Get the latest cybersecurity, privacy, and surveillance news for information security professionals

IT Security News Blast – 8-5-2020

Cyber Chiefs Watch Their People for Burnout as Pandemic Rolls On [Subscription]

Long hours, remote work, a lurking pathogen and an onslaught of cyberattacks have security chiefs concerned that their staff are quietly absorbing too much stress at once. At the typical company, the early days of the pandemic were busy times. Bryson Koehler, chief technology officer at Equifax Inc., recalls how his team worked “night and day for the first five to seven days” to ensure that staff had the tools they needed to work remotely.


DHS Warns of a Persistent Cyber Threat Targeting Critical Infrastructure in the U.S.

The threat actors are targeting internet-connected operational technology (OT) in the United States defense systems. Cyber threats originating from state-sponsored actors were also targeting critical infrastructures such as electricity, water, and gas. Consequently, the NSA and CISA directed the owners and operators to take immediate action to secure the systems. The agencies warned that “the increase in adversary capabilities and activity, the criticality to U.S. national security and the vulnerability of OT systems, civilian infrastructure makes attractive targets for foreign actors.”


COVID-19 Impact on Ransomware, Threats, Healthcare Cybersecurity

Threat actors also increasingly deployed disruptive malware against healthcare organizations and critical infrastructure, given the likelihood of high impact and financial gain. Ransomware, in particular, spiked in April 2020, used by multiple threat groups that had previously been relatively dormant.


Michigan's Largest Healthcare Provider Phished Again

On June 5, Beaumont Health finished investigating a second data breach in which email accounts were accessed by unauthorized individuals between January 3, 2020, and January 29, 2020. Emails within the compromised accounts contained PHI that included names, dates of birth, diagnoses, diagnosis codes, procedure and treatment information, type of treatment provided, prescription information, patient account numbers, and medical record numbers.


The Risk of Nation-State Hackers, Government-Controlled Health Data

To Olcott, the threat landscape has drastically escalated amid the crisis, which means these organizations must prepare to “continuously identify weaknesses and vulnerabilities, recognizing that anything can potentially be exploited. Further, these attacks are specifically designed to steal intellectual property and trade secrets from research firms working on the COVID-19 responses.


Financial Firms’ Cybersecurity Spending Jumps 15%, Survey Finds

Average spending per employee was budgeted at $2,691, up from $2,337 in 2019, according to the poll conducted by Deloitte & Touche LLP and the Financial Services Information Sharing and Analysis Center, an industry group known as FS-ISAC. Some firms have budgeted as much as $3,322 per employee for cybersecurity, up from the $3,000 maximum last year.


Why Data Ethics Is a Growing CISO Priority

In addition to safeguarding systems and information, a good CISO should ensure that the business is also trusted as a good steward of data. "Security needs to be built into the conversation from the beginning," notes Bjorn Townsend, security consultant for CI Security, commenting to Dark Reading on the relationship between data ethics and security. "Without assurance that adequate security measures are in place to defend our personal data, we cannot meaningfully be said to have control of it."


Record cybersecurity attacks strike ‘particularly vulnerable’ hedge funds

“The real challenge for funds is that many of them are large micro-businesses,” Cowen said. “They have to look, talk and feel like they’re large corporations, but typically they’re between 10 and 20 people ... I don’t think funds and businesses in the UK are fully aware of the scale of cyber fraud. If a bank gets robbed, people talk about it; if the [hedge fund] office gets robbed, no one talks about it.”


'Alarming' rate of cyberattacks aimed at major corporations, governments and critical infrastructure amid COVID-19: Report

According to Interpol, the organization identified and analyzed 200,000 malicious domains affecting more than 80 member countries. Forty-eight out of the 194 member countries participated in survey, conducted in April and May of 2020, with 42% participation coming from Europe. Nearly 22% of the countries surveyed reported malicious domains with the keyword "Corona" or "COVID" as key words.


Class-Action Lawsuit Claims TikTok Steals Kids' Data And Sends It To China

Twenty separate but similar federal lawsuits were filed over the past year on behalf of TikTok users in California, where the company has offices, and Illinois, which requires that technology companies receive written consent before collecting data on a person's identity. The suits now have been merged into one. And on Tuesday, a panel of federal judges ruled that the case will be based in the U.S. District Court for the Northern District of Illinois. Judge John Z. Lee was appointed as the presiding judge.


Games Without Frontiers: War-Gaming in US Grand Strategy

The military has also explored the cyberspace realm in war games. Like artificial intelligence, cyber tools largely did not achieve their strategic ends. For instance, one set of games concluded that cyberattacks are not very appealing because once the military uses a cyber tool, the enemy will be able to patch its vulnerabilities. Meanwhile, in a separate series of war games meant to investigate the impact of cyber tools on deterrence, Schneider observed that the players actually did not use those capabilities very often, especially when they wanted to avoid escalation.


Canada’s Scattered and Uncoordinated Cyber Foreign Policy: A Call for Clarity

A comprehensive and well-developed cyber foreign policy is needed to replace the Canadian government’s current ad hoc, spasmodic approach. A consistent articulation of its foreign policy position in cyberspace is necessary for Canada to promote and defend its interests effectively. Moreover, Canada’s cyber foreign policy must be developed transparently, and this policy must reflect enduring Canadian values, such as respect for human rights and other democratic principles.


Iranian hacker group becomes first known APT to weaponize DNS-over-HTTPS (DoH)

As its name hints, the tool can transfer data between two points using classic DNS requests, but it can also use the newer DoH protocol. [...] Oilrig is most likely using DoH as an exfiltration channel to avoid having its activities detected or monitored while moving stolen data. This is because the DoH protocol is currently an ideal exfiltration channel for two primary reasons. First, it's a new protocol that not all security products are capable of monitoring. Second, it's encrypted by default, while DNS is cleartext.


Alert: Chinese Malware Targeting IT Service Providers

The joint alert did not identify organizations that have been targeted by Taidoor malware. But the three agencies note that several U.S. IT service providers and their customers have been victimized over the last several months. Service providers in healthcare, pharmaceutical and research sectors, especially those working on the COVID-19 response, are at greater risk of being hacked using the Taidoor RAT, the agencies warn.


TIGTA critiques IRS’s protection of taxpayer data

Recommendation No. 1: TIGTA recommended that the IRS’s chief information officer (CIO) should ensure that the Cybersecurity function, the Privacy, Governmental Liaison, and Disclosure office, and application owners develop and implement a method to annually update the inventory of IRS applications that store and process taxpayer and PII data to ensure that it can detect unauthorized access and can reconstruct any cybersecurity breaches for referral to the IRS Criminal Investigation unit.


Beware of find-my-phone, Wi-Fi, and Bluetooth, NSA tells mobile users

The National Security Agency is recommending that some government workers and people generally concerned about privacy turn off find-my-phone, Wi-Fi, and Bluetooth whenever those services are not needed, as well as limit location data usage by apps. “Location data can be extremely valuable and must be protected,” an advisory published on Tuesday stated. “It can reveal details about the number of users in a location, user and supply movements, daily routines (user and organizational), and can expose otherwise unknown associations between users and locations.”


Data privacy and data security are not the same

"The Equifax debacle is where a lot of the inherent [cybersecurity] issues really surfaced to the business level," said Aaron Shum, practice lead, Security, Privacy, Risk, and Compliance, at Info-Tech Research Group. "It's where we discovered the level of incompetence that can exist in an organization." [...] "Businesses need to treat privacy as both a compliance and business risk issue to reduce regulatory sanctions and commercial impacts such as reputational damage and consequential loss of customers due to privacy breaches."


Ransomware: The tricks used by WastedLocker to make it one of the most dangerous cyber threats

WastedLocker uses a trick to make it harder for behavior based anti-ransomware solutions to keep track of what is going on, by using memory-mapped I/O to encrypt a file. This technique allows the ransomware to transparently encrypt cached documents in memory, without causing additional disk I/O, which can shield it from behavior monitoring software.


How Ransomware Threats Are Evolving & How to Spot Them

This behavior isn't new, Wisniewski says. "What is new is that may be the only indication you're going to get that they're in your network." Organizations may notice small, unusual things once in a while, remedy them, and close the ticket without realizing they're part of a larger incident. By the time they do, an attacker has been in their network for weeks. WastedLocker and Maze will "sit there for a month" to figure out the thing that will shut down their enterprise victim.


Microsoft Won't Fix TikTok's Problems

Granting that the U.S. government either “banning” a social media platform or forcing its sale—while collecting some kind of finder's fee (!)—is an absurd outcome, we can still recognize that there are three or so constellations of TikTok issues that merit discussion, none of which are likely to be solved by transferring it to an American tech giant. First, there's the fact that teens use the service to dunk on elected officials and, perhaps most relevant to this round of news, coordinate registration for political rallies to inflate expectations of attendance.


You are receiving this email because you are subscribed to receive the IT Security Daily Blast email from Michael Hamilton, Founder, President, and CISO of CI Security, formerly Critical Informatics.

Archived articles are available at

CI Security and the CI Security logo are the trademarks of CI Security, Inc. All other brand names, trademarks, service marks, and copyrights are the property of their respective owners.

© 2020 CI Security. All rights reserved.


CI Security

245 4th St, Suite 405  Bremerton, WA   98337

About Us   |   CI Security News   |   Contact Us 

Add this Email to Your Address Book