IT Security News Blast 8-31-2017

New ransomware virus targets healthcare organizations

Cybersecurity experts have identified a new ransomware strain that is targeting healthcare organizations, FierceHealthcare reports. The virus, dubbed Defray, spreads via a Microsoft Word attachment in emails sent to potential victims. The messages are customized to appear to come from a trusted source. […] In one example of the personalized approach, an attachment titled Patient Report used the logo of a hospital in the United Kingdom and claimed to be from the hospital’s director of information management and technology. The ransomware demands $5,000 in bitcoin to release encrypted files.


465k patients told to visit doctor to patch critical pacemaker vulnerability

The update will require patients to visit a clinic where doctors will put the pacemakers in backup mode while the firmware is being patched. The Abbott letter said that, for certain patients, the update should be performed “in a facility where temporary pacing and pacemaker generator change are readily available, due to the very small estimated risk of firmware update malfunction.” An advisory issued by the Food and Drug Administration said 465,000 pacemakers in the US alone are affected. The number of pacemakers in other countries wasn’t immediately available.


Law Firms & Cyber Security

Law firms are not immune from cyber risk. In fact, they are easier targets?—?and that is because, broadly speaking, the levels of data security are far lower than other companies and therefore they are easier to access by potential hackers. So why have law firms traditionally been not as sophisticated in ensuring that they are protected from cyber risk? The simple answer is that it costs a great deal of money to ensure cyber risk is controlled. and firms have not been particularly keen on investing in protecting against it. That is however now changing, as a result of the new cyber risk climate.


Patchy PCI compliance putting consumer credit card data at risk

By failing to comply with the PCI Data Security Standard (DSS), organisations are putting consumers at increased risk of payment fraud, Verizon warns. While the number of companies complying with the PCI DSS has increased compared to previous years, non-compliant organisations are failing to implement more controls than ever before.


Insurers see more demand from banks for cover against cyber attacks, rogue staff

As with all insurance, there can be a risk of “moral hazard”, with banks that offload some of their risk becoming laxer about their own controls, said Domenico del Re, director at consultants PwC. Smaller financial firms in particular might prefer to buy insurance than spend much greater sums on risk management, he added. But he said insurers can also help cut those risks by scrutinizing firm’s controls closely.



The Department of Homeland Security will join the National Institute of Standards and Technology’s (NIST) Global City Teams Challenge in 2018. The GCTC, which NIST launched in 2014, aims to bring together private- and public-sector stakeholders to help secure internet of things (IoT) devices and community cybersecurity infrastructure. […] The GCTC in 2018 will highlight “designed-in cybersecurity for ‘smart city’ systems that are more secure, reliable, resilient and protective of privacy,” NIST said in a statement. The new phase of the program, called “Smart and Secure Cities and Communities Challenge” (SC3), will attempt to secure these “complex device networks.”


The Conversation: Artificial intelligence cyber attacks are coming

Spearphishing attacks, for instance, require attackers to have personal information about prospective targets, details like where they bank or what medical insurance company they use. AI systems can help gather, organize and process large databases to connect identifying information, making this type of attack easier and faster to carry out. That reduced workload may drive thieves to launch lots of smaller attacks that go unnoticed for a long period of time – if detected at all – due to their more limited impact.


U.S. spies think the FBI is botching the Kaspersky investigation

Officials tell CyberScoop they believe the FBI has engaged in deliberate media leaks and overblown classified congressional briefings to build the case around Kaspersky. These officials also say the FBI should be more covert in its efforts to persuade private companies to uninstall Kaspersky software. A quieter operation would help avoid putting the rest of the intelligence community — especially agencies engaged in cyber-operations — in the crosshairs for retaliation, the officials say.


Report Suggests ‘Fleeting Window’ to Prevent Major Cyber Attack on Critical Infrastructure

The lack of innovative ideas also concerns Chris Roberts, chief security architect at Acalvio. “Frankly, eleven key recommendations are about five too many,” he said. “Let’s face it, we’ve all been screaming about critical infrastructure for years, keeping the message very simple — and this 45-page report comes out, says the same thing and then, heaven forbid, puts the remit for action into the governments hands.”


Best Korea fingered for hacks against Bitcoin exchanges in South

Threat intel firm Cybereason reckons the attacks are a reaction to the tighter economic sanctions prompted by North Korea’s recent missile tests. The speed with which the DPRK conducted this operation demonstrates how seriously they’re taking this latest round of sanctions, according to Cybereason. Should China not ease up on its enforcement of the measures, we’re likely to see a significant priority shift in DPRK tactics to focus on making up the currency shortfall.


Deterrence Can Protect Our Critical Infrastructure from Cyberattack

To that end, countries, such as the United States, affected by or vulnerable to cyberattacks on critical infrastructure, must demonstrate a more overt willingness and capability to retaliate against any (though not necessarily every) cyberattack, from any source under any circumstances. […] Ensuring “mutual destruction” of computer networks through responsive cyber means would change the strategic calculus for actors that currently benefit from targeting critical infrastructure.


Theresa May refuses to rule out military action and cyber attacks over North Korea missile launches

Theresa May has refused to rule out using cyber warfare or even taking part in military action against North Korea if it does not stop firing missiles in “illegal” acts of provocation. Mrs May arrived in Japan on Wednesday morning in the midst of an escalating crisis over Pyongyang’s latest missile launch, and will have lengthy discussions with Prime Minister Shinzo Abe about what can be done. She arrived with a message for China’s President Xi Jinping, telling him in no uncertain terms that it is his responsibility to rein in Kim Jong-un.


DoD issues rules setting up new pay, personnel system for cyber workforce

The Defense Department has published long-awaited regulations to implement a new personnel system for the civilian members of its cyber workforce, saying the new policies are intended to make the military’s various components “employers of choice” for top cyber talent. Congress first authorized the new Cyber Excepted Service in December 2015 to give DoD broader flexibilities to hire, fire and pay employees with critical cyber skills.


US government cybersecurity continues to struggle, falling behind private sector

Of the government’s $80 billion IT budget, 75% goes towards maintenance leaving little room for modernization efforts, which is reflective in their patchwork ranking. Much of the technological infrastructure in the government dates back decades, leaving vulnerabilities in networks that $19 billion in cybersecurity cannot cover alone. Government security has seen a slight improvement since last year. In SecurityScorecard’s 2016 report, the government came in last place when analyzed against 17 industries for overall cybersecurity.


Diebold Going After Whistle Blower Who Revealed Their Use Of Uncertified Voting

Of course, rather than apologizing and admitting they screwed up and putting in place a lot of procedures and public oversight to make sure this never happened again… the company sued the person who blew the whistle on them. […] What’s interesting here, from a legal standpoint, is that he’s not really protected by whistle-blowing laws, since the guy worked for a law firm working with Diebold and not for Diebold itself — so Diebold certainly has some right to be upset that someone at its law firm leaked the info. However, from a PR standpoint, it looks really bad, as it (once again) makes Diebold look like covering up what they did wrong is a lot more important than fixing the many problems they have.


AT&T absurdly claims that most “legitimate” net neutrality comments favor repeal

Despite a study showing that 98.5 percent of individually written net neutrality comments support the US’s current net neutrality rules, AT&T is claiming that the vast majority of “legitimate” comments favor repealing the rules. The Federal Communication Commission’s net neutrality docket is a real mess, with nearly 22 million comments, mostly from form letters and many from spam bots using identities stolen from data breaches. AT&T is part of an industry group called Broadband for America that just funded a study that tries to find trends within the chaos.


The Website Lets You Upload Malware Using Its Own Public API Key

Somewhat incredibly I am the first tech writer on the planet to break this story, but even more incredibly the FCC lets you upload any file to their website and make that file publicly accessible using the domain. Or rather they don’t, but they have somehow not realized that they are letting people do it and telling them how in their own documentation. […] People seem to be experimenting uploading different filetypes, so far they have managed pdf/gif/ELF/exe/mp4 files up to 25MB in size, which means that you could easily host malware on the website right now and use it in phishing campaigns that link to malware on a .gov website.


New Locky Variant ‘IKARUSdilapidated’ Strikes Again

A second wave of the Locky ransomware variant called IKARUSdilapidated has been identified by security experts. The source of the ransomware is a botnet of zombie computers coordinated to launch phishing attacks that send emails and attachments appearing to come from a targeted recipient’s trusted business-class multifunction printer. […] “This is a more mature campaign, targeting office workers whose workstations are part of a corporate network linked to multifunction scanners and printers[.]”


CyberRehab’s mission? To clean up the internet, one ASN block at a time

CyberRehab wants to prove that it can establish an IP range that hackers choose to stay away from. If miscreants try to attack, they will lose their infrastructure. The IP range will be protected by a combination of honeypots, nagging and certification for good ISPs. It will probably include discrimination of non-certified ISPs through peering, tagging of suspected malicious traffic, making the ISPs closest to the hacker in charge of cleaning up, and a global secured segmented corporate-style network as a replacement for Tor and more.


Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.