Cyber Weekly Roundup – August 18, 2017

Weekly Roundup

Cyber Weekly Roundup – August 18, 2017

By Andrew Paulette and Mesay Degefu with contributions by Marvin Marin and Colby Proffitt

1.) Researchers find potentially lethal car hack with no quick fix (August 18, 2017)

http://www.computerweekly.com/news/450424689/Researchers-find-potentially-lethal-car-hack-with-no-quick-fix?utm_medium=EM&asrc=EM_EDA_81406417&utm_campaign=20170818_Researchers%20find%20potentially%20lethal%20car%20hack%20with%20no%20quick%20fix&utm_sourc

Summary: Security researchers have discovered a supplier-neutral and stealthy smart car hack that can drastically affect the performance and function of the vehicle.

Why it matters: ​While normally attacks requiring local access to a device are considered less risky due to physical security controls (Locks, Gates, etc.), unlike computers we keep locked in our houses, smart cars are being considered as solutions for ride-sharing and commercial transportation, removing many of the normal physical security buffers that are in place for our other devices.

2.) IRS used extra funding for cybersecurity and identity theft protection (August 17, 2017)

https://www.accountingtoday.com/news/irs-used-extra-funding-for-cybersecurity-and-identity-theft-protection

Summary: Of the $290 million that was appropriated by Congress last year, the IRS spent $106.4 million supporting network security improvements (data traffic monitoring) and taxpayer data protection system, and replacing outdated cybersecurity equipment.

Why it matters: Government agencies should work ahead to plan how to improve their cybersecurity infrastructure. As malicious attacks become more and more sophisticated, new threats become eminent. Therefore, agencies need to find ways to neutralize those new threats. That means Congress needs to increase funding to improve cybersecurity.

3.) 8 More Chrome Extensions Hijacked to Target 4.8 Million Users (August 16, 2017)

http://thehackernews.com/2017/08/chrome-extension-hacking.html

Summary: Google’s Chrome web browser Extensions are under attack with a series of developers being hacked within last one month.

Why it matters: Inserting malware into Chrome extensions has become more popular over the past few months, with threat actors inserting code into these apps in a supply chain attack against its users.  While some cases have been developers being hacked, we have also seen cases of unsupported extensions with popular user bases being bought by unreputable individuals who add privacy invading components and malware.  As users become more savvy to phishing attempts, there is no doubt this trend of attacking the supply chain will continue to help provide a method of delivery for hackers.​

4.) Maersk Shipping Reports $300M Loss Stemming from NotPetya Attack (August 16, 2017)

https://threatpost.com/maersk-shipping-reports-300m-loss-stemming-from-notpetya-attack/127477/

Summary: A.P. Moller-Maersk, the world’s largest container ship and supply vessel company, said Tuesday that it would incur hundreds of millions in U.S. dollar losses due to the NotPetya wiper malware attacks of late June.

Why it matters: ​The fallout from NotPetya continues.  This the the first solid quantitative assessment of the cost of this attack that I’ve seen reported, and it underscores how much damage a malware can cost a company if they do not keep their IT Networks secure.  A central component of informaiton secrity is to protect the network and its data in a cost effective manner – one must wonder if Maersk could have prevented the losses they have experienced if they had spent even a tenth of the cost of their losses on their cybersecurity program.

5.) IoT Medical Devices a Major Security Worry in Healthcare, Survey Shows (August 15, 2017)

https://www.darkreading.com/threat-intelligence/iot-medical-devices-a-major-security-worry-in-healthcare-survey-shows/d/d-id/1329631

Summary: Healthcare providers, manufacturers, and regulators say cybersecurity risks of IoT medical devices and connected legacy systems a top concern.

Why it matters: This article points to one of the biggest challenges with IoT devices that organizations are facing – effective asset management.  As these devices explode in number on corporate networks, move around the network switching between ports and protocols, and do not follow the same patching routines that is expected of devices such as servers and workstations, information security professionals are grappling with how to handle the security challenges. Placing appropriate resources into asset management will allow security professionals to get a better handle on what they truly have, which will in turn drive improvement in monitoring and responding to incidents related to IoT devices.

6.) Update gone wrong leaves 500 smart locks inoperable (August 14, 2017)

https://arstechnica.com/information-technology/2017/08/500-smart-locks-arent-so-smart-anymore-thanks-to-botched-update/

Summary: Hundreds of Internet-connected locks became inoperable last week after a faulty software update caused them to experience a fatal system error, manufacturer LockState said.

Why it matters: Unfortunately, even when IoT companies try to do the right thing to keep their devices secure, things can go wrong for their customers.  With such basic software running these devices, a bug in an update’s code can essentially brick the device, making life more difficult for both the customer and the company.  Fortunately in this case, the product was able to revert to functioning as a relatively normal door lock (that locks every time to door is closed), so aside from forcing its users to remember their key, the inconvenience caused by this bad update is minimal.

7.) APT28 Using EternalBlue to Attack Hotels in Europe, Middle East (August 12, 2017)

https://threatpost.com/apt28-using-eternalblue-to-attack-hotels-in-europe-middle-east/127419/

Summary: Russian-speaking cyberespionage group APT28, also known as Sofacy, is believed to be behind a series of attacks last month against travelers staying in hotels in Europe and the Middle East. APT28 notably used the NSA hacking tool EternalBlue as part of its scheme to steal credentials from business travelers, according to a report released Friday by security firm FireEye.

Why it matters: This article serves as a reminder that it’s not just about how secure your computer is, but what networks you allow it to connect to. Hotel WiFi networks are known for having weaker security settings, and this fact is being exploited by APT28 to assist in spreading malware to conduct cyberespionage. ​Ideally, travelers are more secure bringing their own connection, such as a 4G device, but also can consider ensuring they set their trust level with the network as low as possible, and using solutions such as VPNs with tunneling and encryption to reduce the chances of their data being sniffed as it travels across the network.