IT Security News Blast 10-16-2017

US banks to introduce new anti-fraud measures after Equifax hack
US banks are stepping up anti-fraud controls after the data breach at credit checking group Equifax put about half the country’s population at risk of identity theft. Executives at banks including Citigroup and Wells Fargo said customers would face new checks because of the increased risk of identity fraud, a problem that already costs an estimated $16bn a year in the US.
https://www.ft.com/content/e911b528-b05b-11e7-beba-5521c713abf4

After second bungle, IRS suspends Equifax’s “taxpayer identity” contract
The Equifax site was maliciously manipulated again, this time to deliver fraudulent Adobe Flash updates, which, when clicked, infected visitors’ computers with adware that was detected by just three of 65 antivirus providers. The development means that at least for now, taxpayers cannot open new Secure Access accounts with the IRS. Secure Access allows taxpayers to retrieve various online tax records and provides other “tax account tools” to those who have signed up.
https://arstechnica.com/tech-policy/2017/10/after-second-bungle-irs-suspends-equifaxs-taxpayer-identity-contract/

A Nobel-Winning Solution to Cyber Security
Stiles says we’ve reached a point where credit bureaus and other data firms require more regulation, including incentives to invest in safety. She pointed to the oil industry as a possible model, noting that those who transport tankers of oil must carry insurance in case something goes wrong—and the insurance companies in turn demand they take precautions to obtain coverage. It’s not hard to imagine how this model could extend to companies that store and transport data. […] The upshot would be a new way of aligning the economic incentives of the credit bureaus with smart cyber security practices.
http://fortune.com/2017/10/14/a-nobel-winning-solution-to-cyber-security/

IT at sea makes data too easy to see: Ships are basically big floating security nightmares
Using Shodan.io, a search engine for finding devices on the internet, Munro looked for several popular brands of maritime satcom systems, including Cobham, Inmarsat, and Telenor kit, along with older brands that had been acquired, on the assumption they’d be running outdated firmware. […] By searching for ‘html:commbox,’ he found various terminal commands for KVH’s ship-to-shore network manager CommBox. Pulling up an actual CommBox login page, Munro found the connection was poorly secured with no HTTPS protection. The system presented a link to a queryable user database and it revealed network configuration data merely by mousing over the UI.
https://www.theregister.co.uk/2017/10/13/it_at_sea_makes_data_too_easy_to_see/

DePasquale: Surveys show schools, local governments fear cyber-attacks
The anonymous statewide surveys were conducted over three weeks in August and September, collecting 954 responses, including 177 from school districts and 777 from municipalities. “Even more concerning from the survey is the near-unanimous conclusion from municipal and school officials that the risks of cyber-attacks will increase,” DePasquale said. “These surveys highlight cyber-security concerns, but we must take action before a municipality or school district data breach occurs.”
http://www.timesleader.com/news/local/678863/depasquale-surveys-show-schools-local-governments-fear-cyber-attacks

Experts Urge U.S. Military to “Develop and Deploy Enhanced-EMP Nuclear Weapons”
In a statement, experts recommended to Congress that the U.S. military strengthen its ballistic missile defenses — including the deployment of space-based defenses — with the specific aim of protecting the U.S. from potential electromagnetic pulse (EMP) attacks. They also recommended the development and deployment of enhanced-EMP nuclear weapons and other means to deter attacks on the United States by North Korea.
https://futurism.com/us-nuclear-weapons/

Bill legalizing hacking back introduced in the House
The bill alters the Computer Fraud and Abuse Act (CFAA) of 1986 and would allow those victimized by a cyberattack to take certain counter measures. This includes leaving their network to establish who attacked, disrupt cyberattacks without damaging others’ computers, retrieve and destroy stolen files, monitor the behavior of an attacker and utilize utilize beaconing technology, the bill reads. […] However, not everyone believes it is in the best interest of a company to counterattack.
https://www.scmagazine.com/bill-legalizing-hacking-back-introduced-in-the-house/article/700220/

Report: Iran Was Behind Cyber Attack on British Lawmakers
The report came the day after Britain joined other European countries in warning the United States against harming a nuclear deal with Iran. Britain’s parliament was hit by a “sustained and determined” cyber attack in June, designed to identify weak email passwords, just over a month after a ransomware worm crippled parts of the country’s health service. The Times said that the attack was Iran’s first significant cyber attack on a British target after the hack was initially blamed on Russia.
http://fortune.com/2017/10/14/report-iran-behind-cyber-attack-british-lawmakers/

Provoking Iran Could Have Unseen Cyber Consequences
The fulfillment of Iran’s nuclear ambitions remain years away even if this deal falls apart, but Trump’s actions also raise questions about whether increased tension will in turn lead to increased Iranian cyber operations. Observers say that while the current diplomatic instability likely won’t impact Iran’s hacking purview, further decisions—particularly around sanctions—could fuel offensive plans directed at the United States.
https://www.wired.com/story/trump-iran-decertify-cyberattacks/

Ukraine says cyber attack may strike in next few days
Ukraine’s state security service SBU and the state-run Computer Emergency Response Team (CERT) said the attack could take place 13-17 October when Ukraine celebrates Defender of Ukraine Day. Ukraine, which believes Russia is behind regular attacks on its computer systems, is trying to roll out a national strategy to keep state institutions and major companies safe. Moscow denies that it is behind cyber attacks on its neighbour.
https://www.enca.com/world/ukraine-says-cyber-attack-may-strike-in-next-few-days

It’s not just Moscow: American agencies use Facebook to woo Russians, too
In a pair of information campaigns that spanned 2010-2011 and 2015-2016, federal agencies that aim to spread America’s message abroad spent $59,541 in ads wooing Russian speakers, according for federal spending records. That was part of a $1.6 million spending pool used by the State Department, the Voice of America and the U.S. Agency for International Development over the past eight years on overseas social media campaigns linked to Facebook.
http://www.sandiegouniontribune.com/military/sd-me-russia-facebook-20171013-story.html

You may have the ‘right to be forgotten’ – but you still need to know who to ask and what to ask for
This phrase – made famous by the now-ubiquitous General Data Protection Regulation (GDPR) – essentially hands over power to you and me as end consumers to demand that all traces of our digital exhaust be forever exhumed by the data controller. While you chew on that, let’s dwell a little bit on what it means to the GDPR compliant organizations – the data controllers providing a service to you and me.
https://www.csoonline.com/article/3230906/cloud-security/you-may-have-the-right-to-be-forgotten-but-you-need-to-know-who-to-ask-for-it.html

Cyberespionage Group Steps Up Campaigns Against Japanese Firms
The group has focused on exfiltrating intellectual property and other confidential data from Japanese companies involved in critical infrastructure, heavy industry, manufacturing and international relations. In its report released this week, SecureWorks uncovers shifting tactics and strategies used by the group. According to researchers, Bronze Butler has bolstered its skillsets when it comes to exploiting zero-days, developing unique malware tools and has been increasingly become effective at exploiting a desktop management tool used by sysadmins in Japan.
https://threatpost.com/cyberespionage-group-steps-up-campaigns-against-japanese-firms/128447/

An intern at the Trump campaign data firm, Cambridge Analytica, appears to have left sensitive voter targeting tools online for nearly a year
An intern at the data mining and analysis firm Cambridge Analytica left online for nearly a year what appears to be programming instructions for the voter targeting tools the company used around the time of the election, raising questions about who could have accessed the tools and to what end. […]  Albright said the code for the tools was “sitting right on Github for almost a year: from March 2016 to February 2017 — the last 8 months of the US election.” “That’s a security issue, in my opinion,” Albright added. “Could Russia find this and use it? Absolutely.”
http://www.businessinsider.com/trump-campaign-data-russia-cambridge-analytica-2017-10

Want to see something crazy? Open this link on your phone with WiFi turned off
In 2003, news came to light that AT&T was providing the DEA and other law enforcement agencies with no-court-warrant-required access to real time cell phone metadata. This was a pretty big deal at the time. But what these services show us is even more alarming: US telcos appear to be selling direct, non-anonymized, real-time access to consumer telephone data to third party services — not just federal law enforcement officials — who are then selling access to that data.
https://medium.com/@philipn/want-to-see-something-crazy-open-this-link-on-your-phone-with-wifi-turned-off-9e0adb00d024

500 million PCs are being used for stealth cryptocurrency mining online
According to a new report from Adguard, in a matter of weeks, 2.2 percent of the top 100,000 websites on the Alexa list are now mining through user PCs. In total, 220 sites that launch mining when a user opens their main page, with an aggregated audience of 500 million people. CoinHive and JSEcoin are currently the most popular scripts being employed to hunt down cryptocurrency, and Adguard estimates that these domains have earned roughly $43,000 in a three-week period at little or no cost.
http://www.zdnet.com/google-amp/article/500-million-pcs-are-being-used-for-stealth-cryptocurrency-mining-online/

Hyatt Hit By Credit Card Breach, Again
Hyatt Corp., hotel guests are being warned of a credit card breach, the second since December 2015. On Thursday, the hotelier identified 41 of its hotels spread across 13 countries where it confirmed unauthorized access to payment card information. China is the hardest hit by the breach with 18 hotels impacted. Three U.S. hotels were part of the breach and were each located in Hawaii. Hyatt properties in India, Japan and Saudi Arabia were also impacted.
https://threatpost.com/hyatt-hit-by-credit-card-breach-again/128440/

Android ransomware DoubleLocker encrypts data and changes PINs
DoubleLocker combines a cunning infection mechanism with two powerful tools for extorting money from its victims. “Its payload can change the device’s PIN, preventing the victim from accessing their device and encrypts the victim’s data,” said Lukáš Štefanko, the malware researcher at security firm ESET who discovered DoubleLocker. “Such a combination hasn’t been seen yet in the Android ecosystem.
https://www.theregister.co.uk/2017/10/13/doublelocker_android_ransomware/

KU student expelled after using Keystroke logger to change grades
A University of Kansas student was expelled from the school after allegedly changing his grades from an “F” to an “A” using information he obtained via a keystroke logger. […] “This goes beyond the naughty little boy who snuck into his professor’s office in the middle of the night and pulled the exam paper out,” Aerospace engineering professor Ron Barrett-Gonzalez told the news station. “It’s a form of betrayal that goes beyond the norm.”
https://www.scmagazine.com/ku-student-used-keystroke-logger-to-change-grades/article/700036/

 ====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.

//]]>