IT Security News Blast 10-18-2017

FUD Light, 10/19, 4PM, Owl and Thistle, Seattle.

Cyber Wars: How The U.S. Stock Market Could Get Hacked
DARPA has been conducting brainstorming sessions with key players in the financial system to identify potential risks and to develop effective counter-measures against them. Particularly important in these discussions, the Journal notes, have been market participants engaged in high-frequency trading (HFT) or high-speed trading, the managers of quant funds, and other persons with deep knowledge of the automated systems that drive so much of trading today, often with reaction times measured in fractions of a second.

Cyber-spy Groups are not just after your data anymore: Kaspersky
“This year, we have monitored the tectonic shift in APT actors’ behaviour. These groups who are initially data-hungry are now going beyond traditional cyberespionage. They added money-stealing on their attack menu as they hunt for vulnerable banks in the Asia Pacific (APAC) region which they can infect mostly through the rising epidemic,” says Yury Namestnikov, Head of Research Center, Russia at Kaspersky Lab’s Global Research and Analysis Team (GReAT).

Unintended disclosure accounts for a big chunk of data breaches in 2017, and spear phishing is on the rise
More than 40% of healthcare data breaches through the first three quarters of 2017 were the result of unintended disclosures, according to a report released by Beazley Group, which provides cyber liability insurance. The statistics included incidents reported by healthcare clients through the first nine months of 2017. The second most common data breach cause was hacking or malware at 19%, while 15% involved an insider. Previous Beazley reports show that ransomware incidents are up in 2017 compared to previous years.

CW500: How the NHS WannaCry cyber attack unfolded
One of the reasons the NHS was so affected is its organisational structure. Whereas the Department of Health is responsible for policy, NHS England is responsible for commissioning services and NHS Digital acts as the data and information organisation, every single NHS trust or GP surgery out there is responsible for their own security. The problem is there’s a national scale issue, such as WannaCry, affecting the system, but you actually have no control, said Taylor.

SANS SEC501 in Kirkland
Former Washington Army National Guard Chief Warrant Officer Mark Elliott will be teaching SANS SEC501, Advanced Security Essentials in Kirkland from December 4-9.  This class just went through a major re-write and has some very exciting content, including penetration testing, incident response, digital network forensics, malware analysis (with an exercise which tricks ransomware into thinking the ransom has been paid), and many more exciting topics. Register before October 25th to receive a $400 discount!

Global $181.77 Bn Cyber Security Market to 2021 – Analysis by Type, Technology, Verticals and Applications
Growing risks such as computer hacking, software piracy, and virus deployment are increasing the demand for cyber securities services. The governments of various countries are increasing their investment in cyber security owing to development in computer interconnectivity and remarkable growth in computing power of government networks.

Russia has weaponized the energy sector in war against the West
Russia is waging a cyber war on the United States. Both in terms of scope and in terms of temporal duration for these attacks go back at least to 2014 if not before. These attacks on U.S. and European political and economic actors and institutions fit in with Moscow’s larger strategy of subverting governments and unnerving potential opponents.

U.S. senator probes Pentagon on Russian source code reviews
”HPE’s ArcSight system constitutes a significant element of the U.S. military’s cyber defenses,” Democratic Senator Jeanne Shaheen wrote in a letter to Defense Secretary James Mattis seen by Reuters. Shaheen, a member of the Senate Armed Services Committee, said disclosure of ArcSight’s source code to the Russian agency presented an “opportunity to exploit a system used on [Defense Department] platforms.”

Are Hackers 21st Century Mercenaries?
Hacking also remains a low-cost way for so-called rogue states like Iran and North Korea – or even non-nation state players such as ISIS – to target American and others’ interests around the globe. And remote hacking can be a safer option than entering a foreign land: if the hacker’s government-employer falls, there is no need to worry about escaping from the country. This all makes it even more difficult to know who is responsible when an attack does occur.

Russia tweaks Telegram with tiny fine for decryption denial
Encrypted messaging app Telegram must pay 800,000 roubles for resisting Russia’s FSB’s demand that it help decrypt user messages. The fine translates to just under US$14,000, making it less of a serious punishment and more a shot across the bows. However, it does seem to entrench the principle that the Federal Security Service of the Russian Federation (FSB) can demand decryption.

Today’s Maritime Security: Is the Industry Prepared?
“While not always thought of as an early tech adopter, many ports have embraced the internet of things (IoT). While communications and information technologies are beneficial for operations, they also open ports up to being more vulnerable to cyber-attacks than ever before. Any connected network device being utilized, whether it is for operational efficiency or better physical security, can create a cyber security risk. This includes IP cameras, which are normally seen as fundamental to preventing physical security issues, and are potential forgotten as possible cyber vulnerability.”

Google now offers special security program for high-risk users
Today, Google rolled out a new program called Advanced Protection for personal Google accounts, intended to provide much higher account security to users of services like Gmail and Drive who are at a high risk of being targeted by phishers, hackers, and others seeking their personal data. The opt-in program makes Google services much less convenient to use, but it’s built to prevent the sorts of breaches that have been making recent headlines.

Digital Privacy Act changes are coming. Are you prepared?
The amendment to Canada’s Personal Information Protection and Electronic Document Act (PIPEDA), the federal privacy law for private-sector organizations, is expected to take effect in late 2017. Under this amendment, also known as The Digital Privacy Act, organizations that experience a data breach but neglect their responsibilities as outlined in this act could quickly find themselves in hot water with regulators and customers alike, not to mention facing steep fines.

Privacy and sovereignty in the age of anxiety
Information sharing at such magnitude has led to many changes, including the journalism world. In a 2010 Reuters Institute and Oxford University paper, nearly all of the news editors surveyed said that, while social media has helped newsrooms receive breaking news faster, doubts over accuracy, the need for verification and the loss of control over information have become the main risks facing their profession.

Microsoft never disclosed 2013 hack of secret vulnerability database
Reuters said Microsoft discovered the database breach in early 2013, after a still-unknown hacking group broke into computers belonging to a raft of companies. Besides Microsoft, the affected companies included Apple, Facebook, and Twitter. As reported at the time, the hackers infected a website frequented by software developers with attack code that exploited a zero-day vulnerability in Oracle’s Java software framework. When employees of the targeted companies visited the site, they became infected, too.

Release the KRACKen patches: The good, the bad, and the ugly on this WPA2 Wi-Fi drama
Firstly, there are some limitations. For a start, an eavesdropper has to be in wireless range of the target network, and have the time and specialized software to pull off the KRACK technique. There is no, to the best of our knowledge, working exploit code available yet – and practical attacks may only be possible against Linux and Android.

ATM Machine Malware Sold on Dark Web
For example, one ad posted on the now-defunct AlphaBay Darknet marketplace offered detailed manuals, a list of required equipment, ATM models to target, and tips for operating the malware, Kaspersky notes. The sellers of this kit wanted $5,000. Buyers were told they could steal all the cash from ATM machines infected with the malware, without having to bother accessing individual accounts and data used by ATM card holders, Kaspersky stated.

Adobe Patches Flash Zero Day Exploited by Black Oasis APT
The group known as Black Oasis was, as recently as this month, using exploits for the flaw to drop FinSpy as a payload. Sold by the controversial German company Gamma International, FinSpy, or FinFisher, is a suite of surveillance and espionage software used to remotely monitor compromised computers. It’s sold to governments and law enforcement around the world, including allegations of sales to oppressive regimes including Egypt, Bahrain, Ethiopia, Uganda and elsewhere.

Watch out for Microsoft Word DDE nasties: Now Freddie Mac menaced
This payload is a Visual Basic script that tries to obfuscate its execution by pivoting through Microsoft Excel before unpacking a secondary payload that decodes another packed bunch of data that eventually turns into a generic nasty known as Cometsys or Cometer that appears to open a backdoor to receive further commands and siphon off internal data to its masterminds.

Unbreakable encrypted messages
Chinese researchers recently announced a landmark advancement: They used a satellite orbiting Earth to beam pairs of quantum-entangled photons to two Tibetan mountaintops more than 700 miles apart. This distance blew the previous record out of the water. But according to an article in Chemical & Engineering News (C&EN), the weekly newsmagazine of the American Chemical Society, this is only the beginning for quantum communication.


Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.