Cyber Weekly Roundup – June 2, 2017

Weekly Roundup

Cyber Weekly Roundup – June 2, 2017

By Andrew Paulette

1.) US Law Enforcement Have Spent Hundreds of Thousands on Bitcoin Tracking Tools (May 25, 2017)

https://motherboard.vice.com/en_us/article/us-law-enforcement-have-spent-hundreds-of-thousands-on-bitcoin-tracking-tools

Summary: The blockchain can be pretty overwhelming, with criminals moving their funds through a string of addresses before finally cashing them out. Presumably to deal with that issue, several US law enforcement agencies, including the Federal Bureau of Investigation (FBI), the Drug Enforcement Administration (DEA), and Immigration and Customs Enforcement (ICE) have all paid for software from bitcoin tracking company Chainalysis according to public records, with one purchase order being signed just this month.

Why it matters: ​With more criminals and cyber actors collecting their ill-gotten gains through decentralized currencies such as BitCoin, it comes as no surprise that a market is forming for tools that work to analyze and identify who is ultimately cashing these bitcoins. The market for analytical tools to analyze the blockchain of BitCoins represents a continuing arms race, and we can expect that organizations (such as the ShadowBrokers) will continue to change their tools and tactics to include new digital currencies that are considered more anonymous (such as Zcash).

2.) SHADOWBROKERS PUT PRICE ON MONTHLY ZERO DAY LEAKS (May 30, 2017)

https://threatpost.com/shadowbrokers-put-price-on-monthly-zero-day-leaks/125960/

Summary: The unknowns behind the ShadowBrokers compounded the industry’s anxiety two weeks ago when in the midst of the WannaCry outbreak, they announced a monthly subscription service for new exploits. Today, the group began marketing its Monthly Dump Service in earnest, announcing a price (100 Zcash, or approximately $23,000 USD) and instructions on how to subscribe.

Why it matters: At the moment, this story has a lot of unknowns due to the fact that we don’t know what the ShadowBrokers will be publishing. The use of a monthly subscription model is an interesting choice which may prove more successful than the previous attempt to sell the entire stash of secrets for one lump sum, and the use of ZCash as the payment method shows an increased awareness about the possibility that BitCoin transactions are not as private as the group would like. This is a story that is sure to continue providing headaches for the security industry in the coming months.

3.) HACK DEPARTMENT OF HOMELAND SECURITY ACT WOULD BRING BUG BOUNTY PROGRAM TO DHS (May 31, 2017)

https://threatpost.com/hack-department-of-homeland-security-act-would-bring-bug-bounty-program-to-dhs/125992/

Summary: Hackers will soon be able to poke holes in networks and systems belonging to the Department of Homeland Security if four senators get their way and a bill is passed that would institute a DHS bug bounty similar to programs recently implemented for the Army, Air Force and Pentagon. The bill, known as the Hack Department of Homeland Security (DHS) Act, was introduced last Thursday.

Why it matters: Given the amount of press and success  derived from the “Hack the Pentagon” bug bounty program leveraged by the Department of Defense (DoD), expanding these programs to a federal agencies like DHS that have such a large role in national security seems to be a logical progression for the federal government.​ As long as similar ground rules are set for verifying the participants are not a threat to the platforms they are hacking, this bill should be a win for the security of federal IT if passed.

4.) Defense contractor stored intelligence data in Amazon cloud unprotected (May 31, 2017)

https://arstechnica.com/security/2017/05/defense-contractor-stored-intelligence-data-in-amazon-cloud-unprotected/

Summary: On May 24, Chris Vickery, a cyber risk analyst with the security firm UpGuard, discovered a publicly accessible data cache on Amazon Web Services’ S3 storage service that contained intelligence data. The cache was posted to an account linked to defense and intelligence contractor Booz Allen Hamilton. And the files within were connected to the US National Geospatial-Intelligence Agency (NGA), the US military’s provider of battlefield satellite and drone surveillance imagery.

Why it matters: This article serves as a reminder of the challenges and risks that organizations can encounter when moving their data to the could. Questions such as “how is my data secured?” and “how do I know that my data is completely removed from the cloud service when I unsubscribe?” must be answered by organizations who need to ensure the confidentiality of any information they take to the cloud.

5.) OneLogin: Breach Exposed Ability to Decrypt Data (June 1, 2017)

https://krebsonsecurity.com/2017/06/onelogin-breach-exposed-ability-to-decrypt-data/

Summary: OneLogin, an online service that lets users manage logins to sites and apps from a single platform, says it has suffered a security breach in which customer data was compromised, including the ability to decrypt encrypted data.

Why it matters: Every choice we make in trying to simplify our security has a risk involved. While using a single service to manage authentication to multiple services (or single sign-on) simplifies password management for the user, it also increases the reward for a hacker. While it is ultimately up to organizations to weigh these risks against their benefits, in this case, the data leaked from OneLogin can have serious negative impacts to their clients.​