Michigan’s Board of Water and Light Hit By Ransomware

Source: http://www.theregister.co.uk/2016/05/03/michigan_electricity_utility_downed_by_ransomware_attack/

Lansing, Michigan’s Board of Water and Light were hit by ransomware on their corporate systems. The company did state that all payment information was safe due to their use of a third party. Customer service lines returned to normal yesterday, but other systems have still not come back in service. The FBI and police are investigating.

ISIS Hackers Pose a Growing Threat

Source: https://threatpost.com/unskilled-pro-isis-hackers-a-growing-threat/117726/

Extra Readings: https://www.flashpoint-intel.com/home/assets/Media/Flashpoint_HackingForISIS_April2016.pdf

Hackers sympathetic to ISIS pose a growing risk to the global community. They are using public lists found on the internet and publicizing them as kill lists. This very situation happened with Minnesota law enforcement, where their names, addresses, and phone numbers were published. They are not a sophisticated group of attackers, but they promote violence. The fear is that they gain more hacking experience and resources. The small ISIS hacking groups ,that teamed up together, formed the Cyber Caliphate threat actor now seen in the CSCC’s Weekly Executive Summaries. Thankfully the US Armed forces are doing their part to protect us against these terrorists.

Email Privacy Act H.R. 699 Passes US House of Representatives

Source: https://threatpost.com/privacy-activists-cheer-passage-of-email-privacy-act-brace-for-senate-battle/117731/

A completely unanimous vote was given for the passing of the Email Privacy Act. Privacy advocates are celebrating this as a win for U.S. citizens and companies. H.R. 699 is meant to reform the old Electronic Communications Privacy Act. H.R. 699 will require a warrant by the government before it can access email or other stored digital media that is more than 180 days old. As of right now, only a subpoena is needed to seek data from the service provider. The bill will now have to go through the Senate for approval.

SPAM botnet of 4000 enslaved Linux machines shutdown


Mumblehard is the name of the large botnet that blasted spam all over the internet for over a year. The botnet used Perl-based coding to give them a backdoor to the victim’s computers. They also used a mail daemon to send large volumes of spam. The C&C servers of the botnet even allowed the attackers to remove themselves from vendor Spamhaus’s blocking list. Security research group ESET worked along Estonian law enforcement  and an industry partner to shutdown the botnet. They did this by tracking down the C&C server, and then they tricked the botnet members into connecting to benign computers. They believe that the initial infection was done by exploiting WordPress’s content management systems or plugins.

DDoS Attacks – Calculate the Cost and Probability

Source: https://www.helpnetsecurity.com/2016/04/04/ddos-downtime-calculator/

DDoS mitigation market has seen a growth in revenue. $449.5 million account for earned revenues in 2014 and is estimated to double by 2019. Here’s a useful tool to calculate the downtime of a DDoS attack based on your company size, industry, type of hosting environment, most vulnerable operational area, security measures in place, and current level of confidence in DDoS prevention capabilities.

The link to the DDoS Downtime Calculator is here: http://lp.incapsula.com/ddos-downtime-cost-calculator.html?clickid=WB%3AW6MxoiyVWSN51JWTDqTrqUkSWiiT%3AvyOKXs0&utm_medium=ir&utm_source=aff&utm_campaign=247539&irgwc=1


Weekly Executive Summary for Week Ending April 13, 2016

Targeted Industries

  • Banking
  • Telecommunications
  • Software
  • Information Technology
  • Finance
  • Media and Entertainment

Active Threats

  • Anonymous
  • New World Hacking
  • Cyber Caliphate
  • KarmaSec
  • Lizard Squad

Major Events

  • TenCent’s QQ Browser Exposes Millions to Security and Privacy Issues
  • Should You Report a HIPAA Breach When Hit By Ransomware
  • BitDefender Creates Anti-Ransomware
  • Could the Presidential Election Be Affected by Cyberattacks
  • FBI Warns Numerous Law Firms Are Being Targeted For Insider Trading Information


There are a number of lessons to be learned that arose this week. First of all TenCent’s QQ was collecting information on its users in an unsecure way. There is a theory that the reason for the weakness in security is to support China’s Anti-Terrorism Act which calls for the support of technology companies to gain access to data.

In a separate article people questioned whether ransomware attacks constitute a HIPAA breach notification. According to HIPAA’s breach definition a notification should be made if the organization could not prove that private healthcare information was neither accessed or exfiltrated from the victim’s systems.

With the increase of malicious cyber activity, many are questioning the possibilities of whether a cyberattack could disrupt the presidential election this November 2016. Fortunately two organizations are listed in the article who provide evidence for corrective measures being made throughout America.

Further Reading: Fears of Cyberattacks During the Presidential Election

Lastly, malicious traders and cyber criminals are still teaming up to make profits. This time their choice of target are international law firms. These law firms often handle information that deals with corporate dealings and intellectual property. The information of their customer base is also at risk of exploitation by these same cyber criminals.

Note:The purpose of the weekly executive summary is to provide useful information that a business or agency could use in both its cybersecurity and business strategies. In order for this website to serve the community we need to know your concerns and questions about (for example) proper safeguards for technology you’re looking into or what sets of compliance and governance policies would you need to operate a particular business. The CSCC openly invites you to send in your inquiries. We’ll have students research your issues and provide an analysis of the information at hand to guide you with all things cybersecurity. Mail us at: uhwocscc@hawaii.edu

Law Firms Are Being Targeted For Insider Trading Efforts

Source: https://www.helpnetsecurity.com/2016/03/31/hackers-breaching-law-firms-for-insider-trading-info/

Posted: March 31, 2016

The FBI issued a warning that a cyber crime insider trading ring is targeting international law firms for financial gain. Cravath Swaine & Moore LLP and Weil Gotshal & Manges LLP are two very prestigious law firms who have also fallen victim to the group’s cyber espionage. These two law firms represent only a small percentage of the numerous other law firms that were targeted these past couple of years. The goal of the crime ring is to gather non public information for insider trading. A similar attack took place in August 2015 that targeted news wire services for the same purpose.

Fears of Cyberattacks During the Presidential Election

Source: http://www.govtech.com/security/Could-the-Election-Be-Hacked.html?utm_medium=email&utm_source=Act-On+Software&utm_content=email&utm_campaign=Could%20the%20Election%20Be%20Hacked%20%7C%20Happenings%20in%20the%20World%20of%20Civic%20Tech&utm_term=Could%20the%20Election%20Be%20Hacked

Posted: March 31, 2016

News site, Government Technology, recently wrote an article detailing fears that cyber-attacks could disrupt the U.S. election this November 2016. There have been discussions on both sides of the political spectrum as to whether cybersecurity issues will play a role in the actual election process of this year’s presidential election. The Huffington Post mentions six ways hackers could disrupt the election. These methods include “hacking voting machines, shutting down the voting system or election agencies, and deleting or changing election records.” Fox News reiterated the fact that ballot machines could be targeted. In a 2015 report from the Brennan Center for Justice, the organization says that “43 states will use electronic voting machines that are at least 10 years old and reaching the end of their expected lifespan” in this year’s election. The good news is that every state is taking steps to ensure the integrity behind the voting process, according to both the Verified Voter Foundation and CountingVotes.org

BitDefender Security Researchers Release Ransomware “Vaccine”

Source: https://www.grahamcluley.com/2016/03/vaccine-future-versions-locky-teslacrypt-ctb-locker-ransomware-released/?utm_source=hs_email&utm_medium=email&utm_content=27949546&_hsenc=p2ANqtz-8eHlKOq06F0rTt_9SXwt8LZHGKnTMO05prLBQjU0su8kmYX0QnnOToyz0aY4xIxMExKKFHRRDgriTF7B7mE5iREi3lOQ&_hsmi=27949546

Posted: March 31, 2016

Security researchers at BitDefender have released an update to their anti-ransomware utility that handled CryptoWall infections. Their anti-ransomware module has been placed in BitDefender 2016. Now the new ransomware utility handles all current and possibly future versions of Locky, TeslaCrypt, and CTB Locker ransomware programs. Users should not solely rely on BitDefender’s new utility to protect against ransomware. For best results, BitDefender 2016 should be a “complement to computer best practices.”


Should You Report Ransomware As A Breach of HIPAA

Source: http://www.hipaasecurenow.com/index.php/is-ransomware-considered-a-hipaa-breach/?utm_source=hs_email&utm_medium=email&utm_content=27896649&_hsenc=p2ANqtz-_jUlwZgaDyTXvBXONCY6qhNbobFJf9N2uVrnBfQdNG0UCSJnq4J6VMEKeOAV_Q8ggNi9sp2KZCPvXaxO-516jODytARg&_hsmi=27896649

Posted: March 30, 2016

Generally speaking ransomware merely encrypts the victim’s data rather than accesses it. Many healthcare institutions that were hit by ransomware don’t report a breach of personal healthcare information (PHI) data because the data was not accessed. The problem now is that hybrid ransomware is showing up. This hybrid ransomware stays dormant on machines, installs other malware on to the victim’s machines, and may give attackers access to protected personal healthcare information. The responsibility ultimately falls upon the victim to prove that ransomware did not access or exfiltrate PHI during their security incident. If the victim’s organization can not prove that no PHI information was accessed or stolen, then they must report a breach to HIPAA authorities. Healthcare organizations should have specific controls in place to monitor the access of files and the transportation of them outside of the organization’s network.