IT Security News Blast 5-8-2017

Homeland Security Issues Warning on Cyberattack Campaign

The Department of Homeland Security is warning IT services providers, healthcare organizations and three other business sectors about a sophisticated cyberattack campaign that involves using stolen administrative credentials and implanting malware, including PLUGX/SOGU and RedLeaves, on critical systems. […] “Some of the campaign victims have been IT service providers, where credential compromises could potentially be leveraged to access customer environments,” the alert notes. “Depending on the defensive mitigations in place, the threat actor could possibly gain full access to networks and data in a way that appears legitimate to existing monitoring tools.”

 Google Docs Phishing Scam Cost Minnesota State Thousands of Dollars

Last Wednesday the Internet was full of news reports regarding a new sophisticated phishing scam using Google Docs to trick users into giving away their login credentials by opening a fake Google document. […] According to a report by ABC News, the Minnesota state’s chief information security officer Christopher Buse said that “2,500 state employees received the phishing email, altogether they received 13 different variants of the attack. Dealing with it cost taxpayers nearly $90,000, mainly because of the amount of time state employees spent dealing with the attack as opposed to their normal day-to-day jobs.”

 Law Firm Takes Cyber Insurance Provider to Court for Not Covering US$700,000 in Ransomware Losses

It is worth noting the law firm eventually was forced to pay the criminals a US$25,000 ransom due to this attack. It took them a total of three months to get everything sorted, as setting up a Bitcoin account and renegotiating the deal took up a lot valuable time. Moreover, the first decryption tool did not work properly, which caused even more [unnecessary] delays. All things considered, it is not hard to see how the firm racked up about US$700,000 in losses. […] Even though Sentinel Insurance provides them with an insurance against these attacks, they only paid US$20,000 so far. That amount is, according to the company, the maximum policy limit for losses sustained from computer viruses. The loss of business income is, apparently, not covered by this insurance policy whatsoever.

 Lawyer: Cops “deliberately misled” judge who seemingly signed off on stingray

The Oakland Police Department’s own stingray was seemingly insufficient, so officers then called in the FBI, both times without a warrant. […] The stingray question is proving to be a constant thorn in the prosecution’s side—the defense has seized on it as an avenue to challenge the government’s case. Earlier this week, Boersch filed three new motions that an Oakland federal judge will hear next month. Her client may finally get a judicial ruling as to whether the Oakland Police Department and the FBI’s stingray use here was appropriate and what effect that should have, if any, on his case.

 Improving Cybersecurity: The Diversity Imperative

Cybersecurity problems, including some of the most urgent, pressing, and knotty ones, often have little or no technical component. There are so many other elements to contend with — awareness and training, security processes and procedures, incident response, recovery planning and communication. To fill those one million cybersecurity jobs, the industry must look to cross-train professionals from other disciplines.

 Cybersecurity is one of the top risks organizations must manage in 2017

  • Healthcare: ransomware attacks are projected to rise 250%, and hackers were responsible for 106 major healthcare data breaches in 2016.
  • Financial services: Despite ranking only third in volume of security incidents, the financial services industry came in first in number of incidents leading to confirmed data losses.
  • Insurance: Risk is twofold in this market, because insurers are not only targets of hackers, they’re also providers of coverage to victims.
  • Education: At the beginning of February 2016, the University of Central Florida announced a data breach had affected approximately 63,000 current and former students, faculty and staff.

 BUFFETT: This is ‘the number one problem with mankind’

Warren Buffett sees cyber attacks as a bigger threat to humanity than nuclear weapons. “I’m very pessimistic on weapons of mass destruction generally although I don’t think that nuclear probably is quite as likely as either primarily biological and maybe cyber,” Buffett said during Berkshire Hathaway’s annual shareholders’ meeting on Saturday.

 Seeing Security from the Other Side of the Window

In most organizations, security is a cost. To a business, costs are seen as somewhat of a necessary evil. There is a general understanding that it takes investment in various different areas in order to run a business properly.  Of course, as you might expect, those running the business and making those investments generally want to know what return their investments are bringing, and whether or not continued investment is justified and at what level.

 Why Physical Security For Your Business Is Just as Critical as Online Security

These factors are important, as job satisfaction and performance both tend to be higher among employees who identify with the values of their organization — and these employees are more likely to stick with their business. Better yet, building organizational identification among your employees helps encourage customers to remain loyal to your brand, keeping them coming back to your company, and driving sales.

 Man: border agents threatened to “be dicks,” take my phone if I didn’t unlock it

Gach’s case is just one of a rapidly increasing number of border searches of digital devices. Customs and Border Protection has not provided any public explanation as to why. However, the agency maintains that such searches are exceedingly rare. […] The 43-year-old artist also told Ars that he had been involved in political activism “for a long time” (Greenpeace, Copwatch). Although Gach has had interactions with law enforcement before, he has no criminal record.

 Top Obama Officials to Testify on Russian Election Interference

Sally Yates — acting attorney general in the Trump administration for 10 days before being fired — could bring new pressure on the White House over what it knew about former national security advisor Michael Flynn’s communications with Russian officials. Obama’s director of national intelligence James Clapper is also set to testify, after repeatedly warning of the need to get to the bottom of how the Russians interfered in the election, and whether anyone on President Donald Trump’s team colluded with Moscow.

 Macron team target of ‘massive cyber attack’

Macron’s team said on Saturday a “massive” hack had dumped emails, documents and campaign financing information online just before campaigning ended on Friday and France entered a quiet period which forbids politicians commenting on the leak. […] The data leak emerged as polls predicted Macron was on course for a comfortable victory over far-right leader Marine Le Pen in Sunday’s election, with the last surveys showing his lead widening to about 62 per cent to 38.–massive-cyber-attack-.html

 Germany challenges Russia over alleged cyberattacks

Hans-Georg Maassen, president of the BfV agency, said “large amounts of data” were seized during a May 2015 cyber attack on the Bundestag, or lower house of parliament, which has previously been blamed on APT28, a Russian hacking group. Maassen, speaking with reporters after a cyber conference in Potsdam, repeated his warning from last December in which he said Russia was increasing cyber attacks, propaganda and other efforts to destabilise German society.

 Cyberspies tap free tools to make powerful malware framework

The attack, analyzed by researchers from antivirus firm Bitdefender, shows that cyberespionage groups don’t necessarily need to invest a lot of money in developing unique and powerful malware programs to achieve their goals. In fact, the use of publicly available tools designed for system administration can increase an attack’s efficiency and makes it harder for security vendors to detect it and link it to a particular threat actor.

 Five key players for Trump on cybersecurity

  • Rob Joyce
  • Jared Kushner
  • Chris Liddell
  • Homeland Security Secretary John Kelly
  • Defense Secretary James Mattis

 Assessing the Latest Draft Cybersecurity Executive Order

The latest draft version of the Trump administration’s cybersecurity executive order isn’t dissimilar from the previous version, and lays out a plan to secure U.S. federal government and critical infrastructure IT that could have come out of the Barack Obama White House, including modernizing federal IT. […] Expectations of an early release of the cybersecurity executive order, or EO, have faded as one draft version after another slowly gets distributed among stakeholders. “All rumors that something is imminent are just that,” says Grant, who adds that administration insiders tell him they continue to make changes in the EO.

 Washington National Guard Participating in Major Cyber Exercise

Divided into two phases, the first week offers participants the opportunity to hone their skills through academic instruction covering everything from the legal aspects of cyber operations to the nature of cyber threats to hands-on technical training. Equally important, the soldiers and airmen are learning their roles as part of the larger cyberspace defense community. During the second phase of Cyber Shield, exercise participants from cyber protection teams face off against trained antagonists, who simulate online adversaries.

 Microsoft Warn Users of Cyber Attacks on Windows Software Update System

Earlier this week, the research team which is part of Windows Defender Advanced Threat Protection system, detected several attacks being carried out against a software’s update system whose name has not yet been revealed – All that is known about the software is that it is a well-known editing application and that the creator or vendor of the software also experienced attacks. The consequences of the attack: It is said that the attackers, by hacking the software update system, were able to gain remote access to certain targeted computers. They were then able to execute malware without the victim knowing about the infection.

 The hijacking flaw that lurked in Intel chips is worse than anyone thought

AMT, as it’s usually called, allows system administrators to perform a variety of powerful tasks over a remote connection. Among the capabilities: changing the code that boots up computers, accessing the computer’s mouse, keyboard, and monitor, loading and executing programs, and remotely powering on computers that are turned off. […] But, remarkably, that authentication mechanism can be bypassed by entering any text string—or no text at all. […] A query of the Shodan security search engine found over 8,500 systems with the AMT interface exposed to the Internet, with over 2,000 in the United States alone[.]

 Carbanak Hackers Use Shims for Process Injection, Persistence

Shims are small patches that application developers can create through the Windows Application Compatibility Infrastructure, and are mainly used for compatibility purposes for legacy applications. […] As part of their attack, the FIN7 hackers used a custom Base64 encoded PowerShell script to run the sdbinst.exe utility and register a custom shim database file (SDB) containing a patch. Next, they wrote an “.sdb” file to the 64-bit shim database default directory, and create specific registry keys for the shim database, which had the description “Microsoft KB2832077.”

 Russian Fatboy ransomware-as-a-service offers customer support over Jabber

The malware, discovered by Recorded Future and dubbed “Fatboy”, uses The Economist’s Big Mac Index as a reference. The ransomware changes the amount of money it charges, so that victims in areas with a higher cost of living will be charged more to have their data decrypted. The ransomware was posted on a Russian cyber-criminal forum by someone operating under the username “polnowz”, offering customer support and guidance.


Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.