Cyber Weekly Roundup – July 21, 2017

Weekly Roundup

Cyber Weekly Roundup – July 21, 2017

By Andrew Paulette and Mesay Degefu, with contributions by Loilette Loderick and Colby Proffitt

1.) UAE orchestrated hacking of Qatari government sites, sparking regional upheaval, according to U.S. intelligence officials (July 16, 2017)

https://www.washingtonpost.com/world/national-security/uae-hacked-qatari-government-sites-sparking-regional-upheaval-according-to-us-intelligence-officials/2017/07/16/00c46e54-698f-11e7-8eb5-cbccc2e7bfbf_story.html?utm_term=.a98ef36e8a4b

Summary: The United Arab Emirates orchestrated the hacking of Qatari government news and social media sites in order to post incendiary false quotes attributed to Qatar’s emir, Sheikh Tamim Bin Hamad al-Thani, in late May that sparked the ongoing upheaval between Qatar and its neighbors, according to U.S. intelligence officials.

Why it matters: The story on the Qatari Diplomatic Crisis continues to unfold, and while the alleged hacking of multiple Qatari news agencies and other websites​ is only a piece of the puzzle, it is an important one as we continue to see what damage cyber operations can cause.

2.) FedEx: Systems May Never Fully Recover After Petya Cyber-Attack (July 18, 2017)

http://news.softpedia.com/news/fedex-systems-may-never-fully-recover-after-petya-cyber-attack-517032.shtml

Summary: FedEx was one of the companies hit the hardest by the Petya ransomware attack in June, and it turns out that it’s still struggling to recover after the hack, with some systems very likely to never recover in full.

Why it matters: In an increasingly fast-paced news cycle where one cyber incident can quickly be forgotten for the next big thing, reports such as this one are important as they help illustrate the lasting effect that cyber attacks can potentially have on the global economy. FedEx’s TNT service may never fully recover due to the NotPetya wiper used in June that targeted Ukrainian businesses, affecting their ability to effectively ship packages, especially in Europe. This decrease in capability not only means a drop in shares for the company, but also negatively affects other businesses and individuals attempting to ship products, in turn affecting their productivity.​​

3.) 6 Reasons Israel Became a Cybersecurity Powerhouse Leading the $82 Billion Industry (July 18, 2017)

https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/gilpress/2017/07/18/6-reasons-israel-became-a-cybersecurity-powerhouse-leading-the-82-billion-industry/2/&refURL=https://intranet.netcentrics.wpengine.com/sites/circlesofinterest/cybersavers/SitePages/News%20Roundup%20-%20Contributor%20View.aspx&referrer=https://intranet.netcentrics.wpengine.com/sites/circlesofinterest/cybersavers/SitePages/News%20Roundup%20-%20Contributor%20View.aspx#4ba15a286739

Summary: Israel has become a cybersecurity powerhouse at the center of an $82 billion industry (not counting spending on internal security staff and processes) for the following 6 reasons: government as a coordinator, government as a business catalyst, making the military a startup incubator and accelerator, investing in human capital, embracing interdisciplinary and diversity, and rethinking the cyber box.

Why it matters: The cyber field is recognized as essential and cyber professionals have the opportunity to become innovative, gain experience, and advance in the field.

4.) Another AWS cloud data leakage due to misconfiguration (July 18, 2017)

http://searchsecurity.techtarget.com/news/450422962/Another-AWS-cloud-data-leakage-due-to-misconfiguration?utm_medium=EM&asrc=EM_NLN_80157908&utm_campaign=20170719_More%20cloud%20leaks:%20Dow%20Jones’%20Amazon%20S3%20bucket%20exposes%20customer%20data&utm

Summary: The cloud data leakage of Dow Jones & Company customer data marked the latest in a line of Amazon Web Services (AWS) cloud data leakage incidents from the Republican National Committee (RNC), the WWE, the Department of Defense and Verizon — the last two via third-party contractors. Cybersecurity firm UpGuard, which also found and notified the other organizations listed, reported the potential cloud data leakage to Dow Jones in early June.

Why it matters: Another week, another cloud leak.  As said in previous posts, if an organization moves data to the cloud, the responsibility to ensure that data is well protected ultimately falls on the senior management of that organization. Companies planning to move to the cloud should ensure that they have negotiated Service Level Agreements that meet policy requirements of the organization’s information security program, as well as ensure they have the staff and engineers available to ensure their piece of the cloud puzzle is properly managed, regardless of the service being utilized.

5.) Hackers Could Easily Take Remote Control of Your Segway Hoverboard (July 19, 2017)

http://thehackernews.com/2017/07/segway-hoverboard-hacking.html

Summary: Thomas Kilbride, a security researcher from security firm IOActive, has discovered several critical vulnerabilities in Segway Ninebot miniPRO that could be exploited by hackers to remotely take “full control” over the hoverboard within range and leave riders out-of-control.

Why it matters: While the good news is that these vulnerabilities appear to have been patched, this article serves as a great reminder that as we begin creating more complex software and programs to run our everyday devices, more avenues of attack and compromise are also possible. IoT devices seem to be a field that would greatly benefit from participating in bug bounty programs, which would in turn help ensure the security of their devices and increase customer confidence in their products.​

6.) After AlphaBay’s Demise, Customers Flocked to Dark Market Run by Dutch Police (July 20, 2017)

https://krebsonsecurity.com/2017/07/after-alphabays-demise-customers-flocked-to-dark-market-run-by-dutch-police/

Summary: Earlier this month, news broke that authorities had seized the Dark Web marketplace AlphaBay, an online black market that peddled everything from heroin to stolen identity and credit card data. But it wasn’t until today, when the U.S. Justice Department held a press conference to detail the AlphaBay takedown that the other shoe dropped: Police in The Netherlands for the past month have been operating Hansa Market, a competing Dark Web bazaar that enjoyed a massive influx of new customers immediately after the AlphaBay takedown.

Why it matters: The apparent exit scheme of AlphaBay reported last week (and included in last week’s news round up) was orchestrated as part of a takedown of one of the world’s largest darkweb vendors by US Law Enforcement. These Dark Web marketplaces not only serve as a conduit for the flow of illegal narcotics, but also as a market where cyber criminals can vendor stolen personal information, such as credit card information. While stemming the tide of cybercrime is a never ending battle, this takedown serves to reduce the number of opportunities cybercriminals have to profit from their activities, in turn increasing the costs and risks for them to continue their illegal activities.​

7.) The Internet of Things: Providing Convenience at the Expense of Security (July 20, 2017)

https://netcentrics.com/white-paper/internet-things-providing-convenience-expense-security/

Summary: In the United States, critical infrastructure is defined as “systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.” While we can easily see changes in the systems making up our physical infrastructure – physical data centers and servers – changes to our digital infrastructure are harder to ascertain. We can put a lock on the door to the data center itself, but it is more challenging to lock the virtual doors that provide access to the data – especially when new doors are added daily, sometimes without notifying the IT department and security operations. These new doors aren’t the result of malicious actors (though they are keen to exploit them); one of the greatest threats to our virtual infrastructure lives in your pocket – the internet connected devices collectively known as the Internet of Things (IoT).

Why it matters: With more industrial control systems and other sensors connected to critical infrastructure becoming Smart Devices, the attack surface of infrastrcuture has grown considerably.  This white paper by NetCentrics will help give the reader an understanding of why critical infrastructure is becoming more vulnerable, as well as some recommendations for reaping the advantages of IoT devices with minimal risk.