CI Security

IT Security News Blast – 3-26-2020

‘Elite Hackers’ Thought Behind Cyber Attack On World Health Organization
The attack seems to have started when hackers, thought to be DarkHotel by anonymous sources briefed by Reuters regarding the matter but not confirmed by Urbelis, established a fake site that impersonated the internal email system used by the WHO. [...] The same web infrastructure has, however, been spotted by security researchers at Kaspersky, targeting healthcare and humanitarian agencies recently.
Senator sounds alarm on cyber threats to internet connectivity during coronavirus crisis
“As the COVID-19 pandemic unfolds, Americans will depend on connectivity products to receive tele-health; remain connected with family, colleagues, employers, and friends; and to receive news reports, and guidance from government and public health officials,” Warner wrote. He emphasized that “during this time, the security of consumer devices and networks will be of heightened importance. It is also imperative that consumer Internet infrastructure not be used as attack vectors to consumer systems and workplace networks accessed from home.”
Ransomware hits healthcare hardest, preys on SMBs
Ransomware targeted healthcare more than any other industry, accounting for 29% of total ransomware attacks in 2019, according to cyber insurer Beazley's 2020 Breach Briefing report. Professional services (14%) and financial institutions (11%) rounded out the top three targets.
Ransomware increased 131% from 2018 to 2019. About six in 10 attacks were aimed at small- and medium-sized businesses as they are "easier to exploit," according to the report.
Three Areas of Cybersecurity Strength for Hospitals During a Pandemic
In both the cases of remote workers as well as at the hospitals and healthcare centers, ensure that your organization has strong monitoring capabilities and an incident response plan in place should an attacker make it to the inside. Knowing what to prioritize for both hardening security as well as having policies and procedures in place should an attack occur is crucial to staying secure during this unprecedented event.
Coronavirus Hackers Face Cybersecurity Community's Wrath; Here's How Cyberpunks Get The Taste of Their Own Medicine
Hypponen has good reason to be angry. The Champaign-Urbana Public Health District had a malware attack on Mar. 11 as Illinois prepares for its coronavirus response. Malicious hackers, two days after, launched a cyberattack towards Brno University Hospital in the city of Brno, Czech Republic. The strike forced the hospital to close down its entire IT community. [...] Then, on Mar. 15, hazard players released a cyberattack towards the United States Health and Human Services Department (HHS).
[WEBINAR] 8 Steps to Control Cybersecurity Risk in a Work From Home Environment
The mixture of the physical and emotional changes is introducing significant security risks. This on-demand webinar was created a few days ago by CI Security CTO Mike Simon to help InfoSec and IT teams manage the critical work-from-home risks that employees need help with now. No sign-up is required, so please share with your information security colleagues. We’ll keep making content to help security pros – we hope it helps. Email me if you would like our team to cover a specific topic to help security pros or users.
Connecticut picks financial sector IT security veteran as CISO
In a state that partially relies on a federated service-delivery model for technology, in which the IT office shares responsibility with state agencies for managing technology, Raymond said Brown’s role will be to improve how risk is managed across the state. [...] “One of our big focuses is how do we work across agencies to bring new cyber protections and risk reductions in play?”
Cyber crooks lurk in dark as bank staff work from home
“While most banks have business continuity plans in place, such protocols have never been tested at this scale[.] The proportion of people working remotely far exceeds anything envisaged while developing these protocols.” These protocols may include banks employees using only registered devices such as laptops and tablets through secure private networks or VPNs as directed by the banks. However, the full-scale implementation of these directives especially among the non-tech savvy employees may represent a challenge for the financial services sector, experts said.
USCG issues new cyber security guidelines
Regulated facilities must assess and document risks associated with their computer systems and networks in a facility security assessment (FSA) or alternative security program (ASP). [...] USCG said “it is up to each facility to determine how to identify, assess and address the vulnerabilities of their computer systems and networks.” In addition, the USCG recommends that facilities use the National Institute of Standards and Technology (NIST) Cybersecurity Framework and NIST Special Publication 800-82 to craft a risk management programme. The implementation period will last 1.5 years with no submissions to update an FSA or ASP required until 30 September 2021.
How community banks can avoid being targets for cyber crooks

  • The sophistication of threats
  • The complexity of IT environments
  • The shortage of IT and information security professionals
“This combination is eroding community banks’ ability to protect consumer account information, corporate confidential data, and the availability of their computing infrastructure to serve their customers and members,” he says.  “The hard truth is that FIs are more exposed today than ever before.”
Congressional commission calls for sweeping changes to military, public service programs
Wednesday marked the second time in two years the commission called for timely improvements to military, national and public service programs — all while many of these government institutions are in the spotlight. [...] In addition, the commission recommended the creation of an Individual Ready Reserve (IRR), which would allow individuals with critical skills, especially those with tech and cyber expertise, to volunteer for military service. Though these individuals likely wouldn’t have prior military experience, the Defense Department would work with them prior to a possible deployment to prepare, train and clear them for later service.
Developing nations get in on cyber-espionage using commodity malware
“Now they are using readily-available malware, repurposing with little or no modification to the malware code ie they are taking malwares off the shelf,” Ritesh told SC Media UK. Emerging nations such as Brazil, Chile, Peru, Vietnam and Malaysia are taking the lead in this method. They are new to cyber-warfare compared to the US, China or Russia, and they do not have deep expertise or resources to create advanced, target-specific malware.
Chinese hackers hit Citrix, Cisco vulnerabilities in sweeping campaign
The campaign, which lasted between January 20 and March 11, targeted 75 organizations ranging in nearly every economic sector: telecommunications, healthcare, government, defense, finance, petrochemical, manufacturing, and transportation. The campaign, believed to be run by APT41, targeted nonprofit, legal, real estate, travel, education, and media organizations as well. “This activity is one of the most widespread campaigns we have seen from China-nexus espionage actors in recent years[.]”
The coronavirus pandemic reveals how prepared the U.S. is for cyber conflict [Subscription]
The disruptions to life caused by the coronavirus pandemic provide valuable insight into how countries might react during a cyber crisis. People are being forced to stay at home, they're relying on businesses'—and online delivery companies'—logistics networks to sustain them, and Internet connectivity maintenance is a top priority everywhere.
How to Move to Remote Work and Comply with U.S. Privacy and Cybersecurity Laws
[Even] where a business is technically allowed to remain open, many are considering moving to remote work arrangements to address potential health concerns and to plan for continued business operation given the growing pandemic. This blog post examines a sampling of the major U.S. data privacy and security laws, standards and frameworks implicated by remote work arrangements and offers practical considerations for how businesses can make the move to remote work arrangements in a way that meets these legal requirements while minimizing privacy and cybersecurity risks.
GE Employees Lit Up with Sensitive Doc Breach
GE said that a security incident at Canon in February exposed a wide-ranging number of sensitive HR-related documents. These include divorce, death and marriage certificates; benefits information (beneficiary designation forms and applications for benefits such as retirement, severance and death benefits); and even medical child support orders. Other hacked info includes direct-deposit forms, driver’s licenses, passports, tax withholding forms, names, addresses, Social Security numbers, bank-account numbers, dates of birth and other information.
'Kill Chain: The Cyber War on America's Elections' Exposes Risks to Democracy
In advance of the 2020 Presidential election, Kill Chain: The Cyber War on America’s Elections, debuts on HBO Thursday, March 26. The film takes a deep dive into the weaknesses of today’s election technology, investigating the startling vulnerabilities in America’s voting systems and the alarming risks they pose to our democracy. Kill Chain follows Finnish hacker and cyber security expert Harri Hursti as he travels around the world and across the U.S. to show how our election systems remain dangerously unprotected.
Tupperware-dot-com has a live credit card skimmer on its payment page, warns Malwarebytes
"On March 20, Malwarebytes identified a targeted cyberattack against household brand Tupperware and its associated websites that is still active today. We attempted to alert Tupperware immediately after our discovery, but none of our calls or emails were answered," said Malwarebyes in a statement. The ruse works through a rogue PNG image file having been planted by criminals who found a way into Tupperware's website. Using steganography techniques to hide malicious code inside the image file to evade detection, the criminals loaded the near-silent exploit on Tupperware-dot-com around 9 March.
Definitely Don’t Download The FBI’s Fitness App During Quarantine
Not mentioned in the bureau’s tweets are the permissions Android users must give the app, including the ability to track users’ locations using GPS and network data. The FBI Fit Test app also allows the bureau to view, modify, and delete pictures and other media files; view wifi connections; control vibration; and prevent a device from sleeping, according to the permissions listed on the Google Play store.

You are receiving this email because you are subscribed to receive the IT Security Daily Blast email from Michael Hamilton, Founder, President, and CISO of CI Security, formerly Critical Informatics.

Archived articles are available at

CI Security and the CI Security logo are the trademarks of CI Security, Inc. All other brand names, trademarks, service marks, and copyrights are the property of their respective owners.

© 2019 CI Security. All rights reserved.

CI Security
245 4th St, Suite 405  Bremerton, WA 98337
About Us   |   CI News   |   Contact Us

Add this Email to Your Address Book

Update Your Preferences   |   Unsubscribe from the Daily Blast