IT Security News Blast 12-12-2017

Banking Cybercrime

New Ruski hacker clan exposed: They’re called MoneyTaker, and they’re gonna take your money
The group has conducted more than 20 successful attacks on financial institutions and legal firms in the USA, UK and Russia in the last two months alone, according to Russian incident response firm Group-IB. MoneyTaker has primarily targeted card processing systems, including the AWS CBR (Russian Interbank System) and purportedly SWIFT (US).


Geopolitical Risk Surges to Record New High in New DTCC survey – Fintech’s Potential Impact on Financial Stability Emerges As A New Area of Concern For 2018
More than a third (36%) of survey respondents view cyber risk as the number one threat to the broader economy in 2018, with 78% of respondents ranking it as a top 5 risk – a 7% increase from the last survey. In response to this expanding threat, one respondent cited that “firms are making investments in safeguarding system access and part of that investment is the consideration of cyber insurance with their portfolio of risk mitigation strategies.”


How can banks fight cybercrime?
Take virus protection – everyone shares that information publicly and within a few hours the virus is dead. […] Some banks have started to unite behind closed doors, but the financial industry needs to create a knowledge-sharing standard. The reality is that most hackers collaborate, so banks should too.


The 4 Forces Accelerating Infosec as a Competitive Differentiator
Although it is true that businesses can use security to gain an increasingly relevant advantage over slower moving competitors, that differentiation isn’t tracked as “ROI” that security delivers.  Rather, delivering trust and privacy to consumers is becoming table stakes for all business, and security is slowly becoming a market-driven assumption, instead of a perfunctory line item on an expense report.


Three out of four small and medium-sized businesses not ready for new data laws face huge fines
“Making an investment now in order to prepare and protect your business is essential if you do not want to risk incurring significant financial penalties – or the major reputational damage that a public breach of the new regulation would undoubtedly cause,” he added.


Government Contractors Face New Year Security Deadline for DoD
The reason is that the Defense Federal Acquisition Regulation Supplement requires contractors to provide new protections for covered defense information, including unclassified information, that resides on or passes through, the contractor’s information system or network. The new mandate requires contractors to implement NIST SP 800-171 “as soon as practical” and not later than December 31, 2017.


Ransomware attack on NJ provider locks 16,000 patient records
The sleep center did not pay the ransom. Instead, the medical center immediately contacted the New Jersey State Police Cyber Crimes Unit and hired a computer forensics team to help with the investigation and make recommendations on how to better protect its system. Further, officials said they’re implanting stronger security measures.


How will technology change the standard of healthcare?
Today, technology such as wearable data collectors and systemic applications like blockchain can be found in all areas of health. In the home and hospital field, with nurse retirements expected to surge in the next five- to 10 years, companies are looking for alternative ways to efficiently and effectively perform basic nursing care.


Is cyber insurance fuelling ransomware?
The researchers highlight mandatory breach disclosure as one of the drivers for increased cyber insurance. Companies are increasingly aware of the damage a breach notification can do to their business. As such, they are rightly taking out cyber insurance policies. Those policies not only offer recompense when an incident occurs but also offer to pay for the recovery of data.


Cybersecurity expert: Iranian hacking is a “coordinated, probably military, endeavor”
A report released this week, by FireEye, a cybersecurity firm, noticed increased and increasingly advanced cyber-espionage efforts by groups that have been tied to Iran, and to the nation’s Islamic Revolutionary Guard Corps (IRGC). Groups, believed to be Iranian, have utilized “spearphishing emails, strategic web compromises and breached social media accounts distributing malware,” in order to steal commercial secrets and intercept personal communications.


‘Significant amount’ of sensitive security data stolen in Perth Airport hacking
The West Australian can reveal Vietnamese man Le Duc Hoang Hai used the credentials of a third-party contractor to get access to the airport’s computer systems in March last year. Prime Minister Malcolm Turnbull’s cybersecurity adviser Alastair MacGibbon said yesterday the man stole “a significant amount of data” relating to the airport, including building schematics and details of physical security at airport buildings.


Former Facebook Exec: ‘You Don’t Realize It But You Are Being Programmed’
Just days after Parker made those comments, Palihapitiya told the Stanford audience, “The short-term, dopamine-driven feedback loops we’ve created are destroying how society works,” Palihapitiya said. “No civil discourse, no cooperation; misinformation, mistruth. And it’s not an American problem—this is not about Russians ads. This is a global problem.”


Large-scale appropriation of Americans’ IDs suggested by Fake Pro-Repeal Net Neutrality Commenters’ response
We wanted to uncover more facts beneath the suspicions so many others have raised. The best way was to take as direct a measurement as possible—to survey the commenters who provided an email address and ask whether they submitted the comment in the first place. Here are a few charts from survey results as of 8pm PT on December 10[.]


FBI mum on Georgia’s wiped election server
The plaintiffs in the lawsuit allege that Georgia’s voter registration data was hosted on the same server as the vote tabulation databases, the software used to program ballots and the passwords for both voting machines and election supervisors. Further, all of this data was connected to a public-facing website that was accessible for at least 10 months to anyone with an internet connection and technical expertise. […] At a Dec. 7 House hearing, FBI Director Christopher Wray declined to answer questions about whether the bureau retained data on a Georgia election server before it was wiped clean by state election officials, then declined to answer whether the FBI was investigating the matter.


Top firms not hiring women as cyber security officers: Report
“Calling a discrepancy this large a gender gap is a clear understatement. This is an emergency signal warning us that the cybersecurity industry has major issues welcoming, developing, and promoting female cybersecurity talent,” said Jeff Pollard. Principal Analyst. “It’s difficult to sympathise with those claiming talent shortage challenges when roughly half of the population is so underrepresented,” he added.


Anonymous hacks world’s biggest whaling industry in Norway
Anonymous has frequently attacked the Nordic country’s institutions that engage in whaling as part of the #OpWhales campaign, according to Aftenposten. While many activist groups seasonally sabotage hunts, Anonymous has been hacking year-round, targeting banks, media, and academic and government institutions.


FCC explains how net neutrality will be protected without net neutrality rules
In short, ISPs will be free to do whatever they want—unless they make specific promises to avoid engaging in specific types of anti-competitive or anti-consumer behavior. When companies make promises and break them, the FTC can punish them for deceiving consumers. That’s what FCC Chairman Ajit Pai and Acting FTC Chair Maureen Ohlhausen are counting on.


Hackers’ delight: Mobile bank app security flaw could have smacked millions
The researchers developed a tool called “Spinner” to perform semi-automated security testing of mobile phone apps. After running the tool on a sample of 400 security critical apps, they were able to identify a serious flaw in many banking apps – including those offered by HSBC, NatWest and Co-op as well as Bank of America’s Health account app.


Net neutrality repeal based on false description of Internet, inventors say
It is important to understand that the FCC’s proposed Order is based on a flawed and factually inaccurate understanding of Internet technology. These flaws and inaccuracies were documented in detail in a 43-page-long joint comment signed by over 200 of the most prominent Internet pioneers and engineers and submitted to the FCC on July 17, 2017. Despite this comment, the FCC did not correct its misunderstandings, but instead premised the proposed Order on the very technical flaws the comment explained.


Apple’s HomeKit security blunder exposes the risk of smart homes
The latest iOS 11.2 update held a zero-day vulnerability attackers could exploit to control smart home devices, including connected locks, 9to5Mac explains. While the vulnerability was difficult to exploit, and Apple has acted very swiftly to close this security gap, its existence exposes the risk of smart homes.



Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.