IT Security News Blast 7-3-2017

Cyberattack Forces West Virginia Hospital to Scrap Computers

Now, doctors, nurses and other hospital staff are adjusting to what will be days of working off paper forms to record vital signs, order medications and scribble notes. “There is a lot more paper visible up on our units than there used to be,” Ms. Morgan said. “It was a bit of organized chaos at first. Now we’ve hit our stride.” Nurses reverted to two-foot-long paper templates for patient records known as flow sheets, she said.

 8 Major Problems Healthcare CIOs are Facing

While security and privacy concerns have been created by modern technology, it has done really well when it comes to patient cares. Security challenges are come in two levels. The first one is the current security risks. Although business protection is a key goal that businesses have worked to maintain, it’s still a challenge that many businesses struggles with. Most businesses unknowingly are prone to common vulnerabilities by leaving their data open.

 New report from CREST highlights the need to improve cyber security in Industrial Control Systems

One of the key findings in the report is the absence of periodic standards-based technical security testing that is commonplace in many other industries. Because of this, ICS environment owners and operators have no objective way of knowing whether cyber risk is being adequately managed and at present there is no definitive standard for testing ICS environments that is mandated by regulatory bodies. The fact that ICS environments are rapidly changing also leads to a higher degree of exposure.

 Companies still hobbled from fearsome cyberattack

The Heritage Valley Health System couldn’t offer lab and diagnostic imaging services at 14 community and neighborhood offices in western Pennsylvania. DLA Piper, a London-based law firm with offices in 40 countries, said on its website that email systems were down; a receptionist said email hadn’t been restored by the close of business day. […] “It hit everything, their backups, servers, their workstations, everything,” he said. “Everything was just nuked and wiped.”

 A cyberattack swept across the globe last week. We should be ready for more.

The wave of malware that spread across the globe last week, called Petya by some analysts (and NotPetya by others), suddenly locked up computer systems being used to manage oil companies, airline flights, electrical grids, container ships, ports, banks and government ministries. Even the computers monitoring radiation at Chernobyl, scene of the world’s worst nuclear accident, were silenced.

 Kaspersky: Banks, manufacturers, oil and gas utilities roughly 82% of NotPetya’s corporate victims

Among all industries, bank and finance companies were hit by 32 percent of NotPetya attacks. Oil and gas corporations saw around a 25 percent share of infections, and manufacturing companies were hit just under 25 percent of the time. Health care were on the receiving end of NotPetya around six percent of the time, followed by the food and beverage, trade, construction, and pharmaceutical industries.

 Cyber attacks can be a big threat for small businesses

According to the U.S. Securities Exchange Commission, about 60 percent of all targeted cyber attacks in the last two years were directed at small businesses. About 75 percent of phishing attacks, efforts to glean personal information from businesses via faux emails or fake websites, were aimed at small businesses. Worse, the SEC estimates that half of the attacks led the small businesses to fold within six months — and cyber attacks are skyrocketing.

 This Strange New Ransomware Isn’t Really After Your Money

What is really strange, however, is that the ransomware used was so modified that it made files once encrypted almost irrecoverable, thereby defeating the point of paying a ransom to have the files decrypted. The ransomware, it would seem, wasn’t ransomware at all, but rather a data wiper disguised as one to sow confusion and distract from the true motives of the attack. The true motives of the attack being to disable businesses and government offices across Ukraine and lay the groundwork for future cyberattacks on the country.

 Security News This Week: How Shipping Giant Maersk Dealt With a Malware Meltdown

From Mobile, Alabama, to India, the firm switched to manual tracking of its loading and unloading of cargo. In New Zealand and Australia, for instance, Splash reports that Maersk staff used handwritten records and (apparently offline) Excel spreadsheets to catalogue shipments. Meanwhile, at least some of Maersk’s facilities, like the Port Elizabeth, New Jersey operations of its sister company APM, were shut down altogether until it could recover from the ransomware ordeal.

 With a single wiretap order, US authorities listened in on 3.3 million phone calls

The order was signed to help authorities track 26 individuals suspected of involvement with illegal drug and narcotic-related activities in Pennsylvania. The wiretap cost the authorities $335,000 to conduct and led to a dozen arrests. But the authorities noted that the surveillance effort led to no incriminating intercepts, and none of the handful of those arrested have been brought to trial or convicted. The revelation was buried in the US Courts’ annual wiretap report, published earlier this week but largely overlooked.

 TeleBots hacking group keeps busy under NonPetya, WannaCry smokescreen

NotPetya and WannaCry may have grabbed headlines over the last few months, but ESET points out in a recent report that the Ukraine has been under siege for months by a group dubbed TeleBots that has run a series of damaging attacks against that country. TeleBots first popped onto the scene in December 2016 when ESET spotted the group hitting local Ukrainian financial institutions and critical infrastructure using a Linux version of the KillDisk malware.

 UN: Terrorists can access WMDs via Dark Web

And although she says that terrorists still need to overcome a number of barriers to make use of technologies to access WMDs effectively, she is, however, concerned that technological advances are making the path toward WMDs much easier. As such Nakamitsu believes that governments worldwide need to collaborate more and work not only with security agencies but also with organizations that develop such information-sharing technologies.

 Wikileaks Exposes CIA’ Linux Hacking, Geolocation Tracker Malware

The tool works by injecting a Kernel module into the target system through accessing the shell and subsequently creating a Netfilter table that contains rules. The table is created using the iptables command, and these rules can only be seen if the administrator of the affected device knows the table name. However, since the table name is already hidden, the administrator of the victim has no means to know the name. Furthermore, the CIA uses usual backdoor exploits to infiltrate the system with the tool.

 Free EternalBlue Vulnerability Scanner Released

Dubbed Eternal Blues, the newly released free tool is meant to provide a helpful hand by scanning their network for computers that can be compromised via this exploit. According to the tool’s developer Elad Erez, Eternal Blues has been already tested on real world networks. The utility wasn’t meant to exploit the vulnerability, but only to find it and notify of its existence.

 WordPress Plugin Used by 300,000+ Sites Found Vulnerable to SQL Injection Attack

Discovered by Sucuri team, WordPress plugin WP Statistics is vulnerable to SQL Injection flaw that allows a remote attacker, with at least a subscriber account, to steal sensitive information from the website’s database and possibly gain unauthorized access to websites. SQL Injection is a web application bug that allows hackers to inject malicious Structured Query Language (SQL) code to web inputs in order to determine the structure and location of key databases, which eventually allows stealing of the database.

 Linux Systemd Gives Root Privileges to Invalid Usernames

A developer who uses the online moniker “mapleray” last week discovered a problem related to systemd unit files, the configuration files used to describe resources and their behavior. Mapleray noticed that a systemd unit file containing an invalid username – one that starts with a digit (e.g. “0day”) – will initiate the targeted process with root privileges instead of regular user privileges. Systemd is designed not to allow usernames that start with a numeric character, but Red Hat, CentOS and other Linux distributions do allow such usernames.

 Bipartisan bill aims to generate cyber hygiene best practices

The Promoting Good Cyber Hygiene Act would create a baseline of best practices, ensure those practices come under annual review and update and are published on a publicly accessible website and direct the Department of Homeland Security (DHS) to investigate the cybersecurity threats raised by the proliferation of the Internet of Things (IoT). While Michael Overly, cybersecurity lawyer at Foley & Lardner LLP, said “this type of legislation could be argued to create a de facto standard that if a business follows it, they will be protected from potential liability,” he said that in total the “bill will have absolutely no impact whatsoever on the problem” of getting businesses to improve their cyber hygiene.


Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.