Copy
CI Security

IT Security News Blast – 11-8-2019

Weathering the cyber storm

Experts estimate that cyber storms will continue batter vulnerable critical infrastructure and cause economic and security disasters at an unimaginable scale. The proliferation of cyberattacks is expected to run up $5.2 trillion in damages over the next five years, far outweighing the $306 billion lost in the U.S. yearly to natural disasters. As threat actors become more seasoned, the nation's critical infrastructure is at risk, endangering transportation systems, power grids, food and water supply systems, dams and health care systems and putting millions of lives at risk.

https://gcn.com/articles/2019/11/07/weathering-cyber-storms.aspx

 

2 Former Twitter Employees Charged With Spying For Saudi Arabia

Ahmad Abouammo, a U.S. citizen, was a media partnerships manager at Twitter who was not authorized to access Twitter users' private information. He allegedly did exactly that, for which he received payments of up to $300,000 from a Saudi source identified in the complaint only as "Foreign Official-1." [...] Between May 21, 2015, and Nov. 18, 2015, Alzabarah, without authorization, accessed "the Twitter data of over 6,000 Twitter users, including at least 33 usernames for which Saudi Arabian law enforcement had submitted emergency disclosure requests to Twitter," the complaint said. Among the accounts he accessed were those belonging to well-known critics of the Saudi government.

https://www.npr.org/2019/11/06/777098293/2-former-twitter-employees-charged-with-spying-for-saudi-arabia

 

Study: Ransomware, Data Breaches at Hospitals tied to Uptick in Fatal Heart Attacks

Hospitals that have been hit by a data breach or ransomware attack can expect to see an increase in the death rate among heart patients in the following months or years because of cybersecurity remediation efforts, a new study posits. Health industry experts say the findings should prompt a larger review of how security — or the lack thereof — may be impacting patient outcomes.

https://krebsonsecurity.com/2019/11/study-ransomware-data-breaches-at-hospitals-tied-to-uptick-in-fatal-heart-attacks/

 

Ransomware attack at Brooklyn Hospital Center results in permanent loss of some patient data

After investigating the incident along with a third-party forensic investigation firm, the hospital discovered that malware had encrypted some of the hospital's patient files and disrupted the operation of certain hospital systems. Despite remediation efforts to recover all the data infected with malware, the hospital determined in September that certain patient data were unrecoverable. There is no evidence data were accessed or acquired or of any attempted misuse of the data, the hospital said.

https://www.fiercehealthcare.com/tech/ransomware-attack-at-brooklyn-hospital-center-results-permanent-loss-some-patient-data

 

US Must Improve Cyber Protection For Sats: Aerospace Corp.

To be clear, we are not only taking about military satellites here, but everything in space owned by the US and its allies, because enemies will doubtless target commercial satellites providing communications, eyes on targets and other sensor data. “With the expanding list of threat actors and increase in awareness of vulnerabilities and adversary capabilities, all sectors of the space domain need to invest in improving the cybersecurity of space systems, especially onboard the spacecraft,” the Aerospace Corp. authors write

https://breakingdefense.com/2019/11/us-must-improve-cyber-protection-for-sats-aerospace/

 

Taking control of your business security ahead of tax season

Turning to a professional partner you trust can bring to bear the latest research and testing on evolving threats, continual training in new guidelines and practices, and advanced technology solutions. You may need to rethink your budget priorities to ensure you’re allocating enough resources to purchase the solutions that keep your business safe. Additionally, you will need to spend time training yourself, your staff and your clients on best practices and tell-tale signs.

https://www.accountingtoday.com/opinion/taking-control-of-your-business-security-ahead-of-tax-season

 

The financial industry just finished its annual ‘doomsday’ cybersecurity exercise — here’s what they imagined would happen

The fictional event centered around a big unnamed U.S. company — one of the “systemically important financial institutions” designated as “too big to fail” by regulators. After the close of the stock market, the institution was attacked by malicious ransomware and knocked offline, Price said. The initial scenario was followed by a number of questions and discussion of rules around public disclosure of the incident and how the wider financial industry would coordinate and share information, he said.

https://www.cnbc.com/2019/11/07/quantum-dawn-v-sifma-cyber-doomsday-exercise-adds-global-scope.html

 

To Prove Cybersecurity's Worth, Create a Cyber Balance Sheet

These models should be based on industry-accepted frameworks (e.g., FAIR, NIST, etc.). A cyber balance sheet incorporates these financial models and related tools to gauge the impact differential between, say, two hours of downtime for an online merchant website versus two hours of downtown for a complex manufacturing line. While the former could mean lost customer data, the latter could cause a vast ripple effect on production and even shut down your just-in-time global supply chain because expensive infrastructure was sabotaged and destroyed.

https://www.darkreading.com/cloud/to-prove-cybersecuritys-worth-create-a-cyber-balance-sheet/a/d-id/1336251

 

Italian Bank UniCredit Suffers New Data Breach Impacting 3 Million Customers

According to UniCredit, the personally identifiable information involved in the breach includes names, telephone numbers, email addresses, and the names of cities where these customers were registered. However, says UniCredit, the compromised file generated in 2015 did not include any other personal information, and it did not include any banking account information that would enable the hackers to make unauthorized transactions.

https://www.cpomagazine.com/cyber-security/italian-bank-unicredit-suffers-new-data-breach-impacting-3-million-customers/

 

Suspected North Korea hackers targeted Indian space agency

The latest revelation comes after the country’s nuclear authority confirmed last week the Kudankulam nuclear plant in the southern state of Tamil Nadu had also been hit by a cyber attack. The space research organisation was one of at least five critical government agencies, including India's Atomic Energy Regulatory Board, to have been attacked in recent months, said Yash Kadakia, founder of Security Brigade, a Mumbai-based cyber security company.

https://www.ft.com/content/ac6a8782-ffad-11e9-b7bc-f3fa4e77dd47

 

FBI warns of new cyber threat to US that involves 'whole variety' of actors from China

“[It's] not just Chinese intelligence officers, but people they enlist to help them like contracted hackers,” he said in his opening statement. Wray added that a wide variety of Chinese posing as innocent university graduates and researchers also work on behalf of China. “We see the Chinese government encouraging and assisting the abuse of incentive plans, like the so-called Thousand Talents program,” he said, referring to a program for Chinese and international scholars, according to the Financial Times.

https://www.foxnews.com/tech/fbi-warns-new-cyber-threat-china

 

Exodus of Cyber Security Team Could Expose White House to Cyber Attacks

The implication here, of course, is that all of America’s adversaries – especially the Russians – are carefully watching all of this take place, and are already preparing a new wave of cyber attacks to probe the White House. As each new resignation memo gets leaked to the media, it will only embolden them to seek out weaknesses in the way that the White House protects sensitive communications about foreign, military or diplomatic strategy.

https://www.cpomagazine.com/cyber-security/exodus-of-cyber-security-team-could-expose-white-house-to-cyber-attacks/

 

In 2020, Some Americans Will Vote On Their Phones. Is That The Future?

"I believe that's about the worst thing you can do in terms of election security in America, short of putting American ballot boxes on a Moscow street," howled Sen. Ron Wyden, D-Ore., on the Senate floor this year. And yet, just a few years removed from Russia's attack on democracy in the 2016 presidential election, and at a time of increased fear about election security, pockets of the U.S. are doing just that: experimenting with Internet voting as a means to increase turnout.

https://www.npr.org/2019/11/07/776403310/in-2020-some-americans-will-vote-on-their-phones-is-that-the-future

 

Massive Facebook document leak gives ammunition to investigators

Those documents are not the ones California's attorney general needs, though, so separately, the company is also facing a court challenge demanding it produce more documentation for an investigation amid allegations of stonewalling. The piles of leaked documents, which directly reference the company's questionable position on competition, are likely to be extremely helpful to the dozens of entities currently investigating Facebook on antitrust grounds. California, however, is conducting a privacy investigation.

https://arstechnica.com/tech-policy/2019/11/facebook-sold-competition-quashing-as-a-privacy-move-leaked-documents-show/

 

Google Analytics Emerges as a Phishing Tool

With 56.1 percent of websites now using analytics to generate reports on user behavior and page views, and to track user activity throughout sites, cybercriminals have caught on and are leveraging these and other uses of analytics for their own dirty work, the report found. After all, criminals who launch phishing attacks have the same interest as typical website designers in driving traffic to their phishing sites and luring users to click on links in emails, according to a new report by network security provider Akamai Technologies.

https://threatpost.com/google-analytics-phishing-tool/149917/

 

This Website Has Solved Cybersecurity

If you’ve read some data breach disclosures or notices, you know the classic “we take your privacy and security seriously”—truly the “thoughts and prayers” of cybersecurity. No matter how bad the hack is, companies always have an excuse. Luckily, there’s now a website that automatically generates more original, and entertaining, apologies you can use if your company gets hacked. It’s called “Why the fuck was I breached?” and its excuse generating algorithm spills out truly hilarious excuses.

https://www.vice.com/en_us/article/xwe3m4/this-website-has-solved-cybersecurity



You are receiving this email because you are subscribed to receive the IT Security Daily Blast email from Michael Hamilton, Founder, President, and CISO of CI Security, formerly Critical Informatics.

Archived articles are available at https://ci.security/news/daily-news.

CI Security and the CI Security logo are the trademarks of CI Security, Inc. All other brand names, trademarks, service marks, and copyrights are the property of their respective owners.

© 2019 CI Security. All rights reserved.

CI Security
245 4th St, Suite 405  Bremerton, WA 98337
About Us   |   CI News   |   Contact Us

Add this Email to Your Address Book

Update Your Preferences   |   Unsubscribe from the Daily Blast