IT Security News Blast 05-07-2018

Dates of Cybersecurity Attacks

Mark Your Calendar! Hack Timing Patterns
Companies and governments know they are targets for people looking to cause harm or profit by attacking their networks. Those threat actors are constantly evaluating networks and looking for ways to gain access. Most public and private organizations take this as a given and prepare appropriately. Those who aren’t already actively thinking about security should begin to do so immediately, and everyone should recognize that, yes, there are times when threat actors are particularly active. When a malicious actor decides to attack an organization, they consider a few things. First, they decide what they are trying to achieve with the attack.
https://criticalinformatics.com/resources/blog/mark-your-calendar-hack-timing-patterns/

Abbott Addresses Life-Threatening Flaw in a Half-Million Pacemakers
Abbott (formerly St. Jude Medical) has released another upgrade to the firmware installed on certain implantable cardioverter defibrillator (ICD) or cardiac resynchronization therapy defibrillator (CRT-D) devices – a.k.a., pacemakers. About 465,000 patients are affected. The update will strengthen the devices’ protection against unauthorized access, as the provider said in a statement on its website: “It is intended to prevent anyone other than your doctor from changing your device settings.”
https://threatpost.com/abbott-addresses-life-threatening-flaw-in-a-half-million-pacemakers/131709/

Healthcare sector suffered more than half of all cyber-attacks in 2017
While system damage and data destruction represented the top risks for industries that faced such attacks, the healthcare sector was the hardest hit, of which the WannaCry ransomware attack on NHS institutions in 2017 was a glaring example. While the sector suffered 34 percent of all attacks in 2016, the figure rose to 58 percent in 2017, signifying how lucrative the sector had become to cyber-criminals across the globe.
https://www.scmagazineuk.com/healthcare-sector-suffered-more-than-half-of-all-cyber-attacks-in-2017/article/763532/

Defending hospitals against cyberattacks
A major challenge in hospitals’ cybersecurity is the enormous number of devices with access to a facility’s network. As with many businesses, these include mobile phones, tablets, desktop computers and servers. But they also have large numbers of patients and visitors who come with their own devices, too – including networked medical devices to monitor their health and communicate with medical staff. Each of these items is a potential on-ramp for injecting malware into the hospital network.
https://finance-commerce.com/2018/05/defending-hospitals-against-cyberattacks/

FS firms ramp up cybersecurity investment
Of more than 100 senior execs quizzed, 87% have become more concerned about cyber-risks over the last year, with nearly a quarter becoming significantly more worried. This trend appears to be reflected in the fact that 85% of respondents say that their firm has spent more on tackling cyber risks in the past year, with 14% reporting a significant rise.
https://www.finextra.com/newsarticle/32063/fs-firms-ramp-up-cybersecurity-investment/wholesale

Cybersecurity risks to get worse: Warren Buffett
Showing his concern about the threat to the insurance industry, CEO of multinational conglomerate Berkshire Hathaway Warren Buffett has said that cybersecurity risks will get worse in the years to come. […] He said he believed that cybersecurity incidents would rise and with it the potential to significantly harm the insurance industry. “There’s a very material risk which did not exist 10 or 15 years ago and will be much more intense as the years go along,” he added.
https://economictimes.indiatimes.com/news/international/world-news/cybersecurity-risks-to-get-worse-warren-buffett/articleshow/64052380.cms

A Georgia Hacking Bill Gets Cybersecurity All Wrong
“I don’t think this legislation actually solves a problem,” says Jake Williams, founder of the Georgia-based security firm Rendition Infosec. “Information put in a publicly accessible location can and will be downloaded by unintended parties. Making that illegal brings into question so many other issues, like what is ‘authorized’ use? Is violating terms of service illegal?”
https://www.wired.com/story/georgia-sb315-hacking-bill-wrong/

Pennsylvania Election Cybersecurity Commission Takes Shape
Pennsylvania Gov. Tom Wolf ordered counties purchasing new voting machines or replacing problematic ones to buy machines that provide a paper backup. Hickton said Wolf has shown good leadership in trying to improve the security of the state’s voting system. Hickton said the United States and Pennsylvania should be prepared for Russia and others to mount another attack in 2020.
http://www.govtech.com/security/Pennsylvania-Election-Cybersecurity-Commission-Takes-Shape.html

Tennessee Officials Are Trying To Get To The Bottom Of An Election Night Cyberattack
“There is no network connection to the official results, nor to any of the voting machines at any point during the process or before and after the process. They have no network interface,” Ball added. […] “It’s wonderful to be able to espouse confidence as they are, but they should not be espousing such unless they have actually had their network for the [election management server] totally assessed by someone whose qualified in network architecture,” she said.
https://www.huffingtonpost.com/entry/knox-county-tennessee-cyber-attack_us_5aeb28d7e4b0ab5c3d62bcb1

City of London Police to assemble crack team of cyber detectives
The police force, which has been operating in London’s financial district since 1839, is in the process of designing a programme to recruit computer science graduates who can help in the fight against hacking crimes. The aim is to trial the scheme next year with an initial group of five or six students, the force’s head of crime and cyber Peter O’Doherty told The Telegraph, adding that they are also looking at opening a “cyber academy” for existing staff.
https://www.telegraph.co.uk/business/2018/05/06/city-london-police-assemble-crack-team-cyber-detectives/

Cyber Command Elevated to Combatant Command
Army Lt. Gen. Paul Nakasone took command of U.S. Cyber Command Friday at a ceremony that elevated the organization to the U.S. military’s tenth unified combatant command. […] “Cyberspace is not bound by geography, it is not bound by the physical prowess of our adversaries; the next 10 years will look significantly different than the last 10 more than any of us can likely imagine.”
https://www.military.com/defensetech/2018/05/04/cyber-command-elevated-combatant-command.html

US is waking up to the deadly threat of cyber war
Fortunately, President Trump’s reluctance to accept th [Video]
at Russia used the internet to interfere in our democratic processes does not seem to have restrained a willingness by the Pentagon to tackle the threat of cyberwar. It now has funded a joint cyber command on the level of every other uniformed force. […] The US continues to recognize the multiplicity of potential cyber threats. It must not waver in this commitment. After all, a deft terrorist with a high-end laptop and the sensibilities of a determined hacker can wreak equal or greater havoc as one with a bomb.
https://www.cnn.com/2018/05/06/opinions/opinion-andelman/index.html

In these cyber war games, the fictional foe launching attacks sounds a lot like Russia
First, cellphone networks fell silent while an imaginary foe conducted naval exercises just off their country’s coast. Chemicals at water-treatment plants gushed into public supplies. Subversive protesters jammed the streets. The power grid flipped on and off. And then a hacked drone fell out of the sky and killed soldiers at a NATO base.
https://www.washingtonpost.com/world/europe/in-these-cyber-war-games-the-fictional-foe-launching-attacks-sounds-a-lot-like-russia/2018/05/03/06494f8c-47cb-11e8-8082-105a446d19b8_story.html?noredirect=on&utm_term=.5f13319de0d4

Report: Chinese government is behind a decade of hacks on software companies
Researchers said Chinese intelligence officers are behind almost a decade’s worth of network intrusions that use advanced malware to penetrate software and gaming companies in the US, Europe, Russia, and elsewhere. The hackers have struck as recently as March in a campaign that used phishing emails in an attempt to access corporate-sensitive Office 365 and Gmail accounts. In the process, they made serious operational security errors that revealed key information about their targets and possible location.
https://arstechnica.com/information-technology/2018/05/researchers-link-a-decade-of-potent-hacks-to-chinese-intelligence-group/

Increasingly brazen North Korean hackers growing capable
[Some] say North Korea’s evolution on cyber — coupled with the country’s willingness to execute attacks when motivated by geopolitical events — make Pyongyang one of the more threatening adversaries in cyberspace.
“They have demonstrated that when they have the intention they will deploy the capability,” said Adam Meyers, vice president of intelligence at CrowdStrike. “I would say that it is a formidable cyber adversary for us.”
http://thehill.com/policy/cybersecurity/386309-north-korean-hackers-growing-more-brazen-capable

Russia blocks 50 VPNs & Anonymizers amid Telegram crack down
However, in their attempt to block Telegram, authorities found they could only block specific IP addresses allowing users to simply switch to another IP address or use VPN to download, sign up and use the app. Moreover, Russian authorities also blocked millions of IP addresses owned by Google and Amazon since they were used by Telegram. “The Russian government is failing in their task to block the app. Telegram app has only become more popular in Russia with many more downloads compared to the week before, and the government has shown its complete lack of understanding of how the technology works[.]”
https://www.hackread.com/russia-blocks-50-vpn-anonymizers-telegram-block/

Spy agency NSA triples collection of U.S. phone records: official report
The spike in collection of call records coincided with an increase reported on Friday across other surveillance methods, raising questions from some privacy advocates who are concerned about potential government overreach and intrusion into the lives of U.S. citizens. The 2017 call records tally remained far less than an estimated billions of records collected per day under the NSA’s old bulk surveillance system, which was exposed by former U.S. intelligence contractor Edward Snowden in 2013.
https://www.reuters.com/article/us-usa-cyber-surveillance/spy-agency-nsa-collected-500-million-u-s-call-records-in-2017-a-sharp-rise-official-report-idUSKBN1I52FR

Body-cam giant snaps up its biggest rival to create near-monopoly
The move has some privacy watchers concerned. Elizabeth Joh, a law professor at the University of California, Davis, pointed to her February 2017 academic paper on the subject: “When one company dominates the market for a surveillance technology, its choices about product design make important decisions about policing before the police themselves have an opportunity to do so,” she wrote.
https://arstechnica.com/tech-policy/2018/05/body-cam-giant-snaps-up-its-biggest-rival-to-create-near-monopoly/

8 New Spectre-Class Vulnerabilities (Spectre-NG) Found in Intel CPUs
The new CPU flaws reportedly originate from the same design issue that caused the original Spectre flaw, but the report claims one of the newly discovered flaws allows attackers with access to a virtual machine (VM) to easily target the host system, making it potentially more threatening than the original Spectre vulnerability.
https://thehackernews.com/2018/05/intel-spectre-vulnerability.html

ZooPark malware targets Android users though Telegram, watering holes
The latest version has the capability to exfiltrate a wide range of data, including contacts, GPS location, text messages, call audio, keylogs and others. The malware can also take pictures, video and screenshots as well as record audio. “This last step is especially interesting, showing a big leap from straightforward code functionality to highly sophisticated malware,” the report says. “This suggests the latest version may have been bought from vendors of specialist surveillance tools.”
https://www.cyberscoop.com/zoopark-kaspersky-telegram-watering-holes/

Hurry up patching those Oracle bugs: Attackers aren’t waiting
The SANS Institute issued a warning after one of its honeypot systems was targeted by exploits of the CVE-2018-2628 remote code execution flaw in WebLogic just hours after the test server was put live According to SANS, the flaw has been aggressively targeted since it was first disclosed by Oracle on April 18. The security training company says it took all of three hours after the patch was released for the first compromised servers to be detected.
https://www.theregister.co.uk/2018/05/03/slow_to_patch_oracle_bugs_dont_be_attackers_jump_all_over_them/

Pr0nbot is Back – and Evading Twitter Censors
A rapidly swelling botnet of Twitter accounts advertising “adult dating”-themed scam websites has at least 80,000 nodes to date – and only half of them have been caught and restricted by Twitter. The botnet is likely a resurgence of a previous porn-bot, which sported the SFW moniker “Pr0nbot” and was uncovered by F-Secure researcher Andy Patel in March. In the course of querying Twitter accounts for specific automated patterns, he found just over 22,000 Twitter bots in on the action, marketing a service dubbed “Dirty Tinder.”
https://threatpost.com/pr0nbot-is-back-and-evading-twitter-censors/131720/

 

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.