IT Security News Blast 5-3-2017

Humans wanted: No such thing as 100% automated threat intelligence, says panel

“Supervised machine learning has a lot of promise, but you still need that paired up with human brains to make [your threat data feed] a truly valuable feed for your organization,” said Levi Gundert, VP of intelligence and strategy at Recorded Future, asserting that human analysis is necessarily to derive proper context from external reports while weeding out noise and false positives. “I think human intervention is still required,” agreed Charles Kao, global director of information security at fund administration firm Hedgeserv. It’s how do we leverage our analysts to focus on the ones that’s relevant for the organization, rather than… just having them go through the feeds and not knowing which direction [to go]?”

 Organizations slow to detect damaging cyberattacks, study find

“You’re getting this exponential growth of machines that basically are perfect targets for these botnets. They’re being assembled as pretty powerful botnets,” Lyon said. “It’s the perfect petri dish for this kind of thing.” Lyon said that he expects the threat to organizations from these attacks to continue to grow. “It’s not going to get easier because as there’s more devices, there’s a bigger threat, which means you need a larger infrastructure to protect yourself,” Lyon said. “[Attackers] are getting more intelligent. The toolkits that are out there are better.”

 Protecting health care operations from cyber liability

“Ensuring adequate security precautions to protect health information, including identifying any security risks and immediately correcting them, is essential,” the Office for Civil Rights at the U.S. Department of Health and Human Services said. “Although OCR prefers to settle cases and assist entities in implementing corrective action plans, a lack of risk management not only costs individuals the security of their data, but it can also cost covered entities a sizable fine,” the agency said. In other words, the loss of the data alone was sufficient to warrant sanctions.

 Why combatting cyber-crime is critical for life science companies

Life science companies hold vast amounts of critically important data and information. Obvious categories include data arising from the development and testing of pharmaceutical products, including clinical trial data, while the rise of biologic drugs has also brought with it valuable manufacturing know-how for these complex molecules. The sophisticated nature of medical devices and their connectivity raises additional risks. Add in commercially sensitive information about products and their pricing and promotion, and it’s no surprise that the sector finds itself the target of cyber-attacks.

 This sort of thing, unfortunately, is happening to health care providers of all types and sizes.

Behold, the spear phish that just might be good enough to hook you

One variation started with an e-mail threatening a lawsuit because a visitor got sick after eating at one of the company’s restaurants. To increase the chances the attached Microsoft Word document is opened, the attackers personally follow up with a phone call encouraging the recipient to open the booby-trapped file and click inside. The attacker calls back a half-hour later to check if the recipient has opened the document. The attacker immediately hangs up in the event the answer is yes.

 China-Linked Spies Use Recent Zero-Day to Target Financial Firms

On April 20, researchers spotted a campaign aimed at global financial firms operating in Russia and neighboring countries. Given that the attacks were apparently aimed at analysts covering the telecommunications industry, experts believe this latest operation is likely a continuation of a similar campaign first analyzed in the summer of 2015. In the recent attacks, TA459 sent out spear-phishing emails containing a Word document set up to exploit a recently patched remote code execution vulnerability tracked as CVE-2017-0199. The attackers started leveraging this flaw just days after Microsoft released a fix.

 17 Measures Every Company Should Consider to Reduce the Risk of Cyber-Intrusions

Below is our list of 17 measures every company should consider to reduce the risk of cyber-intrusions.

  • Conduct internal compliance and risk assessments, to determine your organization’s vulnerability to cyber-attacks.
  • Develop and implement corporate policies and procedures required for compliance with federal and state privacy and security laws.
  • Develop quick-response teams to handle potential cyber-attacks, using pre-formulated decision trees and procedures so that you don’t have to develop them while under the fire of an ongoing attack.

 Predictive Cybersecurity: Prepare for Attackers Before They’re at Your Door

To combat today’s complex cyberthreats, several agencies have launched initiatives, fueled by predictive analytics, that may soon be able to provide significant warning before an attack occurs. “We haven’t gotten to the point where cognitive machines can take over security, but predictive analytics makes your security smarter,” says Alan Webber, research director at IDC. “This will likely reduce the number of false positives to give a better chance of detecting attacks.”

 There’s Simply No Such Thing as “Good Enough” in Cyber Security

For example, many vulnerability scanning tools have been developed over the years and have become a crucial part of organization’s every day security posture.  These scanning tools provide valuable insight into out-of-date patches and vulnerabilities that have been publicly reported.  The problem: most organization’s vulnerabilities are not publicly known. We’re talking about nearly 90%! What does that mean?  A vulnerability scan, or a scan based penetration testwill not identify those unknown vulnerabilities. That’s a high price to pay for good enough.

 War Gaming Your Way to Better Cybersecurity

The hope is that by using realistic situations and technologies, the participants will be able to hone their cyber security skills by testing themselves across all aspects of cyber security. “These are real systems taken from the field,” the organizers say. “The same power grid system is used in energy transmission companies around the world. The drone uses the same system, software and ground station that is used in military systems around the world.”

 How Much Should your Company Budget for Cyber Security?

The cyber insurance market is embryonic, and businesses need to understand the level of insurance required. To do this it is vital to evaluate cyber risk. It is easy to underestimate, and therefore under insure, the financial impact of a cyber-attack. Insurance companies are increasingly recognising the need to differentiate themselves and price policies on the actual risk of the insured. Measuring cyber risk requires understanding how business assets are impacted by a cyber-attack. Risk metrics determine how much insurance is actually required by a business.

 Self-driving cars, connected toasters – who will be liable?

That potential shift in liability will also include a shift in the type of people making claims – “so all of a sudden you see the company that made the auto being more of a technology service provider that’s providing a bespoke technology product that happens to drive on the road or happens to fly in the air,” she said. […] “Being in the reactionary industry that we are in, no-one’s going to write a policy until someone wants to buy it, and we’re not there yet, but over time we’re going to be moving in that direction,” Donavan explained.–who-will-be-liable-66469.aspx

 ‘Cybersecurity resiliency’ bill would fund states and cities

Sister bills HR 1344 and S. 516 face a steep climb to passage, but if enacted would establish a Department of Homeland Security grant program to fund increased cybersecurity governance around state and local government networks. The threat these networks face is “a real problem” said former Defense Secretary Leon Panetta. […] The grants made available through this legislation would attempt to ameliorate this gap by providing funding to states seeking to create or revise a “cyber resiliency plan.”

 A force in flux: Military adjusts to emergent domains of warfare

Multi-domain battle seeks to integrate operations and coordinate seamlessly across the five domains of war — air, land, sea, space and cyber — as opposed to the antiquated domain-specific approach to solving problems. Emergent domains, such as cyber and space, and adversarial use of such battlefields, has the force rethinking how it will organize conventional units and at what level to incorporate skill sets within these war-fighting environments.

 N. Korea Behind 2016 Cyber Attack Against Cyber Command

Investigators said that the malicious codes and some of the IP addresses used in the attack which traced back to China were the same ones previously used by the North. North Korean hackers were found to have hacked into a firm that supplies vaccine programs to the Defense Ministry in 2015 and collected key data on the programs. They then used the data to infiltrate the military’s public Web servers and found a point connecting those servers and the military’s intranet to steal various military information from the cyber command.

 GOP’s “Internet Freedom Act” permanently guts net neutrality authority

Nine Republican US senators yesterday submitted legislation that would prohibit the Federal Communications Commission from ever again using the regulatory authority that allowed the commission to impose net neutrality rules. The “Restoring Internet Freedom Act” would prohibit the FCC from classifying ISPs as common carriers under Title II of the Communications Act and “from imposing certain regulations on providers of such service.”

 Qubes kicks Xen while it’s down after finding ‘fatal, reliably exploitable’ bug

The bug in XSA-213 only affects 64 bit x86 systems and relates to how root and user mode page tables are handled by 64-bit PV guests. The IRET hypercall, which stands in for identically-named CPU instructions, transfers control from user mode to kernel mode. “If such an IRET hypercall is placed in the middle of a multicall batch, subsequent operations invoked by the same multicall batch may wrongly assume the guest to still be in kernel mode”, Xen explains, with the result that the guest could get writable access to the wrong root page table.

 Malware Hunter Crawls Internet Looking for RAT C2s

A new crawler released today by Shodan designed to find command and control servers has already unearthed 5,800 controllers for more than 10 remote access Trojan (RAT) families. The crawler, called Malware Hunter, poses as an infected computer beaconing out to an attacker’s server waiting for additional commands or malware downloads. Unlike passive honeypots and sinkholes, Malware Hunter is actively seeking responses from C2 servers by pretending to be a newly infected machine sending out a callback with system information.

 A $22 Radio device to crack car’s security system

A few antennas, transmitters and batteries and of course the brilliant minds of security researchers of Qihoo 360 is the recipe of the radio device. Simple, cheap but highly effective! Yes, several devices have been made in the past just like this one but none of them was so cheap. NONE of Them! Also, this device can be said to be an “Upgraded” version of any previous devices of such kind because these devices can transmit the signals from over 1000 feet! This goes to show that as tech companies are constantly trying to make new products, hackers are keeping up with them in finding vulnerabilities on those devices!

 Netgear Patches RCE Flaws in Routers, Switches

The flaw, discovered by Maxime Peterlin of ON-X, affects WNR2000v3, WNR2000v4, WNR2000v5 and R2000 routers. Firmware updates that patch the vulnerability are available for all impacted models. Netgear said the weakness can only be exploited by an attacker with access to the network hosting the device, or if the router has the remote management feature enabled. This feature is disabled by default.


 Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.