IT Security News Blast 1-27-2017

What your security scientists can learn from your data scientists to improve cybersecurity

Data science is all about creating structure with unstructured data and labeling it so you can compare normal versus abnormal patterns via machine or deep learning algorithms. Whether it’s clickstream advertising, buyer sentiment analysis, facial recognition algorithms, predicting a pandemic virus or modeling the spread of malware through a network, it’s the same basic data science. What changes is the type of pattern you detect.

The emergence of the ‘cyber cold war’

CNNMoney has reviewed NATO assessments of a decade of Russian hacking operations and spoken to dozens of computer security professionals around the world. The image that starts to emerge is stark: The Cold War moved online. And Western countries are only starting to realize it.  The term they most agree on: cyber cold war. “There’s something unsettling about calling this a war. But it’s frivolous to ignore this,” said Laura Galante, intelligence director at cybersecurity firm FireEye. “The Russians get it right, and they’re beating the U.S.”

Most Malware-Infected US Cities List Shows Size Doesn’t Matter

A 2016 study by security company Webroot reveals that there is no connection between the population of a city and the number of malware-infected devices it has. The conclusion comes from its list of the top 10 most malware-infected US cities. Top on this list is Houston with 60,801 infected devices, followed by Chicago with 49,147 infected devices, and Phoenix with 42,983 infected devices. Devices include laptops, PCs, tablets, and smartphones, with each found to have between six and 24 pieces of malware on them. From the top 10 list of most densely populated US cities, only Los Angeles is in the top 10 list of most infected.—threats/most-malware-infected-us-cities-list-shows-size-doesnt-matter/d/d-id/1327982?

Governors put cybersecurity, broadband on front burner

At the Jan. 25 winter meeting of the National Governors Association, Govs. Terry McAuliffe (D-Va.) and Brian Sandoval (R-Nev.) stated that cybersecurity gives states a chance to work closely with the federal government and across party lines. “In order to be successful at thwarting threats, the federal government must view states as primary sources of intelligence, as well as priority recipients of intelligence from the federal government,” said Sandoval, who is NGA vice chair. “States should be seen as full-fledged partners in gathering, analyzing and disseminating intelligence in the fight against cyber terrorism.”

A new service for the less techie criminals [Slideshow]

These people are the owners of crimeware-as-a-service (CaaS) businesses. For underground cybercriminals, CaaS provides a new dimension to cybercrime by making it more organized, automated and accessible to criminals with limited technical skills. Today, cybercriminals can develop, advertise and sell anything from a botnet to a browser exploit pack or DDoS attack toolkits. Aditya K Sood, director of security and cloud threat labs at Blue Coat Systems, a part of Symantec, details how cybercriminals can obtain sensitive data, like credit card numbers, names and addresses, with just a couple of clicks and a payment.

Cybercrime Blotter: Man arrested for spoofing CEO’s email, stealing $566,000 from Kansas county

What happened? George James, a Brookhaven, Georgia man, was arrested after allegedly sending a spoofed email that tricked county employees in Kansas into transferring $566,000 into his corporate bank account.

The Charge: One count of wire fraud. The accused faces up to 20 years in federal prison and a maximum fine of $25,000.

New Trojan Turns Thousands Of Linux Devices Into Proxy Servers

Once backdoored and the attacker gets the list of all successfully compromised Linux machines, and then logs into them via SSH protocol and installs the SOCKS5 proxy server using Linux.Proxy.10 malware on it. This Linux malware is not at all sophisticated since it uses a freeware source code of the Satanic Socks Server to setup a proxy. According to the security firm, thousands of Linux-based devices have already been infected with this new Trojan.

SC Media Exclusive: Rootnik Android malware variant designed to frustrate researchers

Discovered in late 2015, the Rootnik trojan relies on open-sourced root exploit tools to gain unauthorized root access to users’ devices, enabling a bevy of undesired behaviors. According to a Fortinet blog post today, this latest variant installs a hidden remote control service application capable of promoting apps and ads, silently installing apps, pushing notifications and pornography, creating shortcuts for unwanted programs or content on the home screen, and downloading additional files that can also feature malicious functionality.

HummingWhale Malware infected Android Apps Downloaded Millions of Times

CheckPoint noted that HummingBad was also a “sophisticated and well-developed malware” that employed a rootkit and chain-attack tactic to acquire complete control over the infected phone/device. It targeted non-Google apps and exploited unpatched vulnerabilities and security flaws that provided it root privileges on devices running on older Android OS versions. Google eventually shut it down, but by then HummingBad was installed in over 50,000 apps as it was infecting apps on a daily basis.

Future of the federal CISO position in question as Touhill steps down

Touhill noted that he “left in place a solid flight plan and a great team of innovative professionals in the CISO Council” but appeared skeptical of the future of that team and his plan. Touhill admitted he “offered to remain in place to provide continuity and maintain the momentum we’ve achieved,” but apparently he was not welcomed by the incoming administration. President Trump has not explicitly stated much regarding federal cybersecurity policy, but he has appointed former New York City mayor Rudy Giuliani to be an advisor on cybersecurity problems in the private sector.

Hacker Selling 1 Billion user accounts stolen from Chinese Internet Giants

A Dark Web marketplace is where you can buy anything from illegal drugs to weapons and several other products including digital goods. In a recent listing, a well known dark web vendor going by the handle “DoubleFlag” is selling data stolen from several Chinese Internet giants. According to the listing, the data belongs to companies such as NetEase Inc and its subsidiaries, and Tencent Holdings Limited owned, TOM Group’s, Sina Corporation’s, Sohu, Inc.’s and Letter Network Information Technology Co., Ltd owned

Password-free security uses voice, user behavior to verify identity

Every human voice is unique, he added. Factors like a person’s larynx, the shape of the nasal cavity, and whether the subject is missing a tooth, will all determine the way someone sounds. People can also speak in a more monotone or lively manner, or space out their words in varying rhythms. Nuance’s technology has been built to analyze these differences to accurately determine who is who, Beranek said. It’s been refined to the point, it can weed out voice impersonators, digital recordings and synthetic voices that try to dupe its system.

Shock to the system: Fake battery app zaps Android users with ‘Charger’ ransomware

The malware is also unusual in that it carries its own malicious payload instead of relying on a dropper or downloader component, Check Point reported. To avoid detection, it employs a number of evasive techniques, including encoding strings into binary arrays, dynamically loading code from encrypted resources (the code is also obfuscated), and scanning for virtual environments before commencing  malicious activity. Charger refuses to execute if it determines that an infected device is located in Ukraine, Russia or Belarus, which hints that the perpetrator is likely from this region and does not want to incite an investigation by local authorities.

How to defend against the latest Wi-Fi security threats

Once you’ve protected your network with Wi-Fi Protected Access 2 (WPA2), here are four other vulnerability scenarios you should guard against.

  • Change your default wireless settings
  • Lost or stolen Wi-Fi devices can be security threats
  • Your router’s WPS button can be a threat vector
  • Disabling SSID broadcasting can do more harm than good

Explaining cybersecurity threats in a decision-maker context

You take your assessment of the vulnerability to leadership and say, “We have to take our system down. It has a blind SQL injection vulnerability that can be used to steal our data, passwords and allow an adversary to move laterally through our network.” To cybersecurity professionals the problem is clear, and the decision should be easy to make. The decision maker listens to you describe the problem and says, “That is the most important system we have. Build a plan of action and milestone, and we’ll get the authorizing official to accept the risk and keep the system up.”

“Anonymized” Web browsing history may not be anonymous after all

Raising further questions about privacy on the internet, researchers have released a study showing that a specific person’s online behavior can be identified by linking anonymous Web browsing histories with social media profiles. The new research shows that anyone with access to browsing histories — a great number of companies and organizations —can identify many users by analyzing public information from social media accounts.

The Army is looking for AGR officers, warrants to go cyber

Warrant officers must be in grades 1 through chief warrant officer 4. Officers must be in the ranks of captain through colonel. Captains must have at least three years time in grade. This first-ever voluntary transfer for AGR officers and warrant officers into cyber is “part of HRC’s mission of getting the right soldier in the right position at the right time to meet the needs of the Army,” David Ruderman, spokesman for Human Resources Command, told Army Times on Wednesday.

Microsoft to continue to invest over $1 billion a year on cyber security

This amount does not include acquisitions Microsoft may make in the sector, Bharat Shah, Microsoft vice president of security, told Reuters on the sidelines of the firm’s BlueHat cyber security conference in Tel Aviv. “As more and more people use cloud, that spending has to go up,” Shah said. While the number of attempted cyber attacks was 20,000 a week two or three years ago, that figure had now risen to 600,000-700,000, according to Microsoft data. Long known for its Windows software, Microsoft has shifted focus to the cloud where it is dueling with larger rival to control the still fledgling market.

Quantum computer worth $15 million sold to tackle cybersecurity

D-Wave, the developers of the quantum computer, announced the sale to Temporal Defense Systems , earlier this week. Temporal Defense Systems are the first customers for the D-Wave 2000Q Quantum Computer. Previous D-Wave customers include Lockheed Martin, Google and NASA. D-Wave claims that using the quantum computer will enable the cyber security firm to perform real-time security level rating, device-to-device authentication and identify, detect and prevent threats.

Superstar cybersecurity committee proposed by senators

The 21-member committee would bring together a star-studded cast of lawmakers that are currently the highest-ranking Republicans and Democrats on the Appropriations, Armed Services, Foreign Relations and Intelligence committees, among others. Notably, the bill to create the Select Committee on Cybersecurity stipulates that it will oversee “the organization or reorganization of any department or agency to the extent that the organization or reorganization relates to a function or activity involving preventing, protecting against, or responding to cybersecurity threats.”

Cyber-physical Attacks on Critical Infrastructure: What’s Keeping Your Insurer Awake at Night?

In 2014 the “Energetic Bear” virus was discovered in over 1,000 energy firms in 84 countries.  This virus was used for industrial espionage and, because it infected industrial control systems in the affected facilities, it could have been used to damage those facilities, including wind turbines, strategic gas pipeline pressurization and transfer stations, LNG port facilities, and electric generation power plants.  It has been suggested that a nation-state “pre-positioned attack tools to disrupt national scale gas suppliers.”