Copy
CI Security

IT Security News Blast – 2-12-2020

CIA Secretly Owned Crypto, the Swiss Company That Ruled Global Spy Comms for Decades, Says Report
The CIA was the secret owner of a company that made encryption devices and communication lines for spy agencies around the world—then sat back and listened while they unwittingly revealed their secrets. The revelation, described in a CIA report as “the intelligence coup of the century,” has been reported for the first time in a joint investigation from The Washington Post and German broadcaster ZDF.
https://www.thedailybeast.com/cia-secretly-owned-crypto-the-swiss-company-that-ruled-global-spy-comms-for-decades-says-report?ref=home
 
Bipartisan lawmakers introduce bill to combat cyberattacks on state and local governments
A bipartisan group of lawmakers on Monday introduced a bill that would establish a $400 million grant program at the Department of Homeland Security (DHS) to help state and local governments combat cyber threats and potential vulnerabilities. Under the legislation — led by Reps. Cedric Richmond (D-La.), John Katko (R-N.Y.), Derek Kilmer (D-Wash.), Michael McCaul (R-Texas), Dutch Ruppersberger (D-Md.), Bennie Thompson (D-Miss.) and Mike Rogers (R-Ala.) — DHS’s Cybersecurity and Infrastructure Security Agency (CISA) would be required to develop a plan to improve localities' cybersecurity and would create a State and Local Cybersecurity Resiliency Committee to help inform CISA on what jurisdictions need to help protect themselves from breaches.
https://thehill.com/policy/cybersecurity/482464-bipartisan-lawmakers-introduce-bill-to-combat-cyber-attacks-on-state-and
 
Senate GOP blocks three election security bills
Democrats tried to get consent to pass two bills that require campaigns to alert the FBI and Federal Election Commission (FEC) about foreign offers of assistance, as well as legislation to provide more election funding and ban voting machines from being connected to the internet. But Sen. Marsha Blackburn (R-Tenn.) opposed each of the requests. Under the Senate's rules, any one senator can ask for unanimous consent to pass a bill, but any one senator can object and block their requests.
https://thehill.com/homenews/house/482569-senate-gop-blocks-three-election-security-bills
 
KBOT virus takes out system files with no hope of recovery
The new malware was spotted by Kaspersky researchers. In a blog post on Monday, Kaspersky's Anna Malina said KBOT, a virus that spreads by injecting malicious code into Windows executable files, is the "first "living" virus in recent years that we have spotted in the wild." [...] While scanning drives, the virus will add polymorphic code to .exe files and override functions of the IWbemObjectSink interface, a feature of Win32 apps. KBOT will also listen to connection events between logical drives and will use the API functions NetServerEnum and NetShareEnum to retrieve paths to other network resources in order to propagate.
https://www.zdnet.com/article/kbot-virus-takes-out-system-files-with-no-hope-of-recovery/
 
Cybersecurity Frameworks in Healthcare (And How to Adopt Them)
[Clinics] and hospitals have to prove over and over again – the devices, technologies, and methods they use don’t bring any risk to patients. To do that, healthcare institutions start compiling their security with recognized standards and frameworks like NIST or HITRUST. But what exactly is a security framework? Which one should you use? What’s the right way to implement it? In this guide, I’m answering all these questions, plus, listing five most recognized healthcare security frameworks.
https://securityboulevard.com/2020/02/cybersecurity-frameworks-in-healthcare-and-how-to-adopt-them/
 
Healthcare needs a new year resolution to improve cyber-awareness
Healthcare was the only industry sector, according to that report, where there were more insider (60%) than external (42%) cyber-attacks. That’s pretty disheartening reading for anyone involved with healthcare security. Only through better awareness training, and that means injecting more money into finding the time to effectively execute such programs, will these statistics improve.
https://www.digitalhealth.net/2020/02/healthcare-needs-a-new-year-resolution-to-improve-cyber-awareness/
 
FBI warns about ongoing attacks against software supply chain companies
"Software supply chain companies are believed to be targeted in order to gain access to the victim's strategic partners and/or customers, including entities supporting Industrial Control Systems (ICS) for global energy generation, transmission, and distribution," the FBI said in a private industry notification sent out last week. Besides attacks against supply chain software providers, the FBI said the same malware was also deployed in attacks against companies in the healthcare, energy, and financial sectors.
https://www.zdnet.com/article/fbi-warns-about-ongoing-attacks-against-software-supply-chain-companies/
 
Who should lead the push for IoT security?
Both the makers of IoT devices and governments are aware of the security issues, but so far they haven’t come up with standardized ways to address them. “The challenge of this market is that it’s moving so fast that no regulation is going to be able to keep pace with the devices that are being connected,” said Forrester vice president and research director Merritt Maxim. “Regulations that are definitive are easy to enforce and helpful, but they’ll quickly become outdated.”
https://www.networkworld.com/article/3526490/who-should-lead-the-push-for-iot-security.html
 
FBI: MSP Engineer Arrested In Attempt To Sell Access To Clients
According to the FBI’s affidavit, Britt was hired by Chimera on May 6 and let go on June 24. In court records he is described as a “disgruntled” employee, though he worked at the company for only six weeks. Chimera provides IT support, mobile application development, website development, and software support to its clients, the FBI said. He literally tried to put us out of business,” said Raymond Alexander, Britt’s former boss and co-owner of Chimera, which is also affiliated with Chimera Innovations LLC, in an interview with CRN.
https://www.crn.com/news/channel-programs/fbi-msp-engineer-arrested-in-attempt-to-sell-access-to-clients
 
Speaker: U.S. Space Command gearing up cyber operations
Space Command's cyber role includes keeping the Department of Defense Information Network up and running, defending satellites and ground stations against cyber attacks and offensive operations that deny adversaries the ability to attack U.S. cyber and space assets, Matos said. The command works closely with U.S. Cyber Command, the 16th Air Force and U.S. intelligence agencies, he added.
https://gazette.com/military/speaker-u-s-space-command-gearing-up-cyber-operations/article_1b98a684-490a-11ea-a193-ab5121efd11d.html
 
New defense strategy for near-peer threats embraces warfighting technologies from non-traditional suppliers
China’s steadily increasing investment in long-range anti-ship missiles, anti-satellite weapons and cyber warfare reinforced awareness that America’s military might be falling behind in the capabilities needed for winning high-end fights. These trends led the Trump Administration to produce a new national defense strategy in 2018 focused mainly on countering the military challenges posed by Moscow and Beijing; the Pentagon wants novel solutions to emerging near-peer threats, and it wants them fast.
https://www.militaryaerospace.com/sensors/article/14167343/warfighting-technologies-nearpeer-threats-defense-strategy
 
Punching on the Edges of the Grey Zone: Iranian Cyber Threats and State Cyber Responses
The recent step back from the dangerous escalation of open hostilities that culminated in the strike on Soleimani and Iran’s retaliatory missile strike is at best a strategic pause, and more likely a return to the pre-existing, if not an escalated, grey zone conflict in which asymmetric cyber operations form a key component of Iran’s modus operandi. Indications are that Iran has stepped up its cyber reconnaissance activities since the strikes and some predict it may conduct a substantial cyber operation to exact revenge or send a message.
https://www.justsecurity.org/68622/punching-on-the-edges-of-the-grey-zone-iranian-cyber-threats-and-state-cyber-responses/
 
‘Largest cyber attack in Iran’s history’ occurs on eve of failed satellite launch
He said the attackers’ origins had been falsified, or “spoofed”, to appear to originate in East Asia and North America. He also said Dajfa had yet to detect signs of state involvement in the attack. The challenge of verifying the actors behind a cybersecurity attack is precisely why they are an effective and increasingly used tool in modern warfare. A 2019 report published by the US National Security Agency and the UK National Cyber Security Centre noted that well-resourced Russian hackers were suspected of hijacking Iranian infrastructure to conduct operations that would be traced back to Iran, rather than Russia.
https://www.thenational.ae/world/mena/largest-cyber-attack-in-iran-s-history-occurs-on-eve-of-failed-satellite-launch-1.977119
 
Chinese spokesperson refutes U.S. accusation of cyber theft of trade secrets
A Chinese Foreign Ministry spokesperson Tuesday said the Chinese government and military and their relevant personnel had never engaged in cyber theft of trade secrets. Spokesperson Geng Shuang made the remarks when commenting on reports that the United States on Monday indicted four members of the Chinese military for allegedly breaking into the computer networks of the Equifax credit reporting agency. Geng said the Chinese government's position on cybersecurity is consistent and clear. "We firmly oppose and combat cyber attacks of any kind. China is a staunch defender of cybersecurity."
http://www.xinhuanet.com/english/2020-02/11/c_138774926.htm
 
The code breakers: This vault is the epicenter in law enforcement's battle to unlock encrypted smartphones
More than 8,000 devices have poured into the facility since 2014. Each year, more of them are locked, rising from 24% in 2014 to 64% last year. For Apple devices, it's gone from 60% to 82%. Nearly 2,500 of the locked devices remain inaccessible to investigators, hindering investigations into child exploitation, financial crimes, theft, violence and other crimes. The numbers illustrate a frustration shared by law enforcement agencies across the country.
https://www.usatoday.com/story/news/politics/2020/02/11/manhattan-vault-investigators-try-unlock-encrypted-iphones/4670518002/
 
How to Delete Your Personal Information From People-Finder Sites
Spokeo is, perhaps, the simplest. You just find your profile page on the site, go to spokeo.com/optout, and then type (or paste) the link along with your email address so you can confirm. Others are not as straightforward. At Whitepages, you have to paste the URL to your profile at whitepages.com/suppression_requests, and then type the reason you want to opt-out. After that, you have to provide your phone number—yes, you have to give a data broker your phone number. You then receive a call from a robot, which gives you a verification code you have to type on the website to complete the process. The ultimate indignity? 411.info actually charges a fee if you want it to remove your info.
https://www.howtogeek.com/570124/how-to-delete-your-personal-information-from-people-finder-sites/
 
5 firewall features IT pros should know about but probably don’t

  • Network segmentation
  • Policy optimization
  • Credential-theft prevention
  • DNS security
  • Dynamic user groups
https://www.networkworld.com/article/3519854/4-firewall-features-it-pros-should-know-about-but-probably-dont.html
 
Meet the Guy Selling Wireless Tech to Steal Luxury Cars in Seconds
"EvanConnect," one of the men in the video who goes by a pseudonym online, embodies a bridge between digital and physical crime. These devices he sells for thousands of dollars let other people break into and steal high end vehicles. He claims to have had clients in the U.S., UK, Australia, and a number of South American and European countries. "Honestly I can tell you that I have not stolen a car with technology," Evan told Motherboard. "It's very easy to do but the way I see it: why would I get my hands dirty when I can make money just selling the tools to other people."
https://www.vice.com/en_us/article/7kz48x/guy-selling-relay-attack-keyless-repeaters-to-steal-cars
 
Forgotten motherboard driver turns out to be perfect for slipping Windows ransomware past antivirus checks
Sophos this month reported that an arbitrary read-write flaw in a digitally signed driver for now-deprecated Gigabyte hardware was recently used by ransomware, dubbed Robbinhood, to quietly switch off security safeguards on Windows 7, 8 and 10 machines. The problem, said Sophos, is that while Gigabyte stopped supporting and shipping the driver a while back, the software's cryptographic signature is still valid. And so, when the ransomware infects a computer – either by some other exploit or by tricking a victim into running it – and loads the driver, the operating system and antivirus packages will allow it because the driver appears legit.
https://www.theregister.co.uk/2020/02/11/forgotten_gigabte_driver_robbinhood/



You are receiving this email because you are subscribed to receive the IT Security Daily Blast email from Michael Hamilton, Founder, President, and CISO of CI Security, formerly Critical Informatics.

Archived articles are available at https://ci.security/news/daily-news.

CI Security and the CI Security logo are the trademarks of CI Security, Inc. All other brand names, trademarks, service marks, and copyrights are the property of their respective owners.

© 2019 CI Security. All rights reserved.

CI Security
245 4th St, Suite 405  Bremerton, WA 98337
About Us   |   CI News   |   Contact Us

Add this Email to Your Address Book

Update Your Preferences   |   Unsubscribe from the Daily Blast