IT Security News Blast 10-4-2017

NewsJacker!

A video summary of information/data/network/cyber security articles, and Mike’s take on their interpretation and significance.

https://criticalinformatics.com/newsjacker-10-3-2017/

Weaponizing Equifax Data

It’s already been suggested that this is a state actor (with no more specificity than that), and the desire to create financial impact can be separated from an actual profit motive. Selected entities and individuals, which may be a significant fraction of the population – could have a near-simultaneous financial nightmare, with no expectation on the part of the actors that the operation will be monetized.

https://criticalinformatics.com/weaponizing-equifax-data/

Nothing matters any more… Now hapless Equifax bags $7.5m IT contract with US taxmen

The tech contract was awarded on September 29, the same month the network intrusion was revealed, and will be worth $7,251,968 to the troubled credit reporting agency. The fact that the deal was signed off after the news of the massive security failure broke last month suggests someone at the IRS either doesn’t pay attention to the headlines, or just doesn’t care one way or the other.

https://www.theregister.co.uk/2017/10/03/equifax_irs_contract/

Hackers target weakest links for insider trading gain

Cyber security experts believe the US Securities and Exchange Commission was the latest victim of cyber criminals on the hunt for market-moving corporate secrets, following a series of attacks seeking to steal unpublished press releases, deal negotiations and economic data. […] “Sun Tzu wrote in The Art of War that attackers avoid surfaces and flow to gaps like water flowing down hill,” said Nate Fick, chief executive of cyber security company Endgame. “The banks are the surfaces and the SEC was a gap.”

https://www.ft.com/content/13a317ce-a561-11e7-9e4f-7f5e6a7c98a2

Financial cyber threats loom large

With more than 1.2 million annual detections, the financial threat space is still 2.5 times bigger than that of ransomware.The financial Trojan threat landscape is dominated by three malware families: Ramnit, Bebloh (Trojan.Bebloh), and Zeus (Trojan.Zbot). These three families were responsible for 86 per cent of all financial Trojan attack activities in 2016. However, due to arrests, takedowns, and regrouping, we have seen a lot of fluctuations over the last year.

http://www.businesstimes.com.sg/hub/empowering-enterprise/financial-cyber-threats-loom-large

Regulators Fret About Cyber Risk after SEC Hack

The concerns threaten to trip up implementation of the SEC’s consolidated audit trail rule, which would keep track of every trade and order in U.S. stock and option markets, as well as efforts by the CFTC to expand regulators’ access to the computer code that drives automated trading strategies and bring more high-frequency traders under their oversight. “I’m very concerned that we don’t house gratuitous market information that makes ourselves a target for commercial espionage and commercial hackers,” Mr. Giancarlo said.

http://www.foxbusiness.com/features/2017/10/03/regulators-fret-about-cyber-risk-after-sec-hack.html

EtherParty Breach: Another Ethereum ICO Gets Hacked

Etherparty announced Sunday that its ICO (Initial Coin Offering) website selling tokens for a blockchain-based smart contract tool was hacked and the address for sending funds to buy tokens was replaced by a fraudulent address controlled by the hackers. […] Etherparty said the company launched its Fuel token sale on Sunday, October 1 at 9 A.M. PDT, but just 45 minutes, some unknown attackers hacked into its ICO website and replaced the legitimate address by their own, redirecting cryptocurrencies sent by investors into their digital wallet.

https://thehackernews.com/2017/10/etherparty-ethereum-ico.html

Yahoo says cyber breach affected all 3bn accounts

Yahoo has announced that about 3bn accounts were affected in its 2013 data breach, three times as many as it had previously estimated, making it one of the largest thefts of personal information ever seen in a cyber attack. The internet company, acquired by Verizon earlier this year and combined with AOL into a new company called Oath, announced on Tuesday that it had obtained “new intelligence” and now believes that all Yahoo user accounts were affected by the 2013 theft.

https://www.ft.com/content/9412c2b0-a87c-11e7-93c5-648314d2c72c

Understanding The Physical Damage Of Cyber Attacks

Cyber-attacks in particular can sabotage the control of major industrial security systems, or even cause property damage. With that being said, there is a lot that must be done to ensure physical damage from cyber-attacks is never underestimated. So, for those of you who have a role in protecting your organization from a security breach and the effects which might come with it, here are a few examples of what can be done at the hands of those who manage to get their hands on disrupting an organization.

https://www.infosecurity-magazine.com/opinions/physical-damage-cyber-attacks/

Don’t Be Taken Hostage

The hospital’s counsel should also be consulted promptly (in many cases at the behest of the cyber-risk insurance broker) to determine any legal liability and obligations, such as notification requirements under state and federal privacy laws. Intangible costs include harm to the institution’s reputation, given the widespread media and news coverage of cyberattacks, as well as data loss. Having in place appropriate and thoughtful preventive and reactive measures helps organizations mitigate, if not eliminate, the risk of significant tangible and intangible damage as a result of a ransomware attack.

http://www.hhnmag.com/articles/8626-dont-be-taken-hostage

White House wants to end Social Security numbers as a national ID

Rob Joyce, the White House cybersecurity czar, said on Tuesday that the government should end using the Social Security number as a national identification method. “I believe the Social Security number has outlived its usefulness,” said Joyce, while speaking at The Washington Post’s Cybersecurity Summit. “Every time we use the Social Security number, you put it at risk.” One problem with the Social Security number, he said, is that a victim of identity theft cannot get it changed after it has been stolen.

https://arstechnica.com/tech-policy/2017/10/white-house-wants-to-end-social-security-numbers-as-a-national-id/

Foreign government code reviews ‘problematic’: White House cyber official

Cyber security experts, former U.S. intelligence officials and former ArcSight employees said the practice could help Moscow discover weaknesses in the software, potentially helping attackers to blind the U.S. military to a cyber attack. “There are security aspects of those disclosures (and) they are problematic,” Joyce, a former hacker at the U.S. National Security Agency, said at a Washington Post Cybersecurity Summit when asked specifically about the story. He added that he was more concerned about the intellectual property risks associated with the reviews, however.

https://www.reuters.com/article/us-usa-cyber-russia/foreign-government-code-reviews-problematic-white-house-cyber-official-idUSKCN1C829R

Hackers wanted: Special ops leaders seek soldiers who can fight the enemy up close and online

Leaders in the special operations and cyber communities discussed current and future needs for special operations and the cyber domain during the Project Gray Symposium held recently at the National Defense University at Fort McNair, Washington, D.C. “There are people in this audience who know how to both engage the enemy in close quarters combat, build a foreign insurgency and hack computers,” said a senior White House adviser on cyber. “There are only a handful, and I need help building more.”

https://www.federaltimes.com/news/your-army/2017/10/03/hackers-wanted-special-ops-leaders-seek-soldiers-who-can-fight-the-enemy-up-close-and-online/

Senator seeks cyber info from voting machine makers

A U.S. senator wants to know how well the country’s top six voting machine manufacturers protect themselves against cyberattacks[.] […] A top-secret National Security Agency report leaked to the online news site The Intercept this summer detailed a Russian military-orchestrated hacking campaign in August 2016 that targeted a Florida-based software vendor with fake, phishing emails. That vendor manages voter registration and voter rolls in eight states, though the document said it was “unknown” to what extent the cyberattack compromised local election systems.

http://www.chicagotribune.com/news/nationworld/politics/ct-senator-voting-machine-cyberattacks-20171003-story.html

After Kushner’s private e-mail became known, it moved to Trump Org servers

The move, which was first reported by USA Today on Tuesday, provides clear evidence that there is not quite as much separation between the Trump Organization and the Trump White House as previously indicated. The MX records show that they were changed from Microsoft to the Trump Organization shortly after public scrutiny of Kushner’s e-mail account intensified. A domain’s MX records specify which mail servers are allowed to send and receive mail for that domain.

https://arstechnica.com/tech-policy/2017/10/jared-kushners-private-e-mail-account-now-hosted-at-trump-organization/

Facebook discloses content of Russian-placed ads

The ads were delivered using Facebook’s ad targeting technology, something it knows can be abused so the company is introducing ways to keep this from happening. “These are worthwhile uses of ad targeting because they enable people to connect with the things they care about. But we know ad targeting can be abused, and we aim to prevent abusive ads from running on our platform. To begin, ads containing certain types of targeting will now require additional human review and approval,” Schrage wrote.

https://www.scmagazine.com/facebook-discloses-content-of-russian-placed-ads/article/697707/

Schrems busts Privacy Shield wide open

Privacy activist and student Max Schrems has hailed an Irish Court decision today to refer cross-Atlantic data flows back to the European Court of Justice – all over again. Schrems sparked the original litigation which led to the Court throwing out the “Safe Harbor” legal framework that governed flows of European citizens’ private data to America.

https://www.theregister.co.uk/2017/10/03/schrems_busts_privacy_shield_wide_open/

Going dark

Speaking at last week’s ISC(2) Congress in Austin, Sachs laid out the differences between the “dark web” and the surface Internet that is utilized by most common online users, discussed the reasons for online anonymity there (for reasons good and ill), and talked about how the dark web is changing as it becomes more “professional” in its illegal offerings. Indeed, the regular searchable “surface internet,” indexed by search engines, only accounts for 4 percent of the overall internet, according to Sachs.

https://www.scmagazine.com/going-dark/article/697697/

Severe flaws in DNS app create hacking risk for routers, smartphones, computers, IoT

Google researchers disclosed seven serious flaws in an open-source DNS software package Dnsmasq, which is is commonly preinstalled on routers, servers, smartphones, IoT devices and operating systems such the Linux distributions Ubuntu and Debian. The most severe of the vulnerabilities could be remotely exploited to run malicious code and hijack the device. The disclosed vulnerabilities include three that could lead to remote code execution, three that could result in denial of service and one information leak. A SHODAN search currently shows 1,096,599 instances worldwide.

https://www.csoonline.com/article/3230544/security/severe-flaws-in-dns-app-create-hacking-risk-for-routers-smartphones-computers-iot.html

 ====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.

//]]>