IT Security News Blast 12-20-2017

Cybersecurity Forensics

3 Methods to Preserve Digital Evidence for Computer Forensics
Some clients who hire us to conduct forensic investigations have had their critical systems compromised and need to recover deleted files, images, logs, and emails. Others need legally admissible evidence to submit to the courts. […] A successful outcome rests partially on my shoulders but it also depends on what you do prior to my arrival.
https://criticalinformatics.com/resources/blog/3-methods-to-preserve-digital-evidence-for-computer-forensics/

 

Hackers take control of security firm’s domain, steal secret data
The attackers were able to bypass protections provided by HTTPS-based encryption by first using their control of the Fox-IT domain to obtain a new transport layer security certificate. The process happened in the first 10 minutes of the attack, during which time all Fox-IT email was rerouted to the attackers. With that in place, the attackers were able to decrypt all incoming traffic and to cryptographically impersonate the hijacked domain.
https://arstechnica.com/information-technology/2017/12/hackers-steal-security-firms-secret-data-in-brazen-domain-hijack/

 

Six red flags from first-ever FINRA early exam results: Cyber security No. 1
Action points: Leading firms are going beyond merely protecting data to anticipating and responding to network intrusions and suspicious activity. They are using behavioral analytics to train staff to detect and respond to threats. Increasingly, penetration testing is becoming a basic requirement.
https://www.reuters.com/article/bc-finreg-cybersecurity-redflag-finra-ex/six-red-flags-from-first-ever-finra-early-exam-results-cyber-security-no-1-idUSKBN1ED2SG

 

Secureworks Discovers North Korean Cyber Threat Group, Lazarus, Spearphishing Financial Executives of Cryptocurrency Companies
It is likely that the threat actors conducted reconnaissance and simply copied and pasted from open source to craft their lure. CTU researchers have observed NICKEL ACADEMY (Lazarus) copying and pasting job descriptions from online recruitment sites in previous campaigns. In previous rounds of phishing, the job postings in the lure documents contained the same typos as the source that they had been taken from.
https://www.cso.com.au/mediareleases/30879/secureworks-discovers-north-korean-cyber-threat/

 

U.S. blames North Korea for ‘WannaCry’ cyber attack
“North Korea has acted especially badly, largely unchecked, for more than a decade, and its malicious behavior is growing more egregious,” Bossert wrote. “WannaCry was indiscriminately reckless.” The White House was expected to follow up on Tuesday with a more formal statement blaming Pyongyang, according to a senior administration official.
https://www.reuters.com/article/us-usa-cyber-northkorea/u-s-blames-north-korea-for-wannacry-cyber-attack-idUSKBN1ED00Q

 

HHS struggles with cybersecurity, OIG finds
The OIG found problems with both the management of the systems and access control. “It’s hard not to think that HHS’ internal security is a mess,” said Chris Hart, an attorney with Foley Hoag. “It’s disconcerting given the fact that HHS has a cyberunit that is intended to help hospitals and healthcare companies with their own cybersecurity systems.”
http://www.modernhealthcare.com/article/20171219/NEWS/171219872

 

Prediction: Health Care in the Security Crosshairs in 2018
The report found that the health care industry has a weak security posture overall and this is escalating risks at a time when threats are getting more sophisticated. There is also a surprising lack of security awareness in the health care industry, especially when you consider a cyber attack could result in life or death situations. As the report stated: The healthcare industry’s poor security posture makes it susceptible to the most basic opportunistic attacks.
https://www.itbusinessedge.com/blogs/data-security/prediction-health-care-in-the-security-crosshairs-in-2018.html

 

At the Health IT Summit in Dallas, a Probing Discussion of Incident Response Strategy
“Yes, as part of incident response strategy, we automatically involve marketing folks,” Roszkowski noted. “And we have done preparatory work to have some template language available. Even if you think you’re only communicating internally, it’s highly likely that things will be communicated externally,” she added. “So we’re very careful in how we communicate internally.
https://www.healthcare-informatics.com/article/cybersecurity/health-it-summit-dallas-probing-discussion-incident-response-strategy

 

CEO Says Beware of North Korean Hackers ‘Building a Cache of Bitcoin’
Companies that deal in bitcoins and other digital currencies should be worried about being hacked by North Korea, which is “building a cache” of stolen crypto-loot, says one cybersecurity CEO. “It’s an anonymous currency, it can easily bypass any sort of sanctions because there are none on bitcoin, and the value has increased dramatically,” CrowdStrike CEO George Kurtz told CNBC’s Squawk Alley on Tuesday. “It’s the perfect currency for North Korea to be hoarding.”
http://fortune.com/2017/12/19/cybersecurity-bitcoin-north-korea/

 

Here’s Why the Trump Administration Called Out North Korea’s Cyberattacks
When asked about the lag time between the rash of WannaCry ransomware attacks in May and the December attribution, Bossert replied: “As we move forward and attribution becomes part of our accountability pillar, we can’t do it wrong, we can’t get it wrong, we can’t try to rush it.” He later added: “If we had gotten it wrong, it would have been more of a damage to our reputation and our national security than it would have been a boon.”
http://www.nextgov.com/cybersecurity/2017/12/heres-why-trump-administration-called-out-north-koreas-cyberattacks/144694/

 

Iran Regime’s Cyber Attacks Against US Are Likely to Increase Dramatically
James Lewis, Senior Vice President and Program Director at the Center for Strategic and International Studies (CSIS), said: “The Iranians don’t want the nuclear deal to go away, and so that is the thing that shapes their behaviour to the U.S. If we did cancel the nuclear deal, I think in some ways that would take the leash off when it comes to cyber actions.”
http://www.iranfocus.com/en/index.php?option=com_content&view=article&id=32297:iran-regime-s-cyber-attacks-against-us-are-likely-to-increase-dramatically&catid=9&Itemid=114

 

Senate GOP Aims for Short-Term Extension of Surveillance Law
The Senate’s No. 2 Republican, John Cornyn of Texas, told reporters Tuesday that the program, known as section 702 of the Foreign Intelligence Surveillance Act, could be renewed for several weeks by adding a provision to a stopgap government spending bill. That would give Congress more time to sift through competing bills in the House and Senate to alter and reauthorize the law.
https://www.usnews.com/news/politics/articles/2017-12-19/senators-oppose-surveillance-law-extension-in-spending-bill

 

GOP net neutrality bill would allow paid fast lanes and preempt state laws
A Republican lawmaker is proposing a net neutrality law that would ban blocking and throttling, but the bill would allow ISPs to create paid fast lanes and prohibit state governments from enacting their own net neutrality laws. The bill would also prohibit the FCC from imposing any type of common carrier regulations on broadband providers. Rep. Marsha Blackburn (R-Tenn.) announced the “Open Internet Preservation Act” in a video posted to Twitter.
https://arstechnica.com/tech-policy/2017/12/gop-net-neutrality-bill-would-allow-paid-fast-lanes-and-preempt-state-laws/

 

Sen. Lankford urges DHS to prioritize election cybersecurity after Russian cyberattacks
Lankford, along with Senator Amy Klobuchar (D-MN), said that intelligence reports show that Russia hacked presidential campaign accounts, launched cyberattacks against at least 21 state election systems, attacked a U.S. voting systems software company and illegally obtained emails from more than 100 election officials. […] The two senators called on Nielsen to improve information-sharing between states and the federal government and provide states with resources, best practices and manpower to help combat attacks and update voting technology.
http://www.fox23.com/news/sen-lankford-urges-dhs-to-prioritize-election-cybersecurity-after-russian-cyberattacks/666300832

 

The internet is broken… but the web’s top minds have a plan to fix it
Trossen’s proposal, which he is prototyping at InterDigital as part of a worldwide initiative, is for an “information-centric network” (ICN), an internet that is in effect devoid of geography. Instead of uniform resource locators (URLs) – the web addresses that we use to access servers of information – an ICN-based internet will have uniform resource identifiers (URIs), labels attached to tell everyone else what that information is.
http://www.wired.co.uk/article/is-the-internet-broken-how-to-fix-it

 

‘Key To The Kingdom’: A Look At Decentralized Authentication
Avetisov said that centralized authentication presents a single weak spot or point of failure, which is easier for hackers to target. He called it “high-risk” and “high-cost” for the enterprise. Meanwhile, Avetisov said decentralized authentication helps eliminate fraud and reduce the breach risk. He said the push for decentralization is an enterprise response to the consumer being more aware about security and privacy.
https://www.cshub.com/news/%E2%80%98key-to-the-kingdom%E2%80%99-a-look-at-decentralized

 

The Internet of Things Is Going to Change Everything About Cybersecurity
Removing the human risk means repositioning the way you think of the relationship between employees, connected devices, and overall corporate cyber defenses. You must accept that IoT and other security issues aren’t user interaction problems; they’re device and system interaction problems. The highly connected nature of IoT devices means that they’re constantly in communication, capable of spreading malware, and capable of leaping from system to system with no human interaction — all beyond the reach of current security solutions.
https://hbr.org/2017/12/the-internet-of-things-is-going-to-change-everything-about-cybersecurity

 

South Carolina election agency can withhold cybersecurity documents, attorney general’s office says
[State] Election Commission Director Marci Andino requested an opinion from Attorney General Alan Wilson’s office about whether cybersecurity matters fall under an exception to the law that excludes information relating to “security plans and devices.” Assistant Attorney General Matthew Houck responded in an opinion that a court likely would find that the security plans exemption would apply to cybersecurity infrastructure, allowing the agency to withhold documents about the state’s protection systems.
https://www.postandcourier.com/south-carolina-election-agency-can-withhold-cybersecurity-documents-attorney-general/article_f701f432-e4df-11e7-a35f-fb0bb1c8b408.html

 

To unlock hidden talent, Symantec prepares state and local cybersecurity challenge
The event is structured as an online competition that gives teams of one to four participants a two-day window to respond to simulated cybersecurity scenarios modeled after real malware and ransomware attacks. The company’s platform simulates financial institutions, governments, and other players that might be involved in a real-world attack.
http://statescoop.com/to-unlock-hidden-talent-symantec-announces-state-and-local-cyber-challenge

 

The Problem with Cybersecurity Regulations
Countries may be able to defend data in their own jurisdictions, but if companies in a specific country want to do business with the world, they have to take what they’re given – even if it comes from companies in another jurisdiction that have less stringent security standards. Seeking to impose worldwide standards might entail developing an international protocol, similar to the agreements sponsored by groups like the World Trade Organization. In fact, at this year’s RSA Conference, Microsoft Chief Legal Officer Brad Smith called for a Digital Geneva Convention.
https://www.infosecurity-magazine.com/opinions/problem-cybersecurity-regulations/

 

Cybersecurity past to predict the future
As part of the recently published research report from ESG and the information systems security association (ISSA) titled, The Life and Times of Cybersecurity Professionals, 343 infosec pros were asked to identify the cybersecurity actions their organizations have taken over the past few years.  This list serves as a good foundation for what we can expect in 2018.
https://www.csoonline.com/article/3243061/security/cybersecurity-past-to-predict-the-future.html

 

2017 Year in Review: Cyber-Security Faces Challenges Old and New
A number of key cyber-security events took place in 2017—involving ransomware, including WannaCry and NotPetya; misconfigured Amazon cloud storage disclosures; new vulnerabilities such as KRACK; and mega-breaches such as the Equifax attack. Many of those big cyber-security incidents had a common root cause: the lack of patching.
http://www.eweek.com/security/2017-year-in-review-cyber-security-faces-challenges-old-and-new

 

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.