CI Security

IT Security News Blast – 11-7-2019

Evolution of Cybersecurity Panel Highlights

We had a great event this week with local leaders at the World Trade Center Seattle to discuss “The Evolution of Cybersecurity.” A big thanks to our expert panel of InfoSec executives from the Seattle area. We discussed recent ransomware attacks on local governments and small businesses, advances in cybersecurity technology, and the inevitable conclusion - that trained InfoSec experts will be needed to protect and defend organizations for decades to come. Read on for highlighted quotes from our expert panel, along with a link to the Puget Sound Business Journal article covering the event.


Employees know vulnerabilities exist, but they can’t resolve them quickly enough

There is a sharp remediation gap between when organizations first detect vulnerabilities and when those issues are ultimately resolved, Adaptiva survey reveals. The survey also found that companies overwhelmingly do not have the staff to handle today’s security demands, and leveraging current vulnerability management tools is one of their greatest cybersecurity challenges. “Security threats are coming at organizations from all sides, and companies don’t have the manpower to combat them effectively despite their best efforts[.]”


Healthcare Data Breaches Likely to Cost A Whopping US$4 Billion by End of This Year, 2020 Like to be Hit Worse

With each passing day, care givers are finding it increasingly difficult to stay ahead of cyber attacks and data breaches. Ensuring cyber security is becoming more challenging and the bad news is it is starting to take a toll on the financial health of the industry. According to reports data breaches are likely to cost the healthcare sector a whopping US$ 4 billion by the end of 2019. And 2020 is likely to be even worse.


Defending against nation state ransomware

In city and local governments and in hospitals and other healthcare organisations, IT budgets are often tight. They also tend to exhibit flat networks, unpatched legacy software and end of life operating systems.  The outcome means is that from the US City of Baltimore to the British National Health Service, attacks have been crippling.  We should expect a continued climb in attacks on these two sectors in 2020. The point of this article is not to scare, but rather also to point out how we can remedy these situations.


FICO Releases Machine-Learning Cyber Risk Score on AWS Marketplace

"AWS Marketplace makes it is easier to discover, evaluate, and procure the FICO Cyber Risk Score," said Garth Fort, director, AWS Marketplace, Amazon Web Services, Inc. "Given the level of urgency organizations have to address cyber risk, the streamlined contracting and provisioning process of AWS Marketplace expedites our customers' ability to realize value from cyber security solutions."


Cyber Security Today – Banking security incidents and a mobile phone scam warning

But it raises the question of why any company that offers financial services — be it an aggregator like Mint or Quickbooks, or a bank or credit union, doesn’t force all customers to use the extra step of multifactor authentication for logins. You need the extra step because so many usernames and passwords get stolen in data breaches. However, many financial services only offer this as an option.


Accounting Scams Continue to Bilk Businesses

While ransomware continues to garner attention for its sheer disruptive power, businesses and government organizations continue to lose billions of dollars to impersonators who insert themselves into the victims' financial workflow. Known most often as business e-mail compromise (BEC), the scam targets critical employees with phishing e-mails that specifically request they change the bank information for a particular vendor. When the company or organization pays future invoices, the funds are transferred to the fraudster's bank account.


We Need a Global Standard for Reporting Cyber Attacks

Of course, no organization wants to state publicly that they suffered an incident; not only do they want to avoid disclosing vulnerabilities to bad actors, but they don’t want to incur the reputational or financial damage that can come with such a disclosure. To encourage breach-related information sharing, it is important to guaranty anonymity to the organizations reporting incidents.


Workforce Well-Being in the World of Cyber

Some of the most common reasons found were: too many hours on the job, feeling like a cog in the wheel, high adversity making mistakes costly, and every task being considered mission critical. [...] Let’s think of the five essential elements of an employee’s workforce well-being as looking like the wheel of a cycle (pictured here). The wheel has different components to it, such as: Physical, Community, Financial, Social, and Career. Of course, there can be other components when it comes to personal and overall life wellness as well, but let’s keep it simple and stick with these five for now.


Tipped off by an NSA breach, researchers discover new APT hacking group

Digging further into DarkUniverse, the researchers found that the group went to great lengths to infect and surveil its targets. For instance, spearphishing emails were prepared separately for each target to ensure they grabbed recipients' attention and induced them to open an attached Microsoft document. Additionally, the full-featured malware was developed from scratch and evolved considerably over the eight-year span of the group's known existence. Each malware sample was compiled immediately before being sent to include the latest available version of the executable.


U.S. Security Leaders Warn About Russian, Iranian Interference In 2020 Polls

"Russia, China, Iran, and other foreign malicious actors all will seek to interfere in the voting process or influence voter perceptions," they added. U.S. officials have in the past warned that Russia, Iran, and other countries could attempt to influence the result of the November 2020 presidential vote. Moscow and Tehran have repeatedly denied the allegations. Russia has also rejected accusations it had interfered in the 2016 U.S. presidential election.



The people of Iran are continuing strikes, protests and anti-government demonstrations and have made it very clear that they are not going to give up until their goal of regime change has been achieved. [...] The regime has gone back to its old tried and tested cyber activities in a bid to distract itself from its dire situation. It has started, once again, using fake social media accounts to spread misleading and untrue news. The main opposition to the Iranian regime, the National Council of Resistance of Iran (NCRI), has reported that the regime does this to “boost the morale of its demoralized forces”.


An Infamous Neo-Nazi Forum Just Got Doxxed

The metadata of a now-defunct neo-Nazi message board that is considered the birthplace of several militant organizations—among them the U.S.-based terror group Atowmaffen Division—was dumped onto the internet by what appears to be anti-fascist activists. [...] The dump of its inner workings includes the login names of its former members and their associated emails and IP addresses. [...] The identity of whoever originally obtained the data isn’t known, but the dump was uploaded to the Internet Archive by a user named “antifa-data” on November 6.


Facebook Reveals New Data Leak Incident Affecting Groups' Members

Facebook today revealed yet another security incident admitting that roughly 100 app developers may have improperly accessed its users' data in certain Facebook groups, including their names and profile pictures. In a blog post published Tuesday, Facebook said the app developers that unauthorizedly access this information were primarily social media management and video streaming apps that let group admins manage their groups more effectively and help members share videos to the groups, respectively.


Tough online privacy legislation unveiled by Lofgren, Eshoo

Two lawmakers who represent Silicon Valley unveiled an ambitious online privacy bill Tuesday, hoping to frame the debate over federal legislation. [...] The bill would require companies to limit their use, collection and sharing of personal information to specific business needs. People would have to opt in to certain data collection, could delete and correct data about themselves, and could limit the length of time companies could keep their information.


Wizard Spider Upgrades Ryuk Ransomware to Reach Deep into LANs

The Ryuk ransomware has added two features to enhance its effectiveness: The ability to target systems that are in “standby” or sleep mode; and the use of Address Resolution Protocol (ARP) pinging to find drives on a company’s LAN. Both are employed after the initial network compromise of a victim organization. Ryuk, which is distributed by the Russian-speaking Wizard Spider financial crime syndicate, is innovating in particular by using the Wake-on-LAN (WoL) utility to reach snoozing systems that it otherwise would have no ability to encrypt.


Businesses are replacing VPNs with zero trust network access

The firm's 2019 Zero Trust Adoption Report, which was conducted by Cybersecurity Insiders, found that 15 percent of organizations have already enacted ZTNA while more than half (59%) plan to implement ZTNA over the course of the next 12 months. As a result, only three out of every 20 organizations are protected against VPN attacks which cybercriminals are now taking advantage of to impact business operations.


Adversary harboring DopplePaymer ransomware targets industrial sector

The researchers uncovered the two victims while examining a malicious server they had discovered. The server hosted seven DopplePaymer ransomware binaries that were uploaded between Oct. 5 and Oct. 20, a sample of TinyPOS point-of-sale software that was uploaded on Sept. 26, and an svchost.exe malicious loader. Additionally, they observed the post-exploitation credentials-dumping tool Mimikatz, the PsExec command-line tool that lets users execute processes on remote systems, and the crash dump creation tool Procdump.


NSA to Congress: Our spy programs don’t work, aren’t used, or have gone wrong – now can you permanently reauthorize them?

The NSA was unable to give a single example of how one of its most controversial spying programs has been useful in the fight against terrorism in a Congressional hearing on Wednesday morning. The repeated refusal by NSA senior official Susan Morgan to provide any detail whatsoever about how the program - which the NSA and FBI are formally asking Congress to permanently authorize - has proved useful, left senators on the Judiciary Committee shaking their heads in disbelief.

You are receiving this email because you are subscribed to receive the IT Security Daily Blast email from Michael Hamilton, Founder, President, and CISO of CI Security, formerly Critical Informatics.

Archived articles are available at

CI Security and the CI Security logo are the trademarks of CI Security, Inc. All other brand names, trademarks, service marks, and copyrights are the property of their respective owners.

© 2019 CI Security. All rights reserved.

CI Security
245 4th St, Suite 405  Bremerton, WA 98337
About Us   |   CI News   |   Contact Us

Add this Email to Your Address Book

Update Your Preferences   |   Unsubscribe from the Daily Blast