IT Security News Blast 7-6-2017

Only 1 in 4 Small Businesses Well Prepared for Cyber Attack

SMBs consider visibility into on-premises systems (49%), cloud systems (36%) and corporate mobile devices (34%) to be most critical for security. And 34 percent of SMBs are planning to invest in protection against data breaches, 31 percent in intellectual property theft, and 31 percent in fraud. The need for improved cyber security has increased following a recent spike in cyber attacks. Data from 2016 indicates 43 percent of cyber attacks target small businesses.

 Insurance Professionals Face N.Y. Cyber Requirements

“For companies that are not that heavily regulated, such as mortgage brokers, insurance agents and licensed lenders, this regulation will present many new issues that they probably hadn’t considered before,” said Joseph Simon, an attorney and partner at Cullen and Dykman in Garden City, N.Y.  “It will impose significant new obligations on financial service companies that are covered entities.”

 Industrial control systems (ICs) security market to record sturdy growth by 2025 according to new research report

Factors such as Increasing of growing threats and attacks and increase in industrial automation and virtualization are thereby driving the market for industrial control systems security. In addition to this, initiative taken by the government in various regions to adoption of smart grids technology as a step towards efficient use of energy is expected to further accelerated demand for industrial control systems security during the forecast period.

 NeutrinoPoS – Old Trojan Shifts to New Targets

The first thing that caught researchers’ attention was that the malware takes a long sleep before starting its malicious routine, in an attempt to avoid anti-virus sandboxes. The malware uses a pseudorandom number generator to determine the period of delay, Kaspersky’s Sergey Yunakovsky explains. […] Next, the Trojan attempts to connect to a working C&C using a specific algorithm: it “sends POST-request to server, passing through its body encoding in base64 string “enter” (ZW50ZXI=).” All encoded strings feature the prefix “_wv=,” the researcher observed.

 How AlphaBay has quietly become the king of dark web marketplaces

The Rainmaker Labs creates malware, packages it with utter professionalism and sells it as a cutting-edge way for crooks to make mountains of money. It’s one of the scores of shady sellers that have turned cybercrime into a living thanks to AlphaBay, the highest-earning and most popular dark web market in the English-speaking world. Facilitating the sale of millions of dollars’ worth of illicit goods — malware, stolen data, drugs, weapons — AlphaBay has risen to become the of the dark web, primarily due to a resilience that sets it far above its competition.

 AlphaBay Dark Web Market Goes Down; Users Fear Exit-Scam

AlphaBay, also known as “the new Silk Road,” has been shut down since Tuesday night. The site also came in the news at the beginning of this year when a hacker successfully hacked the AlphaBay site and stole over 200,000 private unencrypted messages from several users. Although the website sometimes goes down for maintenance, customers are speculating that the admins have stolen all their Bitcoins for good measure, when heard no words from the site’s admins on the downtime.

 Chubb launches comprehensive policy for tech firms

The new MasterPackage solution is a comprehensive first- and third-party policy that can either be tailor-made or purchased as a complete package. Chubb said customers do not have to wait on other insurers reaching a decision since all the products are provided by a single carrier, thus allowing seamless claims handling.

 Cybersecurity: The cold war online

Will the Internet be permitted to realize its potential to support a global civilization? Or will it be turned on itself to reinforce historical divisions between nations — another chapter in an interrupted cold war? Aggression and suppression online are commonplace. A diplomatic crisis in the Middle East and Africa this year may have been triggered by Russian hackers planting a false story in the Qatari state news agency. The Turkish government cut off access to Wikipedia in April after critical commentary appeared in the online encyclopaedia.

 Threat Actors Target Chinese Language News Sites

A California-based news website covering China, called China Digital Times, was targeted in a spying campaign that involved phishing lures and the use of the NetWire remote access Trojan. The attacks began in February 2017 and were part of a wider campaign of phishing, reconnaissance and malware operations that used domains and content made to mimic other Chinese-language news websites including China Digital Times, Epoch Times, Mingjing News, HK01 and Bowen Press.

 Judge: Facebook can Track Browsing Activity Even When You Log Out

Last Friday a Judge dismissed a lawsuit accusing Facebook of tracking users’ Internet activity even when they are logged out from their account. The U.S. District Judge Edward Davila in San Jose, California said in his judgment that the plaintiff failed to show they had a “reasonable expectation of privacy,” or that they suffered any “realistic economic harm or loss.” The plaintiffs claimed that the social media giant Facebook used its “like” buttons on other websites to store cookies on their web browsers which allowed the company to track users’ Internet activity even when they are logged out of their account.

 Hackers Linked to NotPetya Ransomware Decrypted a File For Us

Around two hours after we provided the hackers with the encrypted file, they sent us the decrypted file, which matched the original, clean Word document. This suggests the hackers do indeed have a key capable of unlocking files infected with NotPetya. Motherboard also sent the hacker another file from another researcher to decrypt, but by this point the hacker had become unresponsive.

 Researchers Dissect Stealthy Backdoor Used by NotPetya Operators

Previously referred to as BlackEnergy and Sandworm, the group allegedly compromised M.E.Doc earlier this year and injected their own code into one of the application’s modules.  […] Named ZvitPublishedObjects.dll, the backdoored module is written using the .NET Framework, is 5MB in size, and “contains a lot of legitimate code that can be called by other components, including the main M.E.Doc executable ezvit.exe.”

 Satcom’s top priority should be better protection, experts say

While the military does have some protected systems, like the Lockheed Martin-built Advanced Extremely High Frequency (AEHF) satellites, there isn’t enough capacity to meet demand right now, the general said. Plus, even basic communications need to be resistant to jamming from a potential adversary. “The biggest thing that we need is protected satcom, anti-jam capability, in the future,” Gallagher told SpaceNews. “Anticipating future threats and making sure we address them, I think that’s the most critical thing.”

 US Considering Raising A Military ‘Space Corps’ To Defend Against Attacks From Outer Space

The idea is that the committee believes the US relies on space more than any other nation, yet it isn’t protected in the same way terrestrial assets are. The Air Force currently controls all of the US military’s space missions, including procurement and launches for military and intelligence satellites. The Space Corps would instead be a separate branch of the military, though it would be administered by the Secretary of the Air Force.

 What It’s Like When Pro Phishers Assail Your Inbox

If you think that might instill a certain depth of paranoia, you’re absolutely right. Every email from my doctor could be fake. Every shared album of vacation photos, a trap. I knew that they were coming for me. I just didn’t know when or how. Hyper-vigilance is a surprisingly difficult thing to maintain if you’re not used to it. And by the time the first phish hit my personal inbox, three weeks into the process, I’d already slacked off a bit.

 Critical Vulnerabilities Found in Pre-Installed Dell Software

With so much of news surrounding major global malware attacks such as the recent NotPetya incident, not much has been talked about some flaws that exist within the popular Dell software.[…] Given that many businesses use the Dell system, it is strongly recommended that the respective IT administrators install the latest updates before things get messy.

 Libgcrypt ‘Sliding Right’ Attack Allows Recovery of RSA-1024 Keys

The vulnerability (CVE-2017-7526) is tied to the fact that Libgcrypt, which is based on code from GnuPG, uses left to right sliding windows exponentiation. The method is commonly used by cryptographic implementations and computes power by looking at a number of exponent bits at a time. The method leaks a fraction of those exponent bits in the process however. […] GnuPG issued an update for the library last week that should mitigate any future attacks.

 Less Malware, Better Quality: AV-TEST

While the number of malware samples spotted in 2016 decreased compared to the previous year, threats have been more sophisticated, according to the latest security report from antivirus research company AV-TEST. AV-TEST identified roughly 127.5 million malware samples last year, which represents a 14% decrease from the 144 million seen in 2015. This translates to approximately 350,000 new samples each day, or four new samples per second.


Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.