CI Security

IT Security News Blast – 3-20-2020

Coronavirus Poll Results: Cyberattacks Ramp Up as Work from Home Takes Hold

In a survey of more than 200 Threatpost readers, about half (52 percent) said that their organizations are mostly prepared, but still have groups of employees that present security challenges for work-from-home (WFH) strategies. Only 30 percent said they feel fully prepared to move to all-remote working. Further, 13 percent said they are only ready to move a minority of workforce/students to online platforms; and 5 percent said they’re not prepared at all. These stats come as a not-so-healthy 40 percent said they’re seeing more attacks on their remote footprint.


Secretary Azar Waives Certain HIPAA Sanctions and Penalties Against Covered Hospitals

Secretary Azar exercised his emergency authority to waive sanctions and penalties against a covered hospital for a covered hospital’s failure to comply with the following provisions of the HIPAA Privacy Rule during the periods described in the section below, entitled “Waiver Period.”  This limited waiver is explained in detail in a March 2020 COVID-19 & HIPAA Bulletin entitled “Limited Waiver of HIPAA Sanctions and Penalties During a Nationwide Public Health Emergency.”


Hackers Promise 'No More Healthcare Cyber Attacks' During COVID-19 Crisis

Interestingly, the DoppelPaymer cybercrime group has said that if a medical or healthcare organization does get hit by mistake, then it will provide a free decrypter code. "If we do it by mistake, we'll decrypt for free," the threat actors said, although pharmaceutical companies are not included in this ransomware amnesty. "They earn a lot of extra on panic," the criminals said, adding that they have "no wish to support them."


OCR Shares COVID-19 Cyber Scam Advice, as Hackers Impersonate WHO

Researchers have been monitoring for these types of campaigns in light of the rise of hackers taking advantage of the pandemic. On March 17, Malwarebytes again observed a WHO-related phishing campaign. The subject line reads “Latest on the corona-virus.” While the misspelling could alert users to the maliciousness of the attack, the impersonation of WHO could tempt users to open the email. The actors are using a fake e-book to lure potential victims, claiming the resource contains coronavirus research and guidance on how to protect businesses and children from infection.


Surge in Remote Work Increases Cybersecurity Risks adding to COVID-19 Pandemic

A research from CYFIRMA found that Korean-speaking hackers were planning to make financial gains using sophisticated phishing campaigns, loaded with sensitive data exfiltration malware and creating a new variant of EMOTET virus (EMOTET is a malware strain that was first detected in 2014 and is one of the most prevalent threats in 2019). These hackers were planning to target Japan, Australia, Singapore, and the U.S. the researchers also observed North Korean hackers targeting South Korean businesses.


Cost of Cyber-Events Worsening for Large Businesses

According to a new research paper by the Cyentia Institute, it is estimated that one in four Fortune 1000 businesses will suffer a cyber-related loss event, whilst there is a 6% chance that a Fortune 1000 firm will lose $100m or more in a 12 month period due to cyber-events. The 2020 Information Risk Insights Study claimed that, in costs accrued to cybersecurity loss events, 10% of incidents would exceed $20m, with information services and retail sectors the most impacted and showing “abnormally high losses that exceed many other sectors by a factor of 10.”


Security by Sector Interview: Cybersecurity and the Banking Industry

Continual risk assessments are becoming necessary. With the ever changing threat environment, a risk assessment is only as good as the last time it was updated. In your last risk assessment did you give enough credence to a global pandemic that will force you to have an almost 100% remote work force? If not, now is a good time to update that risk assessment to ensure you have adequate controls.


NYDFS Demands Regulated Entities Submit Preparedness and Financial Risks Management Plans Relating to COVID-19

In separate “Industry Letters” addressed to “The Chief Executive Officers or the Equivalents of New York State Regulated Institutions,” the New York Department of Financial Services (NYDFS) has mandated that regulated entities submit descriptions of their preparedness plans,[1] financial risk management plans and assessments,[2] in connection with COVID-19. The descriptions are due to the agency no later than April 9, 2020.


Cybersecurity money part of emergency coronavirus request

The Trump administration wants at least four agencies to get tens of millions of dollars for cybersecurity as part of its $48 billion coronavirus emergency funding request, but it inexplicably does not seek money for that purpose for CISA, the agency responsible for providing cybersecurity tools to federal agencies. Under the Office of Management and Budget's request, the Department of Energy would get $21 million “for additional information technology requirements and telework support, also including increased cybersecurity costs.”


Mass teleworking causes spike in DOD network attacks

Essye Miller, the principal deputy CIO for DOD, said the organization's networks experienced a surge in cyberattacks as more employees were pushed to work remotely if possible during a virtual town hall meeting March 16. "With the increased telework capability comes an increased attack surface for our adversary. They're already taking advantage of the situation in the environment that we have on hand," Miller said.


DOD’s Inconsistent Mitigation of Cyber Vulnerabilities Is a Waste, Pentagon’s Watchdog Says

Top Defense Department officials agreed to revise a key document that would instruct department components to report their efforts to mitigate vulnerabilities cyber red teams bring to their attention, according to an inspector general report that finds the DOD’s current approach to be haphazard. [...] The report comes as the administration looks to improve its relationship with security researchers who voluntarily disclose vulnerabilities but want the government to be more responsive in fixing them.


Russian hackers using stolen corporate email accounts to mask their phishing attempts

“The actor connects to a dedicated server using the OpenVPN option of a commercial VPN provider and then uses compromised email credentials to send out credential spam via a commercial email service provider,” Hacquebord writes in the research. [...] It isn’t clear why the Russian hacking group, which has been active since 2004, is willing to risk revealing some of their successful crusades in order to run these campaigns, Hacquebord said.


Outrage as Zimbabwe’s military declares social media a ‘dangerous threat’

In March 2020, Zimbabwe’s National Army Commander Edzai Chimonyo said that the military would soon start prying into private communications between citizens to “guard against subversion”. [...] Social media poses a dangerous threat to our national security. Social media is one of the tools that is being used for misinformation and I believe that your training has been an eye-opener to the rigors and realities of technological advancements.


Coronavirus: They want to use your location data to fight pandemic. That's a big privacy issue

[Deutsche Telekom] said it is handing 5GB of customer data over to the Robert Koch Institute, the organization tasked with coordinating a national response in Germany.  The institute, RKI for short, may be able to use the anonymized data to track the general public's movements to make predictions about how the virus spreads and to help answer questions about the effectiveness of social distancing.


New stalkerware tech wreaking havoc on personal privacy

Named MonitorMinor, this software enables stalkers to covertly access any data and track activity on devices they are surveying, as well as the most popular messaging services and social networks. Primitive strains of stalkerware uses geofencing, which lets attackers track a victim’s location and survey SMS and call data. But MonitorMinor takes this technology further by infiltrating popular communication and messaging apps, giving attackers access to a much greater trove of personal information.


Malware-Free Attacks Step up the Pace

The threat report also found that the telecommunications industry is especially at risk, with threat actors operating from China and North Korea being known to target the industry for its competitive intelligence and intellectual property. Furthermore, according the threat report, the bulk of the increase in malware-free attacks was aimed at North American organizations, which were collectively affected the most by the trend. There, nearly 75% of cyberattacks in 2019 fell into this category.


Android surveillanceware operators jump on the coronavirus fear bandwagon

“This surveillance campaign highlights how in times of crisis, our innate need to seek out information can be used against us for malicious ends,” Lookout researcher Kristin Del Rosso wrote in a post published on Wednesday. “Furthermore, the commercialization of off-the-shelf’ spyware kits makes it fairly easy for these malicious actors to spin up these bespoke campaigns almost as quickly as a crisis like COVID-19 takes hold.”


Windows 10: This kernel malware is why you need Secured-core PCs, says Microsoft

Microsoft created Secured-core PCs in response to a rise in firmware vulnerabilities that open the possibility for attacks on components like drivers, which have higher privileges than the hypervisor and the Windows kernel. Such an attack would undermine Secure Boot and could be invisible to antivirus.  [...] Of particular concern are the use of so-called 'wormhole drivers', or drivers that are, by design, vulnerable and undermine platform-level security by opening up direct access to kernel-level arbitrary memory read and write capabilities.


Cisco Warns of High-Severity SD-WAN Flaws

The most severe of these vulnerabilities is an insufficient input validation error (CVE-2020-3266) in the Command Line Interface (CLI) of SD-WAN. CLI is the text-based interface, used to operate software and allowing users to type single commands into the interface. While the flaw can only be exploited by authenticated and local attackers, if exploited it would enable them to inject arbitrary commands that are executed with root privileges.


What do you not want right now? A bunch of Cisco SD-WAN, Webex vulnerabilities? Here are a bunch of them

Switchzilla says the SD-WAN code is host to five vulnerabilities ranging from privilege escalation to remote code injection. The five CVE-listed bugs (CVE-2020-3264, CVE-2020-3265, CVE-2020-3266, CVE-2019-16010, CVE-2019-16012) are down to what Cisco calls "insufficient input validation," and the avenues to exploit it range from SQL to HTTP requests.

You are receiving this email because you are subscribed to receive the IT Security Daily Blast email from Michael Hamilton, Founder, President, and CISO of CI Security, formerly Critical Informatics.

Archived articles are available at

CI Security and the CI Security logo are the trademarks of CI Security, Inc. All other brand names, trademarks, service marks, and copyrights are the property of their respective owners.

© 2019 CI Security. All rights reserved.

CI Security
245 4th St, Suite 405  Bremerton, WA 98337
About Us   |   CI News   |   Contact Us

Add this Email to Your Address Book

Update Your Preferences   |   Unsubscribe from the Daily Blast