IT Security News Blast 12-21-2017

Hospitals lack Cybersecurity Officers

Approaching cybersecurity as a critical business function
SMBs sometimes lack skilled security staff which can lead to confusion on how to implement cybersecurity controls to meet compliance with their industry regulations. Keeping all of this in mind, SMBs can reduce risk exposure to their critical data and business operations without having to incur significant costs by following these security steps.
https://www.csoonline.com/article/3243573/risk-management/approaching-cybersecurity-as-a-critical-business-function.html

 

Sensitive Data of 123 Million American Households Exposed​
Apparently, the leak was possible due to misconfigured Amazon Web Services S3 cloud storage “bucket,” where the data was being stored by a California-based data analytics firm. This comes as no surprise since the previous misconfiguration in Amazon S3 Buckets had exposed confidential NSA and US military related data online. […] Researchers believe the data was purchased by Alteryx from Experian’s ConsumerView marketing database, a product sold to other enterprises and contains a mix of public details and more sensitive data.
https://www.hackread.com/sensitive-data-of-123-million-american-households-exposed%e2%80%8b/

 

From Tone at the Top to Technological Disruption and Cyber Security, Corporate Directors Have a Full 2018 Agenda
“Navigating near-term risks and opportunities while staying focused on long-term performance will be particularly challenging in 2018,” said Dennis T. Whalen, leader of the KPMG Board Leadership Center. “Whether it’s digital disruption or cyber security, the business implications of environmental and social issues, or designing the right board for the company’s future, the year ahead will require focused, yet flexible board agendas.”
http://markets.businessinsider.com/news/stocks/From-Tone-at-the-Top-to-Technological-Disruption-and-Cyber-Security-Corporate-Directors-Have-a-Full-2018-Agenda-1011700151

 

Tick, Tock: New SWIFT Security Regs Take Hold Jan. 1
Come January 1, 2018, the financial institutions that use SWIFT will be subject to the platform’s new Customer Security Controls Framework, which is being described as a “baseline” of security for both enterprises large and small. It could potentially prove difficult for smaller institutions or those in developing nations, whose security posture is far from optimal.
https://www.cshub.com/news/tick-tock-new-swift-security-regs-take-hold-jan-1

 

Healthcare Ransomware, Medical Device Security Key 2018 Trends
The push for value-based healthcare, interoperability, and improved patient engagement measures will all help fuel the need for organizations to work toward comprehensive cybersecurity. Healthcare data breaches in the current technology age could impact an individual’s healthcare information, but could also impact patient safety.
https://healthitsecurity.com/news/healthcare-ransomware-medical-device-security-key-2018-trends

 

8 in 10 healthcare organizations lack chief cybersecurity officer
Providers have also been slow to adopt cybersecurity best practices, the survey shows, with more than half (54%) of respondents conceding they don’t routinely conduct risk assessments. Despite a growing number of cyberattacks on hospitals and health systems, 92% of healthcare leaders said cybersecurity and the threat of a breach is not a major focus with their board of directors. And just a fraction said funds are being budgeted for cybersecurity in 2018.
https://www.healthcaredive.com/news/8-in-10-healthcare-organizations-lack-chief-cybersecurity-officer/513498/

 

Handcuffed by sanctions, North Korea seeks cash via cyber theft
According to multiple South Korean reports citing Seoul’s intelligence agency, North Korean hackers approach workers at digital exchanges by posing as beautiful women on Facebook, striking online conversations and eventually sending files containing malicious code. They also bombard executives with emails posing as job seekers sending resumes — with the files containing malware to steal personal and exchange data.
https://www.timesofisrael.com/handcuffed-by-sanctions-north-korea-seeks-cash-via-cyber-theft/

 

Attack Attribution Tricky Say Some as US Blames North Korea for WannaCry
Some security industry experts believe there’s not enough evidence – at least not enough that’s publicly available – to definitively tie the government in North Korea to the attacks. They believe that most of the clues that have been cited as evidence of North Korea’s involvement in an attack that ravaged some 300,000 computers worldwide, is circumstantial and can have other explanations.
https://www.darkreading.com/attacks-breaches/attack-attribution-tricky-say-some-as-us-blames-north-korea-for-wannacry-/d/d-id/1330688

 

Microsoft and Facebook take action against WannaCry group
Though Facebook and Microsoft did not directly attribute the attack to North Korea, Microsoft president Brad Smith in a blog post said the company was “pleased to see these governments making this strong statement of attribution.”  […] Microsoft said it cleaned its customers’ infected computers and took down accounts that Lazarus was using to “pursue cyberattacks.” It also beefed-up Windows security to prevent the malware from infecting computers again.
http://money.cnn.com/2017/12/19/technology/microsoft-facebook-wannacry/

 

New Cryptocurrency Mining Scheme Uses NSA Exploits EternalBlue & EternalSynergy
This campaign has been dubbed as “Zealot” and it is being termed as a sophisticated and complex multi-stage attack targeting internal systems that run on Linux and Windows OS. Since the attack involves the use of powerful exploits like EternalBlue and EternalSynergy, therefore, attackers are able to access internal networks laterally. Furthermore, through NSA exploits, attackers install cryptocurrency miners on the targeted systems and networks.
https://www.hackread.com/cryptocurrency-mining-uses-nsa-exploits-eternalblue-eternalsynergy/

 

Congressional members demand election hack briefing by FBI and DHS
The latest case has representatives from 18 of the 21 states whose elections were purportedly targeted by Russia asking House Speaker Paul Ryan (R-Wisc.) in a letter for a full briefing to be delivered to Congress by the Department of Homeland Security and the FBI and for him to direct the proper Congressional committees to investigate the attack. “When a sovereign nation attempts to meddle in our elections, it is an attack on our country,” the letter stated.
https://www.scmagazine.com/congressional-members-demand-election-hack-briefing-by-fbi-and-dhs/article/720078/

 

GCHQ says cyber-spies ‘over-achieved’ say MPs
The details were revealed in the annual report of the Intelligence and Security Committee, which oversees the work of intelligence agencies. It said GCHQ had “over-achieved”, creating double the number of new offensive cyber-capabilities expected. The report said GCHQ’s allocation of effort to develop hacks had increased “very substantially” from 2014.
http://www.bbc.com/news/technology-42425960

 

Congress Keeps Delaying Renewal of Its ‘Must-Pass’ Warrantless Surveillance Program
US intelligence chiefs say the program is vital to national defense and any lapse in its renewal would compromise the government’s ability to surveil terrorists, malicious cyber actors, and other intelligence targets abroad. Intended only to target individuals who live outside the United States, Section 702 is also known to suck up vast quantities of information on Americans—data that is collected and stored by the government without a warrant.
https://gizmodo.com/congress-keeps-delaying-renewal-of-its-must-pass-warr-1821478463

 

The internet is broken
Cerf would be reluctant to change this in a new internet. “The advantages outweigh the disadvantages,” he says. And pretty much everyone would agree – TCP/IP basically works. But in our hypothetical new internet, there’s a second core feature of Cerf and Kahn’s network that we may want to revisit: its client-server structure, the idea that information lives somewhere (a server) and we (clients) go to that place to access it.
http://www.wired.co.uk/article/is-the-internet-broken-how-to-fix-it

 

Project Zero Chains Bugs for ‘aPAColypse Now’ Attack on Windows 10
“We identified 7 security vulnerabilities in (JScript.dll) and successfully demonstrated reliable code execution from local network (and beyond) against a fully patched (at the time of writing) Windows 10 64-bit with Fall Creators Update installed,” wrote Project Zero researchers on the teams’ website Monday.
https://threatpost.com/project-zero-chains-bugs-for-apacolypse-now-attack-on-windows-10/129193/

 

WordPress captcha plugin on 300,000 sites had a sneaky backdoor
WordFence are warning that the WordPress Captcha plugin, popular enough to get around 300,000 installations, should be replaced with the latest official WordPress version (4.4.5). […] The plugin’s auto-downloader “downloads a ZIP file from https://simplywordpress[dot]net/captcha/captcha_pro_update.php”, which is how the backdoor is put onto the target install.
https://www.theregister.co.uk/2017/12/20/backdoor_wordpress_captcha/

 

Pyramid scheme: AnubisSpy Android malware steals data, seemingly links to old Sphinx campaign
All of the apps are written in Arabic and somehow relate to Egypt – in certain cases, spoofing an Egyptian TV program or showcasing Middle Eastern news. They were signed with fake Google certificates and were installed in a “handful of countries in the Middle East,” Trend Micro further reports, citing Google. “The apps mainly used Middle East-based news and sociopolitical themes as social engineering hooks and abused social media to further proliferate,” the blog post explains.
https://www.scmagazine.com/pyramid-scheme-anubisspy-android-malware-steals-data-seemingly-links-to-old-sphinx-campaign/article/719741/

 

The time to deal with IoT security is now
[The] “minimal footprint” of IoT software and hardware cuts down on traditional malware protection strategies. Plus, Vemula said, buyers of consumer products — ranging from children’s toys to pacemakers and cars — are not primed to think of security issues. On a larger scale, he added, “critical infrastructures like electricity, irrigation and defense are now connected,” creating juicy targets for digital mayhem from criminal gangs to rogue nations.
https://www.networkworld.com/article/3243685/internet-of-things/the-time-to-deal-with-iot-security-is-now.html

 

Top 8 Cybersecurity Skills IT Pros Need in 2018 [Slideshow]
“When we entered 2017, the talking points were about bridging the gap between security and IT. But with sophisticated technical breaches and ransomware attacks like WannaCry, there is a return back to incident response and more technical skills, which are hard to find,” says Owanate Bestman, information security contract consultant at Barclay Simpson.
https://www.darkreading.com/careers-and-people/top-8-cybersecurity-skills-it-pros-need-in-2018/d/d-id/1330657

 

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.