IT Security News Blast 7-20-2017

CISO: To achieve security in IoT devices, remember the fundamentals

When it comes to the internet of things, the landscape is different, but not necessarily the threats. The attack vectors are easy to get into because the devices are perimeter-less in the internet. Security principles like ITM and identity management are translating into IoT, but the bigger problem is that the risks are magnified in the IoT space if those principles are not applied properly. But the fundamental principles for securing IoT are nothing different from securing IT.

 Targeted, custom ransomware menace rears its ugly head

Attackers are manually deploying ransomware directly into target networks to maximise the damage and potential payout. Unlike “spray-and-pray” attacks such as WannaCrypt, which hit victims at random, targeted attacks that manually execute the ransomware enable criminals to ensure they have locked mission-critical files that companies will be most likely to pay exorbitant fees to retrieve. Manual deployments can also evade most traditional signature-based security measures, making it much harder to identify and stop before it’s too late.

 Modified Versions of Nukebot in Wild Since Source Code Leak

Some opportunistic criminals have put the leaked source code for the Nukebot banking Trojan to use, targeting banks in the United States and France with variants of the malware, while another group has adapted it to steal mail client and browser passwords. The leak was disclosed in early March when the malware’s author, a hacker known as Gosya, posted a link to the source code download in a number of black market forums. […] Of those used in attacks, Yunakovsky said that an analysis of the web injections in the code indicate an interest in compromising banks in France and the U.S.

 Ransomware attack on KQED TV, Radio Station wiped out pre-recorded segments

KQED, a prominent public TV and radio station in San Francisco, is an example that shows how badly a corporation suffers when ransomware hits these internet linked devices. KQED has been trying to recover from the damages of a huge ransomware attack since over a month, but still many of its systems have failed to respond. The San Francisco Chronicle reported that the station received a massive ransomware attack on June 15. The attack and its incurred damages are so severe that it has been “bombed back to 20 years ago, technology-wise” as per the analysis of one KQED’s senior editor Queena Kim.

 Strengthening cybersecurity should not compromise healthcare delivery

With increased regulation, new measures should make cybersecurity easier and more accessible. New authentication techniques and data segregation could help streamline security into the industry, as well as increase the time doctors spend with patients. However, the solutions are not as simple as imagined. Strengthening our cybersecurity through comprehensive efforts and training must be balanced against the quality healthcare.

 Only Half of Healthcare Professionals Report Their IT Infrastructure Is Safe from Cyber Attacks

Meanwhile, 15 percent of healthcare professionals responded they do not think their information technology infrastructure is secure, and another 15 percent responded that they are working on securing their information technology infrastructure. What’s more, a final 15 percent said that they were unsure of their IT infrastructure’s security against an attack. […] Almost one-third (30 percent) of respondents said their organization has faced some form of cyberattack, while a little more than half (54 percent) reported they had not been attacked and 12 percent said they were unsure.

 Cyberattack on Ukrainian clinics, pharmacies worries experts

“You cannot attack hospitals,” said Duncan Hollis, a Temple University professor and a former treaty lawyer for the U.S. State Department. Although what happened at Podkopaieva’s clinic fell short of the death and destruction that would constitute an unambiguous “attack,” Hollis said the disruption was still a step in a dangerous direction. “It’s getting close to, if not across the line of, actual harm that international law might be prohibiting,” he said.

 Cyberattack in Ukraine may not have been Russian

[Cisco] is puzzled that unleashing this destructive software revealed a powerful capability, something that a state actor like Russia would have been loath to do, even though Cisco researchers still think the attacks were potentially a Russian political operation. Cisco reports: “Our Threat Intelligence and Interdiction team is concerned that the actor in question burned a significant capability in this attack. They have now compromised both their back door in the M.E.Doc software and their ability to manipulate the server configuration in the update server.

 White House gives thumbs up to overturning net neutrality rules

“The previous administration went about this the wrong way by imposing rules on ISPs through the FCC’s Title II rulemaking power,” White House Deputy Press Secretary Sarah Sanders told reporters yesterday. “We support the FCC chair’s efforts to review and consider rolling back these rules and believe that the best way to get fair rules for everyone is for Congress to take action and create regulatory and economic certainty.”

 US bipartisan alliance to defend elections from cyber attack

“Many foreign countries, and even terrorist organisations, exploit digital technology to advance their agendas and influence public narratives abroad. This project will find practical solutions to help both parties and civic institutions that are critical to our elections better secure themselves and become more resilient to attacks.”

 North Korea threatens the world with cyberwarfare, not nuclear missiles

“North Korea sees cyber operations as a relatively low-cost and low-risk means” of operation. This allows them to “upset the status quo with little risk of retaliation or immediate operational risk.” For Pyongyang, cyber capabilities are “an effective means to severely disrupt or neutralize the benefits of having a networked military.” If you read between the lines, that means the United States and its allies. We shouldn’t be surprised by this. Cyber capabilities are rapidly becoming a tool in the arsenal of every military and intelligence organization about the world.

 The CIA’s cozy malware relationship with defense contractor revealed

The trail starts from November 2014, two weeks after Raytheon had acquired Blackbird Technologies. At the time, it said Blackbird would expand its “special operations capabilities in tactical intelligence, surveillance and reconnaissance, secure tactical communications and cybersecurity.” Blackbird Technologies was a cyber security and surveillance company that supplied equipment for covert “tagging, tracking and locating” and counted US Special Operations Command as one of its biggest customers. In 2011, a retired special operator described Blackbird Technologies’ work as being “heavily weighted towards the dark side.”

 NDAA would fully approve cyber funding for DOD

The bill would fully fund the defense budget request for cyber operations and provide resources for cyber warfare. The funding would go toward the HASC’s recommendations outlined in 13 issues of the report’s Cyber-Related Matters section. If the bill is passed, the following issues could effect defense IT contractors in fiscal 2018, due either to requirement changes or to potential opportunities resulting from the fully funded and potential increases in cybersecurity operations.

 Agencies’ approach to IoT security highlights differences in cybersecurity approach

The White House’s cybersecurity executive order requires agencies to take an enterprise approach to cyber risk assessment and mitigation, while the National Institute of Standards and Technology has its risk management framework to serve as a best practice guide for agencies. Thinking in the realm of risk might make sense for an agency like NASA, which leans on international partnerships, sharing and connecting devices and systems, and also has a budget nearing $20 billion.

But for EPA, which is looking at a spending plan anywhere from $5 billion to $7 billion for fiscal 2018, there’s not much room to push for the fences.

 APAC firms see clueless employees as biggest security threat

Some 47 percent believed the lack of employee awareness was the biggest cybersecurity challenge for their organisation, compared to 36 percent who pointed to third-party service providers and suppliers and 31 percent who said cloud migration. Another 29 percent believed legacy IT systems were their company’s biggest cybersecurity challenge, while 25 percent pointed to the lack of management support.

 Russian man who helped create notorious malware sentenced to 5 years

A Russian man who helped create and spread the notorious Citadel malware back in 2011 was sentenced Wednesday to five years in prison by a federal judge in Atlanta. According to the Associated Press, Mark Vartanyan will receive two years’ credit for time already served in Norway, where he had been living previously. He was extradited to the United States in December 2016 and was arraigned and pleaded guilty to hacking charges in March 2017. Vartanyan had apparently been helping prosecutors with their investigation “from the start.”

 Bad Code Library Triggers Devil’s Ivy Vulnerability in Millions of IoT Devices

Tens of millions of products ranging from airport surveillance cameras, sensors, networking equipment and IoT devices are vulnerable to a flaw that allows attackers to remotely gain control over devices or crash them. The vulnerability, dubbed Devil’s Ivy, was identified by ​researchers at Senrio, who singled out high-end security cameras manufactured by Axis Communications. Senrio said 249 models of 251 Axis cameras are vulnerable to unauthenticated remote attackers who can intercept a video feed, reboot cameras, or pause a video feed while conducting a crime.

 School of card knocks: Russophone criminals offered online courses in credit card fraud

“The course includes webinars, detailed notes and course material,” Digital Shadows reports. “In exchange for RUB 45,000 (£575, plus £150 for course fees), aspiring cyber criminals have the potential to make £9,200 a month, based on a standard 40-hour working week. Given the average Russian monthly wage is less than $700 a month it means cyber criminals could make nearly 17x more than a ‘legitimate’ job.”

 Oracle Releases Biggest Update Ever: 308 Vulnerabilities Patched

The numbers are gory: 308 vulnerabilities patched, 165 of which are remotely exploitable, across more than 90 products. So far in 2017, Oracle has patched 878 vulnerabilities through three CPUs. […] “Businesses continue to rely on legacy applications that can’t be patched or upgraded, creating yet another avenue of attack,” Holt said. “Now this CPU introduces a new range of flaws for hackers to try to exploit before cyber professionals can plug the holes over the coming months (or year).”

 Let’s harden Internet crypto so quantum computers can’t crack it

The work-in-progress suggests an optional IKEv2 payload “used in conjunction with the existing Diffie-Hellman key exchange to establish a quantum-safe shared secret between an initiator and a responder,” and it supports a number of suitable key exchange schemes. One way keys can be quantum-safe, the draft explains, is for them to be randomly generated and ephemeral – in other words, it’s an attempt to blend two cryptographic concepts, asymmetric public/private key encryption and something akin to a one-time pad.

 New Linux Malware Exploits SambaCry Flaw to Silently Backdoor NAS Devices

Dubbed SHELLBIND, the malware works on various architectures, including MIPS, ARM and PowerPC, and is delivered as a shared object (.SO) file to Samba public folders and loaded via the SambaCry vulnerability. Once deployed on the targeted machine, the malware establishes communication with the attackers’ command and control (C&C) server located in East Africa, and modifies firewall rules to ensure that it can communicate with its server. […] The maintainers of Samba already patched the issue in Samba versions 4.6.4/4.5.10/4.4.14, so you are advised to patch your systems against the vulnerability as soon as possible.


Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.