|
[CASE STUDY] City of Wenatchee, State of WA
The City of Wenatchee is best known for its apples, but the area also provides cheap, abundant power for local IT and enterprise data centers. When a nearby city and hospital experienced breaches in 2014, Dale Cantrell, Director of Information Systems for the City of Wenatchee, realized that the city needed to do more. Ultimately, Cantrell selected CI Security’s MDR solution and Consulting Services in order to protect and defend the city. “Having 24x7 MDR definitely helps the stress level,” notes Cantrell. “And, they don’t just protect cities. I like that they protect other types of organizations too, so they can see a broad range of attacks before they get to us.”
https://results.ci.security/case-study/city-of-wenatchee
Fraudulent Unemployment, COVID-19 Relief Claims Earn BEC Gang Millions
Behind the attacks is Scattered Canary, a highly-organized Nigerian cybergang that employs dozens of threat actors to target U.S. enterprise organizations and government institutions. Since April 29, Scattered Canary has filed more than 200 fraudulent claims on the online unemployment websites of eight U.S. states; including at least 174 fraudulent claims with the state of Washington, for instance, and at least 17 fraudulent claims with the state of Massachusetts.
https://threatpost.com/fraudulent-unemployment-covid-19-relief-claims-earn-bec-gang-millions/155925/
Pandemic Serves Up Security Woes for Election
Without what many analysts point to as adequate support and funding, Hamilton questioned how November will now play out. He pointed to April’s statewide election in Wisconsin, where citizens were confused and many waited in hours-long lines to vote, and where shortages of polling workers and voting places made the situation chaotic. [...] “A lot of people didn’t get a chance to vote,” said Hamilton. “It is a failure to support states in their need to do something about their elections. And if it continues, the elections will be decided in the courts because of that failure.”
https://securityboulevard.com/2020/05/pandemic-serves-up-security-woes-for-election/
The hacker will see you now: the vast scale of medical device cyber insecurity
Furthermore, since medical devices – such as CT or MRI scanners – are used 24/7, Geffen asks “when do you choose to shut down an MRI device for 12 hours to do an update?” This is a much harder decision than it would be for other industries. Therefore, it is hardly surprising medical devices are disproportionately affected by software security flaws on the rise in 2019, particularly BlueKeep and URGENT/11, as CyberMDX’s report finds.
https://www.medicaldevice-network.com/features/the-hacker-will-see-you-now-the-vast-scale-of-medical-device-cyber-insecurity/
Australia's Digital Health Records System Was Attacked
Australia's digital healthcare records system was subject to an attack within the last year, but no access to records was gained, according to a government official who testified to Parliament this week on cyber resiliency. The incident was reported to the Office of the Australian Information Commissioner, the regulator that deals with data breaches, says Ronan O'Connor, who is National Health CIO.
https://www.govinfosecurity.com/australias-digital-health-records-system-was-attacked-a-14306
Real-Time Change In Incident Management
A well, executed cyber security incident has the possibility to severely disable or even take down organizations. In the healthcare field—especially during this time—it is imperative that hospital doors remain open. CSOs are especially on alert for the following three threats:
- Data breaches
- Ransomware and wiperware
- Medical device and IoT tampering
https://www.cshub.com/network/articles/real-time-change-in-incident-management
CEOs and CISOs disagree on cyber strategies
- Most leaders (76%) are losing sleep over the prospect of becoming the next headline-grabbing security breach
- This is despite a high percentage (87%) believing that their security team is consistently ahead of cybersecurity threats
- Cybersecurity strategies are seen by 85% of executives as a major driver for digital transformation, yet 66% recognize the increased organizational exposure to cyber threats because of digitization
https://www.helpnetsecurity.com/2020/05/20/ceos-cisos-disparities/
US Treasury Warning: Beware of COVID-19 Financial Fraud
The U.S. Treasury's Financial Crimes Enforcement Network is alerting financial institutions about surging COVID-19 themed scams and other "illicit activities," ranging from medical-related fraud involving the sale of fake cures, tests and vaccines to price gouging for supplies. FinCEN notes that its alert issued Monday is the first of several advisories the agency intends to issue concerning financial crimes related to the COVID-19 pandemic.
https://www.bankinfosecurity.com/us-treasury-warning-beware-covid-19-financial-fraud-a-14304
Cyber crime and FS: blocking the path of least resistance
“Alarmingly, less than a quarter of our research respondents had an adequate level of budget allocated to cyber security, while almost three-quarters wanted to see an increase in their organisation’s cyber security spending,” relates Alyn Hockey, vice president of product management at Clearswift. “So, the cyber security threat is real and growing, yet FS firms are having to fight this threat with insufficient budgets and resources.”
https://www.financierworldwide.com/cyber-crime-and-fs-blocking-the-path-of-least-resistance#.XsXM6mhKg2w
GAO finds growing cyber weaknesses at IRS
[One] of the challenges IRS faces is applying modern security standards to older software. Now, they have ways to do this, but it’s not as easy as if they were starting from scratch with a completely modern platform. IRS spends hundreds of millions of dollars a year modernizing its IT systems, but it’s always in sort of a catch up, and it’s always trying to triage and prioritize the most critical systems for updates and upgrades.
https://federalnewsnetwork.com/cybersecurity/2020/05/gao-finds-growing-cyber-weaknesses-at-irs/
Military Chief Says Israel Will Continue to Use 'Variety of Tools' Amid Cyber Confrontation With Iran
The Washington Post report, quoting unnamed U.S. and foreign intelligence sources, said that the May 9 attack on Bandar Abbas port disrupted maritime traffic for several days. [...] Officials from the United States and other countries told the Washington Post that the assault was carried out in retaliation to an Iranian attempt to hack Israeli water distribution systems.
https://www.haaretz.com/israel-news/.premium-military-chief-say-israel-will-continue-to-use-variety-of-tools-amid-iran-tensions-1.8859374
Cyberwarfare and the ‘Octopus Doctrine’ - analysis
According to the publications in the NYT and the Washington Post, Israel’s message to Iran was clear: Don’t hack us, and if you do, there will be a heavy price to pay. Israel is not at this point going to use conventional warfare to strike at Iran itself in response to a conventional attack sanctioned by Tehran. The same is not true, however, when it comes to cyber: then Israel will not hesitate to make the head of the octopus feel the pain directly.
https://www.jpost.com/middle-east/cyberwarfare-and-the-octopus-doctrine-analysis-628737
White House report blasts Chinese 'malign activities'
The 20-page report does not signal a shift in U.S. policy, according to a senior administration official, who was not authorized to publicly discuss the report and spoke only on condition of anonymity, but it expands on Trump's get-tough rhetoric that he hopes will resonate with voters angry about China's handling of the disease outbreak that has left tens of millions of Americans out of work.
https://www.startribune.com/white-house-report-blasts-chinese-malign-activities/570636902/?refresh=true
Australia slams coronavirus crisis cyber attacks
Australia risks further rousing Beijing's ire after accusing unnamed countries of conducting and supporting cyber attacks under the cover of the coronavirus crisis. While the statement issued by the Department of Foreign Affairs and Trade did not identify China, it comes less than a week after the US government accused the Communist regime of attempting to steal data related to coronavirus vaccines and treatment from US research bodies and pharmaceutical companies.
https://www.afr.com/politics/federal/australia-slams-coronavirus-related-cyber-attacks-20200520-p54urp
‘Flight risk’ employees involved in 60% of insider cybersecurity incidents
"[Flight] risk" employees, generally deemed to be individuals on the verge of resigning or otherwise leaving a job, often change their behavioral patterns from two months to two weeks before conducting an insider attack. After examining hundreds of insider incidents across different industry verticals, the cybersecurity firm said that roughly 80% of flight risk employees will try to take proprietary data with them. In total, 43.75% of insiders forwarded content to personal emails; 16% abused cloud collaboration privileges and 10% performed downloads of aggregated data during attacks analyzed in the report.
https://www.zdnet.com/article/flight-risk-employees-involved-in-60-of-insider-cybersecurity-incidents/
Are Digital Health Passports the Key to Unlocking UK Stadiums? The Data Privacy Perspective
This app is an innovative way to allow stadiums to be unlocked to fans, whilst maintaining the fight against COVID-19. However, it also raises a number of data privacy issues that will need to be carefully considered prior to its roll-out. [...] In order for the consent to be valid under data protection laws, it must be specific, informed, freely given and provided by way of a clear statement. As individuals will be required to provide information about their health status in order to purchase tickets to a match and gain entry to the stadium, it is questionable whether their consent will be ‘freely given’.
https://www.natlawreview.com/article/are-digital-health-passports-key-to-unlocking-uk-stadiums-data-privacy-perspective
Web Giants Scrambled to Head Off a Dangerous DDoS Technique
That multiplicative effect means that an attacker could use just a handful of hacked machines, or even their own devices, to carry out powerful DDoS attacks on DNS servers, potentially causing Mirai-scale disruption. "Mirai had like 100,000 IoT devices, and here I think you can have the same impact with only a few hundred devices[.]" [...] The researchers say those firms, including Google, Microsoft, Cloudflare, Amazon, Dyn (now owned by Oracle), Verisign, and Quad9 have all updated their software to address the problem, as have several makers of the DNS software those companies use.
https://www.wired.com/story/dns-ddos-amplification-attack/
NSO Group Impersonated Facebook to Help Clients Hack Targets
A former NSO employee provided Motherboard with the IP address of a server setup to infect phones with NSO's Pegasus hacking tool. Motherboard granted the source anonymity to protect them from retaliation from the company. Pegasus can target modern iPhone and Android devices, and once installed on a device it can steal text and social media messages, track the GPS location of the phone, and remotely turn on the camera and microphone. NSO sells Pegasus in either 0- or 1-click versions, with the former needing no interaction from the target, and the latter requiring the target to click a link.
https://www.vice.com/en_us/article/qj4p3w/nso-group-hack-fake-facebook-domain
'Scam' Spyware Vendor Gets Caught, Once Again
Kumar’s Android malware, which the researchers dubbed WolfRAT, is based on DenDroid, a malicious software that was discovered in 2014, according to the report. DenDroid’s code was leaked online in 2015, effectively making it open source. The servers the malware connects to have been publicly linked to Kumar's company for more than a year, after researchers from another security company published a report about Wolf Intelligence, Kumar's company that sold surveillance and hacking tools to police and intelligence agencies.
https://www.vice.com/en_us/article/wxq85w/scam-spyware-vendor-gets-caught-once-again
|
