IT Security News Blast 5-16-2017

Why Security Folks Want to Cry About WannaCry

“On May 12th 2017, reports began surfacing that a virulent ransomware attack, which takes advantage of a number of known vulnerabilities in unpatched Microsoft Windows systems to encrypt files on file shares, was spreading around the world.” What do we know about the attack so far and what does it tell us about how secure our cybersecurity really is?

 Ransomware makes healthcare wannacry

“Healthcare organizations are particularly vulnerable to these attacks because awareness about email authentication is still quite low in the sector as a whole. In order to protect the nation’s healthcare infrastructure from future ransomware attacks, we encourage all security executives to ensure their organizations have proper email authentication at enforcement,” said ValiMail CEO Alexander Garcia-Tobar. “It only takes a click from one person to endanger an entire enterprise.”

 Ransomware Attack Sends Cybersecurity Stocks Soaring

“These attacks help focus the minds of chief technology officers across corporations to make sure security protocols are up to date, and you often see bookings growth at cybersecurity companies as a result,” said Neil Campling, head of technology research at Northern Trust. In London, shares in cloud network security firm Sophos jumped more than 7% to a record high and security firm NCC Group rose 2.9%.

 Russia, this time the victim of a cyberattack, voices outrage

In fact, of all the countries afflicted in the first wave of the spread of the malicious software, Russia was hit the hardest: The virus tried to infect more computers in Russia than anywhere else, according to an analysis by Kaspersky Lab, a Russian antivirus company. While government computers were crashing, banks, cellphone operators and railroads in Russia were fending off attacks designed to freeze their systems in demand for ransoms to unlock the data.

 A timeline of the WannaCry cyberattack

The so-called WannaCry cyberattack has affected hundreds of thousands of computers by exploiting vulnerabilities in Microsoft’s Windows XP software, creating havoc around the world. Here’s a timeline detailing how the attack spread:

Friday, May 12: Morning – The first appearance of the cyberattack was registered in Europe at what would have been 3:24 a.m. Eastern time, according to a report by The Financial Times.

 A ‘second wave’ of ransomware could broaden global cyberattack

Security experts say the unprecedented ransomware attack that on Friday locked up computers across the globe including UK hospital, FedEx, train systems in Germany among other institutions in exchange for payment, could cause even more trouble as the work week begins. On top of that, copycat versions of the malicious software have already started to spread. “We are in the second wave,” Matthieu Suiche of the cybersecurity firm Comae Technologies told the New York Times on Sunday.

 Cyber attack: Microsoft says ransomware hack a ‘wake-up call’ for world governments

“We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world.” He likened the most recent cyber attack to “the US military having some of its Tomahawk missiles stolen” and said that it “represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today”, namely nation-state action and organised criminal action.

 WannaCry Variants Pick Up Where Original Left Off

At least five new takes on the first attack, all still leveraging the NSA’s EternalBlue exploit and DoublePulsar rootkit, are spreading WannaCry. So far, the attackers aren’t exactly getting rich, collecting $54,894 as of this morning, despite as many as 200,000 infections in 150 countries, according to Europol’s estimates. But given the flexibility of the leaked NSA exploits, there’s nothing stopping criminals from spreading banking Trojans or other commodity malware in the same fashion, experts said.

 Virulent WCry ransomware worm may have North Korea’s fingerprints on it

The tweet referenced identical code found in a WCry sample from February and an early 2015 version of Cantopee, a malicious backdoor used by Lazarus Group, a hacking team that has been operating since at least 2011. Previously discovered code fingerprints already tied Lazarus Group to the highly destructive hack that caused hard drives in South Korea to self-destruct in 2013, wiped almost a terabyte’s worth of data from Sony Pictures in 2014, and siphoned almost $1 billion from the Bangladesh Central Bank last year by compromising the SWIFT network used to transfer funds.

 8 Notorious Russian Hackers Arrested in the Past 8 Years

Unfortunately, the indictment and arrest history shows a picture where cooperation from the Russian government to catch these bad guys is non-existent. Instead, US lawmen and prosecutors have had to depend on a complex set of international relationships to snag these hackers when they are out of Russia, typically while vacationing at exotic locales using the fruits of their criminal labors. Here’s the lowdown on arrests made in the last eight years.

 Major international crackdown on tech support scams

Most of the scammers targeted in Operation Tech Trap followed the same pattern of misconduct. They caused consumers’ computers to display advertisements designed to resemble pop-up security alerts from Microsoft, Apple or other technology companies. These ads warned consumers that their computers are infected with viruses, are being hacked, or are otherwise compromised. The pop-up messages urged consumers to immediately call a toll-free number for assistance.

 Cyber Czar Giuliani’s ‘cyber doctrine’ still unfinished

“As you know”, said Coats, “the president tasked an effort under the direction of former Mayor Giuliani with this.” Coats could not add much to that other than “frankly given the proliferation of issues we’re dealing with it’s almost overwhelming to get our hands around all of them.” The Doctrine is intended to set the borders and “rules of engagement” on which the US might respond to the cyber aggression, it so often appears to be the target of. The idea first sprang up after the widespread allegations of the “election hacking” of the 2016  presidential race.

 Why Russia’s cyber defenses are so weak

Experts said that Russia is particularly vulnerable to this kind of attack because of its aging computing infrastructure and lax approach to cybersecurity. There is also a huge amount of pirated software in circulation. “[The attack] shows that a country supposedly at the forefront of cybersecurity and cyberwarfare has still proved vulnerable to code hidden inside email attachments that are used every day,” said Greg Sim, the CEO of Glasswall Solutions, a security software company.

 Trump confronts global cyber crisis with a staff marked by vacancies

The dozens of vacant roles with major cyber responsibilities — not all of which are on the front lines in a crisis — include a permanent director for the Department of Homeland Security’s cybersecurity wing, the government’s first responder for many digital emergencies. The raft of openings creates a risk that the government will be slow to respond to trouble, and that federal agencies and private companies will have trouble finding help when they need it, cybersecurity experts and former officials say.

 Backdoors: When Good Intentions Go Bad

What could possibly be wrong with helping law enforcement use legal means to catch terrorists? If technology can hide communications, can’t technology be used in a legal and safe way to reveal critical information when people’s lives are at stake? Unfortunately, the answer is that these requests for access to encrypted information creates “backdoors” that can make all citizens vulnerable to attack. A backdoor in security is a way for an entity (like the government) to access encrypted information.

 iOS 10.3.2 arrives with nearly two dozen security fixes

Apple has just released iOS 10.3.2 to the public, following around a month and a half of beta testing that began shortly after iOS 10.3 came out. It’s available as an over-the-air update or through iTunes for any devices that run iOS 10: the iPhone 5 and newer, the fourth-generation iPad and newer, the iPad Mini 2 and newer, both iPad Pros, and the sixth-generation iPod Touch.

 Cyberattacks Ease After Global Pushback, Putin Points Finger at U.S.

Microsoft’s president and chief legal officer Brad Smith has said the US National Security Agency developed the original code used in the attack, which was later leaked in a document dump. “Microsoft’s leadership stated this directly, they said the source of the virus was the special services of the United States,” Putin said on the sidelines of a summit in Beijing. “A genie let out of a bottle of this kind, especially created by secret services, can then cause damage to its authors and creators,” Putin said. Russia has been accused of cyber meddling in several countries around the world in recent years.

 APT32: Vietnamese Hackers Target Foreign Corporations

APT32 is the “newest named advanced persistent threat group,” according to a new report from FireEye. Published yesterday, the report shows it to be a sophisticated and well-resourced cyber espionage actor targeting Vietnamese interests around the globe — and although not-previously classified in the APTn schema, it has been operating since at least 2013. The APT designation was also commenced back in 2013, when Mandiant used it to describe the first hacking group, APT1, that it was willing to call ‘state-sponsored’.

 United Airlines cockpit access codes leaked online

A United Airlines flight attendant has inadvertently leaked access codes for the company’s airplanes’ cockpit doors, a safety alert email to United employees has revealed. According to the WSJ, the information was mistakenly posted on a public website. […] It’s not that these codes are never changed – they are, periodically. But this information is not meant to be public knowledge, and until these codes are changed again, there’s a bigger danger of someone who is not unauthorised accessing United planes’ cockpits.

 8 ways to manage an internet or security crisis

The issue is not if a problem – or crisis – occurs, but how your company handles it when it does. Manage the problem poorly, you risk losing customers, or worse. Handle a crisis promptly and professionally, you can fend off a public relations disaster and might even gain new customers. So what steps can businesses take to mitigate and effectively manage an IT-related crisis? Here are eight suggestions.


Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.