Cyber Command wants to partner with private sector to stop hacks

By: Justin Lynch

The head of the National Security Agency and Cyber Command is advocating for a more expansive partnership between the government and the private sector amid an array of cyberthreats.

Gen. Paul Nakasone, speaking July 31 during the Department of Homeland Security National Cybersecurity Summit in New York City, said that partnerships are America’s “advantage in cyberspace,”

“We have tremendous, exquisite, foreign intelligence reporting,” Nakasone said, but added he wanted to understand what the private sector and firms who make up America’s digital infrastructure were looking for “so we can really tailor the information.”

Information from Cyber Command and the NSA will be used in a new National Risk Management Center that hopes to share cyberthreats between the government and the private sector, according to a department spokeswoman.

”Resiliency begins with a dialogue,” Nakasone said.

The new center’s announcement comes after DHS said that Russia was continuing to attackAmerica’s electric grid. Last week, Sen. Claire McCaskill D-Mo., said that Russian hackers tried unsuccessfully to infiltrate her office. On the same day that Nakasone spoke, Facebook said that it removed 32 accounts in an apparent influence campaign.


By: Michael Kan

Federal investigators indicted three Ukranian nationals who were allegedly part of the Carbanak gang, a hacking syndicate responsible for stealing payment card records across the US.

Three members of the notorious hacking syndicate known as Carbanak have been arrested for stealing 15 million payment cards from thousands of point-of-salemachines across the world.

On Wednesday, the US Justice Department announced indictments against three Ukrainian nationals for infecting over 100 US businesses with their payment card-stealing malware.

The Carbanak gang, also known as Fin7, have been active since at least 2015, and used their hacking activities to steal payment card records from as many as 6,500 point-of-sale terminals, federal officials said. Targeted companies include fast-food chains such as Chipotle, Red Robin, Arby’s and Chili’s, as well as hotels and casinos.

The Carbanak gang relied on a combination of phishing emails and phone calls. For example, a business might receive a legitimate-looking email about a catering request or hotel reservation with a malicious Word document attached. The hackers can then go as far as to call up the business and trick an unwitting employee to open the phishing email and load the malicious attachment.

Once infected, the victim’s computer can be exploited to run other malware that can be used to scan for other vulnerable systems, like point-of-sale machines. The hackers will then steal any payment card numbers, with the goal of selling the goods on digital black markets.


Activist Leaks 11,000 Private Messages from WikiLeaks’ Twitter Chats

By: Mohit Kumar

An activist has just leaked thousands of private messages of an organization that’s been known to publishing others’ secrets.

More than 11,000 direct messages from a Twitter group used by WikiLeaks and around 10 close supporters have been posted online by journalist and activist Emma Best, exposing private chats between 2015 and 2017.

The leaked chats have been referenced by American media outlets earlier this year, but for the very first time, all 11,000 messages have been published online, allowing anyone to scroll through and read messages themselves.

“The chat is presented nearly in its entirety, with less than a dozen redactions made to protect the privacy and personal information of innocent, third parties. The redactions don’t include any information that’s relevant to WikiLeaks or their activities,” Best said.

The leaked DMs of the private Twitter chat group, dubbed “Wikileaks +10” by Best, show WikiLeak’s strong Republican favoritism, as some portions of the previously leaked chats already showed WikiLeaks’ criticism of Hillary Clinton and support for the GOP.

The leaked messages sent by WikiLeaks Twitter account likely believed to be controlled by WikiLeaks founder Julian Assange himself, called Democratic Party candidate Hillary Clinton a “bright, well-connected, sadistic sociopath” and said “it would be much better for the GOP to win,” in November 2015.

During the 2016 presidential campaign, WikiLeaks made public stolen emails from officials of Democratic National Committee (DNC), including Hillary Clinton’s campaign chairman John Podesta, as well as documents on CIA hacking tools.

Best, the freedom of information activist, posted the leaked conversations to her personal blog on Sunday, claiming many of the messages contained offensive material.


UnityPoint warns 1.4 million patients their information might have been breached by email hackers

By: Tony Leys

One of Iowa’s main hospital and clinic systems has notified about 1.4 million patients that their personal information might have been breached.

 UnityPoint Health officials said hackers used “phishing” techniques to break into the company’s email system. The company, based in West Des Moines, said the hackers could have obtained medical information, such as diagnoses and types of care, that was included in emails.

“While we are not aware of any misuse of patient information related to this incident, we are notifying patients about what happened, what information was involved, what we have done to address the situation, and what patients can do to help protect their information,” RaeAnn Isaacson, UnityPoint’s privacy officer, said in a press release Monday.

The hackers also might have obtained some patients’ financial information, such as bank account numbers, UnityPoint said.

The hackers used official-looking emails to obtain employees’ passwords, leading to the breach, the company said. The company said after it discovered the problem May 31, it hired outside experts and notified the FBI.


KICKICO Hacked: Cybercriminal Steals $7.7 Million from ICO Platform

By: Swati Khandelwal

Again some bad news for cryptocurrency users.

KICKICO, a blockchain-based initial coin offering (ICO) support platform, has fallen victim to a suspected cyber attack and lost more than 70 million KICK tokens (or KickCoins) worth an estimated $7.7 million.

In a statement released on its Medium post on July 26, the company acknowledged the security breach, informing its customers that an unknown attacker managed to gain access to the account of the KICK smart contracts and the tokens of the KICKICO platform on last Thursday at around 9:04 (UTC).

KICKICO admitted that the company had no clue about the security breach until and unless several of its customers fell victim and complained about losing KickCoin tokens worth $800,000 from their wallets overnight.

However, after investigating, the company found that the total amount of stolen funds was 70,000,000 KickCoin, which, at the current exchange rate, is equivalent to $ 7.7 million.

KICKICO reported that suspected attackers managed to gain direct access to the smart contract of the project’s blockchain network by obtaining the private key, which eventually allowed the attacker to steal KickCoins from the users’ wallets.


Boys Town Healthcare Data Breach Exposed Personal Details of Patients

By: Wang Wei

Another day, Another data breach!

This time-sensitive and personal data of hundreds of thousands of people at Boys Town National Research Hospital have been exposed in what appears to be the largest ever reported breach by a pediatric care provider or children’s hospital.

According to the U.S. Department of Health and Human Services Office for Civil Rights, the breach incident affected 105,309 individuals, including patients and employees, at the Omaha-based medical organization.

In a “Notice of Data Security Incident” published on its website, the Boys Town National Research Hospital admitted that the organization became aware of an abnormal behavior regarding one of its employees’ email account on May 23, 2018.

After launching a forensic investigation, the hospital found that an unknown hacker managed to infiltrate into the employee’s email account and stole personal information stored within the email account as a result of unauthorized access.

The hacker accessed the personal and medical data of more than 100,000 patients and employees, including:

  • Name
  • Date of birth
  • Social Security number
  • Diagnosis or treatment information
  • Medicare or Medicaid identification number
  • Medical record number
  • Billing/claims information
  • Health insurance information
  • Disability code
  • Birth or marriage certificate information
  • Employer Identification Number
  • Driver’s license number
  • Passport information
  • Banking or financial account number
  • Username and password

With this extensive information in hand, it’s most likely that hackers are already selling personal information of victims on the dark web or attempting to carry out further harm to them, particularly child patients at the hospital.

However, The Boys Town National Research Hospital says it has not received any reports of the misuse of the stolen information so far.


Two-Fifths of IT Leaders regard IoT Security as Afterthought

By: Phil Muncaster

IT leaders could be dangerously underestimating the security risks posed by IoT, according to new research from Trend Micro.

The security vendor polled 1150 IT and security decision-makers in the UK, Germany, the US, Japan and France.

Despite businesses spending an average of over $2.5m each year on IoT projects, they don’t appear to be investing in cybersecurity.

Even though 63% of respondents agreed that IoT-linked attacks have increased over the past year, just half (53%) think they’re a threat to their organization.

This might explain why over two-fifths (43%) regard IoT security as an afterthought, and just 38% get security teams involved in the implementation process for new projects. This drops even further for smart factory (32%), smart utility (31%) and wearable (30%) projects.

Responding organizations suffered an average of three attacks on connected devices over the past year, according to Trend Micro.

“The embedded operating systems of IoT devices aren’t designed for easy patching, which creates a universal cyber risk problem,” said the firm’s COO, Kevin Simzer. “The investment in security measures should mirror the investment in system upgrades to best mitigate the risk of a breach that would have a major impact on both the bottom line and customer trust.”


iPhone Hacking Campaign Using MDM Software Is Broader Than Previously Known

By: Swati Khandelwal

India-linked highly targeted mobile malware campaign, first unveiled two weeks ago, has been found to be part of a broader campaign targeting multiple platforms, including windows devices and possibly Android as well.

As reported in our previous article, earlier this month researchers at Talos threat intelligence unit discovered a group of Indian hackers abusing mobile device management (MDM) service to hijack and spy on a few targeted iPhone users in India.

Operating since August 2015, the attackers have been found abusing MDM service to remotely install malicious versions of legitimate apps, including Telegram, WhatsApp, and PrayTime, onto targeted iPhones.

These modified apps have been designed to secretly spy on iOS users, and steal their real-time location, SMS, contacts, photos and private messages from third-party chatting applications.

During their ongoing investigation, Talos researchers identified a new MDM infrastructure and several malicious binaries – designed to target victims running Microsoft Windows operating systems – hosted on the same infrastructure used in previous campaigns.

  • Ios-update-whatsapp[.]com (new)
  • Wpitcher[.]com

“We know that the MDM and the Windows services were up and running on the same C2 server in May 2018,” researchers said in a blog post published today.

“Some of the C2 servers are still up and running at this time. The Apache setup is very specific, and perfectly matched the Apache setup of the malicious IPA apps.”


Possible Connections with “Bahamut Hacking Group”

mobile device management software

Virginian Bank Robbed Twice in Eight Months

By: Phil Muncaster

The perils of phishing emails and cyber-insurance were laid bare this week after news emerged of an American bank that fell victim to hackers twice within eight months and is suing its provider for failing to cover the losses.

The Virginian National Bank of Blacksburg was hit in late May 2016 and again in January 2017 thanks to phishing emails which eventually resulted in the combined theft of $2.4m.

The first attack enabled attackers to install malware on a victim’s PC, allowing them to access the STAR interbank network and disable controls including PINs, daily withdrawal limits and anti-fraud measures, according to journalist Brian Krebs.

The attackers were then able to dispense funds from customer accounts of over half a million dollars to ATMs around the country.

The second attack apparently used a booby-trapped Microsoft Word document to access the bank’s Navigator software, which they used to artificially credit various accounts with $2m before withdrawing funds from ATMs in the same way and deleting the evidence.

Chandu Ketkar, principal consultant at Synopsys, argued that the breaches came from failures of security awareness training, monitoring controls, emergency response, and policy around Office macros.

Ryan Wilk, vice president at NuData Security, added that phishing risk can be mitigated by migrating away from static username/password combinations.

“This is a clear example of why merchants and financial institutions are moving past the user’s personally identifiable information (PII) as a way to authenticate them and incorporating multi-layered solutions with passive biometrics and behavioral analytics,” he added. “These technologies thwart the reuse of data by fraudsters and, instead, verify users based on their behavioral information.”

In a further twist, the bank is now suing its provider, Everest National Insurance Company, for failing to pay out.


Bluetooth Vulnerability Allows Traffic Monitoring, Manipulation

By: Eduard Kovacs

A high severity vulnerability affecting some Bluetooth implementations can allow an attacker in physical proximity of two targeted devices to monitor and manipulate the traffic they exchange. Some of the impacted vendors have already released patches.

The flaw, discovered by researchers at the Israel Institute of Technology and tracked as CVE-2018-5383, is related to the Secure Simple Pairing and LE Secure Connections features.

According to the Bluetooth Special Interest Group (SIG), whose members maintain and improve the technology, Bluetooth specifications recommend that devices supporting the two features validate the public key received during the pairing process. However, this is not a requirement and some vendors’ Bluetooth products do not perform public key validation.

An unauthenticated attacker who is in Bluetooth range of the targeted devices during the pairing process can launch a man-in-the-middle (MitM) attack and obtain the encryption key, which allows them to intercept traffic and forge or inject device messages.

“The attacking device would need to intercept the public key exchange by blocking each transmission, sending an acknowledgement to the sending device, and then injecting the malicious packet to the receiving device within a narrow time window. If only one device had the vulnerability, the attack would not be successful,” the Bluetooth SIG explained.

Additional technical details about the vulnerability and attack method were made public on Monday by CERT/CC.

The Bluetooth SIG says it has now updated specifications to require products to validate public keys. The organization has also added testing for this vulnerability to its Bluetooth Qualification Process, which all products that use Bluetooth must complete.