IT Security News Blast 12-26-2017

Bitcoin Hoax

The Bitcoin Hoax

We have a lot of work to do in order to return the business of financial regulation and good monetary policy to democratic control. But if you think that task can be entrusted to an algorithm, consider this. It’s an old idea—economists Milton Friedman and Friedrich Hayek advocated putting the money supply on auto-pilot.

https://www.huffingtonpost.com/entry/the-bitcoin-hoax_us_5a3fd6dce4b025f99e17bb2f

 

Get ready for a 2018 cryptocurrency crime wave

Over the years, hackers have targeted the cryptocurrency exchanges, digital wallets, ICOs, DAOs (Decentralized Autonomous Organization), mining companies, virtual private servers and hosting services, and more. In fact, on December 7th, a bitcoin mining company called NiceHash was hacked, leading to more than $60 million in losses for its customers.

https://ca.finance.yahoo.com/news/get-ready-2018-cryptocurrency-crime-wave-2-145635242.html

 

Man Threatened Company with Cyber Attack to Fire Employee and Hire Him Instead

“I am giving you, TSI healthcare two choices,” Gori wrote in the email. “You either lay-off [identity redacted] and replace her with me, an operator 100x better that she is oppressing. Or I will take out your entire company along with my comrades via a cyber attack.” According to the same letter, Gori was fueled by a personal vendetta after the same employee denied his job application several times in the past.

https://www.bleepingcomputer.com/news/security/man-threatened-company-with-cyber-attack-to-fire-employee-and-hire-him-instead/

 

Securing the internet of things will be no easy task

A 2017 Gartner report boldly claims that “IoT security as a distinctive market is dead” due to the pace of innovation in this sector. We cannot take a patchwork approach to IoT security after devices are introduced to market; securing IoT devices before they can be used as entry points or vectors to attack other parts of cyber infrastructure is paramount to overall strong cybersecurity.

http://thehill.com/opinion/cybersecurity/366434-securing-the-internet-of-things-will-be-no-easy-task

 

Cyber to be the Weapon of Choice for Developing Countries, Says Former Mossad Chief

Developing countries would move to adopt cyber attacks as a weapon of choice and a way to disrupt trust in the democratic system, said Tamir Pardo, the former chief of Israel’s Mossad on Monday. […]  “You can take down entire markets and industries. In the past, we talked about protecting essential infrastructure from cyber attacks. Today, critical infrastructure is connected, and all non-critical infrastructure is connected to critical infrastructure, making it all vulnerable.”

https://www.calcalistech.com/ctech/articles/0,7340,L-3728108,00.html

 

Feds Joining Cyber Security ‘Dashboard’ For Real-Time Diagnostics

According to the same report, it pulls in information from sensors planted across government computer networks. The gathered data is then read by the DHS’ cyber officials. In real time, then, sensitive government networks could be monitored, and the DHS would be able to pinpoint which software is running on various devices and endpoints. In theory, it would be applicable across the entire federal government.

https://www.cshub.com/news/feds-joining-cyber-security-%E2%80%98dashboard%E2%80%99-for-real

 

US Intel Chiefs Sound Alarm on Overseas Web Spying Law

“If Congress fails to reauthorize this authority, the Intelligence Community will lose valuable foreign intelligence information, and the resulting intelligence gaps will make it easier for terrorists, weapons proliferators, malicious cyber actors, and other foreign adversaries to plan attacks against our citizens and allies without detection,” the intelligence chiefs said in an open letter to Congress.

http://www.securityweek.com/us-intel-chiefs-sound-alarm-overseas-web-spying-law

 

UK Tracked 100 Hacking Groups Trying to Steal Gov’t Sensitive Data – Official

According to the official, the most active groups are funded from Russia, China, North Korea and Iran, with the number of hackers working for such groups reaching 1,000. Since the beginning of the year, the intelligence services have reportedly detected about 750 cyberattacks targeting the country’s infrastructure and financial system. The hackers are using the stolen information and fake data as a weapon.

https://sputniknews.com/europe/201712241060284746-uk-hackers-government-sensitive-data/

 

Russian ‘cyber war’ behind bipartisan push to protect elections, senator says

The Secure Elections Act aims to block any possible future efforts by foreign adversaries by providing security clearances to state election officials to be briefed in real time, bolstering support for state election cybersecurity operations through a series of new, voluntary guidelines and streamlining information-sharing between federal intelligence entities and state election agencies.

http://abcnews.go.com/Politics/russian-cyber-war-bipartisan-push-protect-elections-senator/story?id=51940736

 

China Closes 13,000 Websites in 3 Years

A report to the on-going session of the standing committee of China’s largely rubber stamp parliament said the authorities had targeted pornography and violence in their sweeps of websites, blogs and social media accounts, Xinhua said. […] More than 90% of people “surveyed” supported government efforts to manage the internet, with 63.5% of them believing that in recent years “there has been an obvious reduction in harmful online content”, it added.

https://financialtribune.com/articles/economy-sci-tech/78538/china-closes-13000-websites-in-3-years

 

North Korean Hackers Targeting Individuals: Report

The multistage attacks that Proofpoint has uncovered rely on cryptocurrency-related lures to spread sophisticated backdoors and reconnaissance malware. In some cases, the hackers deploy additional malware, including the Gh0st remote access Trojan (RAT), in an attempt to steal credentials for cryptocurrency wallets and exchanges.

http://www.securityweek.com/north-korean-hackers-targeting-individuals-report

 

Cyber Surveillance Firm Founder Defends Company’s Practices

Mr. Lavie said that NSO sells only to “governmental bodies that are defined as legitimate by the majority of the world.” He didn’t specify which countries, besides the example of North Korea, would be considered illegitimate. […]  “We have no way to know what they do it the system,” he said. “I don’t want to know. I don’t want to be an intelligence partner.”

https://www.calcalistech.com/ctech/articles/0,7340,L-3728158,00.html

 

Satori IoT Botnet Exploits Zero-Day to Zombify Huawei Routers

Researchers suspected an unskilled hacker that goes by the name “Nexus Zeta” is exploiting a zero-day remote code execution vulnerability (CVE-2017-17215) in Huawei HG532 devices, according to a new report published Thursday by Check Point.             The vulnerability is due to the fact that the implementation of the TR-064 (technical report standard), an application layer protocol for remote management, in the Huawei devices was exposed on the public Internet through Universal Plug and Play (UPnP) protocol at port 37215.

https://thehackernews.com/2017/12/satori-mirai-iot-botnet.html

 

Crooks Switch from Ransomware to Cryptocurrency Mining

“With more and more people realizing that cryptocurrency is potentially a significantly profitable investment, this rise is likely to continue for the foreseeable future. And where there is profit, that is where malware attacks will gather,” wrote FortiGuard in a report Wednesday. Researchers said the shift by threat actors is also spurred by anti-ransomware mitigation efforts that have made infecting systems with malware harder.

https://threatpost.com/crooks-switch-from-ransomware-to-cryptocurrency-mining/129229/

 

The economics of cybersecurity

Georgia Gov. Nathan Deal announced on January 11 that the state will invest $50 million for a cyber range and training facility named the Hull McKnight Georgia Cyber Innovation and Training Center in Augusta that will combine expertise in academia, private industry and government to establish statewide cybersecurity standards. Construction of the 150,000-square-foot facility is underway with the final part of the steel structure being completed in mid-November.

https://www.scmagazine.com/the-economics-of-cybersecurity/article/720084/

 

Why global cybersecurity initiative must be based on aspiration, delivery, accountability, engagement and transparency

IGF 2017 addressed critical policy challenges to cybersecurity, digital economy, the role of internet in sustainable development, human rights, and the impact of digitisation on global economies, media and the political system. In recent years, we have witnessed attacks that affected presidential elections in a number of countries, such as the US and France.

http://www.financialexpress.com/opinion/why-global-cybersecurity-initiative-must-be-based-on-aspiration-delivery-accountability-engagement-and-transparency/989674/

 

Zero Trust networks and enterprise security strategy | Salted Hash Ep 12 [Video]

Executives at cloud services vendor Akamai — David Lewis, global security advocate; Andy Ellis, CSO; and Charlie Gero, CTO — talk with host Steve Ragan about the evolving role of security in the enterprise.

https://www.networkworld.com/video/83816/zero-trust-networks-and-enterprise-security-strategy-salted-hash-ep-12

 

Why cryptography is much harder than software engineers think

The recent ROCA vulnerability (CVE-2017-15361) raises some important issues about the design of secure cryptographic software. The vulnerability is not in this case an obvious coding error such as a buffer overflow, or the use of a poor quality random number generator. In this case, it arose from what probably seemed like a reasonable software engineering decision. To understand this in detail requires some pretty complex mathematics.

https://www.helpnetsecurity.com/2017/12/19/cryptography-hard/

 

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.