IT Security News Blast 9-27-2017

Cyber Crime Drains $11.7 Million Per Business Annually, Up 62 Percent in Five Years
On average, a company suffers 130 breaches per year, a 27.4 percent increase over 2016 and almost double what it was five years ago. Breaches are defined as core network or enterprise system infiltrations. Companies in the financial services and energy sectors are the worst hit, with an average annual cost of $18.28 million and $17.20 million respectively.
http://www.finchannel.com/technology/68158-cyber-crime-drains-11-7-million-per-business-annually-up-62-percent-in-five-years

SEC head grilled over handling of cyber attack
Sherrod Brown, the top Democrat on the committee, noted that the SEC cyber attack occurred under Mr Clayton’s predecessor Mary Jo White. “But the disclosure, or lack thereof, is all yours,” he said. “How are Main Street investors expected to have confidence that the SEC can hold big companies accountable when the SEC is not forthcoming?” he asked.
https://www.ft.com/content/d540fa88-a2da-11e7-9e4f-7f5e6a7c98a2

SEC is getting serious about bitcoin fraud and fake news
To that end, it’s creating a Cyber Unit that will focus its enforcement team on digital offenses. These include hacks, such as attempts to obtain insider info or to compromise trading platforms and accounts, but that’s really just the tip of the iceberg. To start, the SEC will look at fake news when it’s used to manipulate the market, such as pumping up a stock price to sell at a higher price. It also wants to look at shady dealings involving initial coin offerings and distributed ledgers like blockchains.
https://www.engadget.com/2017/09/26/sec-cyber-unit/

Are The Equifax, SEC And Deloitte Cybersecurity Breaches Desensitizing Society To This Threat?
If this happens, if society does become desensitized to the risk of their PII being breached, exposed and vulnerable, it would mean that breached PII would no longer present a high-impact crisis for organizations. It would de-escalate this risk to issue-level, rather than being an immediate crisis-level scenario. And, if this happens, I want to leave you with this question that I invite you to discuss with me in the comments section below: What Would Be The Implications On Our Society?
https://www.forbes.com/sites/melissaagnes/2017/09/25/are-the-equifax-sec-and-deloitte-cybersecurity-breaches-desensitizing-society-to-this-threat/#297e0cda2173

Myth busted: Contract security companies are definitely worth the money
Many providers are running at break even before any additional costs. It’s created healthcare deserts.” […] Others turn to security contractors, but with many providers also facing budgetary constraints, it’s not always feasible, said Corman. And many don’t find value in spending thousands of dollars on the service. […] But contract security companies are often unfairly lumped into that group, and as a result, most executives fail to see the value of the expense.
http://www.healthcareitnews.com/news/myth-busted-contract-security-companies-are-definitely-worth-money

HHS Gathers Cyber Intel for Health Care
“The Healthcare Cybersecurity Communications and Integration Center, or HealthCCIC as we’re calling it, is a 24/7 operation of cybersecurity situational awareness, incident response, and management to act as a nexus of cyber and communications integration for not only HHS but for the health care and public health sector,” said Wlaschin. […] Members of Congress have criticized HCCIC for duplicating DHS’s NCCIC efforts, and Wlaschin said that some of their initial conversations with DHS were contentious.
https://www.meritalk.com/articles/hhs-gathers-cyber-intel-for-health-care/

A Notice by the Homeland Security Department on 09/18/2017
The Department of Homeland Security, therefore, is updating the […] National File Tracking System of Records notice to […] (11) update record source categories to include publicly available information obtained from the internet, public records, public institutions, interviewees, commercial data providers, and information obtained and disclosed pursuant to information sharing agreements[.]
https://www.federalregister.gov/documents/2017/09/18/2017-19365/privacy-act-of-1974-system-of-records

People Are Worried About DHS Plans To Gather Social Media Info
“We see this as part of a larger process of high tech surveillance of immigrants and more and more people being subjected to social media screening,” Schwartz told BuzzFeed News. “There’s a growing trend at the Department of Homeland Security to be snooping on the social media of immigrants and foreigners and we think it’s an invasion of privacy and deters freedom of speech.”
https://www.buzzfeed.com/adolfoflores/people-are-worried-about-dhs-plans-to-gather-social-media

Washington State Reveals Upcoming Federal Cybersecurity Pilot, After DHS Confirms Attempted Election Breaches
On Monday, Sept. 25, Lori Augino, Washington state’s director of elections, said her agency is poised to embark on a three-month pilot with DHS and the Multi-State Information Sharing & Analysis Center (MS-ISAC) to immediately improve its four times-a-year elections process. […] It will likely center on “ramping up some of the cybersecurity protections that are already in place and trying to identify new things we can do,” she added.
http://www.govtech.com/security/Washington-State-Reveals-Upcoming-Federal-Cybersecurity-Pilot-After-DHS-Confirms-Attempted-Election-Breaches.html

Cyber attack continues to impact Montgomery County services
The ransomware attack brought Montgomery County’s computer systems to a halt. Friday, the county commission called an emergency meeting to authorize funds to work through the attack, which included paying a ransom to the hackers. The county paid more than $37,000, and the files were returned. According to a news release from the county commission, data is still being unencrypted and the revenue office’s software remains down.
http://www.wsfa.com/story/36457925/cyber-attack-continues-to-impact-montgomery-county-services

NSA’s foreign surveillance law: What you need to know
Section 702 of the Foreign Intelligence Surveillance Act, which allows the National Security Agency (NSA) to run foreign surveillance programs such as Prism and Upstream, expires at the end of the year. Many privacy advocates and European lawmakers are pushing for the EU to back out of Privacy Shield if U.S. lawmakers don’t build in more protections for Europeans.
https://insights.hpe.com/articles/nsas-foreign-surveillance-law-what-you-need-to-know-1709.html

Credit agency Experian says it can protect you from the ‘dark Web’ — sort of
Consumers’ and lawmakers’ attention is rightly focused at the moment on the security breach involving Equifax, which left millions of people facing a very real possibility of fraud and identity theft. But the recent ad from rival Experian highlights a more troublesome aspect of credit agencies — their use of questionable methods to spook people into buying services they may not need and, in so doing, giving the companies permission to share data with marketers and business partners.
http://www.latimes.com/business/lazarus/la-fi-lazarus-experian-dark-web-20170922-story.html

EternalBlue exploit used in Swiss campaigns by Retefe malware
In a blog post, researchers said that while Retefe has never reached the scale or notoriety of better-known banking Trojans such as Dridex or Zeus, it is notable for its consistent regional focus, and interesting implementation. “Unlike Dridex or other banking trojans that rely on webinjects to hijack online banking sessions, Retefe operates by routing traffic to and from the targeted banks through various proxy servers, often hosted on the TOR network,” said researchers.
https://www.scmagazineuk.com/eternalblue-exploit-used-in-swiss-campaigns-by-retefe-malware/article/695309/

This Is What World War III With China Might Look Like
In 2012, the Organization for Economic Cooperation and Development tested half a million 15-year-olds worldwide. […] By 2015, America’s standing had declined to 25th in science and 39th in math. But why, you might ask, should anybody care about a bunch of 15-year-olds with backpacks, braces, and attitude? Because by 2030, they will be the mid-career scientists and engineers determining whose computers survive a cyber attack, whose satellites evade a missile strike, and whose economy has the next best thing.
https://www.thenation.com/article/this-is-what-world-war-iii-with-china-might-look-like/

Singapore overtakes US and Russia as top spot to launch global cyber attacks
“It is not particularly unusual for Singapore to be featured among the top attacking countries,” said Eying Wee, Check Point’s Asia-Pacific spokeswoman. A key Southeast Asian technology hub, much of the internet traffic flowing through Singapore originates in other countries. That means a cyber attack recorded as coming from Singapore may have been launched outside the country, she said.
http://www.independent.co.uk/news/business/news/singapore-global-cyber-attacks-launch-spot-us-russia-host-country-target-a7961111.html

The Worldwide Struggle to Claim Cyber Sovereignty
“No country, except perhaps China, outright says it is extending sovereign control over the internet, and this lack of explicit pronouncements helps preserve the illusion that the internet is free and open,” says James Lewis, a Senior Vice President and Program Director at the Center for Strategic and International Studies (CSIS). “Instead, countries impose regulation for data protection and localization, to restrain hate speech or intellectual property theft, creating a piecemeal extension of sovereignty.”
https://www.thecipherbrief.com/worldwide-struggle-claim-cyber-sovereignty

Twitter explains why Trump can use site as venue for violence, hate
Facing criticism that Twitter’s most popular tweeter had gone too far again, Twitter responded. The company said the president’s tweet hadn’t come down, and the president hasn’t been banned because his tweets are newsworthy. Twitter said it is now unveiling a long-held “internal policy” and that it would “soon update our public-facing rules to reflect it.”
https://arstechnica.com/tech-policy/2017/09/twitter-explains-why-trump-can-use-site-as-venue-for-violence-hate/

After The Pirate Bay, Showtime Websites Also Found Mining Cryptocoins
As of now, there hasn’t been any official statement released by Showtime regarding the appearance of crypto miners on its websites, so there is no clear information about whether the code was installed intentionally by Showtime experimentally or the site was hacked. We believe that it was an experiment conducted by Showtime to raise money, but the possibility of hacking cannot be rejected as well.
https://www.hackread.com/pirate-bay-showtime-websites-also-found-mining-cryptocoins/

First Android Malware Found Exploiting Dirty COW Linux Flaw to Gain Root Privileges
The malware uses the Dirty COW exploit to root Android devices via the copy-on-write (COW) mechanism in Android’s Linux kernel and install a backdoor which can then be used by attackers to collect data and generate profit through a premium rate phone number. […] While the Dirty Cow flaw impacts all versions of the Android operating system, the ZNIU’s Dirty Cow exploit only affects Android devices with ARM/X86 64-bit architecture. However, the recent exploit can be used to bypass SELinux and plant backdoors.
http://thehackernews.com/2017/09/dirty-cow-android-malware.html

One Tinder user’s data request turned into 800 pages of probing info
Much of the data was sourced primarily from Tinder itself, including complete message histories and geolocation data for every interaction on the app, while other data was sourced from linked accounts at Facebook and Instagram. Duportail does not go into granular detail about which parts of her Facebook and Instagram profiles were included, but she says Tinder tracked all of her Facebook “likes” and stored her Instagram photos even after she had de-linked that photo-sharing account from her Tinder profile.
https://arstechnica.com/information-technology/2017/09/one-tinder-users-data-request-turned-into-800-pages-of-probing-info/

 

 ====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.

//]]>