Copy
Get the latest cybersecurity, privacy, and surveillance news for information security professionals

IT Security News Blast – 11-16-2020

Cyberattacks targeting health care must stop

Microsoft is calling on the world’s leaders to affirm that international law protects health care facilities and to take action to enforce the law. We believe the law should be enforced not just when attacks originate from government agencies but also when they originate from criminal groups that governments enable to operate – or even facilitate – within their borders. This is criminal activity that cannot be tolerated.

https://blogs.microsoft.com/on-the-issues/2020/11/13/health-care-cyberattacks-covid-19-paris-peace-forum/

 

The Cybersecurity 202: Officials say firing DHS cyber chief could make U.S. less safe as election process continues [Subscription]

Krebs, who has been overseeing the largest-ever operation to secure a U.S. election, has been presiding over a 24/7 war room with state and local election officials that launched on Election Day and is still operating. The Cybersecurity and Infrastructure Security Agency director is widely credited with helping states dramatically improve their defenses against hacking and keeping the election free of foreign cyberattacks.

https://www.washingtonpost.com/politics/2020/11/13/cybersecurity-202-officials-say-firing-dhs-cyber-chief-could-make-us-less-safe-election-process-continues/

 

Microsoft Warns: A Strong Password Doesn’t Work, Neither Does Typical Multi-Factor Authentication

But Synopsys also adds this: If you make your passwords long and complicated, use a mixture of letters, symbols, and punctuation, periodically change your password, and don’t use the same password for more than one account, “you [will] be an outlier (since the majority of users don’t do them)” i.e., you will be more secure than the vast majority of people.

https://www.forbes.com/sites/brookecrothers/2020/11/14/microsoft-warns-a-strong-password-doesnt-work-neither-does-typical-multi-factor-authentication/

 

Healthcare sector suffering surge in cyber attacks

Microsoft indicates these attacks have been carried out by three hacker groups from Russia and North Korea. The Russian group, which Microsoft refers to Strontium (also known as APT28 or Fancy Bear) used a technique called password spray attacks to break into systems. Strontium is understood to have been behind disinformation and hacking ahead of the 2016 United States presidential election and has been blamed for many other cyber-attacks.

https://www.newshub.co.nz/home/technology/2020/11/healthcare-sector-suffering-surge-in-cyber-attacks.html

 

Cyber criminals target healthcare industry the most

The research reveals the emerging techniques and impacted industries behind a 260% spike in attacks, using encrypted channels to bypass legacy security controls. [...] Following healthcare, the top industries under attack by SSL-based threats were finance and Insurance (at 1.2 billion threats, or 18.3%), manufacturing (1.1 billion, 17.4%), government (952 million, 14.3%), and services (730 million 13.8%).

https://securitybrief.com.au/story/ransomware-attacks-over-ssl-increase-by-500-zscaler-report-shows

 

Ticketmaster fined £1.25m over payment data breach

The fine was issued by the Information Commissioner's Office (ICO) following a cyber-attack on the Ticketmaster website in 2018. The ICO said personal information and payment details had potentially been stolen from more than nine million customers in Europe. Ticketmaster said it would appeal against the ruling.

https://www.bbc.com/news/technology-54931873

 

Cyber Attacks: Who will be hit next – and can it be prevented?

A realistic attack on a shipping company does not have to look spectacular from the outside in order to bring about great damage and financial losses. A more likely scenario of an attack on a vessel is that the ship’s systems are shut down by a virus. “A capable crew will still be able to maneuver the ship and bring it to port safely”, explains Lars Jensen. “But the ship becomes commercially unavailable for several days or even weeks, leading to hundreds of thousands of dollars in lost revenue.”

https://www.hellenicshippingnews.com/cyber-attacks-who-will-be-hit-next-and-can-it-be-prevented/

 

Manufacturing is becoming a major target for ransomware attacks

That's potentially very troubling because the interconnected nature of the manufacturing supply chain means that if one factory gets taken down by a cyberattack, it could have wide-ranging consequences. For example, if a manufacturing facility that mass produces medicines or other health products was hit by a ransomware attack, that could have knock-on impacts for the healthcare sector as a whole.

https://www.zdnet.com/article/manufacturing-is-becoming-a-major-target-for-ransomware-attacks/

 

Why Is North Korea So Good at Cybercrime?

China, in particular, has the potential to do even more to support North Korean illicit cyber activity through training and academic instruction. North Korean students often study abroad at top Chinese science and technology universities such as the Harbin Institute of Technology (HIT) where they have access to advanced technology and equipment otherwise inaccessible in North Korea due to U.S. and U.N. sanctions.

https://thediplomat.com/2020/11/why-is-north-korea-so-good-at-cybercrime/

 

China’s military aims to use AI to dominate in cyber and outer space, Japanese think tank warns

The Chinese military is aiming to utilise cutting-edge technologies like private sector-developed artificial intelligence to enhance its offensive capability in domains such as cyberspace and outer space, a Japanese defence ministry think tank warned on Friday. eijing aspires to match the United States’ overall military capacity by transforming its People’s Liberation Army into a world-class fighting force with the help of advanced technologies[.]

https://www.scmp.com/news/china/military/article/3109803/chinas-military-aims-use-ai-dominate-cyber-and-outer-space

 

CYBER ACTIVITIES OF THE IRISH REPUBLICAN ARMY

Though the IRA’s heyday is long behind them, they still are active in local politics and in local activism in Northern Ireland. Because of their violent past, their online activities regardless of how innocent they may seem are closely monitored. Members of British Parliament and even the US Military are monitoring the IRA’s activities and are wondering if their posting of propaganda is considered a forum of cyber terrorism.

https://smallwarsjournal.com/jrnl/art/cyber-activities-irish-republican-army

 

Who Caused 2018 Power Outages in Russia?

Nonetheless, the timing of power outages in Russia around all the boasting about hacking makes for interesting reading despite the lack of any real details or news from the cities affected. [...] A month later, Murmansk experienced a massive energy blackout and blamed it on a short circuit at the Kolenergo substation. That’s the context when two years later rolling power outages hit the region, sinking the dock and crippling Russia’s navy operations.

https://securityboulevard.com/2020/11/who-caused-2018-power-outages-in-russia/

 

How TikTok could be used for disinformation and espionage

Frederick also said TikTok could potentially inject disinformation into the dialogue in the U.S. to sow discord, similar to the way Russia bots amplified the controversy over NFL players kneeling during the national anthem. "That's low-hanging fruit, I would say," she said. "I wouldn't be surprised if China tried its hand at such things."

https://www.cbsnews.com/news/tiktok-disinformation-espionage-60-minutes-2020-11-15/

 

NIST has a new cybersecurity companion guide

And the fact that we have privacy integration now across the entire space is really a remarkable thing. The final thing I forgot to mention is we have a brand new family. We have five for supply chain risk management. [...] That’s a supply chain risk management pub. And now we have a whole family of controls that are dedicated to helping protect the supply chain, which as you know is a critical aspect of our overall defense in depth and cybersecurity strategy.

https://federalnewsnetwork.com/cybersecurity/2020/11/nist-has-a-new-cybersecurity-companion-guide/

 

Google Chrome Update Gets Serious: Homeland Security (CISA) Confirms Attacks Underway

The latest two zero-days to be discovered are classed as high-severity in nature and affect Chrome for Windows, Mac and Linux.  The precise details of CVE-2020-16013 and CVE-2020-16017 have not yet been made public as Google restricts access to such information until the majority of users have updated. However, the Department of Homeland Security cybersecurity agency, CISA, has advised that an attacker "could exploit one of these vulnerabilities to take control of an affected system."

https://www.forbes.com/sites/daveywinder/2020/11/15/google-chrome-update-gets-serious-homeland-security-cisa-confirms-attacks-underway/?sh=65dff1d71f08

 

Nation-State Attackers Actively Target COVID-19 Vaccine-Makers

“These [are] companies directly involved in researching vaccines and treatments for COVID-19,” he wrote, in a blog post. “The targets include leading pharmaceutical companies and vaccine researchers in Canada, France, India, South Korea and the United States.” He added, “Multiple organizations targeted have contracts with or investments from government agencies from various democratic countries for COVID-19-related work.”

https://threatpost.com/russia-north-korea-attacking-covid-19-vaccine-makers/161205/

 

‘Appender’ tool sneakily implants malicious emails into inboxes using legacy protocol

The Email Appender tool uses any valid stolen credentials to connect to their corresponding email accounts through IMAP, and then uses the protocol’s “append” feature to tack on a new message. These email communications can be tailored to look especially credible and convincing. In fact, the attack can even modify the sender name and address to perfectly spoof a genuine company’s domain.

https://www.scmagazine.com/home/email-security/appender-tool-sneakily-implants-malicious-emails-into-inboxes-using-legacy-protocol/

 

Hackers can use just-fixed Intel bugs to install malicious firmware on PCs

The vulnerabilities allowed hackers with physical access to override a protection Intel built into modern CPUs that prevents unauthorized firmware from running during the boot process. Known as Boot Guard, the measure is designed to anchor a chain of trust directly into the silicon to ensure that all firmware that loads is digitally signed by the computer manufacturer.

https://arstechnica.com/information-technology/2020/11/intel-patches-high-severity-bugs-protecting-lost-stolen-or-confiscated-pcs/

 

'Bot Battle' Shows What Happens When Two AI Programs Go On a Date

Streamed on Twitch, the two programs interacted with each other for three weeks straight. Viewers were able to vote on which company’s mascot they believe held conversation the best. Pandorabot’s Kuki, a female embodied agent sporting a neon bob haircut, won in a landslide victory picking up 78 percent of the vote. Her opponent was Facebook’s Blenderbot, who sports a “Make Facebook Great Again” hat in true Zucker-bro style.

https://www.vice.com/en/article/5dpbaz/bot-battle-shows-what-happens-when-two-ai-programs-go-on-a-date

 

You are receiving this email because you are subscribed to receive the IT Security Daily Blast email from Michael Hamilton, Founder, President, and CISO of CI Security, formerly Critical Informatics.

Archived articles are available at https://ci.security/news/daily-news.

CI Security and the CI Security logo are the trademarks of CI Security, Inc. All other brand names, trademarks, service marks, and copyrights are the property of their respective owners.

© 2020 CI Security. All rights reserved.


 

CI Security

245 4th St, Suite 405  Bremerton, WA   98337

About Us   |   CI Security News   |   Contact Us 


Add this Email to Your Address Book





unsubscribe