Copy
CI Security

IT Security News Blast – 11-6-2019

As cyber risks grow, provider preventive measures still falling short

The shortage of healthcare cybersecurity professionals is forcing a rush to acquire services and outsourcing at a pace six times more than cybersecurity products and software solutions, increased 40 percent from last year. Cybersecurity companies are responding to the labor crunch by offering healthcare providers and hospitals with a growing portfolio of managed services.

https://www.healthdatamanagement.com/news/as-cyber-risks-grow-provider-preventive-measures-still-falling-short

 

Pharma Industry Is Prioritizing Big Data, Blockchain, Cloud Computing and Cybersecurity for Investments

“There is a sizable market on the dark web for healthcare industry related data and breaking into pharmaceutical companies’ systems can expose information related to clinical trials, trade secrets, and IP associated with drug formulation processes and technologies. Any cyberattack that leaks confidential information can affect not only revenues but also damage brand reputation, disrupt the supply chain, or result in litigating actions.”

https://www.aithority.com/technology/big-data/pharma-industry-is-prioritizing-big-data-blockchain-cloud-computing-and-cybersecurity-for-investments-according-to-survey-by-globaldata/

 

Why MSPs must put their own cyber security first

The hackers, US officials revealed, hadn’t targeted each of the businesses individually. Instead, they had infiltrated the managed service providers (MSPs) who maintained their IT systems. Once the MSPs had been breached, the hackers were able to move laterally within their network of clients, secretly exfiltrating data over the course of several months and, in some cases, years. [...] While the scale of the threat may seem overwhelming, security ultimately presents a chance for MSPs to strengthen their relationships with clients.

https://tech.newstatesman.com/security/msp-security-managed-service-provider

 

Siemens PLC Feature Can Be Exploited for Evil - and for Good

Researchers at Ruhr University Bochum in Germany stumbled across the hardware-based special access feature in Siemens' S7-1200 PLCs while studying its bootloader, which, among other things, handles software updates and verifies the integrity of the PLC's firmware when the device starts up. They found that an attacker using the special access feature could bypass the bootloader's firmware integrity check within a half-second window when the PLC starts up and load malicious code to wrest control of the PLC's processes.

https://www.darkreading.com/vulnerabilities---threats/siemens-plc-feature-can-be-exploited-for-evil---and-for-good/d/d-id/1336277

 

Security and business reputation: a relationship in transition

The risks have long been recognised and reflected in modernised business and technical controls,  better integrated governance, risk and compliance management and, critically, in Board-level oversight of the organisation’s performance in containing and mitigating them. Despite these responses, some complicating factors have emerged to challenge the sector’s overall management of pervasive digital risk.

https://www.finextra.com/blogposting/18070/security-and-business-reputation-a-relationship-in-transition

 

Cyber insurance becomes big business with the resurgence of ransomware

“Aon has noted an increase in ransomware frequency and severity, both in terms of downtime and ransom requests, in 2019,” Craig Guiliano, associate director at Aon’s Reinsurance Solutions business, tells The Daily Swig. “This trend appears to be driven by the re-emergence of the ransomware-as-a-Service (RaaS) model, which significantly lowers the bar for would-be criminals. “In addition, sophisticated criminal organizations have also shifted some of their focus and resources to ransomware from banking trojans, point of sale theft and data breaches,” Guiliano added.

https://portswigger.net/daily-swig/cyber-insurance-becomes-big-business-with-the-resurgence-of-ransomware

 

Nikkei falls foul of £22 m BEC scam in a single transaction

"In late September 2019, an employee of Nikkei America transferred approximately 29 million United States dollars of Nikkei America funds based on fraudulent instructions by a malicious third party who purported to be a management executive of Nikkei", ran the statement, "we are taking immediate measures to preserve and recover the funds that have been transferred", concluded the company.

https://www.scmagazineuk.com/nikkei-falls-foul-22-m-bec-scam-single-transaction/article/1664768

 

The National Guard is shoring up to fight 2020 election hacking

Washington state is doing some homework heading in the election, its adjutant general said, putting together a 10-person team to develop a plan, look for vulnerabilities in their network and then monitor for anything strange. Then come election night, Army Maj. Gen. Bret Daugherty said, troops will be “on hand to respond if all of our efforts have failed and the bad guys find their way in.”

https://www.militarytimes.com/news/your-military/2019/11/05/the-national-guard-is-shoring-up-to-fight-2020-election-hacking/

 

Federal Officials Warn Russia, China And Iran Want To Interfere In The 2020 Election

The statement said that foreign countries “may try to accomplish their goals through a variety of means, including social media campaigns, directing disinformation operations or conducting disruptive or destructive cyber-attacks on state and local infrastructure.” The joint statement said the federal government was working “to identify threats, broadly share information, and protect the democratic process.”

https://www.huffpost.com/entry/2020-election-interference_n_5dc1f22de4b0f5dcf8fcb60d

 

Concerns rise over possibility Chinese could use TikTok to collect troops’ data

The review comes after Sen. Marco Rubio, R-Florida, sent a letter to the Treasury in October, asking for an inquiry into the national security implications of the Chinese company, complying with Chinese law, dealing with U.S. user data. “... the threat posed through facial recognition, location data, and A.I. based image scanning techniques could allow the Chinese government to obtain sensitive information," Rubio said Tuesday in a statement to Military Times.

https://www.militarytimes.com/news/your-military/2019/11/04/concerns-rise-over-possibility-chinese-could-use-tiktok-to-collect-troops-data/

 

How Russian Hackers Conquered the World

But Russia seems to carry out these kind of scorched earth cyber war actions that effect turning off the power to hundreds of thousands of civilians, or releasing a piece of malware like NotPetya that kind of carpet bombs a country and then spreads to a dozen major multinationals and it inflicts hundreds of millions of dollars in damages to each one of them, and even to Russian victims just as collateral damage. They seem to err on the side of just doing it whenever they think of some new malicious invention.

https://www.motherjones.com/politics/2019/11/andy-greenberg-sandworm/

 

Facebook's ‘Unusual’ Suit Against 'Gray Market' Cyber Company Faces Significant Hurdles

The NSO Group is one of many companies that operate in the “gray market” of developing and selling hacking technology exclusively to various governments. Lawyers say civil suits against  gray market cyber companies are unusual, and Facebook may run into jurisdictional issues, court splits and a host of other challenges that make prevailing against NSO uncertain.

https://www.law.com/legaltechnews/2019/11/05/facebooks-unusual-suit-against-gray-market-cyber-company-faces-significant-hurdles/?slreturn=20191005183130

 

Monash IVF patients receive bogus emails after 'malicious cyber attack' on fertility company

He said it appeared the patient database was untouched, but investigations were continuing. "We understand that our patients and stakeholders may be concerned by this incident," Mr Knaap said. "Monash IVF takes its patients' privacy and data extremely seriously and is working thoroughly in its investigation to ensure those affected by the incident are informed."

https://www.abc.net.au/news/2019-11-06/monash-ivf-email-malicious-cyber-attack/11675116

 

Magecart Groups Attack Simultaneous Sites in Card-Theft Frenzy

Magecart is an umbrella term encompassing several different threat groups who all use the same modus operandi: They compromise websites built on the Magento e-commerce platform in order to inject card-skimming scripts on checkout pages, stealing unsuspecting customers’ payment card details and other information entered into the fields on the page. According to research from PerimeterX, multiple Magecart attacks are skimming credit cards from sites at the same time.

https://threatpost.com/magecart-groups-attack-simultaneous-sites-in-card-theft-frenzy/149872/

 

Ransomware freezes govt IT in Canadian territory of Nunavut, drops citizens right Inuit

An alert from the provincial government on Monday says that "all government services requiring access to electronic information" are being impacted by what they describe as a "new and sophisticated" infection. "Essential services will not be impacted and the [government of Nunavik] will continue to operate while we work through this issue," Premier Joe Savikataaq said. "There will likely be some delays as we get back online, and I thank everyone for their patience and understanding."

https://www.theregister.co.uk/2019/11/04/ransomware_freezes_nunavut_canada/

 

Kaspersky identifies mysterious APT mentioned in 2017 Shadow Brokers leak

But in a report last month, GReAT, Kaspersky's elite hacker hunting unit, said they've finally managed to identify one of those mysterious APTs -- namely the group tracked through the sigs.py signature #27. Kaspersky says signature #27 can identify files that are part of "DarkUniverse," a malware framework, and a name they are now also using to track the APT and its activities.

https://www.zdnet.com/article/kaspersky-identifies-mysterious-apt-mentioned-in-2017-shadow-brokers-leak/

 

Experts: Don't reboot your computer after you've been infected with ransomware

Instead, experts recommend that victims hibernate the computer, disconnect it from their network, and reach out to a professional IT support firm. Powering down the computer is also an alternative, but hibernating it is better because it saves a copy of the memory, where some shoddy ransomware strains may sometimes leaves copies of their encryption keys.

https://www.zdnet.com/article/experts-dont-reboot-your-computer-after-youve-been-infected-with-ransomware/

 

Against All Common Sense, FCC Approves T-Mobile-Sprint Merger

The FCC today finalized its approval of T-Mobile’s $26 billion dollar merger with Sprint, a megadeal that most objective data suggests will result in higher prices, fewer jobs, and even worse service from one of the most disliked industries in America.

https://www.vice.com/en_us/article/ywajnv/against-all-common-sense-fcc-approves-t-mobile-sprint-merger



You are receiving this email because you are subscribed to receive the IT Security Daily Blast email from Michael Hamilton, Founder, President, and CISO of CI Security, formerly Critical Informatics.

Archived articles are available at https://ci.security/news/daily-news.

CI Security and the CI Security logo are the trademarks of CI Security, Inc. All other brand names, trademarks, service marks, and copyrights are the property of their respective owners.

© 2019 CI Security. All rights reserved.

CI Security
245 4th St, Suite 405  Bremerton, WA 98337
About Us   |   CI News   |   Contact Us

Add this Email to Your Address Book

Update Your Preferences   |   Unsubscribe from the Daily Blast