IT Security News Blast 10-23-2017

‘Cyber Hurricane’: Millions of Devices Infected in Rapidly Replicating Botnet

Reaper has pulled together IoT hacking techniques that include nine attacks affecting routers from D-Link, Netgear, and Linksys, as well as internet-connected surveillance cameras, including those sold by Vacron, GoAhead, and AVTech. Although currently Reaper has shown no signs of any DDoS activity, it is too early to guess the intentions of its creators. The malware has the potential to do significantly more damage than Mirai and its successors did. […] According to Check Point, Reaper has already enslaved millions of IoT devices, including routers and IP cameras manufactured by GoAhead, D-Link, TP-Link, Avtech, and others, and the bot continues to rapidly spread.


‘IOTroop’ Botnet Could Dwarf Mirai in Size and Devastation, Says Researcher

“So far we estimate over a million organizations have already been affected worldwide, including the U.S., Australia and everywhere in between, and the number is only increasing,” according to Check Point’s preliminary research published Thursday. While this malware appears to share some of Mirai’s code, it is new malware and campaign, said Maya Horowitz, group manager of threat intelligence at Check Point, in an interview with Threatpost.


U.S. warns public about attacks on energy, industrial firms

The Department of Homeland Security and Federal Bureau of Investigation warned in a report distributed by email late on Friday that the nuclear, energy, aviation, water and critical manufacturing industries have been targeted along with government entities in attacks dating back to at least May. The agencies warned that hackers had succeeded in compromising some targeted networks, but did not identify specific victims or describe any cases of sabotage.


Today’s bank heists aren’t what they used to be with the battle now fought out in cyberspace

“Attacks used to be very crude misspelled [emails], now they are sophisticated – we have seen criminals researching targets, seeing where a CEO’s children go to school so an email looks like it comes from there,” he says, illustrating how hard it can be to spot a red flag. “These aren’t teenagers in a bedroom, these are seriously organised groups. They’ve taken the internet and gig economy model and hire people in.”


Financial Insecurity: 42 Percent of U.S. Financial Services Orgs Have Been Breached

The report, based on a survey of more than 1,100 senior security executives worldwide, also found that 24 percent of financial services organizations suffered a data breach in the past year alone, up from 19 percent in 2016. Eighty-six percent of respondents believe their organizations are vulnerable to data threats. While 96 percent will use sensitive data in an advanced technology environment (cloud, big data, container, IoT) this year, 47 percent admitted they’re deploying those technologies without having the appropriate levels of security in place.


Businesses need to think about a public cyber star rating

Enter the cyber star rating system — dubbed the Cyber Kangaroo in Australia — which would function like an energy star rating, but for the security of devices and organisations. In a perfect world, not only would a company’s rating be impacted by its own security, but also those of its suppliers. In the Domino’s case, it appears that the pizza chain’s IT systems are free of guilt, but that working with an insecure supplier is the cause of the data leak.


Why healthcare mergers, acquisitions can uncover new cybersecurity risks

“Healthcare provider organizations need to be aware that they are uniquely susceptible to cybersecurity risks in conjunction with a transaction because of the nature of the data they handle,” said Marc Leone, a producer at Graham Company, one of the Mid-Atlantic’s largest insurance brokers, and a mergers and acquisitions risk expert.


Why phishing attacks are increasingly targeting the public sector (and what you can do about it)

Initially, hackers interact with the supply chain or whatever “weak link” gets them in the door of larger organizations where they can then access a bounty of sensitive data. Attackers take a similar approach with government agencies, targeting smaller organizations that typically lack adequate security defenses and are deemed easy targets.  These vulnerable, smaller government organizations also house an abundance of personal citizen data, including Social Security information and tax returns. While valuable on its own, this kind of highly sensitive user information opens the door for bigger, more sophisticated and expansive attacks that could lead to even more lucrative returns.


Russia’s Election Hackers Use D.C. Cyber Warfare Conference as Bait

The Russian military hackers behind last year’s election meddling are using an upcoming cyber warfare conference in Washington D.C. as a lure to infect a new crop of victims with malware, security researchers said Sunday, effectively turning a high-level gathering packed with NATO and U.S. military cyber defenders into an opportunity for more attacks. […] The Russian hackers’ flier for the event is a Microsoft Word document named “Conference_on_Cyber_Conflict.doc”. It contains the logos of the conference organizers and a sponsor, and text copied from the conference website touting the 2017 theme, “The Future of Cyber Conflict.”


“Our task was to set Americans against their own government”: Russian troll-farm operative

The fake stories and false news created and disseminated to millions of American voters by the operatives at the Internet Research Agency (IRA), in the words of an IRA operative, aimed to “rock the boat” on divisive issues like race relations, gun control, immigration, and LGBT rights. The IRA also used the internet to hire 100 American activists to hold 40 rallies in different U.S. cities. These activists did not know they were working for a Russian government agency, and the people who came to the rallies were unaware that they were taking part in Russian-organized and financed events.


Czech election websites hacked, vote unaffected -Statistics Office The websites used for presentation of the Czech Republic’s election results were hacked on Saturday afternoon, the Czech Statistical Office (CSU) said on Sunday, adding that the vote count was not affected. Czechs voted on Friday and Saturday in the parliamentary election, with the results then shown on two websites that CSU maintains with an outside provider.


FBI Couldn’t Access Nearly 7K Devices Because of Encryption “To put it mildly, this is a huge, huge problem,” Wray said. “It impacts investigations across the board – narcotics, human trafficking, counterterrorism, counterintelligence, gangs, organized crime, child exploitation.” The FBI and other law enforcement officials have long complained about being unable to unlock and recover evidence from cellphones and other devices seized from suspects even if they have a warrant, while technology companies have insisted they must protect customers’ digital privacy.


Why You Should Always Assume You’re Being Secretly Recorded

He posits that according to Moore’s Law (the rule that computer power will double at the same price every 18 months), in 2020 we’ll be living in a world flooded with more than 1 trillion sensors (a projection which aligns with estimates from HP, IBM and Bosch). It’s a wake-up call for anyone who is not living in a remote Appalachian cabin: In 2017, and hereto forth, for the rest of time, barring any kind of nuclear or digital apocalypse, it is wisest to always, always, always assume you are being recorded. In the White House. In the bathroom. In an Airbnb.


Canada’s Spy Agency Releases its Cyber-Defense Tool for Public

The Communications Security Establishment (CSE), Canada’s main signals intelligence agency, has made a malware scanning and analytics tool called AssemblyLine as open-source by releasing the code. AssemblyLine tool can analyze massive volumes of files and also rebalance workload automatically. […] The CSE hopes that by making the code open-source and free, the information security or InfoSec community will be able to develop more tools and come up with innovative methods of detecting malicious files.


Supply Chain Attack Spreads macOS RAT

All users who downloaded the Elmedia Player software recently should check their systems for possible compromise. For that, they should verify for the presence of the following files or directories: /tmp/, /Library/LaunchAgents/com. Eltima.UpdaterAgent.plist, /Library/.rand/, and /Library/.rand/ “If any of them exists, it means the trojanized Elmedia Player application was executed and that OSX/Proton is most likely running,” ESET notes.


Top 5 cybersecurity facts, figures and statistics for 2017

1. Cyber crime damage costs to hit $6 trillion annually by 2021. 2. Cybersecurity spending to exceed $1 trillion from 2017 to 2021. 3. Cyber crime will more than triple the number of unfilled cybersecurity jobs, which is predicted to reach 3.5 million by 2021. 4. Human attack surface to reach 6 billion people by 2022. 5. Global ransomware damage costs are predicted to exceed $5 billion in 2017.


The Week in Crypto: Bad News for SSH, WPA2, RSA & Privacy

This week started off with a bang when the KRACK key reinstallation attack vulnerabilities upended the security of Wi-Fi and the ROCA factorization bug made all trusted platform module chips suddenly less trustworthy. That isn’t all the week had in store for the cryptography world, though. Here’s a rundown on the latest news on KRACK, ROCA, and the news you might have missed about SSH and encryption backdoor regulation.—threats/the-week-in-crypto-bad-news-for-ssh-wpa2-rsa-and-privacy-/d/d-id/1330187?


Millions download botnet-building malware from Google Play

The apps posed as legitimate offerings that modify the look of the characters in Minecraft: Pocket Edition (PE). In the background, though, they set out to rope the devices into a botnet. […] Once the connection was established, the app was instructed to connect to another server, from which it received a list of ads and associated metadata (ad type, screen size name). Using this same SOCKS proxy mechanism, the app was commanded to connect to an ad server and launch ad requests. Even though the apps were used to generate illegitimate ad revenue, the botnet herders could have forced the devices to participate in attacks.


Not good: Ransomware is cheap to buy and developers are well paid

A report by Carbon Black that studied 21 of the largest dark web markets in August and September 2017 found that some of those who develop and sell ransomware can haul in as much, if not more, than a law-abiding software developer and overall ransomware sales on the dark web are skyrocketing. Other findings include that for the period ransomware sales totaled about $6 million, and were being sold on about 6,300 dark marketplaces with more than 63,000 products available.



Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.