IT Security News Blast 8-16-2017

Medical Devices in the Crosshairs with 36% of Orgs Attacked

Medical devices are increasingly interesting to hackers as this life-saving equipment joins the internet of things (IoT) ecosystem. More than one-third (35.6%) of surveyed professionals within that ecosystem said their organizations experienced a cybersecurity incident in the past year. According to a Deloitte & Touche poll, identifying and mitigating the risks of fielded and legacy connected devices presents the industry’s biggest cybersecurity challenge (30.1%).

 Healthcare Ailing in Cyber War

art of the problem is that cyber criminals are moving faster to exploit vulnerabilities than organizations in healthcare and other industries can adjust their cyber defenses. In the case of WannaCry, the Los Angeles Times reported, “The tactic itself wasn’t innovative or surprising, exploiting a flaw in several versions of Microsoft’s Windows operating system that was well-known and well-publicized. A patch Microsoft issued in March to fix the issue could have taken businesses and organizations just a day or two to test and install.”

 ‘Get Rich Or Die Trying’: Check Point Researchers Uncover International Cyber Attack Campaign

The cyber attack campaign started in April 2017, and has targeted some of the largest international organizations in the oil & gas, manufacturing, banking and construction industries. The global scale of the campaign and the organizations targeted suggest an expert gang or state-sponsored agency is behind it:  but the campaign is the work of a lone Nigerian national in his mid-20s, living near the country’s capital.  On his Facebook account, he uses the motto:  ‘get rich or die trying’. His attack campaign used fraudulent emails which appear to originate from oil and gas giant Saudi Aramco, the world’s second largest daily oil producer, targeting financial staff within companies to trick them into revealing company bank details, or open the email’s malware-infected attachment.

 Over a Third of Healthcare IoT Organizations Suffered Cyber Incidents in the Past Year

Over 30 percent of respondents said identifying and mitigating the risks of fielded and legacy connected devices presents the industry’s biggest cyber security challenge. “It’s not surprising that managin cyber risks of existing IoT medical devices is the top concern facing manufacturers, providers and regulators,” Deloitte Risk and Financial Advisory partner Russell Jones said in a statement. “Legacy devices can have outdated operating systems and may be on hospital networks without proper security controls.”

 Spam Domains Imitating Popular Banks Spreading Trickbot Banking Trojan

All of the domains, the researchers say, were registered with GoDaddy. Some of them are down, but it’s unknown if GoDaddy took action. “Almost all of these domains were registered through GoDaddy using various names or privacy services,” said Brad Duncan, a SANS ISC handler. “And these domains were implemented on servers using full email authentication and HTTPS.  Many recipients could easily be tricked into opening the associated attachments.”

 Uber Settles FTC Allegations that It Made Deceptive Privacy and Data Security Claims

“Uber failed consumers in two key ways: First by misrepresenting the extent to which it monitored its employees’ access to personal information about users and drivers, and second by misrepresenting that it took reasonable steps to secure that data,” said FTC Acting Chairman Maureen K. Ohlhausen. “This case shows that, even if you’re a fast growing company, you can’t leave consumers behind: you must honor your privacy and security promises.”

 In Supreme Court Brief, Technologists Warn Against Warrantless Access to Cell Phone Location Data

In an amicus brief filed in the U.S. Supreme Court, leading technology experts represented by the Knight First Amendment Institute at Columbia University argue that the Fourth Amendment should be understood to prohibit the government from accessing location data tracked by cell phone providers — “cell site location information” — without a warrant. “The government’s surveillance powers have outpaced constitutional protections meant to prevent overreach and abuse,” said Alex Abdo, senior staff attorney at the Knight Institute. “Government agents shouldn’t be able to track a person’s movements for weeks or months without first obtaining a warrant from a judge.”

 What CISOs Need to Know about the Psychology behind Security Analysis

The process of investigating each security alert tends to be boring, but the volume of such events continues to increase at an unprecedented rate. Hiring to keep up isn’t a viable option because of skill-set and budget constraints. As a result, analysts are overwhelmed with the number of alerts they must process every day. This fatigue leads to individuals rushing through investigations, with a strong tendency to skip key steps, thus increasing the probability of missed breaches.—threats/what-cisos-need-to-know-about-the-psychology-behind-security-analysis/a/d-id/1329583

 U.S. Worried North Korea Will Unleash Cyberattacks

In the best known incident in 2014, U.S. intelligence officials say, North Korean hackers attacked Sony Pictures, destroying corporate computers and disclosing sensitive company data. The U.S. accused North Korea of carrying it out in response to a film lampooning North Korean leader Kim Jong-un. Experts say North Korea could deploy the same techniques to inflict harm not just on one company, but on the American economy.

 DJI Rolls Out ‘Local Data Mode’ for Drones After US Army Ban Over Unknown ‘Cyber Vulnerabilities’

DJI’s apps use the internet to update maps, restricted flight zones and other relevant data, as well as have an optional feature to sync with the company’s database to store flight data. The new local mode disables all of those features. It’s clear even by the company’s own admission the timing with the Army announcement is not a coincidence, though TechCrunch reported DJI says the local mode was in development for several months and was not originally spurred by US brass.

 US military spies: We’ll capture enemy malware, tweak it, lob it right back at our adversaries

“Once we’ve isolated malware, I want to reengineer it and prep to use it against the same adversary who sought to use against us,” he said. “We must disrupt to exist.” Speaking in front of a cheesy animated world map of simulated cyber-attacks, built by defunct security biz Norse, Stewart said that the traditional stance of the US has been defensive: intrusions would be detected, and infections would be cleaned up. But this would change, he said.

 OSINT (Open-Source Intelligence) Capabilities are Becoming a Necessity for Security & Defense Organizations

Swift advances in big data, data analytics, text analytics and artificial intelligence are facilitating the conversion of millions of scattered data points into manageable databases for intelligence analysts. Furthermore, an increasing amount of personal data, corporate content, and government databases that are now open and accessible to intelligence organizations around the world, are leading to a rise in OSINT investments and, by extension, OSINT, WEBINT or SOCMINT budgets.

 Kenya’s Election Proves Fake News Is A Serious Threat To International Security

For months there have been reports of false information proliferating across the country. Forged reports from CNN, BBC, and Daily Nation have been widely shared, while prominent NGOs had to publicly disavow fabricated statements posted online in their name. Paid search results on Google and sponsored posts on Facebook, Twitter, and Instagram have also been used to hurl false accusations at political figures. Kenya’s election shows that fake news is a global phenomenon and a full-blown international security threat. Since the U.S. election many new cases have cropped up, including in France, Germany, the Philippines, and Myanmar. And the list will keep growing.

 How Australia’s backdoor proposal could threaten security for the rest of the world

Australian Prime Minister Malcolm Turnbull recently made a proposal to ensure that law enforcement can still gain access to information despite its’ protection by encryption. […] The policy requested by Turnbull affects the rest of the world because Australia’s encryption policy could set a precedent for other countries. Stepanovich noted that it’s important to understand that this policy would likely not stop criminals or terrorists from accessing secure communications technologies. The math used in encrypted applications, she said, is not subject to the whims of politicians, which means bad actors will still be able to cover their tracks.

 Uber FTC settlement requires 20 years of privacy audits following 2014 breach

The settlement stems from the May 2014 data breach which allowed an intruder to compromised more than 100,000 names and driver’s license numbers that Uber stored in a datastore operated by Amazon Web Services, according to an Aug. 8, FTC press release. The agency said Uber failed to take low-cost safety measures that could have prevented the breach such as require engineers and programmers to use distinct access keys to access personal information stored in the cloud, or use multi-factor authentication for accessing the data.

 Caution advised with information security surveys

mTAB, a market research firm working with the world’s leading brands for over 25 years, says survey respondents boast about their behavior and tend to be drawn toward making themselves out better than, more than, or somehow superior to others. Some respondents are defensive and may be unwilling to disclose something about their beliefs or nature that they don’t want others to know, according to mTAB. Infosurv Research, an online survey firm, says respondents believe they can influence the outcome of the research in their favor.

 Attackers Backdoor Another Software Update Mechanism

Researchers at Kaspersky Lab today said they privately disclosed this issue to the provider in July after finding suspicious DNS requests on a customer’s network in the financial services space. The requests were found on systems used to process transactions, Kaspersky Lab said. An investigation into the DNS queries led them to NetSarang, which quickly swapped out the malicious library in its update package with a clean one, Kaspersky Lab said in a report published today on Securelist. The backdoor was embedded in a code library called nssock2.dll used by the software.

 Russian malware scum post new rent-an-exploit

IntSights says the kit includes:

  • A domain rotator, to make the C&C harder to block;
  • Support for exploits to exchange RSA keys;
  • The C&C’s panel server can’t be traced from the payload server; and
  • IP geolocation, browser and IP tracking, and domain scanning.

Disdain is rented on a daily, weekly, or monthly basis at US$80, $500, and $1,400 respectively. Victims who hit the exploit are scanned, and the kit tries to attack a number of known vulnerabilities from between 2013 and this year.

 Attackers experimenting with CVE-2017-0199 in recent phishing attacks

Researchers at Trend Micro and Cisco’s Talos have identified a new wave of phishing attacks leveraging CVE-2017-0199, a previously patched remote code execution vulnerability in the OLE (Windows Object Linking and Embedding) interface of Microsoft Office. […] “Analysis of the payload highlights the potential for the Ole2Link exploit to launch other document types, and also demonstrates a lack of rigorous testing procedures by at least one threat actor. Attackers are obviously trying to find a way around known warning mechanisms alerting users about potential security issues with opened documents,” the Talos post explained.


Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.