Copy
CI Security

IT Security News Blast – 2-4-2020

How-To Guide: Medical IoT Security

Every organization is dealing with the security risks that come with IoT devices, but for health care the risks are getting a lot of media attention. With the never-ending stream of new and existing connected devices increasing cybersecurity risks to patient care and data, CI Security CTO Mike Simon provides real-world strategies for busy InfoSec teams monitoring and responding to threats involving medIoT. “There is no all-powerful elixir of IoT safety. Demonizing manufacturers doesn’t actually solve problems. So, I’d like to present some facts, some practical advice, and maybe make a dent in the FUD a bit.”

https://content.ci.security/medical

 

Ransomware Attacks Hit Three Law Firms in Last 24 Hours

Hackers have stolen data from at least five law firms, using the threat of releasing the data to extort payment from the firms, Callow said. In the two cases in which hackers already posted law firm data, they published it on the clear web where it can be viewed by anybody. [...] Their modus operandi is to initially name the companies they’ve hit on their website and, if that doesn’t convince the companies to pay, to publish a small of the amount of their data as “proofs.”

https://www.lawsitesblog.com/2020/02/ransomware-attacks-hit-three-law-firms-in-last-24-hours.html

 

Hackers are hijacking smart building access systems to launch DDoS attacks

The attacks are targeting Linear eMerge E3, a product of Nortek Security & Control (NSC). Linear eMerge E3 devices [1, 2, 3] fall in the hardware category of "access control systems." [...] The vulnerability they are using is CVE-2019-7256. Applied Risk described this vulnerability as a command injection flaw. It is one of the two that received a severity score of 10/10, meaning it can be exploited remote, even by low-skilled attackers without any advanced technical knowledge.

https://www.zdnet.com/article/hackers-are-hijacking-smart-building-access-systems-to-launch-ddos-attacks/

 

Ransomware knocks city of Racine offline

The city of Racine, Wis., was hit with a ransomware attack January 31 that knocked most of its non-emergency computer services offline. The Wisconsin-city’s website, email system and online payment collection systems were still down as of February 3 and the city police are unable to processes fee payments or provide copies of police and accident reports, reported the Journal Times and the Racine Police Department’s Facebook page. Unaffected are the tax collection, 911 and public safety systems.

https://www.scmagazine.com/home/security-news/ransomware/ransomware-knocks-racine-city-offline/

 

The clock is ticking on climate change but cyber crime and emerging technologies add to risks

The next wave of technology will dramatically reshape economies and societies. Cloud computing, autonomous cars, drones, AI and the internet of things create new opportunities, and new risks. After environmental risks, cyber attacks pose the next biggest global threat, measured by both likelihood and impact, according to the WEF’s Cyber Risks Report 2020. Cyber attacks are now a normal part of business across energy, healthcare and transport, often perpetrated by criminals who are able to hire hacking tools and malware on dark web forums.

https://www.computerweekly.com/news/252477684/Davos-The-clock-is-ticking-on-climate-change-but-cyber-crime-and-emerging-technologies-add-to-risks

 

Bloom Medicinals' alleged data breach could be a wakeup call for marijuana industry

An alleged data breach at marijuana dispensary Bloom Medicinals, which runs five shops in Ohio, is raising questions about cybersecurity in the medical marijuana business — or the lack of it. The Ohio Board of Pharmacy said it is working in conjunction with Bloom to investigate to what extent patient identities and other information may have been compromised in a supposed data breach of THSuite, a point-of-sales system used by Bloom and some other marijuana retailers.

https://www.crainscleveland.com/jeremy-nobile-blog/bloom-medicinals-alleged-data-breach-could-be-wakeup-call-marijuana-industry

 

At What Point Does The Failure Of An Organization's Security Safeguards Amount To Recklessness?

First, Canadian courts have shown a tendency to situate a breach within a defendant's broader information-handling practices. If an organization can demonstrate that it has implemented information-handling practices that conform to industry standards, it appears to be less likely that a court will find a single breach to be the result of recklessness. The opposite may be true when an organization has failed to do so. Organizations that do not have a robust privacy program (or are not sure about the status, currency or content of their privacy program) should consider reviewing their current efforts against legislative requirements, industry norms and third party standards.

https://www.mondaq.com/canada/Privacy/889580/At-What-Point-Does-The-Failure-Of-An-Organization39s-Security-Safeguards-Amount-To-Recklessness

 

Cyber Resilience Think Tank Forecasts Four Key Trends to Hit the Cybersecurity Industry

1. DevOps and Security Efforts will Align to Mitigate Business Risk

2. Industry Consolidation will Increase the Possibility of a Breach

3. Attack Simulation will Grow as Pen Testing Becomes Table Stakes

4. Hyperconvergence of Technologies will Increase Risk of Microbreaches

https://finance.yahoo.com/news/cyber-resilience-think-tank-forecasts-103010151.html

 

DoD to Require Cybersecurity Certification From Defense Contractors

With the introduction of the CMMC, the DoD wants to enhance the protection of supply chain unclassified information — Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) — by increasing the Defense Industrial Base (DIB) subcontractors' cybersecurity readiness. The CMMC provides the DoD with a straightforward mechanism designed to make it easier to certify the cyber readiness of the large and small defense contractors using 5 levels of certification that focus on both cybersecurity practices and processes.

https://www.bleepingcomputer.com/news/security/dod-to-require-cybersecurity-certification-from-defense-contractors/

 

Iran’s cyber retaliation for Soleimani assassination continues to ramp up

“This isn’t something that’s going to happen overnight,” Samide told me. “Iran’s response will be long and drawn out. There will very likely be a number of smaller and medium-sized attacks, culminating in a larger attack that will be highly coordinated and strike at just the right time. And it might not be Iran directly retaliating alone. It could involve multiple state actors, adversarial to the West, joining forces to co-ordinate an attack, or even multiple attacks.”

https://securityboulevard.com/2020/02/my-take-irans-cyber-retaliation-for-soleimani-assassination-continues-to-ramp-up/

 

If the US launches cyberattacks on Iran, retaliation could be a surprise

While Americans celebrated Thanksgiving, someone hit Iran with a massive cyberattack that disclosed 15 million Iranian bank debit card numbers on a social media site. On Dec. 11, Iran’s telecommunication minister admitted this was “very big” and that a nation-state carried it out. Will U.S. banks and credit card companies be ready if Iran tries to hack the card numbers of millions of Americans?

https://www.fifthdomain.com/thought-leadership/2020/01/30/if-the-us-launches-cyberattacks-on-iran-retaliation-could-be-a-surprise/

 

WannaCry ransomware attack on NHS could have triggered NATO reaction, says German cybergeneral

The German army officer said this supported the idea that military thresholds for responding to hacking attacks should be deliberately vague, adding that just because someone hacks you doesn't restrict you to only hacking them as a response. He said: "If we are talking about this special domain [of cyberspace], then if you go with military means, as an answer, the threshold doesn't mean you have to answer in the same domain. It's the risk of the opponent, what is your answer if you decide [an attack on a computer network] is above the threshold?"

https://www.theregister.co.uk/2020/02/03/wannacry_nato_response/

 

Ransomware Strikes News Monitoring Service Platform TVEyes

According to TVEyes’ CEO David Ives, the company restored its servers using backup files. Ives also clarified that there is no sign of any data breach. The attack on TVEyes raises severe concerns across the political and industrial sector as most of the high-profile campaigns for presidential elections are using TVEyes services. Apart from political campaigns, TVEyes services are also used by companies like Airbnb, Grubhub, JPMorgan Chase, Make-a-Wish Foundation, and the United Nations.

https://www.cisomag.com/ransomware-strikes-news-monitoring-service-platform-tveyes/

 

FCC To Crack Down On Sharing Of Mobile Users’ Location Data

Pai said “a formal notice of liability” affecting at least one wireless firm would be sent by him to the five-member FCC commission. FCC Commissioner Jessica Rosenworcel said it was a “shame” the FCC took so long to act. “It’s chilling to consider what a black market could do with this data,” she added. Pai’s letter continued, “I am committed to ensuring that all entities subject to our jurisdiction comply with the Communications Act and the FCC’s rules, including those that protect consumers’ sensitive information, such as real-time location data.”

https://www.pymnts.com/news/security-and-risk/2020/fcc-to-crack-down-on-sharing-of-mobile-users-location-data/

 

How to stop police from asking for videos from your Amazon Ring doorbell

There’s been controversy over Ring’s decision to work closely with police departments to help investigate crimes. Some customers like that they’re able to share videos from their doorbells with police departments in an effort to help catch criminals. Others see it as the creation of a surveillance state. In a recent update to the Ring app, Amazon now lets customers opt out of receiving notifications from police departments who might be seeking Ring doorbell video footage to help solve a crime that happened near your home.

https://www.cnbc.com/2020/02/03/how-to-stop-police-from-asking-for-videos-from-ring-doorbells.html

 

Government spyware company spied on hundreds of innocent people

That spyware came from an Italian surveillance company called eSurv, and though it was good at hacking people’s phones, it stunk at securing its own data. The spyware opened up a remote command shell on infected phones, but it failed to use any sort of encryption or authentication, so that anyone on the same Wi-Fi network as an infected device could wander in and hack it. But it was that shoddy security that’s led authorities to a stunning discovery: as Bloomberg reported earlier this month, eSurv employees have allegedly spied on unwitting, innocent Italian citizens with the powerful surveillance technology.

https://nakedsecurity.sophos.com/2020/01/30/government-spyware-company-spied-on-hundreds-of-innocent-people/

 

Microsoft Issues Excel Security Alert As $100 Million ‘Evil Corp’ Campaign Evolves

The use of HTML redirectors, to avoid having to use malicious links in emails or infected attachments, means that the threat actors can directly download a malicious Excel file on the victim to drop the Trojan payload. Not that there is no interaction from the user required, of course. The victim still needs to open the Excel file that is automatically downloaded, and they will still have to enable editing and enable content in order to be infected.

https://www.forbes.com/sites/daveywinder/2020/01/31/microsoft-issues-excel-threat-alert-as-100-million-evil-corp-campaign-evolves/#2cfd47ab6044

 

Mapping the Known Unknowns of Cybersecurity Education

As cybersecurity is still a maturing topic for the education community, it is prudent and timely to evaluate the state of cybersecurity instruction in political science and discuss how to improve it. To undertake this task, our forthcoming article in the Journal of Political Science Education examines patterns and variations in the content of syllabi on cybersecurity courses within political science, looking across campuses to understand the relative balance of policy topics, technical concepts, and theoretical debates in how courses are structured and presented.

https://www.cfr.org/blog/mapping-known-unknowns-cybersecurity-education

 

TrickBot Switches to a New Windows 10 UAC Bypass to Evade Detection

Researchers at Morphisec Labs team said they discovered code last March that uses the Windows 10 WSReset UAC Bypass to circumvent user account control and deliver malware in recent samples of TrickBot, according to a report released last week. UAC  is a Windows security feature designed to prevent changes to an operating system by unauthorized users, application or malware.

https://threatpost.com/trickbot-switches-to-a-new-windows-10-uac-bypass-to-evade-detection/152477/

 

This Man Created Traffic Jams on Google Maps Using a Red Wagon Full of Phones

Artist Simon Wreckert walked the streets of Berlin tugging a red wagon behind him. Wherever he went, Google Maps showed a congested traffic jam. People using Google Maps would see a thick red line indicating congestion on the road, even when there was no traffic at all. Each and every one of those 99 phones had Google Maps open, giving the virtual illusion that the roads were jam packed. [...] “Ironically that can generate a real traffic jam somewhere else in the city.”

https://www.vice.com/en_us/article/9393w7/this-man-created-traffic-jams-on-google-maps-using-a-red-wagon-full-of-phones



You are receiving this email because you are subscribed to receive the IT Security Daily Blast email from Michael Hamilton, Founder, President, and CISO of CI Security, formerly Critical Informatics.

Archived articles are available at https://ci.security/news/daily-news.

CI Security and the CI Security logo are the trademarks of CI Security, Inc. All other brand names, trademarks, service marks, and copyrights are the property of their respective owners.

© 2019 CI Security. All rights reserved.

CI Security
245 4th St, Suite 405  Bremerton, WA 98337
About Us   |   CI News   |   Contact Us

Add this Email to Your Address Book

Update Your Preferences   |   Unsubscribe from the Daily Blast