IT Security News Blast 12-14-2017

Cybersecurity News Brief

NewsJacker #4
In this 3+ minute NewsJacker episode, Mike shares his opinions on the most recent news in IT security:
· Net Neutrality
The vote is imminent, and motivations for repeal look fishy
· Georgia’s Hacked Voting Machine
Here’s a good example of why paper voting is still the best way to hold a secure election.
· Cyber Security as a Competitive Differentiator
Learn the four forces accelerating infosec as a competitive advantage;
https://criticalinformatics.com/resources/blog/newsjacker-net-neutrality/

 

‘Cyber risk sizes up to significant; risk, opportunity are two sides of same coin’
Earlier their actions have been compliance based, but today one can’t afford to do that anymore. As a consequence of disruption and volatility, a lot more people are using risk to capitalise on trends and take advantage of changes in order to subvert the status quo and disrupt themselves before they get disrupted.
http://www.businesstoday.in/opinion/interviews/cyber-risk-deloitte-sam-balaji-risk-portfolio-financial-risk/story/265956.html

 

Brit banks told to publish details of major incidents that stop punters’ payments
As of August 2018, banks have to clearly set out how many incidents prevented customers from using payment services, over both a three- and 12-month period. They will also have to break this down by telephone, mobile and internet banking, but security incidents will not be identified separately from operational ones.
https://www.theregister.co.uk/2017/12/13/banks_to_publish_details_of_major_incidents_that_stop_users_payments/

 

Cybersecurity risk disclosure remains at relatively low levels, but for how long?
Although, in the past, the study advises, cybersecurity was viewed as principally an IT issue, it is now more often recognized as a potential material risk that could require management and board attention. And increasingly, boards are holding CEOs and other executives responsible for severe data breaches, the study indicates, citing an NYSE survey of 200 corporate directors.
https://www.lexology.com/library/detail.aspx?g=abad2d3a-1fbf-419c-be1b-cbf4ff958da4

 

Fintech could cause the next financial crisis if it isn’t regulated better, says a risk management consultancy
“It is not inconceivable that the next financial crisis may emerge from the technology sector. This calls for a harmonisation of technology standards and a greater regulatory coordination across industries to safeguard financial stability,” said Parker Fitzgerald’s chief executive Scott Vincent.
http://www.cityam.com/277489/fintech-could-cause-next-financial-crisis-if-isnt-regulated

 

Do You Know What Healthcare Did Last Summer?
Interestingly this demand (and proliferation of attacks) has created an excess supply [of stolen health records]. This has led to a reported drop in street price of the records – and led to an in increase in ransomware, where the payout is immediate and requires less “creativity”. Much of the healthcare industry is beginning to realize this and investing heavily into their security as a result[.]
https://securityboulevard.com/2017/12/do-you-know-what-healthcare-did-last-summer/

 

New California cybersecurity board tackles health industry hacks
The Cyber-Health Information Technology Advisory Board will examine the cyber risks associated with everything from electronic health records to surgically implanted medical devices. Board members include leaders in technology and digital health, and from industries including IT and cybersecurity, who will, among other things, look at past system hacks and what can be learned from them.
http://www.northbaybusinessjournal.com/northbay/marincounty/7727124-181/california-cybersecurity-health-care

 

Medical devices a ‘bulls-eye’ for cyber-attacks, says cybersecurity executive
“There are really broad recommendations and not a whole lot of specificity when it comes to security…From a vendor point of view, it’s really important that device manufacturers realise that their targeted user is not the only person that has access to their device. They have to take security into consideration.”
https://www.digitalhealth.net/2017/12/medical-device-functionality-vs-cybersecurity/

 

Cryptocurrency surge and cyber attacks causes tech jobs market frenzy
Another area of the tech sector enjoying a spike in candidates is IT security. Indeed has tracked a 196 percent surge in jobseekers searching for ‘Cyber security’ jobs, partly in response to the recruitment drives launched by both public and private sector employers in the wake of the high-profile WannaCry cyber attack in May.
https://www.thehrdirector.com/features/digital/cryptocurrency-cyber-attacks/

 

Cyber security skills shortage can be addressed, says (ISC)2
“By treating cyber security as a trade, it will enable school leavers to get some basic skills without having to do a four-year course and to provide valuable services in well-paid jobs in the cyber security field,” he said. “There are a lot of productive jobs in the cyber security field that do not need a four-year degree.”
http://www.computerweekly.com/news/450431747/Cyber-security-skills-shortage-can-be-addressed-says-ISC2

 

U.S. Commanders Must Embrace Cyber, Special Ops Chief Says
Many of Socom’s approaches since 9/11 were previously undefined in the policy realm. “Arguably the same can be said of cyber capability,” he said. The idea of cyber as a warfighting domain is so new that many commanders consign it to a chief information officer, he said. This is “inconsistent with how we address every other domain,” the general said. “Commanders don’t outsource or pay so little attention to those.”
https://www.defense.gov/News/Article/Article/1396033/us-commanders-must-embrace-cyber-special-ops-chief-says/

 

Russian cyber-activists ‘tried to discredit Scottish independence vote’
An expert in Russian cyber-operations has accused Russian activists of running a disinformation campaign to discredit the Scottish independence referendum result, by wrongly alleging it was rigged. […] He stressed he did not have proof the disinformation campaign was orchestrated by the Kremlin, but said there was a clear need for official investigations and internal reviews by social media companies.
https://www.theguardian.com/politics/2017/dec/13/russian-cyber-activists-tried-to-discredit-scottish-independence-vote-says-analyst

 

Senator presses White House to improve election cyber protections
Specifically, Wyden asked McMaster to designate a senior White House election security czar to brief Congress of executive branch election security efforts, direct the National Institute for Standards and Technology and the Department of Homeland Security to grade states on their election infrastructure and designate political campaigns as critical infrastructure.
https://fcw.com/articles/2017/12/13/wyden-election-cyber-johnson.aspx

 

Judge: Cruise line isn’t an internet provider under surveillance law
“If this proposition were carried to its logical conclusion, then every entity which now offers free WiFi would be rendered a ‘provider'” under the surveillance law, the Stored Communications Act, Robinson wrote in a Nov. 29 order. “The undersigned cannot conclude that such a result would be consistent with the intent of Congress in enacting the Stored Communications Act.”
https://www.politico.com/blogs/under-the-radar/2017/12/12/judge-cruise-line-internet-surveillance-293303

 

A Republican lawmaker urges FCC to delay net neutrality repeal vote
Coffman referred to a Pai statement from when the FCC’s then-Democratic majority imposed the current net neutrality rules in 2015. The commission’s “five unelected individuals” should not decide a “dispute this fundamental,” Pai said then. Instead, Pai in 2015 said that “the people’s elected representatives” should decide. Coffman wants Pai to return to his former stance that the FCC should wait for Congress to act.
https://arstechnica.com/tech-policy/2017/12/even-some-republican-congresspeople-oppose-full-net-neutrality-repeal/

 

Banker jailed for helping criminals who stole millions using Dridex malware
On Tuesday, December 12th, 2017, a 29-year-old Barclays banker Jinal Pethad was jailed for six years and four months for assisting two Moldovan cybercriminals to launder more than £2.5 million ($3 million) from Barclays Ealing, London branch where he worked. The cybercriminals identified as Ion Turcan and Pavel Gincota were jailed for five years eight months and seven years’ respectively for using Dridex banking malware and paying Pethad for his assistance in the scheme.
https://www.hackread.com/banker-jailed-money-laundering-dridex-malware/

 

How a Dorm Room Minecraft Scam Brought Down the Internet
The most dramatic cybersecurity story of 2016 came to a quiet conclusion Friday in an Anchorage courtroom, as three young American computer savants pleaded guilty to masterminding an unprecedented botnet—powered by unsecured internet-of-things devices like security cameras and wireless routers—that unleashed sweeping attacks on key internet services around the globe last fall. What drove them wasn’t anarchist politics or shadowy ties to a nation-state. It was Minecraft.
https://www.wired.com/story/mirai-botnet-minecraft-scam-brought-down-the-internet/

 

Tenable’s response to folks upset at AWOL features: A 150-emails-a-minute spam storm
However, the release also withdrew some features, leading to responses such as this:
Wow, removed api, removed multi-user support..
              Just the features I was waiting for! I am officially
              looking for a good vulnerability scanner, what does
people recommend?
It gets worse: as part of the effort to spread the word about Nessus Pro 7, Tenable appears to have added all Nessus customers to a support forum that spewed out email at as much as 150 messages a minute, for over an hour.
https://www.theregister.co.uk/2017/12/12/tenable_security_spams_clients/

 

Anderson Cooper’s Twitter hacked to insult Trump after Moore loss
“Just woke up to find out someone gained access to my twitter account,” Cooper tweeted Wednesday morning. “I have not sent a tweet in days or replied to any tweets. We are looking into how this happened.” CNN Communications made a similar claim. “This morning someone gained access to the handle @andersoncooper and replied to POTUS,” it tweeted. “We’re working with Twitter to secure the account.”
https://www.scmagazine.com/anderson-coopers-twitter-hacked-to-insult-trump-after-moore-loss/article/718206/

 

 

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.