Copy
CI Security

IT Security News Blast – 2-13-2020

Ransomware Attacks Grow, Crippling Cities and Businesses [Subscription]
The average payment to release files spiked to $84,116 in the last quarter of 2019, more than double what it was the previous quarter, according to data from Coveware, another security firm. In the last month of 2019, that jumped to $190,946, with several organizations facing ransom demands in the millions of dollars. Security experts say that even these numbers underestimate the true cost of ransomware attacks, which have disrupted factories and basic infrastructure and forced businesses to shut down.
https://www.nytimes.com/2020/02/09/technology/ransomware-attacks.html
 
Average tenure of a CISO is just 26 months due to high stress and burnout
Chief Information Security Officers (CISOs, or CSOs) across the industry are reporting high levels of stress. Many say the heightened stress levels has led to mental and physical health issues, relationship problems, medication and alcohol abuse, and in some cases, an eventual burnout, resulting in an average 26-month tenure before CISOs find new employment.
https://www.zdnet.com/article/average-tenure-of-a-ciso-is-just-26-months-due-to-high-stress-and-burnout/
 
FDA, MITRE offer tips for med device cybersecurity
Schwartz, who will speak March 11 at HIMSS20 alongside an expert from MITRE, explained that medical device manufacturers and the healthcare community at large could benefit from the availability of clinical simulation centers and sandboxes as a safe space to identify, analyze and manage security vulnerabilities – all toward the goal of minimizing the potential impacts to device performance and enhancing patient safety.
https://www.healthcareitnews.com/news/fda-mitre-offer-tips-med-device-cybersecurity
 
HIPAA & Employee Password Policies
To achieve the above-listed goals, HIPAA covered entities, and other vendors can assess their compliance using the following sample questions:

  • Do we have policies and procedures that restrict employees from sharing passwords?
  • Is the workforce encouraged to commit passwords to memory?
  • Do employees take common precautions, such as not writing down their secret codes on papers visible to others, while using passwords?
This is helpful guidance, but we can see HIPAA isn’t giving explicit instructions. HIPAA requires organizations to have some kind of password plan in place but does not specify the details of the plan.
https://securityboulevard.com/2020/02/hipaa-employee-password-policies/
 
FBI: $3.5B Lost in 2019 to Known Cyberscams, Ransomware
The results demonstrate that cybercrime is flourishing despite increased awareness of cyber-scams and improved security products. People reported 467,361 complaints of cybercrime to the FBI in 2019—an average of nearly 1,300 incidents every day, and more than 100,000 more than the year prior, according to the report.
https://threatpost.com/fbi-3-5b-lost-in-2019-to-known-cyberscams-ransomware/152815/
 
INSIGHT: CCPA Compliance Strategies for Financial Institutions
To accomplish this task, institutions must map and inventory every piece of personal information that is collected, used, and sold by the institution, as well as all of the institution’s data processing practices. From there, institutions should determine—dataset by dataset—whether the entity’s personal information is covered by the Gramm-Leach-Bliley Act (GLBA) or the California Financial Information Privacy Act (CFIPA), which would remove it from the scope of the CCPA.
https://news.bloomberglaw.com/banking-law/insight-ccpa-compliance-strategies-for-financial-institutions
 
Half of all reported crime is cyber-crime or fraud & is growing exponentially each year
Speaking at a recent conference Commissioner Ian Dyson of the City of London Police, emphasised this point at the event, by stating “75% of all fraud crimes reported are cyber-enabled – it’s now a lot easier than robbing a bank and the rewards are far greater”. Dyson’s warnings were echoed by speakers from the FCA, the National Fraud Intelligence Bureau and HM Treasury, and more, who suggested that London is becoming the ‘money laundering capital of the world and that detection is a prevalent challenge with external and internal auditing picking up 4% and 16% of fraud respectively and whistleblowing unmasking up to 40% of issues.
https://www.bmmagazine.co.uk/in-business/half-of-all-reported-crime-is-cyber-crime-or-fraud-is-growing-exponentially-each-year/
 
KICKING OFF A NEW APPROACH TO CYBER ETHICS AT THE DEPARTMENT OF DEFENSE
Export control regimes, such as the International Traffic in Arms Regulations and Export Administration Regulation, further restrict the dissemination of certain cyber and intelligence capabilities without a license. But there is a whole constellation of cyber expertise that is neither classified nor subject to export controls. And while ethics should always be at the forefront of a professional’s mind, they become even more important in the absence of law and regulation.
https://warontherocks.com/2020/02/kicking-off-a-new-approach-to-cyber-ethics-at-the-department-of-defense/
 
States Press for Federal Resources to Fight Cyberthreats
The officials also asked the U.S. Cybersecurity and Infrastructure Security Agency, or CISA, a unit of the Department of Homeland Security that's responsible for securing critical infrastructure, to share more information about cyberthreats with local and state representatives who are responsible for cybersecurity. [...] Senators also heard testimony from Christopher Krebs, the director of CISA, who agreed that the agency should provide more resources to state and local governments.
https://www.bankinfosecurity.com/states-press-for-federal-resources-to-fight-cyberthreats-a-13714
 
North Korea’s Internet Use Surges, Thwarting Sanctions and Fueling Theft
The study concludes that since 2017 — the year President Trump threatened “fire and fury like the world has never seen” against the country — the North’s use of the internet has surged about 300 percent. [...] The surge has a clear purpose, according to the report released Sunday by Recorded Future, a Cambridge, Mass., group known for its deep examinations of how nations use digital weaponry: circumventing financial pressure and sanctions by the West. Over the past three years, the study concluded, North Korea has improved its ability to both steal and “mine” cryptocurrencies, hide its footprints in gaining technology for its nuclear program and cyberoperations, and use the internet for day-to-day control of its government.
https://www.nytimes.com/2020/02/09/us/politics/north-korea-internet-sanctions.html
 
If China did hack Equifax, these Americans may have more reasons to be concerned
Government employees affected by the breach likely have a higher risk of having their information used against them, said Adam Segal, director of the Council on Foreign Relations’ Digital and Cyberspace Policy Program. Stolen data could be used to detect whether government workers had debts and — in the most extreme scenario — they could even be targeted to become an informant for the Chinese government, he said.
https://www.marketwatch.com/story/if-china-hacked-equifax-in-2017-some-americans-may-have-more-reason-to-be-vigilant-than-others-2020-02-12
 
The latest in Facebook's dragnet: Propaganda from Russian military intelligence
“Here again, we have a campaign using direct messaging to reach users,” Camille Francois, the chief innovation officer at the social media mapping company Graphika, wrote in a tweet on Wednesday. “This type of direct outreach has been used in previous operations to target journalists, activists and politicians alike. It’s an important and understudied vulnerability.”
https://www.cyberscoop.com/facebook-disinfiromation-russia-gru-ukraine-iran/
 
America’s Hopelessly Anemic Response to One of the Largest Personal-Data Breaches Ever
One possibility is that the indictment strategy may be working in imperceptible ways in conjunction with the United States’ new offensive posture in cyberspace. The unclassified summary of the Department of Defense’s 2018 cyber strategy pledges to “defend forward to disrupt or halt malicious cyber activity at its source, including activity that falls below the level of armed conflict.” This turn of phrase may signal an effort to shift from deterrence toward disrupting and degrading the capabilities of malicious actors.
https://www.theatlantic.com/ideas/archive/2020/02/whats-behind-the-indictment-of-the-equifax-hackers/606466/
 
‘The intelligence coup of the century’
The Swiss firm made millions of dollars selling equipment to more than 120 countries well into the 21st century. Its clients included Iran, military juntas in Latin America, nuclear rivals India and Pakistan, and even the Vatican. But what none of its customers ever knew was that Crypto AG was secretly owned by the CIA in a highly classified partnership with West German intelligence. These spy agencies rigged the company’s devices so they could easily break the codes that countries used to send encrypted messages.
https://www.washingtonpost.com/graphics/2020/world/national-security/cia-crypto-encryption-machines-espionage/
 
Apple Just Made A Striking New Security Move That Could Impact All Users
As a standalone form of authentication, passwords are pretty poor. Passwords are exposed in data breaches, people forget them, use insecure credentials and repeat them across services. [...] Apple has joined the FIDO Alliance (AKA Fast Identity Online), an organization already including giants such as Google, Intel, Microsoft and Samsung. Given Apple’s status and size, the iPhone maker’s move is significant. But it has also come very late in the day: Apple is one of the last big firms to join FIDO.
https://www.forbes.com/sites/kateoflahertyuk/2020/02/12/apple-just-made-a-striking-new-security-move-that-could-impact-all-users/?ss=consumertech#5618760631a7
 
Microsoft Addresses Active Attacks, Air-Gap Danger with 99 Patches
Twelve of the bugs are listed as critical – and the rest are rated as being important. The update includes a patch for the zero-day memory-corruption vulnerability disclosed in late January that’s under active attack. The bug tracked as CVE-2020-0674 is a critical flaw for most Internet Explorer versions, allowing remote code-execution and complete takeover.
https://threatpost.com/microsoft-active-attacks-air-gap-99-patches/152807/
 
Critical vulnerability found in IBM ServeRAID Manager
The warning carries a CVSS rating of 9.3 for CVE-2011-3556 and covers ServeRAID Manager Java version 1.4.2. The problem lies in the fact that ServeRAID Manager runs with system privileges on Microsoft Windows systems so unauthenticated attacker with network access can exploit the vulnerable Java RMI interface to launch a remote class loader attack.
https://www.scmagazine.com/home/security-news/vulnerabilities/critical-vulnerability-found-in-ibm-serveraid-manager/
 
Adobe Patch Tuesday: Critical vulnerabilities in Flash Player, Framemaker patched
Joining Adobe Flash Player in receiving security updates are Framemaker, Acrobat Reader and DC, Digital Editions and Experience Manager. The company listed CVE-2020-3757 as a critical type confusion vulnerability for Flash Player for Windows, Mac and Linux, although it noted that the issue is not being exploited in the wild at this time. A patch is available.
https://www.scmagazine.com/home/security-news/vulnerabilities/adobe-patch-tuesday-critical-vulnerabilities-in-flash-player-framemaker-patched/
 
Finally, There's a Social Network Without Any People
When you download the app, you enter a fantasy world where you're the most popular user—and only non-bot—on a social network. It feels like a blend of the big three apps: the overall layout of Facebook, the commenting system of Instagram, and the anarchy of Twitter. While it feels real enough when you're posting about your cat or the weather, Botnet's views on politics are baffling, though not moreso than a particularly obsessed Twitter rando.
https://www.vice.com/en_us/article/y3mbnw/automation-puts-reply-guys-out-of-work-in-fake-social-media-app-botnet



You are receiving this email because you are subscribed to receive the IT Security Daily Blast email from Michael Hamilton, Founder, President, and CISO of CI Security, formerly Critical Informatics.

Archived articles are available at https://ci.security/news/daily-news.

CI Security and the CI Security logo are the trademarks of CI Security, Inc. All other brand names, trademarks, service marks, and copyrights are the property of their respective owners.

© 2019 CI Security. All rights reserved.

CI Security
245 4th St, Suite 405  Bremerton, WA 98337
About Us   |   CI News   |   Contact Us

Add this Email to Your Address Book

Update Your Preferences   |   Unsubscribe from the Daily Blast