IT Security News Blast 7-10-2017

Overcoming File Sharing, Healthcare Cloud Security Concerns

Potential file sharing and healthcare cloud security risks must be addressed in covered entities’ and business associates’ risk analyses, according to the latest OCR cybersecurity newsletter. These collaboration tools can greatly benefit organizations, but the possible privacy and security risks cannot be ignored. Risk management policies and business associate agreements (BAAs) should also review any file sharing or cloud computing options to ensure PHI security, OCR maintained.

Cyber Attack Update: NH-ISAC Issues Petya Mitigations, Nuance Still Down, Heritage Valley Systems Restored

“On execution, the known Petya samples delete themselves and perform a check to verify if this deletion is successful. If the file is still present, Petya will exit. This behavior can be turned into a protection mechanism of sorts.  If you create a vaccine file: C:\Windows\perfc and set the permissions of the file to deny write permissions to everyone, including system administrators, infection can’t succeed as Petya will be unable to copy itself over.

Could new data laws end up bankrupting your company?

Accountability is the new watchword. If personal data gets stolen after a cyber-attack, companies have to report the breach within 72 hours of realising it. And the definition of personal data has been extended to include extra categories such as your computer’s IP address or your genetic make-up – anything that could be used to identify you. Non-compliance with the GDPR could lead to huge fines of 20 million euros or 4% of global turnover, whichever is the greater. For a company like tech giant Apple, that could amount to billions of dollars.

Maersk says too early to predict financial impact of cyber attack

“It is too early to predict what the impact will be on the quarter-two, or potentially the quarter-three result.” The attack did not impact Maersk’s physical loading of goods, but disrupted data-reliant processes such as creating arrival notices and obtaining customs clearance – leading to congestion at some of its ports, including in the United States, India, Spain and the Netherlands.

Feds Suspect Russians Behind Cyber-Attacks on Power Plants

A dozen plants were targeted, including the Wolf Creek Nuclear Operating Corporation, which runs a generating station in Burlington, Kansas. Senior intelligence and nuclear regulatory officials noted that the overwhelming majority of U.S. reactors operate on analog, not digital systems, making them less vulnerable to hacking attacks. “At most, the hackers might have been able to get the schedule for employee overtime,” one official said of the Wolf Creek incident.

In Mistaking Surveillance for Sabotage, NYT Fearmongers Nukes Again

Last night, the NYT had an alarming story reporting that suspected Russian spies were compromising engineers that work at nuclear power plants across the United States. Amber! the story screamed. […] And yet, in the fourth paragraph of the story, NYT admitted it’s not really clear what the penetrations involved. With that admission, the story also revealed that the computer networks in question were not the control systems that manage the plants.

Trump, Putin discuss working together on cyber issues

Tillerson said the “framework” would deal with “how these tools are used to interfere with the internal affairs of countries, but also how the tools are used to threaten infrastructure, how these tools are used from a terrorism standpoint as well.” […] The announcement raised eyebrows of Russia experts worried that Putin may be taking advantage of Trump and that pursuing cooperation before deterrence for recent Russian attacks might send the wrong message.

Republicans blast Trump idea for cyber security unit with Russia

Republican Senators Lindsey Graham, an influential South Carolina Republican who is a member of the Senate Armed Services Committee, and Marco Rubio of Florida, who opposed Trump for their party’s presidential nomination, blasted the idea. “It’s not the dumbest idea I have ever heard but it’s pretty close,” Graham told NBC’s “Meet the Press” program, saying that Trump’s apparent willingness to “forgive and forget” stiffened his resolve to pass legislation imposing sanctions on Russia. Rubio, on Twitter, said: “While reality & pragmatism requires that we engage Vladimir Putin, he will never be a trusted ally or a reliable constructive partner.

Trump’s plan to work with Putin on cybersecurity makes no sense. Here’s why.

If the proposed cybersecurity unit were to work effectively, the United States would need to share extensive information with Russia on how U.S. officials defend elections against foreign tampering. The problem is, however, that information that is valuable for defending U.S. systems is, almost by definition, information that is valuable for attacking them, too. This is one reason U.S. officials have not previously proposed any far-reaching arrangement with Russia on cybersecurity. Providing such information would almost certainly give the Russians a map of vulnerabilities and insecurities in the system that they could then exploit for their own purposes.

Germany Says Risks From Recent Cyber Attacks Greater Than Expected

The German statement added to the growing conviction among experts that the global attack was more harmful than initially believed. The virus took down thousands of computers in dozens of countries, disrupting shipping and businesses. German security officials are still investigating the origin of the virus and do not have reliable data to confirm a claim by the Ukrainian government that Russia was behind the attack.

How I learned to stop worrying (mostly) and love my threat model

Threat modeling doesn’t have to be rocket science. Most people already (consciously or subconsciously) threat model for the physical world around them—whether it’s changing the locks on the front door after a roommate moves out or checking window locks after a burglary in the neighborhood. The problem is that very few people pay any sort of regular attention to privacy and security risks online unless something bad has already happened.

They Are Watching

Law enforcement agencies are acquiring and using surveillance technology, often without the knowledge of local government and the communities they represent.  Learn about the technologies and the issues they present, and get recommendations on how to protect your civil liberties. They are watching.  You should be, too.

Journalism After Snowden: The Growing Digital Threat

Products such as Hacking Team’s Remote Control System and Gamma Group’s FinFisher allow governmental purchasers the ability to remotely and secretly access and monitor the computers and phones of their targets. Research published by Citizen Lab as well as other investigative groups has demonstrated that some governments and security services abuse these tools by hacking political opponents, human rights groups and journalists both within their own jurisdictions and abroad.

Self-driving Signal car is designed to protect journalists from cyber surveillance

The Signal car was designed by Peters as a “mobile meeting room” for journalists, as they face growing pressures and concerns about their security and privacy. Press freedom has been a hot topic this year following the inauguration of Trump, who banned journalists he didn’t like from his media room and recently appeared to condone attacks on reporters via a video he shared on Twitter. The US is currently ranked 43rd on the Press Freedom Index, where North Korea, Eritrea and Turkmenistan appear at the very bottom.

Ask a Security Expert: The Case For Cloud-Based Cybersecurity Solutions

Not only is conventional antivirus protection struggling to keep up with today’s attacks, but many traditional approaches also do not provide organizations with full visibility into the security of each endpoint. It is essential for MSPs to have visibility across all their customer’s networks and access to up-to-date intelligence on threats to their systems and endpoints of all types. The most effective approach to ensuring all endpoints have active antivirus protections is through cloud-based cybersecurity solutions.

Copycat Malware Could Be the Harbinger of Even Worse Cyber-Attacks

The first attack is to gain root access to the Android device, which it’s able to accomplish over half the time. Once it roots the device, the malware injects code into Android’s Zygote service, which is the process that Android uses to launch apps. The Zygote attack allows the malware to download new apps silently, for which it’s paid a referral. In addition, the malware monitors user activity to get referrals for apps the user views in Google Play, for which it then also gets referral payments.

Kaspersky Lab chief urges global assault on hackers

“I believe that the major nations in the cyber space can talk and must talk to each other … What is going on in cyber right now is unacceptable. Everyone hacks everyone,’’ he said in an interview with The Australian during a recent visit to Australia. “What is going on is very bad. There are no rules in this game. I think, I hope, that the major nations will talk to each other.


Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.