks
“Everybody has an ownership in terms of dealing with cybersecurity threats and in developing a cybersecurity strategy. Everybody has to be involved with it—providers, hospitals, third-party vendors, business associates, and employees,” he added. It is also important to get the boards of trustees involved in cybersecurity efforts at their organizations. Martinez related that he has been working in the healthcare industry for 40 years, including 20 years as a chief information officer in a variety of healthcare organizations.

Insurers’ cyber vulnerability
Similar to how the healthcare sector’s rushed implementation of electronic medical record systems ultimately fuelled an uptick in healthcare data breaches, the insurance industry’s rapid and continual adoption of cloud-based storage and services expanded its attack surface beyond traditional on-premises risks.

SWIFT Cyber-Attackers Strike Again – Organizations Must Turn to the Software Defined Perimeter
Cyber-attacks targeting the SWIFT inter-bank transfer system have blighted the financial services industry worldwide over the past two years. Now yet another major attack has been foiled after Malaysia’s central bank blocked an attempted fraudulent transfer of funds via SWIFT. The message to financial institutions is clear: hackers are everywhere, they know your networks inside out, and they are evolving their tools and techniques each day to maximize their chances of success.

Insuring Uncle Sam’s cyber risk
To date, there are over 4,600 commercial enterprises that are now contractually bound to protect CUI [Controlled Unclassified Informtion] by demonstrating 110 individual cybersecurity controls. In the event a cyber incident materializes because of the government contractor (think Postal Service or Office of Personnel Management breaches), the contractor is responsible for a myriad of incident response activities that are very cost intensive. Furthermore, these same enterprises are generally required to show proof of general liability, directors and officers, automobile, and/or errors and omissions insurance coverage – but no cyber?

Trump administration may throw out the approval process for cyberwarfare
The move comes as lawmakers openly question whether U.S. Cyber Command, the nation’s premier cyber warfare unit, is hamstrung from responding to Russian meddling due to bureaucratic red tape. CyberScoop previously reported that multiple congressional committees are considering policies that could empower the military’s cyber mission. But the push for change faces resistance from the intelligence community and several other federal agencies involved in cybersecurity.

Cambridge Analytica dismantled for good? Nope: It just changed its name to Emerdata
Jennifer and Rebekah Mercer are directors of Emerdata, and are the daughters of ultra-wealthy businessman Robert Mercer who created and bankrolled Cambridge Analytica. Billionaire Bob has given tens of millions of dollars to rightwing political efforts. Jennifer and Rebekah also had a hand in Cambridge Anal. Emerdata was founded in mid-2017, but has been rather active since Cambridge Analytica hit the headlines earlier this year, including official filings as recent as yesterday. So, it seems the shutdown may be less a business catastrophe than a marketing exercise.

Amazon blocks domain fronting, threatens to shut down Signal’s account
Last week, Amazon announced a change to an Amazon Web Service designed specifically to end the use of domain fronting—the exploitation of a content delivery network’s architecture to conceal the actual destination of encrypted Internet traffic. At the same time, Amazon issued a warning to the developers of the Signal encrypted phone and messaging application that it would cancel Signal’s CloudFront account if the service continued to attempt to evade censorship using Amazon’s sites as cover.

DHS to Create Journalist-Tracking Database, Labels Critics “Conspiracy Theorists”
Apparently the NSA doesn’t share their toys with DHS… The DHS “Media Monitoring” initiative is currently seeking a contractor who can provide DHS with the ability to track over 290,000 global news sources in more than 100 languages – including online, print, broadcast, cable, radio, trade and industry publications, traditional news sources and social media platforms.

California net neutrality bill that AT&T hates is coming to New York, too
The California and New York bills would replicate the US-wide bans on blocking, throttling, and paid prioritization that were implemented by the FCC in 2015, and they would go beyond the FCC rules with a ban on paid data-cap exemptions. The California bill was sponsored by Sen. Scott Wiener (D-San Francisco). In New York, State Senator Brad Hoylman (D-Manhattan) said that he is introducing a bill today that includes all the key consumer protections from Wiener’s proposal.

Tech firms fret over push to legalize ‘defensive’ hacking
Legislation awaiting the signature of Gov. Nathan Deal in Georgia would allow individuals to engage in “active defense measures” in the name of cybersecurity, potentially clearing the way for companies and private citizens to hack into other networks for the sake of protecting their own systems. Google, Microsoft and others in the technology industry have mounted a campaign against the bill, warning of the potential for grave ramifications. They have urged Deal to veto it before the May 8 deadline.

Adopt the NIST cybersecurity framework (CSF) and harness the wisdom of crowds
In my experience, “proprietary frameworks” promulgated by even the most top-tier and renowned consulting firms tended to be myopic and often lacked real value. On occasion a homegrown framework had some value, but that was usually because it was a refactored version of a crowd based source like or ISO/IEC security frameworks. The NIST Framework may have inherited some of the crowd wisdom properties, greatly improving the overall value of adoption.

Millions of Home Fiber Routers Vulnerable to Complete Takeover
A comprehensive assessment of various GPON home routers by vpnMentor has uncovered a way to bypass all authentication on the devices (CVE-2018-10561). That flaw can be found within the HTTP servers on GPON networks, which check for specific paths when authenticating the router. The attacker can bypass authentication by simply affixing an image suffix to the URL.

Fancy that, Fancy Bear: LoJack anti-laptop theft tool caught phoning home to the Kremlin
In a report published on Tuesday, security researchers at Netscout’s Arbor Networks said they have found five LoJack agents (rpcnetp.exe) that point to four suspicious command-and-control domains, three of which have been associated with Fancy Bear in the past. It is feared someone has secretly backdoored certain copies of LoJack so that it acts as remote-controlled spyware for the Kremlin.

A New Cryptocurrency Mining Virus is Spreading Through Facebook
Dubbed FacexWorm, the attack technique used by the malicious extension first emerged in August last year, but researchers noticed the malware re-packed a few new malicious capabilities earlier this month. New capabilities include stealing account credentials from websites, like Google and cryptocurrency sites, redirecting victims to cryptocurrency scams, injecting miners on the web page for mining cryptocurrency, and redirecting victims to the attacker’s referral link for cryptocurrency-related referral programs.

Schneider Electric Patches Critical RCE Vulnerability
“This software is commonly deployed across several heavy industries, including manufacturing, oil and gas and automotive,” according to Tenable’s report released Wednesday. “With the growing adoption of distributed and remote monitoring in industrial environments, OT and IT are converging. As OT becomes increasingly connected and boundary-less, these safety-critical systems are increasingly vulnerable to cyberattacks.”

Poker tournaments disrupted after DDoS attacks on Americas Cardroom
Now, it has happened again. On April 24th, 2018, a series of non-stop DDoS attacks hit Americas Cardroom which continued till May 1st. Initially, according to a series of tweets from ACR’s Twitter account it was announced that its website will go under scheduled maintenance from 7-10 am ET on Tuesday but a later tweet the same day revealed ACR is under a DDoS attack forcing it to pause all running tournaments.



Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.