IT Security News Blast – 7-27-2021
Disinformation for Hire, a Shadow Industry, Is Quietly Booming
Private firms, straddling traditional marketing and the shadow world of geopolitical influence operations, are selling services once conducted principally by intelligence agencies. They sow discord, meddle in elections, seed false narratives and push viral conspiracies, mostly on social media. And they offer clients something precious: deniability.
Kaseya Is Making Its Customers Sign Non-Disclosure Agreements to Obtain Ransomware Decryption Key
The company declined to comment on whether it paid for the key in a statement to Gizmodo on Friday. However, some experts say it’s possible the Russian government could have given Kaseya the key after pressure from the Biden administration. Others claim Kaseya might have paid REvil’s ransom early on, after which the criminals went into hiding.
Why HIPAA is widely misunderstood
"Whenever anyone says to you 'HIPAA prohibits that,' ask them to point to the portion of the statute or regulation that prohibits it. They often won’t be able to do so," he said. Nothing in HIPAA prevents asking about someone's health, such as vaccination status, but some have turned to the law as a way to deflect questions.
How to protect against social engineering attacks
In this preview of the upcoming HIMSS21 educational session entitled "Social Engineering in the Healthcare Environment," speaker Kathleen Ann Mullin, CISO at Tampa, Florida-based Healthmap Solutions, talks about how a healthcare provider organization recognizes hacker motivations, how healthcare CISOs and CIOs detect the common methods used by social engineers to victimize healthcare organizations[.]
Crisis communications in a hostile cyber risk landscape
“Companies are not only worried about the media coverage of cyberattacks, but also, if they’re experiencing operational disruption or technical difficulties, they’re worried about how to communicate with their own employee base and their customers, vendors, partners, investors, shareholders, and the board. That’s really where we come into play.”
Florida unemployment system targeted by hackers; claimants warned of possible data compromise
The Florida Department of Economic Opportunity (DEO) has warned that hackers may have stolen personal information for possibly tens of thousands of residents seeking or receiving unemployment benefits. DEO revealed the security incident Friday in messages it sent to claimants with accounts on the department’s online Reemployment Assistance Claims and Benefits Information System, also known as CONNECT.
First came the ransomware attacks, now come the lawsuits
Now he’s suing Colonial Pipeline over those lost sales, accusing it of lax security. He and his lawyers are hoping to also represent the hundreds of other small gas stations that were hurt by the hack. It’s just one of several class-action lawsuits that are popping up in the wake of high-profile ransomware attacks.
Cybersecurity compliance must get underway
“In a recent webinar we hosted on the topic, we learned that almost 60% of the participants hadn’t started the CMMC compliance effort yet,” says Paul Van Metre, founder of ProShop ERP. “And some in that group didn’t even know about CMMC. While that number may not reflect an accurate percentage of the entire defense sector, it’s an indication that CMMC compliance by non-critical defense suppliers is at its earliest phase[.]"
U.S. Water Supply System Being Targeted By Cybercriminals
“It wouldn’t be unrealistic to expect a local municipality to be increasing their IT spend to between $500,000 and a million dollars per year to get where they need to be,” Jenkins said. “And it’s not just about spending money. It’s making sure you put the right things in place to take control of your environment.”
‘Holy moly!’: Inside Texas’ fight against a ransomware hack
Texas communities struggled for days with disruptions to government services as workers in small cities and towns endured cascading frustrations brought on by the cyberattack[.] The AP also learned new details about the attack’s scope and victims, including an Air Force base where access to a law enforcement database was affected and a city forced to operate its water-supply system manually.
The Cybersecurity 202: Cyber experts give Biden top marks at six months [Subscription]
At his six-month mark in office, President Biden is making the right moves to ensure the United States is safer in cyberspace, according to an overwhelming majority of cybersecurity experts we polled. [...] Biden has effectively managed the day-to-day crises while dealing with longer-range concerns such as getting top cyber officials in place and facing off with Russian President Vladimir Putin over hacking, according to 86 percent of The Cybersecurity 202 Network.
Senate defense policy bill looks to bolster DoD information warfare
The Senate Armed Services Committee, which convenes yearly behind closed doors unlike its U.S. House counterpart, only provided a summary last week of its finalized version of the National Defense Authorization Act, which was heavy on new cyber provisions to try to improve authorities and capabilities. [...] This follows several high-profile hacks and cyberattacks by nation-states and criminal groups that targeted commercial companies but still undermine security of the United States.
Research roadblock? Security pros weigh in on China’s new vulnerability disclosure law
Downs added: “No matter how this law is implemented, China-based security researchers are probably going to tread much more carefully out of concern of being labelled a ‘hacker’. This law makes the prospect of security and penetration testing more fraught.”
Book Excerpt: Russian cyber weapons are waging war on US networks and American minds
The Russians, cunning in their thinking from having had to survive centuries of foreign invasions and domestic oppression, have focused on the "informational-psychological" aspect—actual information content, how information is perceived by human minds, and how it can influence and manipulate an adversary’s thinking.
Secret Iran hacking plans against West revealed - report
Some of the potential hacks, which the IRGC cyber group may be planning according to the report, would be against a cargo ship's ballast water system. This could cause a ship irreparable damage. [...] Another Iranian plot appeared to be to hack the automatic tank gage of certain gas stations which could stop the flow of gas or in a worst case scenario, even cause an explosion, the report said.
Microsoft warns over this unusual malware that targets Windows and Linux
Microsoft is warning customers about the LemonDuck crypto mining malware which is targeting both Windows and Linux systems and is spreading via phishing emails, exploits, USB devices, and brute force attacks, as well as attacks targeting critical on-premise Exchange Server vulnerabilities uncovered in March.
Fake Windows 11 installers now used to infect you with malware
"Although Microsoft has made the process of downloading and installing Windows 11 from its official website fairly straightforward, many still visit other sources to download the software, which often contains unadvertised goodies from cybercriminals (and isn’t necessarily Windows 11 at all)," Kaspersky said.
You, too, can be a Windows domain controller and do whatever you like, with this one weird WONTFIX trick
Specifically, security researcher Gilles Lionel found it was possible to use MS-EFSRPC force a device, including Windows domain controllers, to authenticate with a remote attacker-controlled NTLM relay. The end result is an authentication certificate that grants the attacker domain-controller-level access to services, allowing them to commandeer the entire domain.