Cyber Security News

UnityPoint Health is reporting that a data breach may have exposed nearly 1.4 million patient’s personal health data, and all of this is because of a phishing attack. Phishing, and especially spear phishing, attacks are one of the easiest ways for potential attackers to gain access to secure systems. Phishing attacks rely on both human and digital vulnerabilities because while email software has gotten better at detecting and stopping phishing attacks automatically it’s impossible to catch everything. It eventually falls on the human operator to make a judgement call about what emails they open and unfortunately, many people fall victim to malicious emails that have the potential to sweep up secure networks. An initial phishing attempt will be aimed at gaining access to a trusted email address within a system and then use the infected, and still trusted, email address to phish other users. Knowing how to spot suspicious emails is critical, and there are a few simple rules that can be applied to determine which emails to trust.

– Do you know the sender?
– Are there are any obvious misspellings or other simple errors that the sender should not have made?
– Are they asking for an immediate reply or one within a day?
– Is the sender contacting you on an email address that isn’t associated with who they’re claiming to be?
– Are there any hyperlinks in the email that show different addresses when you hover over them?

If the email seems suspicious, or you want to follow best practices, just call or contact the sender and confirm that they really did send you the email. This simple verification process can save you and your company time, money, and prestige by stopping phishing attempts in their tracks.
Source: Phishing attack compromised the data of 1.4 million UnityPoint Health patients

Joel Oritz is being accused of stealing $2 Million in cryptocurrencies by hacking into cell phones. In at least one case he did so by pretending to be the victim and purchased a new SIM card for the victim’s phone which was used to steal personal identifying information (PII). The PII was then put to work breaking into the victims crypto wallet so that Mr. Oritz could drain their cryptocurrency. Mr. Oritz’s victim count is a minimum of 20 in the state of California with more in other states; he is currently on bail and is charged with computer hacking, identity theft, and grand theft.
Source: Valedictorian allegedly stole $2M in cryptocurrency by hacking cell phones

A spearphishing attack originating from Russia targeted some 400 companies and at least 800 devices at these companies, which were various industrial businesses. Targeting these businesses has been a running theme for attacks coming from Russia lately, and in Ukraine, they’ve become so devastating that whole cities have been left without power or utilities. It was recently reported that the US electrical grid had been thouroughly hacked and while there was no loss of service, it wasn’t outside the realm of possibility either. The focus of this set of attacks was stealing money rather than control of espionage, which was accomplished by gaining access to high-level accounts.
Source: Russian spearphishing campaign targeted nearly 800 PCs at more than 400 companies

Max

Max is a Data Privacy Coordinator at a major global law firm and a science fiction author residing in the Philadelphia area. He has been writing for https://www.askcybersecurity.com since early 2017.

partyfacepress.com/

Inmates in an Idaho prison discovered a vulnerability in the system that managed the commissary system in their prison, and by taking advantage of the tables they used to interface with it, which they used to credit themselves with hundreds-of-thousands of dollars in credit. This credit was used to purchase movies, music, and snacks. Prison officials discovered the hack in July, by which time the inmates had taken approximately $225,000. The prison managed to recoup over $60,000 of what was taken, but the rest wasn’t recoverable. The vulnerability has since been removed, and there is no word on what punishment, if any, was levied against the inmates.
Source: Idaho inmates hack prison tablets, steal $225,000 in commissary credits

In a terrifying turn of events, researchers have found a variant of the Spectre attack they’ve dubbed NetSpectre because it (unlike all other known Spectre variants) can attack through a network connection instead of requiring physical access. NetSpectre takes advantage of inherent design quirks that are present in modern machines that allows them to function with the speed we’ve grown used to. By monitoring the way a targeted machine responds to a tailored request it’s possible for NetSpecture to calculate the passkeys and other security information necessary to infiltrate the device without needing to learn the password. NetSpectre is capable of launching from cloud computing services, such as those hosted by Google or Amazon, and can work through Local Area Networks as well. NetSpectre sounds dangerous, and it is, but it was patched out by Intel earlier in the year. As long as your devices are kept up-to-date with security patches they should be safe from Spectre, Meltdown, NewSpectre, NetSpectre, and other derivatives.
Source: NetSpectre — New Remote Spectre Attack Steals Data Over the Network

Another miner malware is making the rounds, named Hidden Bee, which takes advantage of an Adobe Flash vulnerability to install itself. Hidden Bee’s primary attack vector is through advertisements on adult websites that redirect users to targeted pages designed to install the program. These ads appear to be targeted at users in Asian countries, and the attack itself shows an unusually high level of sophistication. The attack is encrypted and requires a hand-shake between the front and back ends of the website for it to actually initiate, which makes it difficult for researchers to analyze and for anti-virus software to catch. This type of attack, which is hidden by obfuscation, is not unknown to the cyber research community but it appears rarely and is an obstacle that makes it difficult to find a fix or even collect the program to study.
Source: Hidden Bee miner spread via download drive-by download toolkit

Max

Max is a Data Privacy Coordinator at a major global law firm and a science fiction author residing in the Philadelphia area. He has been writing for https://www.askcybersecurity.com since early 2017.

partyfacepress.com/

Apple has rolled out a new safety feature, USB Restricted Mode, in an attempt to counter the rise of password stealing and cracking services that have been used by criminal elements as well as the police. These services, like GrayKey, work by using the Lightning USB port on an iPhone to somehow steal the password of the device and allow the user access to it. USB Restricted Mode disables the data, and sometimes charging, capabilities of the Lightning USB port after an hour of inactivity. Unfortunately, there is a major flaw with this protective feature which is that the one-hour inactivity timer resets if the iPhone is connected to a new device even if that device is untrusted. This means that an iPhone could hypothetically be kept out of the restricted mode indefinitely until it can be transported to a place with the code software. If the device has been inactive for at least an hour then it is secure against codebreaking attempts that use the Lightning USB port as their method of entry, maybe. It’s not known how GrayKey actually gets the code for iPhones and it is only believed that it uses the data connection provided by the Lightning USB port.
Source: New iOS Security Feature Ripe for Defeat

Another old security issue has risen to the surface with the fitness app, Polar Flow, which tracks the position and movements of its users. If this sounds familiar, it should, because earlier this year the Strava fitness tracking app had the exact same problem. Smart devices allow a massive amount of data to be collected and used, but these devices aren’t always up to the safety specifications that the military or government requires. In high-security areas personal electronic devices have been banned entirely and even in less secure areas their use and features may be restricted. While blame mostly falls at the feet of the device manufacturers some of it does have to go towards the users, who should be more aware of the data they’re sharing. The best safety practice is to assume that anything transmitted has been compromised.
Source: Polar Flow Fitness App Exposes Soldiers, Spies

Ukranian officials are reporting that they’ve stopped a malware attack against a water purification plant that would have seen an overflow of chlorine had it gone undetected. Ukraine has accused Russian actors of being behind the attack, which used a well-known Russian malware vector known as VPNFilter; there have been multiple cyberattacks against Ukraine that have been linked to Russian groups such as APT 28. These attacks usually go after infrastructure, especially vital infrastructure such as hospitals and heating during the winter. In some ways, these attacks have been testing grounds for malware attacks and have served as a way to test new attack vectors. Cyber warfare is force multiplier that hasn’t seen widespread military use and every nation has worked to get into the field.
Source: Ukrainian officials blame Russia for VPNFilter attack on chlorine plant

Max

Max is a Data Privacy Coordinator at a major global law firm and a science fiction author residing in the Philadelphia area. He has been writing for https://www.askcybersecurity.com since early 2017.

partyfacepress.com/

California Governor Jerry Brown (D) signed the California Consumer Privacy Act (CCPA) into law yesterday. The CCPA borrows its overall tone and structure from the General Data Protection Regulation (GDPR) that was signed into law by the European Union, and both of these pieces of legislation seek to tightly control how companies interact with the personal data of their users. Like GPDR, the CCPA has a grace period of two years and it can still be modified or repealed before it takes effect. This gives corporations, like Google and AT&T, time to try and modify the bill but whether or not they’ll be successful remains to be seen. The CCPA being signed into law has started a conversation about a national level bill that would be enforced at the Federal level, which may have been the point of passing the CCPA. California’s standards tend to influence the rest of the nation, think of anything with the warning “X contains Y, a chemical known to the State of California to cause [cancer, and] birth defects or other reproductive harm.” Tech laws are especially powerful because California is home to Silicone Valley. It’d be like Kentucky passing a bourbon law: whatever happens, is going to carry a lot of weight behind it.
Source: The Cybersecurity 202: Why California could be the bellwether for the privacy movement
The CCPA Text: Assembly Bill No. 375

A hardware vulnerability that affects every Android and some Apple devices that have been produced since 2012 has been discovered by a group of researchers at three universities. This vulnerability is exploited by RAMpage, which is a subset of the Rowhammer malware family. RAMpage functions in a similar manner to SPECTRE in that it works on a known hardware vulnerability to gain access to otherwise secure files; once accessed those files can be used to locate and take all of a devices personal information as well as control of the device itself. RAMpage manipulates ION, Android’s memory management system, to provide access to itself that would normally be impossible. The researchers communicated with Google about the solution they had created, but Google told them that their fix would require more system overhead than they predicted and Google seems to have turned the researchers down.
Source: RAMpage vulnerability impacts every Android device since 2012

Facebook’s quizzes have been shown to expose user data, which was the foundation of the Cambridge Analytica scandal that saw Mr. Zuckerberg testifying before the federal government, this time through the Nametests.com developer. This developer creates quizzes to tell people all sorts of things, like what princess or Harry Potter house they belong to. This act isn’t malicious in and of itself, but the personal data being made available online through a Javascript bypass that gets around the normal process that would stop this data from being visible is.
Source: Facebook quizzes may have exposed 120 million users personal information

Max

Max is a Data Privacy Coordinator at a major global law firm and a science fiction author residing in the Philadelphia area. He has been writing for https://www.askcybersecurity.com since early 2017.

partyfacepress.com/

As cyber attacks increase in volume and intensity, the demand for trained cyber professionals has grown as well. This demand has helped to create a booming cyber security sector, especially in the areas of training and management. Organizations and companies have realized that they’ll need someone who knows what they’re doing managing their cyber security programs, and this has become especially true as international laws such as GDPR have come into effect. Cyber security research and defense groups have proven their worth as they go through cyber forensic data to uncover how an attack occurred and who was responsible for it. These firms have allowed companies to strengthen their defenses, and their proactive attacks and services have prevented major breaches from occurring. The potential for malicious actors and products rife with backdoors has been in the news a lot lately, which has raised awareness towards the risk of lax cyber security. Companies such as ZTE and Kaspersky have both seen themselves lambasted for their connections and actions which would make them the ideal mole for foreign cyber attacks and intelligence gathering. While these scares are troubling and at times it seems like enough can’t be done to make things secure, each one has driven the development of cyber firms ever further as they rush to meet the rising demand. The problem now is the lack of supply as educational programs and certification courses rush to fill the huge gap in the supply of qualified cyber professionals.
Source: The cybersecurity sector is booming — but so are our enemies

There’s a new cyber security lab on the block: Cybercat, which is located in autonomous region of Spain known as Catalonia. Cybercat pulls its talent from a variety of universities, which had been running their own cyber programs without any coordination. Cybercat aims to unify these disparate groups and directives into a unified front that can tackle larger cyber issues. Cybercat will tackle the security issues that come with the rise of Internet of Things (IoT) technology in Spain as well as regulations such as GDPR. For now, the people involved with Cybercat will continue to work from their home universities but in a unified direction and with the capability to be called together in case of a crisis.
Source: Cybersecurity: Why this Spanish region has just created a new research center

Tens-of-thousands of Android devices have been infected with an ad-clicking malware program, according to RiskIQ which is a cyber security research firm. This malware not only takes private information from the infected device but also installs malware that forces the user to pay a fee or see their device drain itself of power. Users who think their phone has been infected can restart their phone and that should clear the malware from the device. If the user agrees to the “Battery Saving App” request than information such as their phone number (and the numbers of those in their contacts) along with other data will be transmitted to a server.
Source: 60,000 Android devices hit with ad-clicking bot malware

Max

Max is a Data Privacy Coordinator at a major global law firm and a science fiction author residing in the Philadelphia area. He has been writing for https://www.askcybersecurity.com since early 2017.

partyfacepress.com/

Beam Suntory, the company behind the well-known Jim Beam whiskey, has been busy working to upgrade their cyber security systems. This push towards more modern and adaptable security systems comes with the realization that their systems are vulnerable, and that it’s possible to create an explosion on the production line. Previously the entire system was set up so that it could only be accessed physically, but this meant that if something went wrong it might take too long for IT professionals to respond and reach the affected site before something damaging occurred. Jim Beam still keeps its most important systems air-gapped and off the web, but it has set up Virtual Private Network (VPN) access that it provides to select IT professionals so they can monitor the health of the Beam Suntory systems and respond as necessary. Beam Suntory has also invested in upgrading their production line with recent technologies such as drones and robotic forklifts. These changes allow for a safer workplace environment and easier tracking of the entire production process. Automation has allowed Beam Suntory to more effectively pursue its business practices and they are continuing to work with Cisco to increase the amount of automated work done at their sites.
Source: Cisco Live 2018: Avoiding distillery explosions with cybersecurity

In a survey by OpenVPN that asked 500 US employees about their online habits, it was found that many employees did not practice good cyber discipline despite increased awareness of the risks. The study showed that a quarter of those surveyed (125) reused the same password for all of their logins, and 23% (115) didn’t check whether links they had been sent were malicious or not. Cyber security is only as strong as the weakest link in the chain, and employees represent the largest amount of links in the corporate chain. Employees, especially those with access to critical data, have to practice their best online behavior. Companies can try to create better behavior by changing their security policies and compelling employees to follow them but safe cyber practices are a cultural issue as well as a regulatory one. Companies must foster an environment where employees understand the best way to keep important data safe through everyday practices and behaviors. Multiple layers of security can help, as well as bio-metric passwords and multi-factor authentication. Employees should be cautioned to always investigate who sent an email and where any links inside go. Phishing and Spear Phishing attacks are still popular with today’s hackers, and they can be easy to fall prey to if you aren’t prepared to deal with them. Several of the largest hacks and attacks in 2017 started with a malicious email that seemed harmless but contained malware, malicious files, or dangerous links. These emails can appear to come from legitimate senders, and they may send the recipient to mock-ups of normal websites so that the target enters security or personal information that allows the attackers to create a foothold in the corporation’s system. The email may send itself from the infected computer using the victim’s email address, which makes it harder to spot the attack since it’s now coming from what’s supposed to be a safe email address.
Source: Despite advancements training and fears of breaches, employees still practice bad cyber hygiene, study

Max

Max is a Data Privacy Coordinator at a major global law firm and a science fiction author residing in the Philadelphia area. He has been writing for https://www.askcybersecurity.com since early 2017.

partyfacepress.com/