CI Security

IT Security News Blast – 10-31-2019

F5 Labs 2019 Phishing and Fraud Report with CI Security

CI Security collaborated with F5 Labs in their newest report, the 2019 Phishing and Fraud Report, with research provided by our Critical Insight Security Operations Centers. CI Security co-founder and CTO Mike Simon shared what phishing attacks look like when detected by the security analysts trained to catch them, and recommended strategies to defend against phishing campaigns. “Broad, historic data on network activities are critical to dealing with phishing. Because CI Security gathers and indexes a broad spectrum of information about activities on customer networks, the question we asked ourselves was around how that information might be useful in reducing the potential impact of phishing in an organization.” Read what else Mike had to say about phishing and get the link to download the F5 report.


World's First Domain Registrar Network Solutions Discloses Breach

World's first domain registrar Network Solutions disclosed a security breach that happened in late August 2019, and allowed a third-party to infiltrate some of the company's computing systems without authorization and potentially access some customers' personally identifiable information (PII). [...] This is the second time Network Solutions was impacted by a security breach. The company also alerted its customers on July 2009 that "unauthorized code may have been used to transfer data on certain transactions for approximately 4,343 of our more than 10,000 merchant websites to servers outside the company."


Filling Healthcare Security Staffing Gaps with Virtual CISOs, Students

Without a security leader in place, 74 percent of organizations find it’s a serious challenge to maintain effective cybersecurity. [...] “A lot of health organizations aren’t filling staffing gaps effectively,” Hewitt said. “Individuals are being appointed into senior security roles through seniority and longevity, rather than skillset. Unfortunately, for the security career field: it takes a long time to get good at it.” [...] It takes someone well-rounded to understand not only healthcare, but to understand health security and the technical components clearly for it to be done right – especially those IT skills to understand more of the business operation side.”


Do More Patients Die at Hospitals That Experience Data Breaches?

The researchers found that data breaches were associated with a 0.23 percentage point increase in mortality rate within 30 days after a heart attack, and that went up to a 0.36 percentage point increase in likelihood of death two years after the breach and a 0.35 percentage point increase in likelihood of death three years after the breach. [...] In other words, following a data breach or other security incident, for every 10,000 heart attacks at the breached hospital, the researchers saw up to an additional 36 deaths beyond the expected fatality rate for heart attacks.


Cybersecurity tips for CIOs and CISOs dealing with the widely dispersed data of healthcare

“In fact, I would label this as a flaw in HIPAA,” Haber contended. “Just like privacy shield initiatives, PCI and other data privacy acts, it would be good for a rating system to be developed to grade a healthcare provider’s cybersecurity hygiene and make those ratings public to consumers and other providers. This would be similar to a restaurant’s health rating, and people and organizations could determine if they want to trust an organization with their sensitive information.”


Big companies agree to cyber job recruiting steps

The idea, under the initiative led by the Aspen Cybersecurity Group, is to seek candidates outside traditional postings requiring a bachelor’s or more advanced degree, and to appeal to those with other backgrounds. [...] The companies agreed to expand their recruitment focus beyond applicants with four-year degrees and by “using non-gender biased job descriptions”; center job postings on core requirements and not “over-spec” them; and make career paths more accessible and understandable.



The cybersecurity consultants that then help the victim secure their systems, negotiate and pay the ransom, and decrypt or retrieve the victim’s data are retained by the lawyers and not by the victim directly. Under this arrangement, stakeholders attempt to shield all information about the incident and ransom under attorney-client privilege. While this attorney-client privilege protects the interests of individual firms, it also unintentionally prevents researchers and authorities from developing a systematic understanding of the ransomware industry.


All the links in your supply chain need to be secure against cyber attacks

In an ideal world, companies in the supply chain would take sole responsibility for dedicating sufficient resources to manage their own security. In practice, however, many suppliers do not identify security as a core business need, either unaware or indifferent to the potential impact it will have downstream. In these instances, it becomes imperative to impose your minimum expected security standards upstream, where possible, requiring the suppliers commitment to these standards as part of the deal. This should be reviewed on a regular basis with each supplier to ensure that they maintain this capability.


US retirement accounts offer tempting target for cyber attacks

With nearly $6tn sitting in 401(k) plans, the US financial services industry is coming under increasing pressure to ensure that retirement savings are safeguarded from rapidly evolving cyber threats. [...] “The stakes are enormous,” says Doug O’Rear, co-founder of OnTrack 401(k), a retirement plan advisory group. Money wrongfully removed from a 401(k) plan is difficult to recover, he says, heightening anxieties that a person’s life savings could be wiped out with one hack.


Recent headlines have detailed foreign-state actors targeting utilities and independent power producers in the United States to gain access to critical infrastructure at the nation’s utilities and military installations. [...] NERC’s cybersecurity reliability standards do not take into account the magnitude of a facility’s potential lost revenue and other financial losses as a result of a cybersecurity attack. Further, multiple, low impact assets may share a common-mode vulnerability through which a number of geographically dispersed low impact assets are affected simultaneously with a large-scale impact on the grid.


Indian nuclear power plant’s network was hacked, officials confirm

It's not clear if data was stolen from the KKNPP network. But the nuclear power plant was not the only facility Singh reported being compromised. When asked by Ars why he called the malware attack a "casus belli"—an act of war—Singh, a former analyst for India's National Technical Research Organization (NTRO), said, "It was because of the second target, which I can't disclose as of now." [...] Dtrack shares elements of code from other malware attributed to the Lazarus threat group, which, according to US Justice Department indictments, is a North Korean state-sponsored hacking operation.


Cyber attack on Asia ports could cost $110 billion: Lloyd's

The worst-case scenario in the report was based on a simulated cyber attack disrupting 15 ports in Japan, Malaysia, Singapore, South Korea and China. Some 92% or $101 billion of the total estimated economic costs of such an attack are uninsured, Lloyd’s said. The figure was calculated by simulating the impact of a computer virus carried by ships and which scrambles cargo database records at the ports.


Cybersecurity in Project Finance and M&APutin Now Has Russia’s Internet Kill Switch To Stop U.S. Cyberattacks

It seems they’re maybe running a few weeks late, but on October 12, the Russian Federation mandated “the conduct of exercises to ensure the stable, safe and holistic functioning of the information and telecommunication network.” Essentially the ability to run an internal internet standalone, to operate from name servers inside the country, to internalise data storage, to prevent ISPs linking to international services. The first live tests will take place after November 1, and will be repeated annually. There is also the option to run additional tests if deemed necessary.


Ukrainian Officer Details Russian Electronic Warfare Tactics Including Radio "Virus"

Ukranian military officer has offered new insights into the scale and scope of Russian electronic and cyber warfare capabilities, including details on GPS jamming and spoofing tactics, and how they have evolved since a conflict erupted between the two countries more than five years ago. He also said that Russia's capacity to launch some types of attacks may be waning to a degree thanks to American and other international sanctions that have made it difficult for the Kremlin to source key components for these systems.


Report: 2020 is the Year Data Gets Weaponized

Titled “Predictions 2020: Cybersecurity,” the report depicts a near-future where “evil can adopt artificial intelligence and machine learning faster than security leaders can,” and companies’ and consumers’ dependency on tech will coax governments to create assistance programs to “help them weather the impact of cyber-catastrophes.” [...] “Attackers will use AI and ML to enhance existing attacks using the tremendous amounts of data now available to them. They will also develop new techniques in the form of disinformation campaigns against enterprises,” the report states.


More and more APT groups are relying on mobile malware to track dissidents

Mobile malware is increasingly used by hacking group because mobile security solutions are few and far between, so avoiding detection is much easier than efforts that target users on desktop or laptop computers, according to Cylance. Although it’s unclear if the overlap is coordinated, the intermixing of targets, tools, and infrastructure can make it tricky for intelligence analysts and threat intelligence firms tracking nation-state actors to defend against them.


Can Big Tech Save Us From the Power of Government?

WhatsApp, the encrypted messaging phone app owned by Facebook, is suing Israeli tech companies for selling information on hidden vulnerabilities that allowed malicious actors to infiltrate and access private communications. [...] The lawsuit is using the federal Computer Fraud and Abuse Act and California's own Computer Data Access and Fraud Act to target the two Israeli companies in the U.S. District Court for the Northern District of California. The lawsuit charges the company with violating the terms of use for WhatsApp and arranging for unauthorized access to the private data of the app's users.


Examining security process maturity in 400 organizations

Organizations were given a maturity score from zero to five (with 3.5 or above recommended) derived from the SecureTrust Compliance Intelligence model which leverages the Payment Card Industry Data Security Standard (PCI DSS) baseline of technical and operational requirements for protecting data. E-commerce at 3.01 has the highest overall maturity rating as an industry and has the top maturity score for each of the eight control areas, however, still falling short of the 3.5 recommended minimum. Telecommunications ranks second at 2.84 followed by Service Provider at 2.75. Hosting Providers scored lowest overall at 2.14.


Skimming Malware Found on American Cancer Society Webstore

The malware, which "intercepts payments from unsuspecting visitors," hides behind the legitimate "GoogleTagManager" code, the blog says. "It searches for 'checkout' (Y2hlY2tvdXQ=) and will then load the actual skimming code from This server is hosted in Irkutsk, a Russian network that is popular among skimming groups," the blog says. De Groot tells Information Security Media Group that the payment skimmer at the American Cancer Society was injected on Oct 24 and removed the next day, "so luckily the theft was quickly contained."


City of Johannesburg, on Second Hit, Refuses to Pay Ransom

A group called Shadow Kill Hackers quickly claimed responsibility for the attack, according to multiple reports. The group apparently sent the city a ransom note warning them that hackers had “control of everything in your city.” “We also compromised all passwords and sensitive data such as finance and personal population information,” according to the note. To prove this, Shadow Kill posted screenshots on Twitter showing that they had access to the city’s Active Directory server, according to reports. Indeed, the city, home to around 5 million, acknowledged that the attack was serious, but officials still refused to give in to the hackers’ ransom demands, which amount to about $30,000.


Cybersecurity's 'Moral Imperative'

Researchers have known that those AI biases are a potential issue for years. But the impact of bias took on heightened urgency when it was recently shown that some AI models favored white patients over black patients for healthcare treatment. When Gartner data shows that 30% of organizations will use AI to make decisions by 2022, the potential for those critical biases to increase reaches a critical level. In another example, Schoen pointed to the increasing collection of personal data for use by businesses. The data is being collected, processed, and stored, often without the understanding of the customer. And each of those steps requires security.

You are receiving this email because you are subscribed to receive the IT Security Daily Blast email from Michael Hamilton, Founder, President, and CISO of CI Security, formerly Critical Informatics.

Archived articles are available at

CI Security and the CI Security logo are the trademarks of CI Security, Inc. All other brand names, trademarks, service marks, and copyrights are the property of their respective owners.

© 2019 CI Security. All rights reserved.

CI Security
245 4th St, Suite 405  Bremerton, WA 98337
About Us   |   CI News   |   Contact Us

Add this Email to Your Address Book

Update Your Preferences   |   Unsubscribe from the Daily Blast