IT Security News Blast 8-18-2017

Financial services: Reduce the cyber risk from within

Seventy-four per cent of respondents to a recent EY survey of global executives and IT leaders say that careless employees are the most likely source of a cyberattack. And while 56 per cent of respondents named criminal syndicates as the main source of cyber-attacks, 52 per cent also identified malicious employees as a significant risk. With IT professionals identifying insider threats as nearly as high a risk to those presented by professional cybercrime syndicates, security measures focused at the perimeter of the ecosystem are no longer adequate.

 Securing Health Data Means Going Well Beyond HIPAA

“Unfortunately I think HIPAA has focused healthcare organizations too much on data privacy and not enough on data integrity, data loss, disrupted operations and patient safety. You can get your identity back at some point, but not your life,” warns Denise Anderson, president of the National Health Information Sharing and Analysis Center (NH-ISAC). “Many of the attacks we are seeing, such as WannaCry, are disruptive attacks and are not data theft attacks. Organizations should be driven to focus on enterprise risk management and it should come from the Board and CEO level on down.”

 US companies crack down on key services for hate groups

Leading payment and credit card groups MasterCard, American Express, Discover Financial Services and Visa have joined Silicon Valley companies Twitter and Cloudflare to become the latest corporations to try to block neo-Nazis’ access to funds and the internet. Several of the payments companies said they did not ban the use of their services because the customers expressed offensive views but because they violated their terms of service or incited violence.

 What code is running on Apple’s Secure Enclave security chip? Now we have a decryption key…

Apple’s Secure Enclave, an ARM-based coprocessor used to enhance iOS security, became a bit less secure on Thursday with the publication of a firmware decryption key. The key does not provide access to the Secure Enclave Processor (SEP). Rather, it offers the opportunity to decrypt and explore the otherwise encrypted firmware code that governs it, affording security researchers and other curious types a chance to learn more about how the technology works.

 Trump mulling lifting status of Cyber Command: sources

Two former senior U.S. officials with knowledge of the plan said that the proposal awaiting Trump’s approval would elevate Cyber Command and lead to a 60-day study to determine whether Cyber Command would be separated from the National Security Agency, a spy agency responsible for electronic eavesdropping. That would lead to Cyber Command becoming what the military called a “unified command,” equal to combat branches of the military such as the Central and Pacific Commands.

 A former Marine cyber warrior explains how hackers will transform the face of modern combat

The modern battlefield is changing dramatically with the advent of increasingly sophisticated technologies, from missile defense shields like THAAD to drones, armed robots and Boba Fett-style bulletproof helmets. But while it’s easy to focus on these visible displays of high-tech warfare, it’s important to not overlook the growing importance hackers will play behind the scenes in future military operations.

 US Sec. Mattis pushes military AI, experts warn of hijacked ‘killer robots’

“The DoD needs to pursue AI solutions to stay competitive with its Chinese and Russian counterparts,” said Roman Yampolskiy, director of the Cyber Security Laboratory at the University of Louisville. “Unfortunately, for the humanity that means development of killer robots, unsupervised drones and other mechanisms of killing people in an automated process. As we know all computer systems have bugs or can be hacked. What happens when our killer robots get hijacked by the enemy is something I am very concerned about.”

 Tom Ridge talks Trump’s cyber team, the ongoing digital war, and why patient safety is an infosec problem

The most important thing to the healthcare system is to understand they have been and always will be a target. They need to understand the nature of the threat, like every other industry they need to understand there is a digital war going on and not just nation-state to nation-state. Organized crime. Hackativists. Hospitals need to build a resilient enterprise, they need to do threat assessments and they need to do the same things with their IT systems, by and large, as financial services, telecom and energy have done.

 HBO hacked again in Twitter accounts breach

A well-known hacking group called OurMine briefly took control of HBO’s main Twitter account late on Wednesday, as well as the account of its hit TV show Game of Thrones. It used them to post messages that were quickly deleted by the company. “Hi, OurMine are here, we are just testing your security, HBO team please contact us to upgrade the security — -> contact,” one tweet read. OurMine has previously hacked the social media accounts of Spotify co-founder Daniel Ek, Facebook co-founder Mark Zuckerberg and former Twitter chief executive Dick Costolo.

 Protection Protocols: Cyber-Securing Video Surveillance

Because of all the possible parts and pieces of a surveillance system, the easiest way to assess its strengths and vulnerabilities is to look at the system from what is known as a “Threat Vector.” Given today’s environment, it is imperative to protect all facets (or threat vectors) of a security system, including streaming video, recorded video, edge devices, servers and recording devices. This is the key to achieving the highest standards in end-to-end data security for video systems, and protecting a customer’s networks. Remembering that data can exist in three distinct states; at rest, in motion, and in use, let’s begin at the edge and work our way back, evaluating each technology and ways to secure it[.]

 Here’s What’s Coming in the New Season of CYBERWAR

This season we followed exactly what we did in the last season. We found a really interesting story with some sort of conflict between geopolitics and the online landscape of cyberwarfare. We went out and found it, and we didn’t care where it was. This season we went to places like Mexico, Pakistan, Estonia, Latvia, Germany, and Russia to get a broad perspective on the things that are going on in other parts of the world that you might not be thinking about. Places like Mexico, where we do an entire episode looking at how cartels interact with the government and how that could influence cyber.

 Managing Manufacturing Cybersecurity

Information technology (IT) and operations technology (OT) engineers should work together to build layers of defense, using diverse technologies, at multiple levels of the IACS, says Wilcox. “Neither side can effectively defend against cyber threats on their own. Protecting operations should include limiting physical access, hardening devices and computers, persistent monitoring through traffic inspection (i.e., detect), and segmenting (i.e., zoning) the IACS network via industrial firewalls (i.e., conduits) and virtual local area networks.”

 Claims resurface that Kaspersky helped Russian intelligence

Kaspersky replies, “Regardless of how the facts are misconstrued to fit in with a hypothetical, false theory, Kaspersky Lab, and its executives, do not have inappropriate ties with any government. The company does regularly work with governments and law enforcement agencies around the world with the sole purpose of fighting cybercrime.” In this latest go-around, Bloomberg Businessweek reports it has emails from October 2009, between Eugene Kaspersky and his senior staff describing a secret project for “the Lubyanka side,” a reference to the FSB offices.

 North Korea Critical Infrastructure Cybersecurity Threat Intelligence Briefing

“Our analysts have been tracking both the kinetic and cyber threat posed by North Korea and we feel that the cyber threat they pose is not clearly understood at-large”stated Mike Chirico, Vice President of Business Development & Strategy with Sensato. “Typically, our threat intelligence briefings are not open and only available to our constituents, but due to the threat this poses, we believe it would be a disservice to not make the content of this briefing generally available to industry.”

 Locky makes a strong comeback, propelled by botnet-fuel spam campaign

A newer variant with similar behavior appeared on 16 August, capturing the attention of Malwarebytes analysts, as well as researcher Rommel Joven, who were both early to report on their findings. This version appends the extension “.Lukitus” to affected files. Many of the spam emails have subject lines featuring simply a date and random number, with a minimalist message body that states: “Files attached. Thanks”. However, Fortinet researchers found a more content-rich email sample with a subject line referencing a business document from a company, with a message claiming the attachment is an invoice for purchased goods.

 ‘Indefensible’ hack could leave modern cars vulnerable to critical cybersecurity attack

As noted, the vulnerability goes after the CAN standard for connected cars, which was initially developed in 1983 and put into production in 1989, the post said. CAN is being used in “practically every light-duty vehicle currently in circulation today.” The attack specifically targets the messaging system in CAN, in which messages are called “frames.” By overloading the system with error messages, the attackers move a device into a Bus Off state, which it is supposed to do in that event, cutting it off from the greater CAN system. By using this on certain systems, like the airbag system or the antilock braking system, hackers can deactivate these systems.

 Cybersecurity: Is the Air Gap Strategy Making a Comeback?

The experts who caution against relying on an air gap typically do so based on repeated findings that no reportedly unconnected systems are truly air gapped or can be depended on to remain unconnected (see a presentation from Eric Byres titled “Unicorns and Air Gaps: Do They Really Exist?”). Network audits conducted by these experts routinely turn up evidence of unofficially installed gateways and modems put in place by engineers, most often for non-nefarious reasons. Such devices are usually installed to ease an engineer’s system maintenance and troubleshooting responsibilities, but they create a penetrable connection to the outside nonetheless.

 Korea’s electronics firm LG hit by ransomware, believed to be WannaCry

There are several worms that are constantly scanning the Internet for vulnerable hosts. WannaCry – which never really went away – and its variants with or without the killswitch, are one of them. Therefore existing infected machines will continue to ‘broadcast’ to the outside until they are taken offline. In the meantime, any computer that has its SMB ports exposed and where the patches haven’t been applied, will be compromised when it comes up online.


Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.