IT Security News Blast 11-21-2017

Smart Building Security

What can financial firms do to prevent and recover from a data breach?
[Cyber] thieves around the globe see great value in stealing market-sensitive information that can be traded for big profits. […] Knowing these proven motives for hacking, firms in the alternative investment community – which gathers highly sensitive, market-moving information 24-7 – should be especially vigilant about their cybersecurity. Below are eight priority steps to be taken by firms to help minimise risk[.]
http://www.information-age.com/financial-firms-prevent-recover-data-breach-123469635/

 

Salted Hash Ep 7: Matrix Banker malware and insider threats
Once it’s fully installed on a victim’s system, it uses browser injects to direct them to a phishing page mimicking a given financial institution in order to harvest credentials. The targeted financial institution rotates, and the actual target is listed in a web inject config file sent down from the C2 server.
https://www.csoonline.com/article/3237796/security/salted-hash-ep-7-matrix-banker-malware-and-insider-threats.html

 

New Banking Malware Stealing Bank Details
A new version of BankBot, a malicious mobile trojan, has been hiding in apps that pose as supposedly trustworthy flashlight apps, tricking users into downloading them. In a second campaign, the solitaire games and a cleaner app have been dropping additional kinds of malware besides BankBot, called Mazar and Red Alert. The dark intention of these apps has been to spy on users, collect their bank login details and steal their money.
http://www.informationsecuritybuzz.com/expert-comments/new-banking-malware-stealing-bank-details/

 

Governor highlights need for cybersecurity, designates Nov. 20 as ‘Oregon Day of Cyber’
Both the day proclamation and Oregon Cyber initiative were rolled out Monday during an event at the Oregon Tech Portland-Metro campus in Wilsonville. […] The Cyber Oregon website is designed to give people a hub of information on how to protect themselves. It complies the latest threat alerts, news, and educational resources, along with a job board for people seeking employment in the cybersecurity field.
http://katu.com/news/local/governor-highlights-need-for-cybersecurity-designates-nov-20-as-oregon-day-of-cyber

 

Montgomery County (Ill.) government offices taken offline by malware
County officials said its offices at the Montgomery County Courthouse, Historic Courthouse, the Courthouse Annex, and some at the Montgomery County Jail have been impacted, including phones, according to a report in The Journal-News. The type of malware used nor exactly what the impact has been on the computer system was not released, but at this time the county does not believe any information has been compromised.
https://www.scmagazine.com/montgomery-county-ill-government-offices-taken-offline-by-malware/article/708468/

 

Container ship loading plans are ‘easily hackable’
Security researchers have warned that it might be possible to destabilise a container ship by manipulating the vessel stowage plan or “Bay Plan”. The issue stems from the absence of security in BAPLIE EDIFACT, a messaging system used to create ship loading and container stowage plans – for example which locations are occupied and which are empty – from the numerous electronic messages exchanged between shipping lines, port authorities, terminals and ships.
https://www.theregister.co.uk/2017/11/20/container_ship_loading_software_mischief/

 

Holiday cybersecurity: Defense tips for hospitals to get systems through the season
Historically, organizations in various industries, including healthcare, have seen spikes in cyberattacks during November and December. This is in large part due to the fact that during the holidays, employees often are not in front of their desktop computer and instead performing tasks remotely – and more likely to click on links or get duped by spear-phishing emails, cybersecurity experts said.
http://www.healthcareitnews.com/news/holiday-cybersecurity-defense-tips-hospitals-get-systems-through-season

 

HHS cybersecurity initiative paralyzed by ethics, contracting investigation
The paralysis of the cyber center is “a step backwards,” said James Routh, the chair of NH-ISAC, a private-sector group that distributes information about digital attacks to its health care customers. The cyber center, whose activities were designed to complement work done by NH-ISAC, “had solid, strong leadership and now it doesn’t. The industry is hurt by that.”
https://www.politico.com/story/2017/11/13/hhs-cybersecurity-initiative-paralyzed-by-ethics-contracting-investigation-244855

 

Ransomware damage costs predicted to hit $11.5B by 2019
The rising costs are driven by an uptick in the frequency of attacks. Ransomware is projected to attack a business every 14 seconds by the end of 2019, up from every 40 seconds this year. Some industries will be more targeted than others. Ransomware attacks on healthcare organizations are expected to quadruple by 2020. But that doesn’t necessarily mean they’ll pay more ransoms.
https://www.csoonline.com/article/3237674/ransomware/ransomware-damage-costs-predicted-to-hit-115b-by-2019.html

 

Hacking Back in Black: Legal and Policy Concerns with the Updated Active Cyber Defense Certainty Act
The text defines the term “attacker” as “a person or an entity that is the source of the persistent unauthorized intrusion into the victim’s computer.” However, the draft legislation does not define what the “computer of the attacker” is. Chesney and Lin also had concerns with this language and previously noted that often times, there is more than one computer in an attack chain. How does one determine what the source of the intrusion is if there are multiple computers involved?
https://www.justsecurity.org/47141/hacking-black-legal-policy-concerns-updated-active-cyber-defense-certainty-act/

 

US Military Spying Archive Left Open in Amazon Web Service
One of the buckets has 1.8 billion social media posts that are 8 years worth. These are from central Asia and includes comments from American citizens. The database appear to show that this is part of a social media and influencing campaign. The target of which are overseas youth to counter terrorism. While the program itself is not questionable, the security effort in place protecting it is.
https://www.eteknix.com/us-military-spying-archive-left-open-amazon-web-service/

 

Cyber coordinator Joyce: There is no stockpile of software weaknesses
The 10-member board includes the departments of Commerce, State, Energy, Defense, Homeland Security as well as the intelligence community and the Office of Management and Budget. The White House said the board will consider a number of factors, including defensive equities such as the threat and severity of the vulnerability, and operational, commercial and international issues with revealing the weaknesses.
https://federalnewsradio.com/cybersecurity/2017/11/cyber-coordinator-joyce-there-is-no-stockpile-of-software-weaknesses/

 

North Korea’s Lazarus Group Evolves Tactics, Goes Mobile
The malware is disguised to appear like The Bible, a legitimate Android APK from a developer called the GodPeople that is available on Google Play for translating the Bible into Korean. […] There’s little that’s remotely holy about the fake application, however: when a user downloads the APK file, it installs a backdoor on the device and effectively turns it into a remote controlled bot.
https://www.darkreading.com/attacks-breaches/north-koreas-lazarus-group-evolves-tactics-goes-mobile/d/d-id/1330463?

 

Hack to Kill: Could Cyber-warfare Get Much Worse?
Now, however, worrying signs are emerging that hacking could take a turn for the worse – with experts warning that terrorists or rogue states could begin to use cyber-warfare to kill people. […] Hacking medical devices, or medical institutions, is an obvious way that cybercriminals could cause a loss of life. However, cybersecurity researchers are warning that there are other methods that could result in much larger numbers of citizens being killed.
https://www.bestvpn.com/hack-to-kill/

 

The feds, not companies, are most liable to mishandle our personal data
Congress’ job is to oversee and ensure each cog in the wheel of government stays in its lane. Legislators must ask themselves whether our security agencies have a track record that justifies continuing and expanding their authority and freedom to spy on ordinary Americans, and whether these programs are sensible solutions. We hear a lot about foreign meddling, but no acknowledgement that we were the ones that developed the tools that were used against us.
http://thehill.com/opinion/cybersecurity/361121-the-feds-not-companies-are-most-liable-to-mishandle-our-personal-data

 

Cyber security collaboration is key to dark web deterrent
As well as adding more patches, experts say companies and public bodies need to collaborate more to tackle the threat from leaked cyber weapons. It is estimated that at least a dozen NSA tools are being discussed and worked on by hacking forums on the dark web. The Shadow Brokers group, which officials believe is a proxy for Russian intelligence services, began to leak NSA cyber weapons online in August 2016.
https://www.ft.com/content/d2e8a70c-b583-11e7-8007-554f9eaa90ba

 

Smart building security: Cyber-resilience must be built in
[As] IoT and machine learning transform buildings into smart infrastructure, new security risks and vulnerabilities are bound to arise. While smart infrastructure offers a substantial amount of benefits, many IoT devices and management systems still run on legacy software and lack basic security measures. To decrease the risk of cyberattacks on smart buildings, infrastructure must have built-in cyber-resilience by securing all connection points using VPNs.
http://internetofthingsagenda.techtarget.com/blog/IoT-Agenda/Smart-building-security-Cyber-resilience-must-be-built-in

 

The cybersecurity skills shortage acts as a root cause for security events
Breach detection, proactive threat hunting, and incident response tend to be people-intensive processes dependent upon advanced skills, so it’s logical to assume the cybersecurity skills shortage would have a profound impact here. The ESG/ISSA research proves there is a strong correlation here, so it’s safe to say that organizations with lots of open cybersecurity requisitions can expect a lot of malicious activity on the network.
https://www.csoonline.com/article/3237803/security/the-cybersecurity-skills-shortage-acts-as-a-root-cause-for-security-events.html

 

How to hire top cybersecurity talent for your company
1. Expand the talent pipeline
2. Look for people with real-world experience
3. You pay for what you get
4. Be selective
5. Provide continuous growth and learning opportunities
https://www.csoonline.com/article/3237732/hiring-and-staffing/how-to-hire-top-cybersecurity-talent-for-your-company.html

 

Debugging Tool Left on OnePlus Phones, Enables Root Access
In an interview with Threatpost, the researcher said he examined the latest firmware for the OnePlus 5 handset downloaded from the company’s website. After that analysis, he determined the preinstalled EngineerMode app could allow root level control of devices running the firmware (oneplus_5_oxygenos_4.5.14). Additionally, the EngineerMode app could also be used by a hacker who was able to obtain physical access to the device.
https://threatpost.com/debugging-tool-left-on-oneplus-phones-enables-root-access/128881/

 

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.