IT Security News Blast 7-25-2017

Congressional Task Force Issues Report on Cybersecurity in the Health Care Industry

The Report also criticizes the overwhelming number of regulatory bodies involved on both the federal and state level, observing it has led to overly-complicated and confusing requirements and laws. Given that technology is outpacing the laws and regulations, the task force laments that there are a number of laws and regulations that “impose a substantial legal and technical burden on health care organizations, without having a material impact on reducing risks.”

 Hospitals need to be better prepared for a cyberattack against the nation’s power grid

The threat of a large-scale disruption to power means hospitals and state regulators need to do more to ensure providers can maintain critical functionality, according to a report published by the National Academies of Sciences, Engineering, and Medicine. “Given the nature of the system, there is simply no way that outages can be completely avoided, no matter how much time and money is devoted to such an effort,” the authors wrote. “The system’s reliability and resilience can be improved but never made perfect.”

 Data Breaches Happening at Record Pace, Report Finds

The business sector continues to have the highest percentage of total breaches reported — 54.7 percent at the six-month mark. The healthcare industry was second, and had the biggest increase from this time last year — 30.7 percent of the breaches versus 22.6 percent in 2016. The education sector (11.3 percent) was third, followed by financial (5.8 percent) and government/military (5.6 percent).

 Life-or-death decisions: How do we safeguard healthcare IoT?

As with many IoT devices, security is often seen as an inhibitor to application and services development, with security and privacy practices evolving as “bolt on” features, long after the device ecosystem was designed. This is both costly and dangerous. In an effective healthcare IoT development ecosystem, devices themselves, along with the services, cloud infrastructure and applications they interact with, need to have clear infosec, identity and privacy controls embedded from the beginning. To achieve this, full data lifecycle analysis needs to be completed, along with the correct level of risk mitigation and protection.

 Trickbot Malware Now Targets US Banks

The Trickbot banking Trojan is now targeting U.S. banks in new spam campaigns fueled by the prolific Necurs botnet. The malware has grown more potent with the introduction of a customized redirection method as part of its attacks. […] Flashpoint said Necurs has been used in three distinct spam campaigns. “These malicious emails contained a Zip-archived Windows Script File (WSF) attachment consisting of obfuscated JavaScript code. Upon being clicked, the files download and execute the Trickbot loader,” according to researchers.

 New variant of Emotet banking trojan spreads internally like worm

“It stands to reason that crimeware authors have taken note of the broad impact observed in these particular events and are looking to incorporate spreader components in their toolkits,” the post reads. “The Wannacry and Petya campaigns have clearly demonstrated how inclusion of other techniques like credential dumpers (Mimikatz) and exploits (EternalBlue) can greatly accelerate propagation across enterprises.”

 Local governments, including Portland, use security software from Russian firm

To identify the agencies, The Post reviewed state, local and federal government websites to obtain documents that listed Kaspersky or its programs, including city council agendas, annual agency reports and government procurement records. Officials interviewed in nine jurisdictions all said they had purchased or supported software made by Kaspersky within the past two years. Nearly all said they had no immediate plans to replace the software.

 Cybersecurity skills shortage hurts security analytics, operations

Cybersecurity skills are especially important when it comes to security analytics and operations. It takes highly experienced professionals to investigate security incidents, synthesize threat intelligence, or perform proactive hunting exercises.  […] The research also exposed some areas of acute cybersecurity analytics and operations weaknesses. The top weaknesses cited included:

  • Proactive threat hunting
  • Assessing and prioritizing security alerts
  • Computer forensics
  • Tracking the lifecycle of security incidents

 Is cyber insurance worth the paper it’s written on?

Well, that depends to some extent on what’s happened. Oddly enough, the more extensive the attack, the more help clearing up the mess the insurance is. That’s an important point to remember, by the way. Cyber insurance deals with the consequences of what’s happened, not with preventing an attack in the first place. It’s designed to get your business back on its feet as soon as possible, with minimum fuss and expense to you. It’s the cure, not the prevention.

 Sweden leaked every car owners’ details last year, then tried to hush it up

Falkvinge writes the incident “exposed and leaked every conceivable top secret database: fighter pilots, SEAL team operators, police suspects, people under witness relocation.” The leak seems to have happened over email after the transport agency e-mailed the entire database in clear text messages to marketers that subscribe to it – and when the error was discovered, the agency merely sent a new list and told subscribers to delete the old list themselves.

 Bill to create new cyber agency at DHS to be introduced this week

McCaul, the chairman of the Homeland Security Committee, is expected to introduce and have the committee mark up on July 26 the Cybersecurity and Infrastructure Security Agency Act of 2017. The much-anticipated bill would change the name of the National Protection and Programs Directorate to the Cybersecurity and Infrastructure Security Agency. The bill also would transfer the Federal Protective Service and the Office of Biometrics under this new organization.

 Trump voting commission wins right to collect state voter data

A federal judge on Monday refused to block President Donald Trump’s advisory panel from demanding that the states hand over their registered voters’ full names, political affiliations, addresses, dates of birth, criminal records, the last four digits of their Social Security numbers, and other personal identifying information, including whether they voted in elections the past decade.

 Ex-GCHQ officer warns cyber crooks have same hacking tools as Western intelligence

Andrew Beckett, a former cyber defence expert at GCHQ, the UK’s electronic spying and surveillance body, told i that the Vault 7 leak, carried out by a hacking group calling itself Shadow Brokers, had removed much of the advantage enjoyed by Britain and its allies in fighting cyber crime. He said: “Shadow Brokers with their Vault 7 release of state-level cyber attacks has changed the playing field. Now instead of being the domain of the CIA, NSA or GCHQ  those state-developed attacks are now in the hands of any organised crime unit, terrorism unit or indeed hacktivist group who wants to pay a subscription and get the details.

 Cyber expert: Israel, West must be ready to counter-hack adversaries

Back in Cold War days, there was “behavior that you engage in” clandestinely, but some behaviors you would “not expect even from an attacker,” he said. “We haven’t had Moscow rules in cyber space, there is still no equivalent for the cyber domain,” Devost said, which, in part is what has thrown countries like the US off about how to respond to cyber attacks. There is a “need to find that balance between avoiding unwanted escalation, but being strategically ready for escalation,” he added.

 US, Japan talk cooperation against ‘large-scale’ cyberattacks

The United States and Japan said they recognize the need to cooperate against “large-scale” cyber threats, particularly those posed by botnets, at a recent bilateral meeting on cybersecurity. The meeting, which represented the fifth joint U.S.-Japan cyber dialogue, took place in Tokyo late last week and explored areas where the two countries can further deepen information-sharing and cooperation to protect against and respond to cyberattacks, according to a joint statement released by the State Department on Monday.

 Cybersecurity Threats Create Growing Risk of Destruction of Service

The report suggested that businesses could be at danger from what it referred to as destruction-of-service (DeOS) attacks. These serious, large-scale events would be more devastating than the recent WannaCry and NotPetya incidents. DeOS attacks could undermine the backups used to restore systems post-attack, leaving businesses with no way to recover.

 macOS Fruitfly Backdoor Analysis Renders New Spying Capabilities

“[FruitFly] was designed in a way to be interactive,” said Wardle, a former NSA analyst and founder of Objective-See where he has published a number of free tools for Mac malware analysis. “This can move the mouse, generate presses and interact with the UI elements of the operating system.” The victims, meanwhile, are anomaly in that they’re “normal, everyday users,” as characterized by Wardle, who during his analysis was able to register a number of backup command servers included in the code and learn valuable victim information that he shared with law enforcement, along with the C&C servers he registered.

 Apple issues cyber warning for iPhone users, issues security patch

Apple issued a new warning after a new hacking threat.  The tech giant says there is a new cyber threat, but has taken steps to thwart the attack.  FOX Business Network’s Tracee Carrasco reports, “Apple has now issued a critical security patch for all iOS devices and for Mac computers against a potential hack that could come remotely via Wi-Fi.” “The virus is being considered a potentially serious threat,” Carrasco says, so the company is urging users to install the updates to protect their devices.

 Traditional cyber attacks are seeing a resurgence: Cisco

“Spam volumes are significantly increasing, as adversaries turn to other tried-and-true methods, like email, to distribute malware and generate revenue,” it points out, adding that Cisco threat researchers anticipate that “the volume of spam with malicious attachments will continue to rise.”


Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.