Copy
CI Security

IT Security News Blast – 11-15-2019

Automated systems: Flag smarter, not everything
Cybersecurity professionals are constantly receiving a large number of security alerts from these automated systems – most of which are near-to-useless information. As opposed to flagging potential incidents in the network, these systems are flagging alerts every time it encounters anything – any anomaly, any intrusion attempt, any suspicious code, any unusual data movement. [...] Companies are spending billions on alert systems that they just don’t need – alerts which make the life of their security teams harder, not easier.
https://www.helpnetsecurity.com/2019/11/14/automated-systems/
 
A Hacker Wants About $5 Million in Ransom From Pemex By End of November
The person also said his group’s hacks aren’t limited to the oil sector and suggested they were responsible for a previous cyberattack on Roadrunner Transportation Systems Inc., which is based in Wisconsin and offers truck freight transportation services. “They did not pay and recovered themselves, and left us GB’s of their data,” the person said, in broken English. The person also confirmed that the group was seeking 565 Bitcoins, which is roughly equivalent to $4.8 million.
https://www.bloomberg.com/news/articles/2019-11-13/a-hacker-wants-about-5-million-from-pemex-by-end-of-november
 
How provider organizations can prepare cybersecurity incident response and recovery
“Other than the rendition of the very worst offenders, or meaningful consequences for rogue governments engaged in international criminal activity, there is very little to dissuade perpetrators from continuing their attacks,” he explained. “All evidence indicates that attacks are increasing in frequency, intensity and damage at the current time.” Given the inevitability of an attack, healthcare provider organizations and governments need to plan for response and recovery, areas that healthcare in particular has been historically bad at, Staynings said.
https://www.healthcareitnews.com/news/how-provider-organizations-can-prepare-cybersecurity-incident-response-and-recovery
 
7 Times Ransomware Became a Major Healthcare Hazard
In 2019, healthcare firms continued to be primary targets of cyber-attacks with several data breaches and ransomware attacks taking major headlines again. The financial health of the healthcare industry might get even worse with data breaches expected to cost US$ 4 billion by the end of the year. The recent outbreak of ransomware attacks on hospitals and healthcare providers shows the serious threat these attacks vectors can pose. Here are seven times when ransomware attacks took a toll on the healthcare sector.
https://www.cisomag.com/7-times-ransomware-became-a-major-healthcare-hazard/
 
US-CERT Warns of Remotely Exploitable Bugs in Medical Devices
US-CERT has issued an advisory for vulnerabilities in Medtronic's Valleylab FT10 and Valleylab FX8 Energy Platforms, both key surgical equipment that could be remotely exploited by a low-skill attacker. Vulnerabilities also affect Valleylab Exchange Client, officials report. The advisory details three vulnerabilities. One is the use of hard-coded credentials (CVE-2019-13543). Affected devices use multiple sets of hard-coded credentials; if discovered, they could be used to read files on the equipment. The flaw has been assigned a CVSS base score of 5.8.
https://www.darkreading.com/threat-intelligence/us-cert-warns-of-remotely-exploitable-bugs-in-medical-devices/d/d-id/1336362
 
VA cybersecurity, FTC cyber bill get Hill attention today
Many key department systems have been obsolete for years, according to Dahl’s testimony, which will also cover recent IG studies involving mishandling or inadequate protection of sensitive veteran data. The department requested $362 million for IT security in fiscal 2020. It has a “complex cybersecurity environment” to deal with, according to written testimony from the department’s chief information security officer, Paul Cunningham, with 1.6 million connected devices spread across 2,500 facilities.
https://www.politico.com/newsletters/morning-cybersecurity/2019/11/14/va-cybersecurity-ftc-cyber-bill-get-hill-attention-today-782403
 
New Group of Hackers Targeting Businesses with Financially Motivated Cyber Attacks
In almost all spear-phishing email campaigns researchers observed between October 16 and November 12 this year, the attackers used malicious Word document attachments as an initial vector to compromise the device. Once opened, the malicious document executes a macro script to run malicious PowerShell commands, which then eventually downloads and installs one of the following payloads onto the victim's system:

  • Maze Ransomware,
  • IcedID Banking Trojan,
  • Cobalt Strike backdoor.
https://thehackernews.com/2019/11/financial-cyberattacks.html
 
Lawmakers begin oversight of cyber campaigns that target veterans, military members
Earlier this year, the group Vietnam Veterans of America published the results of a two-year investigation showing hackers and cyber criminals from Russia and elsewhere are specifically targeting veterans and military members. And while VVA has generally gotten a cold shoulder from federal agencies, Congress is starting to take notice. On Wednesday, the House Veterans Affairs Committee held its first hearing on the issue, the same day 20 senators sent a letter to the VA secretary asking how his department is responding to VVA’s findings.
https://federalnewsnetwork.com/veterans-affairs/2019/11/lawmakers-begin-oversight-of-cyber-campaigns-that-target-veterans-military-members/
 
Secret Iranian Network Behind ‘Aggressive’ U.S. Cyberattacks Exposed In New Report
The U.S. government has warned of an increasing threat from Iran as tensions escalate in the Gulf. Iran doesn’t have the same level of cyber weaponry used by threat groups in Russia and China, but it has proven very adept at attacks on civilian and critical infrastructure—targets that are less hardened than government or military agencies. Now a report from Trend Micro has exposed the use of a dedicated virtual private network by one “aggressive” Iranian hacking group to hit targets while keeping its activities secret.
https://www.forbes.com/sites/zakdoffman/2019/11/14/secret-iranian-network-behind-aggressive-us-cyberattacks-exposed-in-new-report/#a051e19579cc
 
Russia and China may not be the top cyberthreats
I think the most cyber activity we’re seeing now is minor or middle powers: UAE, Qatar, Philippines, Vietnam,” said Brandon Valeriano, chair of Armed Politics at the Marine Corps University and a member of the U.S. Cyberspace Solarium Commission. Valeriano was speaking during a panel at CyberCon 2019 Nov. 12. "That’s where the evolution of cyber conflict really is. I’m worried too much about our great power politics focus. I think we need to think a bit better about the realities of conflict.”
https://www.fifthdomain.com/smr/cybercon/2019/11/14/russia-and-china-may-not-be-the-top-cyber-threats/
 
Issues to Consider When Evaluating Cyber Coverage in Light of the CCPA and Other State Privacy Laws
With the increase in state privacy legislation, particularly the CCPA, many insurance companies are working with clients to also cover certain "compliance" costs arising out of a violation of a privacy-related legal obligation where no underlying cyber incident has occurred. Insurers and insureds alike are also working to understand how the CCPA's private right of action fits within existing third-party liability coverage and whether and how they may need to expand such coverage. We provide below a few points of guidance for companies to consider as they engage in similar discussions with their brokers and insurers.
http://www.mondaq.com/unitedstates/x/863768/data+protection/Issues+to+Consider+When+Evaluating+Cyber+Coverage+in+Light+of+the+CCPA+and+Other+State+Privacy+Laws
 
Facebook Nixes Billions of Fake Accounts
Amid growing efforts to create fraudulent accounts, Facebook said it has stepped up its defenses and often removes the accounts within minutes of being created. "We have improved our ability to detect and block attempts to create fake, abusive accounts," the internet firm said in its latest transparency report. "We can estimate that every day, we prevent millions of attempts to create fake accounts using these detection systems."
https://www.securityweek.com/facebook-nixes-billions-fake-accounts
 
5G has security flaws that could let hackers track your location
Security researchers have identified 11 design vulnerabilities with 5G protocols that could expose a user’s location, spoof emergency alerts, track phone activity (calls, texts, or web browsing), or silently disconnect the phone from the network altogether. How do they know? The flaws were identified using a custom tool the researchers built called 5GReasoner, which they used to identify five further vulnerabilities carried over from 3G and 4G. The findings were presented at a security conference in London yesterday. You can read the paper here.
https://www.technologyreview.com/f/614709/5g-has-security-flaws-that-could-let-hackers-track-your-location/
 
Breach affecting 1 million was caught only after hacker maxed out target’s storage
Utah-based InfoTrax Systems was first breached in May 2014, when a hacker exploited vulnerabilities in the company’s network that gave remote control over its server, FTC lawyers alleged in a complaint. According to the complaint, the hacker used that control to access the system undetected 17 times over the next 21 months. Then on March 2, 2016, the intruder accessed personal information for about 1 million consumers. The data included full names, social security numbers, physical addresses, email addresses, phone numbers, and usernames and passwords for accounts on the InfoTrax service.
https://arstechnica.com/information-technology/2019/11/breach-affecting-1-million-was-caught-only-after-hacker-maxed-out-targets-storage/
 
Threat Actor Impersonates USPS to Deliver Backdoor Malware
A new threat actor has been found  impersonating the U.S. Postal Service (USPS) and other government agencies to deliver and install backdoor malware to various organizations in Germany, Italy and the United States, according to new research. [...] The threat actor sent malicious email messages “targeting no particular vertical but with recipients that were heavily weighted towards business and IT services, manufacturing and healthcare[.]”
https://threatpost.com/threat-actor-impersonates-usps-malware/150242/
 
Just-Released Checkra1n iPhone Jailbreak Stirs Security Concerns
“Checkra1n is unprecedented in potential impact, with millions of devices at risk as a result of the extensive device and iOS targets,” warned Christopher Cinnamo, senior vice president of product management at Zimperium, in a company blog post. In this context, a jailbreak is a method to escape Apple’s limitations on what apps and code can run on the iPhone. Jailbreaks are useful for those wanting to install custom code, add features or perform security research outside the purview of the Apple ecosystem.
https://threatpost.com/checkra1n-jailbreak-stirs-concerns/150182/
 
FTC head asks Congress for real privacy laws he can enforce
As part of the consumer protection half of its mandate, the FTC also regulates the gulf between what companies say they will do and what they actually do. As such, the agency has become the closest thing the United States has to a privacy regulator. But its actions and authority are limited under the law, and when it comes to privacy, the commission can more or less only intervene when a prior agreement has been broken—it can't just impose fines or other penalties for behavior that feels like it should be illegal but isn't.
https://arstechnica.com/tech-policy/2019/11/we-need-help-from-you-on-creating-privacy-law-ftc-chair-tells-congress/
 
Activists in Jumpsuits Are Scanning the Faces of DC Residents With Amazon Tech
“We’ll see after the fact how accurate it is,” Evan Greer, director of Fight for the Future, told Motherboard. “The point we’re trying to make is that facial recognition tech is dangerous either way. It’s dangerous when we’re misidentifying people for law enforcement purposes, and it’s dangerous when it works. It means anyone, whether that’s the government or a private company or a creepy ex, can use it to identify someone.”
https://www.vice.com/en_us/article/vb5am4/activists-in-jumpsuits-are-scanning-the-faces-of-dc-residents-with-amazon-tech
 
What a pair of Massholes! New England duo cuffed over SIM-swapping cryptocoin charges
21 year-old Eric Meiggs and 20 year-old Declan Harrington each face charges of wire fraud, conspiracy, computer fraud and abuse, and aggravated identity theft for their alleged roles in a crime spree stretching from November of 2017 to May of 2018, which resulted in the theft of $550,000 worth of cryptocoins. Prosecutors say that Meiggs, of Brockton, and Harrington, of Rockport, specifically targeted executives of cryptocurrency firms and other known high-rollers for account takeovers, with the aim of draining the targets' cryptocurrency wallets.
https://www.theregister.co.uk/2019/11/14/massachusetts_pair_sim_swapping/



You are receiving this email because you are subscribed to receive the IT Security Daily Blast email from Michael Hamilton, Founder, President, and CISO of CI Security, formerly Critical Informatics.

Archived articles are available at https://ci.security/news/daily-news.

CI Security and the CI Security logo are the trademarks of CI Security, Inc. All other brand names, trademarks, service marks, and copyrights are the property of their respective owners.

© 2019 CI Security. All rights reserved.

CI Security
245 4th St, Suite 405  Bremerton, WA 98337
About Us   |   CI News   |   Contact Us

Add this Email to Your Address Book

Update Your Preferences   |   Unsubscribe from the Daily Blast