IT Security News Blast 5-17-2017

Outsourcing security: Would you turn over the keys to a third party?

When asked why a company would cede control, many vendors said it depends on the level of staffing that company has. If the expertise is lacking, why take the chance. Or if it is a small to midsize enterprise, maybe there is just not a budget for creating a security staff up to the level needed. Therefore, partnering with a managed security services provider (MSSP) has become almost a must when faced with worries over data theft and the number of mobile devices entering the workplace.

 U.S. Hospitals Not Immune to Crippling Cyber Attacks

It is no secret health care providers are worried. One large hospital system in Boston took some drastic steps this weekend, disabling all attachments in e-mails—even though WannaCry can spread without any victim interaction, Fu says. “I would say we had dodged a bullet [compared with the U.K.], but I think the bullets are still coming and we know we are just as vulnerable,” he says, noting the malware could be further tweaked to cause future problems.

 How ‘smart cities’ push IoT cybersecurity for state and local IT

State IT executives are more aware of IoT cybersecurity implications, because they’re dealing with industrial systems, facilities HVAC, appliances and the power grid, all of which are managed at the municipal level. To complicate matters, many connected municipal services, from public transportation to water purification are both used and in some cases managed by private companies, so potential cybersecurity threats can come from many different intrusion points at once.

 Cyber insurance market expected to grow after WannaCry attack

Insurers this week started to assess the cost of the attack, which has hit more than 200,000 computers in 150 countries, but it is becoming clear that WannaCry might not be as expensive as many first feared. And, happily at least for the industry, it is already spurring a big increase in demand in cyber insurance. “This is a seminal moment in the development of the cyber insurance market,” says Rick Welsh, chief executive of Sciemus, an insurance data analytics firm.

 Meet the 22-year-old tech whiz who cracked global cyberattack

Hutchins said he came across the solution when he was analyzing a sample of the malicious code and noticed it was linked to an unregistered web address. He promptly registered the domain, something he regularly does to discover ways to track or stop cyberthreats, and found that stopped the worm from spreading. Kryptos Logic chief executive Salim Neino said Hutchins’ quick work allowed him to slow the virus on Friday afternoon European time, before it could fully affect the United States.

 Should Silicon Valley be liable for cybersecurity?

Indeed, says Mr. Schneier and many other technology experts, while the worst software vulnerabilities may have allowed malicious hackers to cripple business and government systems or compromise sensitive personal data, cyberattacks may soon have more costly consequences since software is increasingly embedded into automobiles, medical devices, utilities, and other critical systems. Therefore, experts say, there’s a growing urgency to ensure faulty code can’t be so easily exploited or manipulated.

 Oddities in WannaCry ransomware puzzle cybersecurity researchers

For one thing, said IBM Security’s Caleb Barlow, researchers are still unsure exactly how the malware spread in the first place. Most cybersecurity companies have blamed phishing e-mails – e-mails containing malicious attachments or links to files – that download the ransomware. […] The problem in the WannaCry case is that despite digging through the company’s database of more than 1 billion e-mails dating back to March 1, Barlow’s team could find none linked to the attack.

 Expert Finds More Possible North Korea Links to Cyberattack

If North Korea, believed to be training cyberwarriors at schools, is indeed responsible for the latest attack, Choi said the world should stop underestimating its capabilities and work together to think of a new way to respond to cyber threats, such as having China pull the plug on North Korea’s internet.

 Should U.S. “stockpile” web vulnerabilities?

“Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen,” Smith wrote. “And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today — nation-state action and organized criminal action.”

 Forget North Korea’s Missile System. Here’s What You Should Really Be Concerned About

“There are training camps and schools that identify talent when they are young and train them in this stuff in terms of how to compromise networks and how to manipulate people and individuals on how to compromise their own security,” Bambenek explained. Bambenek says leaders start early, looking for kids with promise in areas like math, then putting those young prospects in elite schools. The children undergo rigorous computer training and eventually graduate into the military’s cyber operation unit.

 Chelsea Manning freed from military prison

The intelligence analyst was court-martialed and convicted of leaking more than 700,000 documents and video about the war in Iraq and Afghanistan. She came out as a transgender woman shortly after being handed an unprecedented 35-year prison sentence in 2013. Then-President Barack Obama commuted Manning’s term in January and set a May 17 release date. Manning, who President Trump has called a “TRAITOR” on Twitter, had been in prison longer than any other US leaker convicted under the Espionage Act.

 DocuSign Phishing Campaign Includes Hancitor Downloader

Phishing emails spoofed the DocuSign brand and included a hyperlink to a Word document that contained a malicious macro. If the document is downloaded and the macro is enabled, it delivers the Hancitor downloader. Next, Hancitor downloads either the credential stealing Pony, EvilPony or ZLoader malware, said Gregor Perotto, senior director, global corporate marketing and communications for DocuSign.

 UK airport authorities arrest human rights activist for not sharing his passwords

He was questioned for about another three hours and was then found not complying with the authorities and was hence, arrested. Nevertheless, he got released on bail after nine hours. However, the game is not over yet, and Rabbani is to appear in front of court later this week. If the court finds him guilty, he can be arrested and put to jail for up to three months. In response, CAGE has launched an online campaign to support Rabbani.

 APT3 Hackers Linked to Chinese Ministry of State Security

A mysterious group called “intrusiontruth,” which claims to focus on investigating some of the most important advanced persistent threat (APT) actors, has recently published a series of blog posts on APT3, a group that is also known as UPS Team, Gothic Panda, Buckeye and TG-0110. The cyberspies, believed to be sponsored by China, have been active since at least 2009, targeting many organizations in the United States and elsewhere via spear-phishing, zero-day exploits, and various other tools and techniques. Researchers noticed last year that APT3 had shifted its attention from the U.S. and the U.K. to Hong Kong, where it had mainly targeted political entities using a backdoor dubbed “Pirpi.”

 Massive cryptocurrency botnet used leaked NSA exploits weeks before WCry

The attack is launched from several virtual private servers which are massively scanning the Internet on TCP port 445 for potential targets. Upon successful exploitation via EternalBlue, machines are infected with DoublePulsar. The DoublePulsar backdoor then downloads and runs Adylkuzz from another host. Once running, Adylkuzz will first stop any potential instances of itself already running and block SMB communication to avoid further infection. It then determines the public IP address of the victim and download[s] the mining instructions, cryptominer, and cleanup tools.

 WikiLeaks Posts User Manuals for CIA Malware AfterMidnight and Assassin

WikiLeaks recently leaked some files as part of its Vault 7 series, that contained user manuals for two malware called, Assassin and AfterMidnight. According to the documents, these viruses belong to the CIA. […] According to the documents, AfterMidnight has three modules which it downloads on an infected device. One is the module that enables data exfiltration. Another module is used for software subversion while the last module acts as an enabler of all the other modules along with providing internal services.

 Cyber Kid Stuns Experts Showing Toys Can be ‘Weapons’

An 11-year-old “cyber ninja” stunned an audience of security experts Tuesday by hacking into their bluetooth devices to manipulate a teddy bear and show how interconnected smart toys “can be weaponized”. […] Plugging into his laptop a rogue device known as a “raspberry pi” — a small credit card size computer  — Reuben scanned the hall for available bluetooth devices, and to everyone’s amazement including his own suddenly downloaded dozens of numbers including some of top officials. Then using a computer language programme, called Python, he hacked into his bear via one of the numbers to turn on one of its lights and record a message from the audience.

 Hackers hold unreleased Pirates of the Caribbean movie to ransom

While it is unclear how much ransom payment is being demanded, Iger stated that the hackers vowed to release the movie in parts if the ransom payment is not paid. Remember, Disney’s upcoming theatrical release includes movies like Cars 3 and Pirates of the Caribbean: Dead Men Tell No Tales. The rumors also hit that Star Wars: The Last Jedi’s workprint was pirated by cyber criminals but it turned out to be a hoax and no official statement came from the studio.

 Data of 1.9M Bell Canada customers compromised

This attack highlights a trend where hackers cast a wide net and use easily attainable account and identity information as a starting point for high value targets, Jason Hart, VP and CTO for data protection at Gemalto, told SC Media on Tuesday. “While no passwords were accessed, the hackers will likely run the email addresses against known databases of stolen passwords from other sites to see if there are any commonly used words, to try and crack the Bell email passwords.”


Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.