IT Security News Blast 5-23-2017

SMBs not “too small” to brush off cyber risk concerns

Schoenberg added that the simple fact that they accept credit card payments, maintain employee records, and keep customer information are enough justifications for thinking about getting cyber risk coverage. “These same small businesses generally do not have network defensive capabilities let alone the ability to identify if an attack is occurring—outside of the self-evident ransomware attack. That is pretty ‘target rich’ opportunity,” the cyber risk expert said.

 WannaCry Attacks: Should We WannaRegulate Cyber Security?

A recent report found financial service companies lose an average of $16.53 million each year because of cybercrimes. But even with the high costs incurred by cybercrimes, banks are still dragging their feet, he said. “The pain point doesn’t seem to be high enough [for banks],” he said. […] “If the banks are all so afraid of competition that they don’t have any stickiness with their clients, and if they introduce the slightest bit of friction in authentication that people will jump to another bank, then make all the banks do it.”

 Companies ramp up recruiting veterans as cybersecurity urgency grows

Honorably discharged servicemen and women who have worked in intelligence gathering, communications and on submarines are ideal candidates for cybersecurity positions, says Tim McElwee, president and chairman of Proficio.  “The intrinsic value that we saw when we brought military personnel in was just the overall great operational processes and procedures that they follow. Their DNA is shaped to follow those to a T,” he says.

 Quick, better lock down that CISO role. Salaries have apparently hit €1m

Cindy Provin, chief strategy officer at Thales e-Security, said: “It’s no surprise to see the financial value that top European firms now place on the role of CISOs, particularly given that the GDPR will be coming into effect a year from now. “More importantly, however, these figures are evidence that the startling rise of cyber attacks year-on-year has caused boardrooms to recognise the dangers of hacking for companies’ bottom lines, reputation, customer retention and employee confidence.”

 Why Is Cybersecurity So Hard?

After nearly 20 years of trying and billions of dollars in investment, why are organizations are still struggling with cybersecurity? In fact, the problem seems to be getting worse, not better. Answering this question requires moving beyond a purely technical examination of cybersecurity. It’s true that the technical challenges are very real; we don’t know how to write bug-free code, for example. But if you look at the challenge more broadly, even if we resolved the technical issues, cybersecurity would remain a hard problem for three reasons[.]

 Cyber security in an interconnected future

“We need to be aware of the fact that we are more and more interconnected. The internet is no longer contained … we are more interconnected with third parties that provide our televisions, our fridges, our cars, even … we need to be aware of this new ecosystem being put in place and apply good practices from a cybersecurity perspective[.]” […] How do we even start to put a price on our data? And do governments themselves have to start budgeting to protect their populations from cyber extortion?

 Jaya Baloo on WannaCry and Defending Against Advanced Attacks [Podcast]

Jaya Baloo, CISO of KPN, the Netherlands’ leading telecommunications provider, talks to Mike Mimoso about the WannaCry ransomware outbreak and how large network providers and enterprises must contend with advanced attacks. Baloo will be speaking at the upcoming Borderless Cyber USA conference in New York.

 Have you inadvertently joined a Trump-supporting robot army?

Astroturf lobbying campaigns that coax people into submitting similar comments aren’t new. But the scale (and absolute identicality) of these comments raised eyebrows. Especially when Techdirt noticed that Pai’s supporters had somehow “magically organized themselves” to file their views consecutively in perfect alphabetical order. […] Many had no idea they’d gone on record supporting the Trump administration’s net neutrality policies. Some actually opposed the FCC’s plans, and others had no clue what net neutrality was.

 Russian ‘Cron’ Cyber Gang Arrested for Raiding Bank Accounts

A group of 16 Russian hackers who managed to seize more than $800,000 from Russian bank customers using malware loaded onto Android devices have been arrested, according to cybersecurity firm Group-IB. […] Once a mobile device was infected, the Trojan would automatically steal money from the victim’s account and transfer it to any of the more than 6,000 bank accounts controlled by the hackers, according to Group-IB.

 Hackers Are Trying to Reignite WannaCry With Nonstop Botnet Attacks

Over the past year, two digital disasters have rocked the internet. The botnet known as Mirai knocked a swath of major sites off the web last September, including Spotify, Reddit, and The New York Times. And over the past week, the WannaCry ransomware outbreak crippled systems ranging from health care to transportation in 150 countries before an unlikely “kill-switch” in its code shut it down. Now a few devious hackers appear to be trying to combine those two internet plagues: They’re using their own copycats of the Mirai botnet to attack WannaCry’s kill-switch.

 Another Ransomware Nightmare Could Be Brewing in Ukraine

A virulent ransomware strain called XData has gained momentum in Ukraine, so far leading to about three times as many infections as WannaCry did in the country. That XData appears to target Ukraine specifically tempers some fears, but were it to spread globally it would potentially leave even more devastation than last week’s WannaCry mess. […] Experts are still analyzing the ransomware to identify how it infects devices and spreads, but so far XData shows at least some level of sophistication. That’s in contrast to WannaCry, whose creators’ incompetence limited its scope

 Russia may have rigged Brexit vote – and U.K.’s 8 June general election could be next: Experts

A report handed to the British Parliament’s Intelligence and Security Select Committee suggests that Russian secret funds and disinformation campaign may have swayed the EU referendum vote in favor of Brexit. Ahead of the 8 June parliamentary election, GCHQ [Government Communications Headquarters – the U.K. equivalent of the U.S. NSA] has warned leaders of Britain’s political parties of the threat Russian government hacking was posing to British democracy – while Russian interference with Brexit is also on the radar of the Electoral Commission, which is worried about the transparency of money donated to political parties and campaigns.

 7 NSA hack tool wielding follow-up worm oozes onto scene: Hello, no need for any phish!

Miscreants have created a strain of malware that targets the same vulnerability as the infamous WannaCrypt worm. EternalRocks worm uses flaws in the SMB Server Message Block (SMB) shares networking protocol to infect unpatched Windows systems. Unlike WannaCrypt, EternalRocks doesn’t bundle a destructive malware payload, at least for now. The new nasty doesn’t feature a kill switch domain either. The new nasty bundles seven NSA created hacking tools compared to the two deployed to spread WannaCrypt, according to early analysis of the EternalRocks worm.

 Critical DoS Flaws Patched in Asterisk Framework

The vulnerabilities affect all versions of Asterisk 13, 14 and Certified Asterisk 13.13. The issues have been addressed with the release of versions 13.15.1, 14.4.1 and 13.13-cert4. One of the security holes can be exploited by a remote attacker to cause Asterisk to exhaust all available memory by sending a specially crafted Signalling Connection Control Part (SCCP) packet. Removing or disabling support for the SCCP protocol prevents potential attacks.

 WannaCry ransomware attack illustrates need for evolution in cybersecurity norms

There could be any number of reasons that companies fail to take a basic measure like installing patches for known vulnerabilities. On one end of the spectrum they could have made a reasoned determination that implementing the patch would interfere with their ongoing operations. On the other end lies simple organizational laziness. But the broader point is that a significant number of vulnerabilities for which there is a fix go unpatched, leading to systemic weaknesses in the cybersecurity ecosystem.

 Businesses turn to encryption in the wake of WannaCry cyber attack

The trend has caused many businesses to take on new measures such as installing “military grade encryption” like that offered by SafeSwiss, a Switzerland-based company which reported to the Daily Telegraph that downloads of its product had jumped 78 per cent in the days since the WannaCry attack. And while some businesses are said to be simply unplugging themselves from the world wide web and sticking to paper and pen, Bogdan Boezatu, senior e-threat analyst at cybersecurity firm Bitdefender, says that approach is unrealistic in today’s business world.

 27 arrested for black box ATM attacks across Europe

The 27 people recently arrested conducted their crimes by brute-forcing the ATM directly. These attacks first surfaced in 2015, but gained momentum in early 2016, resulting in the theft of millions of Euro. The brute-force black box attack starts by punching a hole into the ATM’s casing (sometimes the case is melted), and connecting a laptop to the exposed cables or ports. From there, the criminals issue commands to the ATM dispenser to cash-out the machine.

 Emerging Threats to Add to Your Security Radar Screen

Today’s criminals may find success with quick-and-easy attacks, but look for them to experiment with advanced techniques as machine learning and artificial intelligence as these technologies slowly pervade our everyday lives through Alexa, Amazon Echo, search results, and other instances. The information that machine learning systems derive from rules, heuristics, signatures, and people will soar into the billions of pieces of information, according to Mandia. If the good guys are using it, we can bet the bad guys will use it, too.

 S#!T Some Security Vendors Claim

When a vendor comes in for a presentation and, after only a few minutes, claims to know precisely what your challenges are and how to solve them, that’s a major red flag for the confident CISO. “I hear hyped up pitches all the time; powerful messages offering Holy Grail solutions. That’s why it’s important to ask tough questions and test the vendor rep’s spiel,” One frustrated CISO said. “You know your risks best, so keep the focus on what you need done first. Ask specific questions that can’t be answered with rehearsed lines. Once you have that alignment, focus on validation post-implementation and how well the controls will operate to continuously reduce your risks.”


Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.