IT Security News Blast 11-22-2017

Holiday Cyber Crime

‘Tis the Season to Be Prepared for Cyber Warfare
The holiday season means many things in the U.S., including the blast of consumer spending that provides our economy a critical financial shot in the arm to close out the fiscal year. Starting at Midnight on Thanksgiving, and running from Black Friday through Cyber Monday, there are more credit card transactions than any other 5-day period in the year. The economic health of the nation is directly affected by, and reflected in, this annual spending spree.


Uber Discloses Data Breach, Kept Secret for a Year, Affecting 57 Million Accounts
The hackers approached Uber and demanded $100,000 to delete their copy of the data[.] Uber acquiesced to the demands. […] Then Uber went further. The company tracked down the hackers and pushed them to sign nondisclosure agreements, according to the people familiar with the matter. To further conceal the damage, Uber executives also made it appear as if the payout had been part of a “bug bounty” — a common practice among technology companies in which they pay hackers attack their software to test for soft spots.


Uber Paid Hackers to Delete Stolen Data on 57 Million People
At the time of the incident, Uber was negotiating with U.S. regulators investigating separate claims of privacy violations. Uber now says it had a legal obligation to report the hack to regulators and to drivers whose license numbers were taken. Instead, the company paid hackers to delete the data and keep the breach quiet. Uber said it believes the information was never used but declined to disclose the identities of the attackers.


Terdot Trojan Hacks Banking, Credit Cards, Gmail, Facebook, Yahoo, And Twitter
What’s more problematic, according to Hackread, is that the Terdot trojan also carries the ability to automatically modify and update itself, which means that it has the ability to download and run any executable file whenever the trojan’s operator requests it. This could potentially allow the trojan to avoid detection by virus scanners, or even load new capabilities or other virus programs.


DDoS Attacks Nearly Double Since January
“The growing availability of DDoS-for-hire services is causing an explosion of attacks, and puts anyone and everyone into the crosshairs,” said Ashley Stephenson, CEO at Corero. “These services have lowered the barriers to entry in terms of both technical competence and price, allowing anyone to systematically attack and attempt to take down a company for less than $100. Alongside this trend is an attacker arms race to infect vulnerable devices, effectively thwarting other attackers from commandeering the device.  Cyber-criminals try to harness more and more internet-connected devices to build ever larger botnets.


Ransomware rages on with no signs of abating
The top ransomware attacks this year were WannaCry, Petya, Bad Rabbit, Lokibot, CryptoWall, Jaff, Cerber and TorrentLocker. These attacks peaked in May 2017, when the WannaCry ransomware derived from a digital weapon believed to have been developed by the US National Security Agency (NSA) infected hundreds of thousands of PCs at critical facilities, such as hospitals, schools and telecommunications.


Cyber-criminals’ Industry Targets Shift in Q3
[From] July thru September of this year, the quarter saw a rise in attacks against accounting, biopharma, retail, biotech and pharmaceuticals. That’s a change from trends spotted earlier in the year, when the momentum went against finance, legal and healthcare. These attacks were mostly scanning and exploitation based, the firm said—which demonstrates that these industries are being targeted for their lucrative data and broad attack surface.


House Committee Calls on HHS to Enhance Security of Medical Device Components
In the letter to HHS, Walden noted that cyber threats to the healthcare sector are becoming more numerous, more frequent and more severe. “While the sector’s susceptibility to cyber threats has many causes, a significant and frequent source of risk is since many of the technologies leveraged by health care stakeholders are, in essence, ‘black boxes,’” Walden wrote.


Medical IoT legislation could boost device security… if it can get through Congress
That’s the Internet of Medical Things Resilience Partnership Act. Introduced by Representatives Dave Trott, D-Michigan, and Susan Brooks, R-Indiana, last month, the legislation would require the Food and Drug Administration to establish a working group of cybersecurity experts to recommend voluntary frameworks and guidelines for medical device security.


State legislatures paying more attention to cybersecurity
Initiatives such as increased funding for improved security, requiring governmental agencies to implement security practices, protecting against threats to critical infrastructure and instituting tough penalties for computer crimes are being passed. According to the National Conference of State Legislatures, in 2016, 28 states considered laws dealing with cybersecurity. Fifteen of them enacted legislation on security practices in government agencies, cyber and computer crimes and suspensions from the state Freedom of Information Act if information could put critical information or infrastructure in danger.


Saudi is under cyber-attack: Here’s who might be behind it
Saudi authorities said Monday that they had detected an “advanced” cyber-attack targeting the Kingdom, in an attempt by the hackers to disrupt government computers. The government’s National Cyber Security Centre said that the attack involved the use of “Powershell” malware, but did not comment on the source of the attack or precise the government bodies that were targeted.


US prosecutors charge Iranian national over HBO hack
An indictment unsealed on Tuesday in Manhattan charged Behzad Mesri, 29, who went by the alias Skote Vahshat, with fraud, aggravated identity theft and interstate transmission of an extortionate communication, among other counts. Joon Kim, the acting US attorney in Manhattan, said that HBO had “become a victim of a malicious cyber attack” and credited the company for its “prompt and proactive co-operation” with law enforcement after the hack was discovered.


Would cyberattacks be likely in a U.S.-North Korea conflict? Here’s what we know.
The United States, unlike North Korea, remains highly vulnerable to cyber-campaigns aimed at swaying public opinion — as evidenced by Russian interference in the 2016 presidential elections. A combination of inadequate cybersecurity measures, heavy reliance on the Internet, a hands-off state and extensive private sector exposure makes the United States an easy target. For instance, a North Korean cyberattack could aim to disrupt U.S. power grid operations.


China’s insidious surveillance army: The internet of things
[The] Chinese government owns a 42 percent stake in Hikvision, one of the world’s largest manufacturers of cameras and other video surveillance equipment. Its products are used at public sites and private companies around the world, including multiple U.S. government facilities. […] Simply put, we’re all going to be using Chinese technology and devices as a critical component of our connected lives moving forward. How consumers, companies, and governments effectively manage that reality will have widespread implications for digital security and privacy protection.


Google collects data on Android users’ locations when location services are turned off, report says
A new report shows that Google has been accessing data about Android users’ locations, even when the user believes that the data is being kept private. According to a report from Quartz, Google has been able to access users’ data about their locations due to Android phones collecting addresses of cell towers. That data is then sent back to Google, which may be an invasion of privacy, the report says. Google confirmed the practice to Quartz, but said that it was ending the practice at the end of the month, Quartz reported.


Wait, did Oracle tip off world to Google’s creepy always-on location tracking in Android?
The admission came in response to a Quartz report, one that security researcher Ashkan Soltani, via Twitter, said had been shopped around the press by Oracle[.] Soltani, who served as the chief technologist for America’s trade watchdog, the Federal Trade Commission, from 2014 through 2015, and then did a four-month stint advising the White House, did not respond to requests for comment.


Hackers steal $30 million worth of cryptocurrency in Tether hack
Tether claims that unknown attackers stole funds from its wallet and currently holding it on the 16tg2RJuEPtZooy18Wxn2me2RhUdC94N7r address. The company is now taking extra security measures to prevent any further attack and temporarily suspended back-end wallet service. “As Tether is the issuer of the USDT managed asset, we will not redeem any of the stolen tokens, and we are in the process of attempting token recovery to prevent them from entering the broader ecosystem,”Tether said.


Cryptocurrencies Are at Greater Risk of Being Hacked
Bitcoin hacking remains a popular criminal enterprise because the owners of the currency must maintaining confidentiality of a bitcoin address’s private key, said Andrew McDonnell, president at AsTech, a San Francisco-based security consulting company. Once the key is compromised, the attackers can send the victim’s bitcoin to themselves or an intermediary or even worse, simply delete the key and digitally eliminate the bitcoin.


PC vendors scramble as Intel announces vulnerability in firmware
Using the vulnerabilities, the most severe of which was uncovered by Mark Ermolov and Maxim Goryachy of Positive Technologies Research, remote attackers could launch commands on a host of Intel-based computers, including laptops and desktops shipped with Intel Core processors since 2015. They could gain access to privileged system information, and millions of computers could essentially be taken over as a result of the bug. The company has posted a detection tool on its support website for Windows and Linux to help identify systems that are vulnerable.


Microsoft Warns of Late-Year Spike in Office Threats
In a Nov. 21 advisory, Microsoft’s Office 365 Threat Research team said that they had observed an escalation in the efforts of attackers to infect systems running Office. This new wave of activity can be traced to some recently-disclosed exploits, which are now serving as launching pads for complex attacks, according to the group. […] Microsoft singled out four vulnerabilities (CVE-2017-0199, CVE-2017-8570, CVE-2017-8759 and CVE-2017-11826), all of which have been fixed, but may still linger in organizations that have delayed or are a little behind in their security patches.



Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.