IT Security News Blast 4-26-2017

Systemic cybersecurity crisis looms

Cisco surveyed more than 1,000 executives, and 74 percent of participants said the main purpose of cybersecurity is to reduce risk rather than enable growth. This ideology that cybersecurity is costly, hinders productivity and is maintained based on a company decision maker’s level of paranoia is not just inaccurate, it is harmful. […] Compounding this problem is security vendors’ tendency to market their products as the cure-all for cybersecurity. With cost as a deciding factor for purchase decisions, many organizations will choose to partner with a vendor that promises to “solve” cybersecurity, believing that the solution will sufficiently protect their organization without additional resources.

 Interpol’ Operation Founds Malware Infection in More Than 9,000 Servers

In their statement, Interpol also said that “Analysis identified nearly 270 websites infected with a malware code which exploited a vulnerability in the website design application. Among them were several government websites which may have contained personal data of their citizens.” The authorities also discovered a great number of phishing websites, some of which have found to contain links that lead to Nigeria.

 Atlassian’s HipChat Hacked — Users’ Data May Have Been Compromised

Data accessed by the hackers include user account information such as customers’ names, email addresses and hashed password information. Besides information, attackers may have obtained metadata from HipChat “rooms” or groups, including room name and room topic. While metadata is not as critical as direct messages, it’s still enough to identify information that’s not intended to be public. Worse yet, the hackers may also have stolen messages and content in chat rooms, but in a small number of instances (about 0.05%). There has been no sign that over 99% of users’ messages or room content was compromised.

 Willis Towers Watson lifts off cyber product for global airlines

A recent Willis Towers Watson survey found that failure of critical IT systems is the most significant risk facing the global aviation industry. The new cover will offer an extension of business interruption to third parties, which is a key addition for the airline industry. The cover extends to both IT service providers and non-technology firms. It will also offer network business interruption cover at a pre-agreed minimum value.

 Google’s ‘Project Owl’ — a three-pronged attack on fake news & problematic content

Project Owl is Google’s internal name for its endeavor to fight back on problematic searches. […] People are increasingly producing content that reaffirms a particular world view or opinion regardless of actual facts. In addition, people are searching in enough volume for rumors, urban myths, slurs or derogatory topics that they’re influencing the search suggestions that Google offers in offensive and possibly dangerous ways.

 You Can Now Buy Revenge Services on Dark Web

This is not the first time when a dark web listing has offered violent activities in exchange for money. Last year, a dark web website was asking for funds to assassinate the President of United States Donald Trump and Vice President Mike Pence. However, when it comes to Etimbuk’s listing it is highly advised not to indulge yourself in such activities and enjoy the funny listing.

 Former Expedia IT tech gets 15 months in jail for insider trading, stealing information from execs

“This was not a one-time lapse in judgement – this defendant used his technology skills to repeatedly invade the email accounts of Expedia executives so that he could enrich himself at the expense of others,” U.S. Attorney Annette L. Hayes said in a statement. “Even after he moved on to a better paying position at a different technology firm he continued his crimes, all while trying to make it look like other employees were at fault.

 Cyberattack on French presidential front-runner bears Russian ‘fingerprints,’ research group says

If a Russian connection is proved, the hacking would add to mounting allegations that Moscow is backing attempts to influence Western elections in favor of candidates with policies potentially more friendly to the Kremlin. Le Pen has voiced opposition to the powers of the European Union and has called for better ties with Russia, echoing some of the campaign rhetoric of President Trump.

 Dawn Media group is under cyber attack

Dawn Media Group, through a message posted on their website and on Facebook, has claimed that it has been under over the past three months. Both its official social media accounts and accounts of its staff have been subject to many attempts of hijacking and hacking in these past few months. […] But considering the fact that millions of Pakistanis rely on and form opinions based on the content posted on Dawn and other news sites like this, even a simple hack and changing a few news stories can have a disastrous effect.

 With cyber attacks on the rise, business continuity plans are more vital than ever

Oxford Economics has reported that companies’ share prices fall by an average of 1.8 percent following a cyberattack. As a result, it’s essential that firms have the plans and resources they need to battle cybercrime effectively – and also to recover from an attack very quickly. In this regard, improving technology is actually the last piece of the cybersecurity puzzle – the real work comes in undertaking risk assessments and understanding what the potential risks to a firm’s assets are.

 Hackers uncork experimental Linux-targeting malware

The Linux/Shishiga malware uses four different protocols (SSH, Telnet, HTTP and BitTorrent) and Lua scripts for modularity, according to an analysis of the nasty by security researchers at ESET. Shishiga relies on the use of weak, default credentials in its attempts to plant itself on insecure systems through a bruteforcing attack, a common hacker tactic. A built-in password list allows the malware to try a variety of different passwords to see if any allow it in.

 Hyundai Patches Leaky Blue Link Mobile App

Exacerbating the situation is the fact the app sends encrypted log data to Hyundai accompanied by a static, hard-coded decryption key that is sent in the clear. The key is the same for every user and cannot be modified. “With the key and an evil Wi-Fi hotspot, an attacker could wait for that log data to go through the network and get personal information on users, including name, address, log data, GPS data and get the PIN for the application[.]”

 Cybersecurity skills shortage impact on technology innovation

When asked to identify the impact of the cybersecurity skills shortage:

  • 54% said it increased the cybersecurity staff’s workload
  • 35% said their organization had to hire and train junior staff rather than hire people with the appropriate level of experience necessary
  • 35% said the cybersecurity skills shortage has created a situation whereby the infosec team hasn’t had time to learn or use its security technologies to their full potential

 Risks, Rewards of Running With the Cybersecurity Bulls

“The cybersecurity market is dynamic and growing,” Mike Gregoire, CEO of infrastructure software company CA Technologies in New York, told Bloomberg BNA. The growth is “fueled by the never-ending barrage of cyberattacks; the expanding attack surface of the growing adoption of cloud and IT; and the advent of the application economy,” he said. CA Technologies is the 13th largest infrastructure software company in the world, with a $13.4 billion market capitalization, Bloomberg data show.

 Overnight Cybersecurity: White House adviser ditches cyber panel over ‘fake news’

White House national security staffer Sebastian Gorka faced off with student critics he described as “victims of fake news” at a Georgetown University panel on Monday, eventually walking out of the event in the middle of the question-and-answer period. Gorka, a deputy assistant to President Trump, blamed “fake news” — the topic of the panel — for a series of stories alleging connections between him and far-right or anti-Semitic Hungarian political organizations.

 Webroot deletes Windows files and causes serious problems for users

The problem is what’s known in the antivirus industry as a “false positive” — a case where a clean file is flagged as malicious and is blocked or deleted. False positive incidents can range in impact from merely annoying — for example, when a program cannot run anymore — to crippling, where the OS itself is affected and no longer boots. […] The incorrect detection lasted for two hours, between 1PM and 3PM Mountain Standard Time in the U.S., and resulted in files being flagged as W32.Trojan.Gen. As suggested by the name, this is a generic detection signature intended to catch Trojan programs.

 Protecting Data Fast and Cheap in the IIoT

The Defense Department intends to issue new policy that will assign a mission assurance person to every military installation who will be responsible for addressing concerns sensors and devices capable of connecting to the Internet pose, he said. The policy will be issued “soon,” Haegley said, without providing a detailed timeline. Not all solutions to shore up vulnerabilities must come from the standard acquistions and contracting methods, Haegley suggested.

 Cybersecurity And The Board

Because cybersecurity has experienced a “personality transformation” in recent years, the nature of boards’ attention to cybersecurity is also evolving. Before, it was all about the hardware of the enterprise — its networks, firewalls and physical location itself. Fast-forward to 2017, and cybersecurity is now wholly centered on the less tangible and harder-to-control pieces: identities. […] This is an important shift, and, interestingly enough, board members will most likely play three very different roles when dealing with identity.

 Five Pitfalls of Cybersecurity Insurance: Lessons from the United States

1. Coverage Denied Because the Insured Did Not Comply with Underlying Obligations

2. Coverage Denied Because the Incorrect Party Was Injured

3. Coverage Denied Because the Incorrect Party Caused the Injury

4. Coverage Denied Because the Cyber Activity Was Merely Incidental

5. Coverage Denied Because the Litigation Was Outside the Scope of Covered Claims

 DHS preps Cyber Incident Data Repository

DHS started working on the repository after conversations in 2012 on incentivizing security, according to Matt Shabat, the agency’s director of performance management. The idea was that insurance would encourage better practices by providing lower premiums to “entities that demonstrate to insurers that they have certain level of cybersecurity.” Potential cybersecurity insurers, however, didn’t have actuarial data to be able to make those assessments. “The idea behind the repository” was to provide that data, thinking that “as the data matures, the market matures along with it,” Shabat told GCN.

 Malicious software bought by a London Police Officer can remotely hack users

It’s unclear as of yet whether this software was bought for official or personal use, but it does raise a question that why would an MPS’s officer need to buy a malware that can do things like intercepting phone calls, turning on microphones and taking pictures remotely via the infected device’s camera. Especially if the use of this malware wasn’t allowed, which would make it illegal.

 Why we need the FTC to police ISP privacy practices

“The [FTC] cannot fill that gap because it does not have jurisdiction over the security and privacy practices of broadband, cable and wireless carriers,” McSweeny said. “So what we have at the moment, in my opinion, is the rapid implementation of a no-cops-on-the-beat approach to privacy and data security in which control over who gets our sensitive information rests in the hands of very few large companies, which are the gatekeepers for our connections to modern life.”

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.