IT Security News Blast 05-08-2018

Automation Exacerbates Cybersecurity Skills Gap

Automation Exacerbates Cybersecurity Skills Gap
The more artificial intelligence (AI)- and machine learning-powered tools they bring in, the more they need experienced staff to deal with those tools. Conducted by Ponemon Institute on behalf of DomainTools, the study queried over 600 US cybersecurity professionals on the effects of automation on their staffing situations. The results offered up are counterintuitive to general belief that automation will ameliorate the cybersecurity skills gap.
https://www.darkreading.com/careers-and-people/automation-exacerbates-cybersecurity-skills-gap/d/d-id/1331697

Artificial Intelligence (AI) is New Weapon of Cyber Criminals
Security analysts, who studied this event, detected how hackers used AI-driven software to transfer money to numerous accounts in an automated manner. The software was successful in dodging multiple security policies while concealing identities and location of the attackers. These bad actors could execute the cyber heist as how to fudge the security mechanism was already taught to the software. The cyber attack morphs into a catastrophe when it is crowdfunded and AI-driven.
https://artificial-intelligence.cioreview.com/news/artificial-intelligence-ai-is-new-weapon-of-cyber-criminals–nid-26253-cid-175.html

1.13M Records Exposed by 110 Healthcare Data Breaches in Q1 2018
Around 1.13 million patient records were compromised in 110 healthcare data breaches in the first quarter of 2018, according to data released May 3 in the Protenus Breach Barometer. Healthcare insiders were most likely to snoop on family members—a whopping 77.10 percent of privacy violations in the first quarter. Snooping on fellow co-workers was the second most common insider violation, followed by snooping on neighbors and celebrities, according to proprietary nonpublic data collected by Protenus, an AI platform used to analyze access to patient data inside electronic health records.
https://healthitsecurity.com/news/1.13m-records-exposed-by-110-healthcare-data-breaches-in-q1-2018

Rules and Income and Cyber, Oh My!
Litigation can have a significant effect on plans and their administration — just ask the Department of Labor and a number of universities. But its effect, or course, is not limited to the macro — it can have a profound effect on an individual plan as well. D’Aloia noted that litigation has forced plan sponsors to make decisions in such a way as to reduce the risk that they will face litigation. Gerrie shed some light on why: It exacts heavy costs, not just financial, but also in terms of human resources and employee morale.
https://www.napa-net.org/news/managing-a-practice/industry-trends-and-research/rules-and-income-and-cyber-oh-my/

What is cyber resilience? Building cybersecurity shock absorbers for the enterprise
If a malware attack meant development could no longer access their work, what would happen? Could the business keep going? With backups, maybe. They’re not just there in case someone deletes something, after all. Ben Cabrera, CIO for Covanta, says backups are part of the environmental company’s plan for dealing with ransomware: “Disaster recovery and backups have become really important thing for us.”
https://www.csoonline.com/article/3269726/hacking/what-is-cyber-resilience-building-cybersecurity-shock-absorbers-for-the-enterprise.html

USA Provides Javelin Missiles & Modern Cyber Operations Center for Ukraine
The country is increasingly seen as a front line against Russian-backed cyber sabotage and a testing ground for new hacking techniques. “We’ve discussed the issue of cybersecurity and I can proudly announce that we will double the amount of assistance to strengthen this [in Ukraine] from $5 million to $10 million,” announced Wess Mitchell, U.S. Assistant Secretary of State for European and Eurasian Affairs.
https://theubj.com/news/view/usa-provides-javelin-missiles-modern-cyber-operations-center-for-ukraine

Connecticut tasks law enforcement with cyber duties
For routine incidents such as theft of financial records and ransom demands, the CTIC must be able to identify threats, which means “having an adequate number of both top-secret and secret cleared personnel and being able to review all cyber intelligence relevant to Connecticut,” the plan said. These cleared personnel are needed to manage the “full flow of projected cybersecurity intelligence” related to screenings, analysis and referrals of actionable intelligence.
https://gcn.com/articles/2018/05/07/connecticut-cybersecurity-plan.aspx

Cyber Defenders Eyeing Path to Attack Mode
Marion mentioned how the Air Force was “16 versions behind” on patching some of its software until moving the program to the cloud and taking advantage of industry’s patching capabilities. “Our push to industry is always ‘stop selling us a tool, sell us the service.’ We’ve got to have a lot of agility and speed with respect to rollout of tools,” Marion added. While the pace of military acquisition can be a hurdle for collaboration, changes are on the way to improve that situation, panelists said.
https://www.meritalk.com/articles/cyber-defenders-eyeing-path-to-attack-mode/

Roundtable examines national cyber strategy
National-level experts from government, commercial industry and academia came together to provide their insights on how to identify vulnerabilities, share awareness, and ensure mission and business accomplishment in a cyber-contested environment. “Cyber defense is more than just security,” said U.S. Air Force Gen. Darren W. McDew, USTRANSCOM commander. “For me, it’s mission assurance. It’s not just a DOD issue, it’s a national issue. From safeguarding our intellectual property to guaranteeing the integrity of our elections, we’ve got to be all in together.”
https://www.dvidshub.net/news/275970/roundtable-examines-national-cyber-strategy

Senate Wants More Cyber Intelligence
Specifically, the Senate wants a commercial product able to scan publicly available sources such as paste sites, blogs, social media, code repositories and technical sources, as well as sources that are harder to find, like dark web forums and sites. As information is collected, it must be automatically sorted among nine categories: threat actors, malware, technical indicators, geographies, technologies, products, people, companies and organizations. All relevant information on each threat must then be pulled into a single report with “event timelines, treemaps, table views, and feed views of associated threat actors, IP [addresses], hashes, domains, malware and vulnerabilities,” according to the RFP.
https://www.nextgov.com/cybersecurity/2018/05/senate-wants-more-cyber-intelligence/148010/

Regulate artificial intelligence to avert cyber arms race
AI makes deterrence possible because attacks can be punished4. Algorithms can identify the source and neutralize it without having to identify the actor behind it. Currently, countries hesitate to push back because they are unsure who is responsible, given that campaigns may be waged through third-party computers and often use common software. The risk is a cyber arms race5. As states use increasingly aggressive AI-driven strategies, opponents will respond ever more fiercely. Such a vicious cycle might lead ultimately to a physical attack.
https://www.nature.com/articles/d41586-018-04602-6

A Criminal Gang Used a Drone Swarm To Obstruct an FBI Hostage Raid
Mazel said the suspects had backpacked the drones to the area in anticipation of the FBI’s arrival. Not only did they buzz the hostage rescue team, they also kept a continuous eye on the agents, feeding video to the group’s other members via YouTube. “They had people fly their own drones up and put the footage to YouTube so that the guys who had cellular access could go to the YouTube site and pull down the video,” he said.
https://www.defenseone.com/technology/2018/05/criminal-gang-used-drone-swarm-obstruct-fbi-raid/147956/

From The Internet Of Things To The Internet Of Thoughts
If the services of the sharing economy technologies seemed to put the privacy of users at risk, the new system seems to be even more saturated with issues. In fact, the social sharing of photographs, thoughts and confidential information risks endangering the privacy of internet users and, considering that much of this personal data is also transported overseas where the discipline and the protection provided is profoundly different, the question becomes extremely complex.
https://www.forbes.com/sites/forbestechcouncil/2018/05/07/from-the-internet-of-things-to-the-internet-of-thoughts/#396bcc4e736f

How to become anonymous online
Popular sites like Facebook have paved the way for people to delve into our personal lives like never before. From the sites we visit to the transactions we make, everything we do online relies on some form of anonymity – or lack thereof. And while it may never be possible to be completely and utterly anonymous, there are several steps you can take to stay hidden on the web, and even some that can reduce the amount of spam and ads you’re often subjected to.
https://www.techradar.com/how-to/how-to-become-anonymous-online

UK police say 92% false positive facial recognition is no big deal
New data about the South Wales Police’s use of the technology obtained by Wired UK and The Guardian through a public records request shows that of the 2,470 alerts from the facial recognition system, 2,297 were false positives. In other words, nine out of 10 times, the system erroneously flagged someone as being suspicious or worthy of arrest. In a public statement, the SWP said that it has arrested “over 450” people as a result of its facial recognition efforts over the last nine months.
https://arstechnica.com/tech-policy/2018/05/uk-police-say-92-percent-false-positive-facial-recognition-is-no-big-deal/

Mark Your Calendar! Hack Timing Patterns
Companies and governments know they are targets for people looking to cause harm or profit by attacking their networks. Those threat actors are constantly evaluating networks and looking for ways to gain access. Most public and private organizations take this as a given and prepare appropriately. Those who aren’t already actively thinking about security should begin to do so immediately, and everyone should recognize that, yes, there are times when threat actors are particularly active.
https://criticalinformatics.com/resources/blog/mark-your-calendar-hack-timing-patterns/

Variant of SynAck Malware Adopts Doppelgänging Technique
Both SynAck ransomware and Process Doppelgänging are relatively new. The latter was discovered by Ensilo researchers, which presented their research at the London Black Hat 2017 security conference in December. The technique is similar to the hacker method known as Process Hollowing, where adversaries replace the memory of a legitimate process with malicious code, thereby  evading antivirus process monitoring tools.
https://threatpost.com/variant-of-synack-malware-adopts-doppelganging-technique/131760/

Poor passwords and self-induced flaws leave ICS easily accessible to hackers
73 percent of corporate information systems (CIS) have insufficient perimeter defenses, but making the situation much worse is that if a hacker gains entry into the CIS the attacker has an 82 percent chance of penetrating the industrial network. Then compounding the problem further is the research found the attack vectors needed to access the industrial network were ranked either low or trivial in difficulty, which means pulling off an attack is a relatively easy task.
https://www.scmagazine.com/poor-passwords-and-self-induced-flaws-leave-ics-easily-accessible-to-hackers/article/763807/

Why securing containers and microservices is a challenge
The ecosystem of container security tools is not yet mature, according to Ali Golshan, cofounder and CTO at StackRox, a Mountain View-based cloud security vendor. “It’s like the early days of virtual machines and cloud,” he says. “Organizations need to build proprietary tools and infrastructure to make it work, and it needs a lot of resources to implement. There are not a lot of ready-made solutions out there, and not enough solutions to cover all the use cases.”
https://www.csoonline.com/article/3268922/network-security/why-securing-containers-and-microservices-is-a-challenge.html

Hundreds of big-name sites hacked, converted into drive-by currency miners
A mass hacking campaign that targets a critical vulnerability in the Drupal content management system has converted more than 400 government, corporate, and university websites into cryptocurrency mining platforms that surreptitiously drain visitors’ computers of electricity and computing resources, a security researcher said Monday.
https://arstechnica.com/information-technology/2018/05/hundreds-of-big-name-sites-hacked-converted-into-drive-by-currency-miners/

Download Kali Linux 2018.2 with new security features
The new version of Kali Linux also includes support for AMD GPUs and AMD Secure Encrypted Virtualization which allows for encrypting virtual machine memory such that even the hypervisor can’t access it. Additionally, the updated packages include Bloodhound, Reaver, PixieWPS, Burp Suite, Hashcat, and more. To view the full list of changes, you can check out the Kali Changelog.
https://www.hackread.com/download-kali-linux-2018-2-with-new-security-features/

 

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2018 Critical Informatics, Inc. All rights reserved.