Cyber Weekly Roundup - June 23, 2017 - NetCentrics

Weekly Roundup

Cyber Weekly Roundup – June 23, 2017

By Andrew Paulette and Mesay Degefu with contributions by Josh Hunter, Loilette Loderick, and Robert Gardiner

1.) Hackers Use E-Cigarettes To Transmit Malware (June 16, 2017)

https://www.geek.com/tech/hackers-use-e-cigarettes-to-transmit-malware-1703638/

Summary: The health risks of electronic cigarettes remain uncertain. But the digital risks have become crystal clear. Hackers are turning vape pens into clever tools to breach cyber security systems.

Why it matters: If a device can interface with a computer and has any form of hardware that holds and processes data, it is conceivable that malware can be loaded onto the device. While not a common method of attack for the everyday hacker, this is cause of concern in cases where the supply chain for a device is compromised to include malware, as we have seen in shady cell phone vendors.

For any organization that houses sensitive data on their company devices, the easiest solution is to create policy forbidding individuals from connecting non-company electronics into the computer via USB port, and leverage detection software to monitor for cases where this policy is not followed.

2.) IOT MALWARE ACTIVITY ALREADY MORE THAN DOUBLED 2016 NUMBERS (June 19, 2017)

https://threatpost.com/iot-malware-activity-already-more-than-doubled-2016-numbers/126350/

Summary: The number of new malware samples in the wild this year targeting connected internet-of-things (IoT) devices has already more than doubled last year’s total. Honeypots laid out by Kaspersky Lab researchers mimicking a number of connected devices running Linux have attracted more than 7,200 different malware samples through May, all bent on infecting connected devices over telnet and SSH primarily. Last year, Kaspersky detected 3,200 samples.

Why it matters: This is another data point to support the growing trend against exploitation of IoT devices for use in DDOS Botnets by threat actors. With the number of IoT devices connected to the internet expected to continue growing exponentially in the coming years, it is critical that software vendors close the worst security holes in these devices (such as leaving default passwords with root access on the device), and solving the problem of patching these devices against future attacks.

3.) 2017 Trustwave Global Report Reveals Cybersecurity Trends Fight Against Cybercrime Shows Both Improvements and Downsides (June 20, 2017)

http://www.businesswire.com/news/home/20170620005151/en/2017-Trustwave-Global-Report-Reveals-Cybersecurity-Trends

Summary: Trustwave recently released a Global Security Report. The report highlights a major improvement in intrusion detection and breach containment. The report also revealed that threats like malvertisement and malicious spam are spiraling.

Why it matters: A malvertisement is a malicious online advertisement that is capable of infecting the viewer’s computer with malware. Malvertisement has become one of the most popular schemes of distribution for exploit kits. Implementing malvertisement is inexpensive, which benefits cybercriminals. According to Trustwave, “In 2016, the estimated cost for cybercriminals to infect 1,000 vulnerable computers with malvertisements was only $5 — less than $.01 per vulnerable machine. Malicious advertising remains the number one source of traffic to exploit kit landing pages.”​

4.) NSA Opens Github Account – Lists 32 Projects Developed by the Agency (June 20, 2017)

http://thehackernews.com/2017/06/nsa-github-projects.html

Summary: The National Security Agency (NSA) — the United States intelligence agency which is known for its secrecy and working in the dark — has finally joined GitHub and launched an official GitHub page. The NSA employs genius-level coders and brightest mathematicians, who continually work to break codes, gather intelligence on everyone, and develop hacking tools like EternalBlue that was leaked by the Shadow Brokers in April and abused by the WannaCry ransomware last month to wreak havoc worldwide.

Why it matters: Open source sharing of tools from any organization is a good thing, and these tools may help organizations with the management and operation of their IT infrastructure.  GitHub also allows code to be branched, or copied, to allow other programmers to add improvements to the code. These updates can then be incorporated back into the original code if desired. By releasing these tools, the NSA may also benefit by being provided new and novel code components from the community.

5.) Is Continuing to Patch Windows XP a Mistake? (June 21, 2017)

https://www.schneier.com/blog/archives/2017/06/is_continuing_t.html

Summary: Last week, Microsoft issued a security patch for Windows XP, a 16-year-old operating system that Microsoft officially no longer supports. Last month, Microsoft issued a Windows XP patch for the vulnerability used in WannaCry.

Why it matters: While Microsoft’s decision to release patches for Windows XP to protect against recent high-profile vulnerabilities certainly cannot be called a mistake, it does extend the life of an operating system which is riddled with security vulnerabilities. It also underscores the unfortunate reality that, for some organizations, Windows XP is still required to maintain day-to-day operations, whether due to software compatibility or some other reason. For organizations running unsupported operating systems, defense-in-depth is crucial to ensure that these vulnerabilities in the operating system are minimized through use of other controls, such as firewalls, anti-virus, and network monitoring.

6.) AVERAGE COST OF BREACH GOES DOWN FOR THE FIRST TIME EVER (June 22, 2017)

https://threatpost.com/average-cost-of-breach-goes-down-for-the-first-time-ever/126479/

Summary: The global average cost of a data breach last year dropped 11.4 percent from 2015 to $3.6 million. The reduction is attributed mostly to a strong U.S. dollar, with wins also offset by a 1.8 percent increase in the size of breaches in 2016. The numbers come from Peter Allor, senior cyber security strategist, with IBM Security, who at the Borderless Cyber event, discussed a just-released IBM-sponsored Ponemon Institute Cost of a Data Breach Study.

Why it matters: As this article discusses, often times the true cost of a breach is not easy to identify due to the potential for lost future business with a company. An example of this was quantifiably seen with Verizon’s recent acquisition of Yahoo, where a total of $350 million was reduced from the final buying price due to Yahoo’s numerous data breeches. In addition, the fact that about 1 in 4 Americans will be the victim of a data breach over the next 2 years is a sobering data point.

7.) Why So Many Top Hackers Hail from Russia (June 22, 2017)

https://krebsonsecurity.com/2017/06/why-so-many-top-hackers-hail-from-russia/

Summary: Conventional wisdom says one reason so many hackers seem to hail from Russia and parts of the former Soviet Union is that these countries have traditionally placed a much greater emphasis than educational institutions in the West on teaching information technology in middle and high schools, and yet they lack a Silicon Valley-like pipeline to help talented IT experts channel their skills into high-paying jobs. This post explores the first part of that assumption by examining a breadth of open-source data.

Why it matters: This article provides an in-depth look into an explanation for Russia’s surplus of hackers, investigating how computer science is approached in Russia compared to the United States. With so much of US business and infrastructure maintaining an online presence, policy and programs need to be created that will both ensure the training of cyber security experts now as well as for those currently undergoing their primary schooling.