IT Security News Blast 10-3-2017

Policy and Technology Responses to Cybersecurity Threats
In recent years, we have seen an escalation of cybersecurity threats—both from state-sponsored actors and criminal organizations. On both technology and policy fronts, Microsoft is leading the way on cybersecurity. Join Voices for Innovation for a webinar looking at what’s happening in Washington and around the world to address this persistent challenge. We’ll be joined by Jacob Crisp, who recently joined Microsoft as director of cybersecurity policy. Jacob previously served in Congress, the White House, and the Intelligence Community.

The Equifax Hack Has the Hallmarks of State-Sponsored Pros
The handoff to more sophisticated hackers is among the evidence that led some investigators inside Equifax to suspect a nation-state was behind the hack. Many of the tools used were Chinese, and these people say the Equifax breach has the hallmarks of similar intrusions in recent years at giant health insurer Anthem Inc. and the U.S. Office of Personnel Management; both were ultimately attributed to hackers working for Chinese intelligence.

A series of delays and major errors led to massive Equifax breach
Chief among the failures: an Equifax e-mail directing administrators to patch a critical vulnerability in the open source Apache Struts Web application framework went unheeded, despite a two-day deadline to comply. Equifax also waited a week to scan its network for apps that remained vulnerable. Even then, the delayed scan failed to detect that the code-execution flaw still resided in a section of the sprawling Equifax site that allows consumers to dispute information they believe is incorrect.

Equifax puts silence down to fear of ‘copycat’ cyber attacks
Equifax, the credit reporting company where hackers accessed personal details of tens of millions of Americans, has defended waiting to disclose the attack by saying it feared “copycat” raids — but the claim was immediately disputed by cyber security experts. The company made the assertion on in prepared testimony released in advance of a congressional hearing in which it also disclosed that, months earlier, the US government had alerted it to the system vulnerability exploited by the hackers.

Still more victims in cyber wars
In contrast, no major financial institution involved in managing retirement, endowment or foundation assets, has reported a successful cyberattack so far in 2017. But to ensure that record continues through the rest of the year and beyond, the financial institutions will have to continue to spend increasing amounts of money on cybersecurity. They cannot become complacent because the number of security breaches is increasing year by year, and so is the sophistication of the hackers.

Despite Cybersecurity Standards, FIs Exposed To Third-Party Risks
“The findings of this report are not only relevant for the finance sector but for companies across all industries who share with and rely upon external business services,” he added. “Organizations should scrutinize the security culture and controls of their third and fourth parties. Ensuring that your vendor’s systems are up to date and that their employees are not engaging in risky peer-to-peer file sharing is one way to reduce immediate third-party cyber risk.”

Cyber criminals set sights on healthcare, social media users
The health, public, and education sectors comprised more than 50% of total incidents in 2016-2017 worldwide. Health sector attacks led vertical sectors in Q2 security incidents in the Americas. In Asia, the public sector led in reported Q2 incidents, followed by financial services and technology. Account hijacking led disclosed attack vectors, followed by DDoS, leaks, targeted attacks, malware, and SQL injections.

Update now: Don’t ignore major security patches, HIMSS report says
And while you’re at it, Apple, Mozilla and Apache also have fresh patches, according to the HIMSS Healthcare Cross-Sector Cyber Security Report for September 2017. “The specific overarching theme in this month’s report is on newer technologies: web and mobile, especially web,” Lee Kim, HIMSS’ director of privacy and security said. “These technologies can be ‘open doors’ to hackers.”

Small Towns Confont Big Cyber-Risks
Nearly 40 percent of local government CIOs report experiencing more attacks during the last 12 months, according to a 2016 survey by the International City/County Management Association (ICMA). And the frequency is increasing too, with 26 percent of CIOs reporting an attack, incident or breach attempt occurring hourly, while another 18 percent report a cyberattempt at least daily. That’s bad news for local governments, which have fewer resources than many larger jurisdictions to fight back. But it’s especially bad for small to mid-sized cities, counties and towns, which may have only one full-time person devoted to IT — including cybersecurity — if they are lucky.

What should the military do when the lights go out?
A House bill would direct a cross-department effort to examine how a cyberattack on the nation’s electric grid would affect military readiness. […] The measure is looking to explore the impact of multiple threats, including significant efforts to degrade or disrupt technology systems or networks, data theft, malware, distributed denial-of-service attacks, industrial espionage and influence operations.

Special Report: HP Enterprise let Russia scrutinize cyberdefense system used by Pentagon
The HPE system, called ArcSight, serves as a cybersecurity nerve center for much of the U.S. military, alerting analysts when it detects that computer systems may have come under attack. ArcSight is also widely used in the private sector. […] Six former U.S. intelligence officials, as well as former ArcSight employees and independent security experts, said the source code review could help Moscow discover weaknesses in the software, potentially helping attackers to blind the U.S. military to a cyber attack.

As US launches DDoS attacks, N. Korea gets more bandwidth—from Russia
Up until now, all Byol’s traffic passed through a single link provided by China Unicom. But the new connection uses a telecommunications cable link that passes over the Friendship Bridge railway bridge—the only connection between North Korea and Russia. According to Dyn Research data, the new connection is now providing more than half of the route requests to North Korea’s networks. TransTelekom (sometimes spelled TransTeleComm) is owned by Russia’s railroad operator, Russian Railways.

How Russia and WikiLeaks Became Allies Against the West
“Julian has long viewed the world through the prism of his own situation,” one former WikiLeaks collaborator told The Moscow Times on condition of anonymity. Assange sees Russia as a supporter, and views the U.S. and Britain as his enemies. As a result, “in recent years, WikiLeaks and the Russian state have effectively joined forces,” the former collaborator said.

Opinion Closing the gap between data safety perception and risk
The results were sobering – and indicate a disconnect between what directors and executives believe about cyber security and the cyber risk created by their own communication practices. To illustrate this point, consider that 92 percent of respondents use personal email accounts – including unsecured systems like Yahoo! Mail, Gmail, and AOL – at least occasionally to conduct board business.

FBI warns parents about dangers of internet-connected toys
The FBI is cautioning that internet-connected toys, also known as “smart toys,” can be compromised by hackers. The FBI’s Internet Crime Complaint Centre goes into extraordinary detail in its release, saying strangers can pinpoint your address, snag children’s names and birth dates, download your son or daughter’s photo, and even listen in on your conversations and record your child’s voice.

New research details the privacy implications of email tracking
About 30 percent of emails leak the recipient’s email address to one or more of these third parties when they are viewed. In the majority of cases, these leaks are intentional on the part of email senders, and further leaks occur if the recipient clicks links in emails.” How much of it is intentional? The paper said, “62 percent of the 100,963 leaks to third parties are intentional.” The privacy risk is even worse “if the leaked email address is associated with a tracking cookie, as it would be in many webmail clients.”

Gaming Service Goes Down After Hacker Wipes Database and Holds It for Ransom
R6DB, an online service that provides statistics for Rainbow Six Siege players, went down over the weekend after an attacker wiped the company’s database and asked a ransom. The attack took down the service Saturday, September 30. In a statement released on Sunday, the company said an automated bot accessed their server, wiped the database, and left a ransom note behind. The database appears to be a PostgreSQL instance.

7 SIEM Situations That Can Sack Security Teams
More than half of SIEM users are displeased with the intelligence they glean from the technology, according to a presentation by Cyphort, which sponsored a SIEM survey by the Ponemon Institute and one from Osterman Research. Both surveys collectively represented nearly 1,000 enterprise SIEM users, says Franklyn Jones, Cyphort’s chief marketing officer, who gave the presentation.

Netgear Fixes 50 Vulnerabilities in Routers, Switches, NAS Devices
“These are all vulnerabilities caused by what appears to be inadequate verification of user input, oversight on what should and should not require authentication, and improper mechanism of enforcing security on users accessing their product web interface,” Noam Rathaus, founder and CTO of Beyond Security said. “I believe much of Netgear products share the same codebase and same underlying code structure which is what causing many of their products to be vulnerable.”

Want to prevent ransomware attacks? Prepare.
Ignorance of how ransomware attacks work also contributes to the spread of ransomware infections. Employees often aren’t aware of best practices to prevent attacks. Human errors can prove just as dangerous, if not more so, as unpatched systems, meaning that organizations should work to better educate employees on how to spot phishing attacks and admins should enable backups and contingency plans in the event of mistakes, researchers say.



Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.