Copy
CI Security

IT Security News Blast – 2-8-2019

Ransomware Attack Via MSP Locks Customers Out of Systems
An attacker this week simultaneously encrypted endpoint systems and servers belonging to all customers of a US-based managed service provider by exploiting a vulnerable plugin for a remote monitoring and management tool used by the MSP. The attack resulted in some 1,500 to 2,000 systems belonging to the MSP's clients getting cryptolocked and the MSP itself facing a $2.6 million ransom demand. Discussions this week on an MSP forum on Reddit over what appears to be the same — or at least similar — incident suggest considerable anxiety within the community over such attacks, with a few describing them as a nightmare scenario.
https://www.darkreading.com/attacks-breaches/ransomware-attack-via-msp-locks-customers-out-of-systems/d/d-id/1333825
 
Germany bans Facebook from combining user data without permission
The decision, which comes as the result of a nearly three-year antitrust investigation into Facebook’s data gathering practices, also bans the social media company from gleaning user data from third-party sites unless they voluntarily consent. “With regard to Facebook’s future data processing policy, we are carrying out what can be seen as an internal divestiture of Facebook’s data,” Bundeskartellamt President Andreas Mundt said in a release. “In [the] future, Facebook will no longer be allowed to force its users to agree to the practically unrestricted collection and assigning of non-Facebook data to their Facebook user accounts.”
https://www.scmagazine.com/home/network-security/germany-bans-facebook-from-combining-user-data-without-permission/
 
Will Biotech and Pharma Be Prepared for This Year’s Cyber Threats?
[The] Healthcare and Public Health Sector Coordinating Councils and HHS collaborated to provide further best-practice recommendations for preventing data breaches and other cyberattacks in a document published Dec. 28, 2018, and the U.S. Food and Drug Administration addressed the growing IoHT (“Internet of Healthcare Things”) in November 2016 by updating the nearly 20-year-old 1997 guidance document for manufacturers to submit reports about potential defects in medical devices. “While these (documents) are steps in the right direction, there’s no way to enforce these guidelines, so biotech and pharma companies need to invest further if they want to reduce and mitigate potential cyberattacks,” he explained. “They need to ‘assume breach’ and implement a comprehensive strategy to protect their most valuable data against a likely attack.”
https://www.rdmag.com/news/2019/02/will-biotech-and-pharma-be-prepared-years-cyber-threats
 
How Multi-Factor Authentication Can Combat Phishing, Cyberattacks
“Most MFA approaches will remember a device. So if you come back using the same phone or computer, the site remembers your device as the second factor,” NIST researchers wrote. “Between device recognition and analytics the bank is likely performing—such as whether you’re logging in 20 minutes later from halfway around the world—most of the time the only ones that have to do any extra work are those trying to break into your account.”
https://healthitsecurity.com/news/how-multi-factor-authentication-can-combat-phishing-cyberattacks
 
Names, birthdates, social security numbers part of health care cyber attack
A recent cyber attack at Catawba Valley Medical Center in Hickory impacted 20,000 patients, according to records from the U.S. Department of Health and Human Services.  Hospital officials said patient names, birthdates, social security numbers, and health information were compromised.
A spokesman for Catawba Valley Medical Center said they’ve sent letters to all the patients affected. Now the hospital is taking action to prevent it from happening again. [...] This was the second major breach at a local hospital in the past few months.
https://www.wcnc.com/article/tech/names-birthdates-social-security-numbers-part-of-health-care-cyber-attack/275-30bd7853-b5e1-41fd-9575-ddafc1ab39ae
 
Phishing emails imitate North American banks to infect recipients with TrickBot
An spam-based phishing campaign recently targeted North American banking customers with malicious Excel documents designed to infect victims with a new variant of the information-stealing TrickBot banking trojan, researchers reported earlier this week. The scam dates back to at least Jan. 27 and peaked in volume on Jan. 30, according a new blog post from Blue Hexagon, a brand-new deep-learning cybersecurity firm that launched just this past Tuesday, Feb. 5.
https://www.scmagazine.com/home/security-news/phishing-emails-imitate-north-american-banks-to-infect-recipients-with-trickbot/
 
A Moment of Truth for Cyber Insurance
In its ideal state, a mature cyber insurance market could go beyond simply absorbing some of the damage of cyberattacks and play a more fundamental role in engineering and managing cyber risk. It would allow analysis of data across industries to understand risk factors and develop common metrics and scalable solutions. It would allow researchers to pinpoint sources of aggregation risk, such as weak spots in widely relied-upon software and hardware platforms and services. Through its financial levers, the insurance industry can turn these insights into action, shaping private-sector behavior and promoting best practices internationally.
https://www.lawfareblog.com/moment-truth-cyber-insurance
 
How criminals use Uber and Airbnb to launder money stolen from your credit card
In one common scam, criminals recruit Uber drivers to pretend to take them on a ride. The criminal never shows up, but uses illicit money from a stolen credit card to pay for the trip. The driver then wires a portion of the payment for the trip back to the criminal. Ads seeking help laundering assets by this method can be seen on the dark web, a network of websites outside the established internet only accessible through special applications, Mador said.
https://www.cnbc.com/2019/02/07/how-criminals-use-airbnb-uber-launder-stolen-credit-card-money.html
 
Legal Departments Should Prepare for More Cross-Border Cybersecurity Incidents
“U.S. data breaches that have implications in Europe are becoming more and more common. Even some of the more straightforward incidents that we see have multinational aspects at this point.” The report highlights key issues that companies should expect to confront in responding to cross-border cyber incidents, from managing multinational forensics investigations and global legal risks to strategically engaging with law enforcement in different jurisdictions, preserving privilege and dealing with the extraterritorial application of data privacy and security laws.
https://www.law.com/legaltechnews/2019/02/07/report-warns-legal-departments-to-prepare-for-more-cross-border-cybersecurity-incidents-397-16688/
 
Cyber-warfare could be entering a new and alarming phase, ex-CIA analyst tells MPs
The West's imposition of sanctions on "some countries" has in the past been met with denial-of-service attacks on financial services websites, he said — attacks that have only been disruptive. "In the future, they may respond with destructive attacks aimed at permanently disabling financial services or altering data in ways that undermine trust in the global financial system, such as by delaying or impairing the trustworthy settlement of collateralized government debt," Porter said. "For countries sufficiently sanctioned and therefore increasingly outside that financial system anyway, there is little incentive not to do so during a confrontation."
https://www.cbc.ca/news/politics/cyber-warfare-sanctions-denial-service-cia-1.5008956
 
It’s time to modernize traditional threat intelligence models for cyber warfare
There are a handful of rudimentary templates for building a good cyber threat intelligence program available for free online. All of these templates leave out key pieces of information that any novice to the cyber threat intelligence field would be required to know. Most likely, this is done to entice organizations into spending copious amounts of money on a specialist. The number of companies that specialize in the collection of cyber threat intelligence is growing at a ludicrous rate, and they all offer something that is different, unique to certain industries, proprietary, automated via artificial intelligence (AI) and machine learning, based on pattern recognition, or equipped with behavioral analytics.
https://www.militaryaerospace.com/articles/pt/2019/02/threat-intelligence-cyber-warfare-artificial-intelligence-ai.html
 
SOCOM needs to step up its propaganda game, Pentagon deputy says
“We need to move beyond our 20th century approach to messaging and start looking at influence as an integral aspect of modern irregular warfare,” Andrew Knaggs, the Pentagon’s deputy assistant secretary of defense for special operations and combating terrorism, said at a defense industry symposium Tuesday. The shift will require cooperation with civilians rarely approached by SOCOM, as well as new technology and strategies to isolate enemy disinformation campaigns before they catch the public’s interest in an area of operations.
https://www.militarytimes.com/news/your-military/2019/02/06/socom-needs-to-step-up-its-propaganda-game-pentagon-deputy-says/
 
IDF thwarted Iranian attack on Home Front warning system
The incident, which occurred more than a year ago and was thwarted by the IDF's cyber defense battalion, was revealed in an interview by the paper with Brigadier General Noam Sha'ar, who until recently served as head of the IDF's cyber defense battalion. This attack was uncovered after tracking an Iranian group active in the cyber world. It turned out that the group was involved in actions against several systems in Israel, including the discovery and warning system. It is one of dozens of groups operated by the Iranians as part of their cyber network, which is run by the Revolutionary Guards with an annual budget estimated at more than $1 billion.
http://www.israelnationalnews.com/News/News.aspx/258728
 
Russia Embraces Disinformation About Disinformation
Given all of this, it is time to for America to re-examine its deterrence strategy, as it is proving patently insufficient. Russia’s continuing campaigns, and those of other state actors (such as the Iranian attempt to target the U.S. 2018 midterms), suggest that an updated cyber doctrine is in order—one that clearly addresses influence operations. This may include expanding cyber countermeasures, further empowering U.S. Cyber Command (which has begun targeting Russian operatives), expanding sanctions, and collaborating with global partners to present a united front.
https://slate.com/technology/2019/02/russia-disinformation-mueller-hackingredstone.html
 
Most people just click and accept privacy policies without reading them — you might be surprised at what they allow companies to do
"They're not designed for consumers, for you and me, to understand. They're written by lawyers for lawyers to protect the company," said Brian Vecci, the field chief technology officer for Varonis, a cybersecurity company that focuses on securing data. Varonis did research in July on how long it takes to read the privacy policies of some well-known companies and found some can take more than 27 minutes. The policies also require at least some high school education and sometimes advanced degrees.
https://www.cnbc.com/2019/02/07/privacy-policies-give-companies-lots-of-room-to-collect-share-data.html
 
Cisco, like Apple and other tech giants, now wants new federal privacy law
Particularly in the wake of the Cambridge Analytica scandal, along with the recent passage of the GDPR in the European Union and California’s own new privacy law, companies have been pushing Congress to regulate their industry like never before. Some lawmakers have taken notice and have introduced their own bills, but none have gotten far in the process just yet. Other states, like Washington and Massachusetts, are proposing their own privacy bills, too. "What we don’t need is more fracturing," Michelle Dennedy, Cisco’s chief privacy officer, told Ars.
https://arstechnica.com/tech-policy/2019/02/cisco-like-apple-and-other-tech-giants-now-wants-new-federal-privacy-law/
 
Amazon’s Home Security Company Is Turning Everyone Into Cops
Neighbors defines itself as a “new neighborhood watch,” according to its website. But on a more practical level, Neighbors is like NextDoor, a social platform for local communities, if the posts on NextDoor were only reports of crime or “suspicious activity.” NextDoor has faced long-standing issues of racism on its platform, and Ring faces the same issue. Each Neighbors post has one of the following labels: Crime, Safety, Suspicious, Stranger, or Lost Pet. Ring captures footage that can help leads to arrests when that footage is shared with police, like in the case described above.
https://motherboard.vice.com/en_us/article/qvyvzd/amazons-home-security-company-is-turning-everyone-into-cops
 
Vendor allegedly assaults security researcher who disclosed massive vulnerability
The vendor is Atrient, the product is PowerKiosk, and the flaw allows personal data to be transmitted unencrypted — reportedly serious enough to make it “extremely vulnerable to criminal abuse.” [...] The scary one in this scenario is actually not the FBI, but Atrient because it allegedly offered the researchers a $60,000 bug bounty as long as they were quiet about the flaw and waited on attorneys to draw up an NDA. Four months later … no bug bounty payment, no NDA, and no fix for the flaw. [...] In a video recorded after the incident in which Wheeler retrieved his allegedly ripped-off badge from the table where Gill was sitting, Gill denied knowing Wheeler. The assault was reported to the London Metropolitan Police and the ICE conference, which vowed to take the safety of attendees seriously.
https://www.csoonline.com/article/3338112/security/vendor-allegedly-assaults-security-researcher-who-disclosed-massive-vulnerability.html
 



You are receiving this email because you are subscribed to receive the IT Security Daily Blast email from Michael Hamilton, Founder, President, and CISO of CI Security, formerly Critical Informatics.

Archived articles are available at https://ci.security/news/daily-news.

CI Security and the CI Security logo are the trademarks of CI Security, Inc. All other brand names, trademarks, service marks, and copyrights are the property of their respective owners.

© 2018 CI Security. All rights reserved.

CI Security
245 4th St, Suite 405  Bremerton, WA 98337
About Us   |   CI News   |   Contact Us

Add this Email to Your Address Book

Update Your Preferences   |   Unsubscribe from the Daily Blast