LinkedIn Live with Mike and Jake, 9:30 PDT on Mike's LinkedIn Page
Join us for the weekly recap on the week of information security news.
Hackers Are Getting Bolder With Ransomware Attacks on Schools and Hospitals
This higher price tag is a sign of more brazen hackers, but also bigger, more sensitive targets. Ransomware attacks have been on the rise for the past few years — in part due to the increasing availability of cheap malware — but some experts believe the recent spike and shift to larger organizations stems from vulnerabilities brought on by the coronavirus pandemic.
DHS warns that Emotet malware is one of the most prevalent threats today
CISA observed Emotet being executed in phases during possible targeted campaigns. Emotet used compromised Word documents (.doc) attached to phishing emails as initial insertion vectors. Possible command and control network traffic involved HTTP POST requests to Uniform Resource Identifiers consisting of nonsensical random length alphabetical directories to known Emotet-related domains or IPs with the following user agent string (Application Layer Protocol: Web Protocols [T1071.001]).
5 tips for safeguarding PACS and imaging devices against cyberattacks
“Hospitals in general and PACS operators in particular will have to address this topic, since healthcare is increasingly recognized as an important part of a society's critical infrastructure that requires protection, including protection from cyber threats.” They noted that many tools for implementing such a plan are available and just need to be planned out, put into use, and maintained. Eichelberg et al. shared a few tips Saturday in Academic Radiology.
Cyber criminals targeting third-party service providers
For insurers, that aggregation of cyber risk is a key concern, especially when it comes to third-party cloud services and data storage providers. For example, if one of the top four cloud providers in the world went down for three to six days due to a cyberattack, it could cost up to US$19 billion in economic damages, according to AIR Worldwide.
Ransomware Attacks Vaccine Management Software Specialist; COVID-19 Trials Unaffected
The cyber assault on eResearch Technology, a Philadelphia, Pennsylvania-based company that sells a digital platform for drug companies to manage seasonal and epidemic vaccine trials, began roughly two weeks ago, officials said. It’s unclear if any COVID-19 vaccine participants were affected by the cyber extortion.
Sibos 2020: Is 'Ransomware-as-a-Service' a symptom of innovation?
This professionalisation of cyber-crime, or as Whitmore helpfully puts it (in fintech-speak) “Ransomware-as-a-Service” is also just a reflection of the progress and innovation financial services is making in its own right. A bittersweet reality we must face is that as the industry rapidly evolves, crime has to work in lockstep to match the innovation of the market.
SEC settles with trader accused of illegal trades using hacked data
The U.S. Securities and Exchange Commission agreed to settle charges with one of the traders who relied on hacked data from an SEC company filing system to collectively make millions of dollars[.] The SEC settlement includes both Sungjin Cho, the trader, and Kyungja Cho, his mother. Sungjin Cho made 66 illegal trades under his own name relying on the hacked information, and placed or directed four more under accounts in his mother’s name, according to the original complaint.
Hackers exploit Trump's COVID-19 diagnosis to spread a different kind of virus
Opportunistic hackers have seized on President Donald Trump’s illness from COVID-19 to fool email recipients into clicking on malware, researchers found, in what was a quick turnaround from the news that dominated the weekend and beyond. [...] The messages are designed to bamboozle victims into downloading the BazaLoader backdoor, a kind of trojan commonly linked to the developers of the TrickBot hacking tool.
Into the breach: What IT-OT convergence means for your security strategy
Don’t just blindly take a cloud service, dump your data in the cloud and assume the service provider is going to look after it for you. You have to take a risk-based approach supported with robust governance. Ultimately, you’re responsible for your data, but you have to ask yourself does the service provider have appropriate security procedures? How reliable are they? Do they offer SLAs [service-level agreements]? Do they offer access control?
Singapore spotlights OT security, unveils security roadmap focusing on infrastructure
Singapore's latest cybersecurity masterplan builds on its 2016 cybersecurity strategy and looks to boost the "general level of cybersecurity" for its population and businesses. It focuses on the need to secure the country's core digital infrastructure and cyberspace activities, as well as drive the adoption of cyber hygiene practices amongst its connected citizens.
Space Force and cyber
"The vulnerabilities of our space systems really kind of threaten the way we've done business in the past[.]" "Space is becoming congested and contested and that contested aspect means that we've got to focus on cybersecurity in the same way that the banking industry and cyber commerce focus on cybersecurity day in and day out," he said.
'Mercenary' hacker group runs rampant in Middle East, cybersecurity research shows
Saudi diplomats, Sikh separatists and Indian business executives have been among those targeted by a group of hired hackers, according to research published on Wednesday by software firm BlackBerry Corp. The report on the group, known publicly as Bahamut, the name assigned to the mythical sea monster of Arab lore, highlights how cybersecurity researchers are increasingly finding evidence of mercenaries online.
Cybersecurity and the 117th Congress
With many committees and subcommittees overseeing these dimensions of cybersecurity, and Congress’s quickly filling agenda, bills that could protect Americans from cyberattacks may face long waits before being passed. Congress has its hands full and as the agenda for the coming years is only getting more crowded, it must improve its agility in order to pass meaningful cybersecurity legislation.
What U.S.-Russia Talks on Election Meddling Say About the Kremlin’s Shifting Strategy
“From our side, it’s a pre-emptive step,” says a former senior intelligence officer in Moscow who maintains close ties with the security establishment. If Joe Biden defeats Trump at the polls, says the former officer, “We need a way to start the process of normalizing relations.” He adds: “We don’t want to be accused of interfering again. We’ve had enough of that.”
FBI, NSA confident in election: 'Security of your vote has never been higher,' says cyber security agency
In Tuesday's video, Wray maintained that federal authorities were working closely with state and local officials and would "aggressively investigate and work with our partners to take appropriate action, including seeking criminal charges where warranted." "Rest assured that the security of the election – and safeguarding your vote – is and will continue to be one of our highest priorities," Wray said.
In-House Counsel Should Be Evaluating Now Whether Data Is Subject to FISA Following Schrems II [Registration]
"In reality suspending all data transfers from the European Union to the United States impacts virtually every U.S. and European company and is not practical legally or economically," Mark Faber, vice president, corporate counsel, cyber and privacy law at Prudential Financial in Newark, New Jersey, explained. In-house counsel at U.S. companies will need to prove they are not subject to Foreign Intelligence Surveillance Act orders while U.S. and European lawmakers find a new way to transfer data from the European Union to the United States.
NIST Issues Long-Awaited Final Guidance on Security and Privacy Controls – SP 800-53
With the release of Revision 5, NIST hopes to provide updated security and privacy controls that will make information systems more penetration resistant, limit damages from cyber-attacks, make systems more cyber-resilient, and protect individuals’ privacy.
Comcast TV Remote Hack Opens Homes to Snooping
However, researchers found a serious vulnerability in the remote, allowing attackers to take it over (details below). Worse, the ensuing attack, dubbed WarezTheRemote, does not require any interaction from the victim — it’s extremely cheap to carry out (a hacker merely needs a low-priced RF transceiver and antenna), and can be launched remotely (from up to 65 feet away).
'Smart' Male Chastity Device Vulnerable to Locking by Hackers: Researchers
The locking mechanism is controlled with a smartphone app via Bluetooth -- marketed as both an anti-cheating and a submission sex play device -- but security researchers have found multiple flaws that leave it vulnerable to hacking. "We discovered that remote attackers could prevent the Bluetooth lock from being opened, permanently locking the user in the device. There is no physical unlock," British security firm Pen Test Partners said Tuesday. "An angle grinder or other suitable heavy tool would be required to cut the wearer free."