IT Security News Blast 12-18-2017

California Voter Hack

Securing the 2020 Election Process (Part 1)
To more accurately describe how the 2016 election outcome was likely influenced and what needs to be done to mitigate a repeat in 2018 or 2020, I believe it is necessary to start out by taking a closer look at the stakeholders involved in an election and then map the set of threats to these stakeholders before jumping to conclusions about what needs to be done.


Millions of California voter records exposed in unprotected MongoDB
“Kromtech researchers were unable to identify the owner of the database or conduct a detailed analysis due to the fact that the database has been deleted by cyber criminals and there is a ransom note demanding 0.2 bitcoin ($2,325.01 at the time of discovery),” he said.  Just about every piece of PII on the voter was included in the database. This included name, address, phone number, email, place of birth, voting precinct and gender.


Senators to introduce bipartisan bill to prevent foreign cyber interference in elections
The bill, spearheaded by Sen. James Lankford, R-Oklahoma, and also sponsored by Sen. Lindsey Graham, R-South Carolina, Sen. Amy Klobuchar, and Sen. Kamala Harris, D-California, is intended to better the communication between the Department of Homeland Security, the intelligence community and state election offices, in efforts to thwart future interference in U.S. elections by foreign actors.


FCC votes to repeal net neutrality, could increase cybersecurity threats
“The removal of net neutrality is likely to decrease transparency on the Internet, and less transparency will increase cybersecurity threats,” Tim Erlin, vice president, product management and strategy at Tripwire, noting that ISPs will implement different behaviors to manage, filter and alter content, “we’re going to develop towards a bunch of different internets,” rather than a single Internet.


EU agrees clampdown on bitcoin platforms to tackle money laundering
The agreed measures will end anonymous transactions on virtual currency platforms and with pre-paid payment cards, which investigators said could have been used to fund attacks by militants. Bitcoin exchange platforms and “wallet” providers that hold the cyber currency for clients will be required to identify their users, under the new rules which now must be formally adopted by EU states and European legislators and then turned into national laws within 18 months.


Triton Malware Targets Industrial Control Systems in Middle East
“It follows Stuxnet which was used against Iran in 2010 and Industroyer which we believe was deployed by Sandworm Team against Ukraine in 2016,” researchers said in a blog post outlining their research. “Triton is consistent with these attacks, in that it could prevent safety mechanisms from executing their intended function, resulting in a physical consequence.”


Perceived Data Value Varies Wildly Across Industries, Countries
Corporate security and risk professionals also massively overestimate the value of PII data for sale on the black market: Overall criminal resale values for PII on the black market are less than 5% of the value that enterprise security professionals estimate them to be worth. For a payment card record, security managers over-estimate by 60 times the actual criminal values of data for sale on the black market. For a single banking record, it is 2,000 times more.


Pentagon Delays Deadline For Military Suppliers to Meet Cybersecurity Rules
“We said that clearly the only requirement for this year is to lay out what your plan is,” she said at the Dec. 7 hearing. “That can be a very simple plan. We can help you with that plan. We can give you a template for that plan. Then just report your compliance to it.” […] A Pentagon spokesman said the change should not be considered a delay in the deadline since contractors must still document by Dec. 31 how they will implement the new rules.


Iran’s “Kitten” Cyber Hackers Poised to Strike If Trump Shreds Nuke Deal
Iran-sponsored hackers—dismissively referred to as “kittens” for their original lack of sophistication—are bolstering their cyber warfare capabilities as part of their rivalry with Saudi Arabia. But should President Donald Trump take further steps to scrap the nuclear deal, it could mean an uptick in Iranian state-sponsored cyber intrusions into American and allied systems, with the goals of espionage, subversion, sabotage and possibly coercion.


How the Pentagon’s cyber offensive against ISIS could shape the future for elite U.S. forces
The cyber offensive against ISIS, an acronym for the Islamic State, was a first and included the creation of a unit named Joint Task Force Ares. It focused on destroying or disrupting computer networks used by the militant group to recruit fighters and communicate inside the organization. Such offensive weapons are more commonly associated with U.S. intelligence agencies, but they were brought into the open in 2016 after then-Defense Secretary Ashton B. Carter pressured U.S. Cyber Command to become more involved in the campaign to defeat the Islamic State.


We need to talk about mathematical backdoors in encryption algorithms
During a presentation, the two researchers presented BEA-1, a block cipher algorithm which is similar to the AES and which contains a mathematical backdoor enabling an operational and effective cryptanalysis. “Without the knowledge of our backdoor, BEA-1 has successfully passed all the statistical tests and cryptographic analyses that NIST and NSA officially consider for cryptographic validation,” the French crypto boffins explain.


Lazarus group conducting malware attacks to steal Bitcoins
Lazarus was previously in news for targeting banking giants around the globe while their latest attacks are targeting officials working at cryptocurrency firms in which hackers send an email containing a Word file as an attachment. The email tells the victim that in order to view the file they need to enable editing. Once that is done, the document installs a malicious macro on the device that further loads a Trojan that lets attackers take control of the computer.


Leveraging reconfigurable computing for smarter cybersecurity
A reconfigurable computing platform is a combination of a standard server and field-programmable gate array (FPGA) technology. The FPGA provides a powerful complement to the server CPU and is ideal for accelerating workloads that can be parallelized. In addition, FPGAs can be reconfigured on the fly to support new capabilities and even completely different applications as the functionality of the FPGA is defined by a software image that is downloaded to the FPGA. This makes the FPGA extremely versatile in addressing multiple needs.


Hackers Target Security Firm Fox-IT
The main target was apparently Fox-IT’s ClientPortal, an application used to securely exchange files with customers and suppliers. For a total of roughly 10 minutes, the attackers also managed to reroute Fox-IT emails in an effort to demonstrate that they owned the company’s domain so that they could fraudulently register an SSL certificate for the ClientPortal application.


New letter: Top Uber officials engaged in illegal wiretapping, shady spycraft
The highly-anticipated demand letter written on behalf of a former Uber employee, which has become central to the unfolding drama that is the Waymo v. Uber trade secrets lawsuit, was publicly released on Friday afternoon. As previewed in earlier court hearings, the “Jacobs Letter” outlines in detailed terms the questionable and possibly illegal behavior that former Uber security official Richard Jacobs and his former colleagues engaged in during his 11-month tenure at the company.


Over 22,000 indicted in China for internet, telecom fraud
A Supreme People’s Procuratorate (SPP) investigation department statement has called for quicker efforts to deal with cyber and telecom fraud and to tackle the problem at its root. The statement called on China’s prosecutors to better understand the harm of such violations, calling for a heavy- hitting approach.


Russian oil pipeline computer hacked to mine Monero coins
According to Reuters, company’s spokesman Igor Demin said that a Transneft computer automatically downloaded and deleted the Monero mining code from the web. It is unclear how many coins were generated from the compromised device since limited information has been provided to the media. “Incidents, where the company’s hardware was used to manufacture cryptocurrency, have been found. It could have a negative impact on the productivity of our processing capacity,” said Transneft Vice President Vladimir Rushailo.


2018 Predictions: Customers Demand Outcomes to End Balkanization of Security Practices
Today, security is kind of an artisanal industry. With a total addressable market north of $85 billion per year – and not one player above 5 percent – it is a chaotic industry of niches: Endpoint, AV, Cloud, Network/Infrastructure, Application, Compliance, and the list goes on and on. Paradoxically, while the overwhelming array of choices has given technologists a lot to evaluate, they have not gone far enough to lower the actual security risk facing organizations. And businesses are starting to take note.


Merry Xmas, fellow code nerds: Avast open-sources decompiler
Malware hunting biz and nautical jargon Avast has released its machine-code decompiler RetDec as open source, in the hope of arming like-minded haters of bad bytes and other technically inclined sorts with better analytical tools. As discussed as the recent Botconf 2017 in France earlier this month, RetDec provides a way to turn machine code – binary executables – back into an approximation of the original source code.



Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.