Weekly Executive Summary for Week Ending February 26, 2016

Trends Source: https://www.recordedfuture.com/

Targeted Industries

• Information Technology
• Software
• Manufacturing
• Consumer Goods
• Conglomerates

Active Threats

• Anonymous
• Lazarus Group
• TeaMp0isoN
• New World Hacking
• Down-Sec

As mentioned in previous posts, ransomware is on the rise. Ransomware hit the Hollywood Presbyterian Medical Center the other week, and the hospital was forced to pay nearly $17,000 to recover its data. The rise of this type of malware means that the importance of having backups, proper endpoint protection, and user security awareness training becomes that much more essential.

Japan Critical Infrastructure Hack (Update 3/1/2016)
Source: https://threatpost.com/five-year-dust-storm-apt-campaign-targets-japanese-critical-infrastructure/116436/

Cylance’s research team SPEAR released reports about a 5 year campaign that targeted Japanese oil, gas, and electric utilities. The campaign is referred to as Operation Dust Storm. Evidence of Dust Storm’s activities have been found in Japan, South Korea, United States, Europe, and several other Southeast Asian countries. The main tools of their trade are phishing emails containing Flash exploits and zero-days implanted into Microsoft Office documents. Specific vulnerabilities used are CVE-2011-0611 and CVE-2012-1889. Attack domains were used to serve as C&C servers bother for command and control as well as data exfiltration. Another  interesting aspect of this campaign is that Android trojans were also used to do recon on their victims and later to retrieve specific data on those mobile devices. Persistence was achieved through custom made backdoors created on Japan’s systems.They haven’t attributed the attacks to any specific groups, but the attack methods and behaviors are similar to APT1.

Flash exploits are still a big problem today especially after the Hacking Team data breach. The more interesting thing is that malicious cyber threats are now interested in hacking our mobile devices. The development of mobile security as a field along with safe mobile phone habits will be something to keep an eye on and an ear out for. This is specially true considering the question of mobile security in the Apple vs FBI events.

For more technical details please review the Cylance’s Operation Dust Storm Report
PDF – https://www.cylance.com/hubfs/2015_cylance_website/assets/operation-dust-storm/Op_Dust_Storm_Report.pdf?t=1456276906648
SHA1 signature- 606F656561781DBA6FDEF666ECE6A0CC24709F01

Further Readings:

• http://www.govtech.com/security/Hospitals-Ransomware-Attack-Highlights-Importance-of-Strong-Endpoint-Protection.html?utm_medium=email&utm_source=Act-On+Software&utm_content=email&utm_campaign=Hospital%20Ransomware%20Attack%20Highlights%20Need%20for%20Strong%20Endpoint%20Protection%2C%20Startup%20Looks%20to%20Modernize%20City%20Websites&utm_term=Hospital%27s%20Ransomware%20Attack%20Highlights%20Importance%20of%20Strong%20Endpoint%20Protection
• https://www.fbi.gov/news/stories/2015/january/ransomware-on-the-rise

Also in the news the IRS data breach was much larger than initially stated. The breach affects more than 700,000 households in the United States.

http://www.cnbc.com/2016/02/26/new-irs-cyberattack-total-is-more-than-twice-previously-disclosed-dj-citing-irs.html

In Australia cyber-attacks are on the rise and the government is currently proposing a bill on properly disclosing data breaches and informing the public.

http://www.lexology.com/library/detail.aspx?g=bd2486da-3be6-43f8-a95e-eb9672e5a58a

Still in the news, The FBI director James Comey made a statement on Apple and the media’s response.

Sources:

• http://www.govtech.com/security/FBI-Director-Attempts-to-Quell-Feud-With-Apple.html?utm_medium=email&utm_source=Act-On+Software&utm_content=email&utm_campaign=4%20Steps%20to%20Eliminate%20Data%20Silos%20and%20Unlock%20Your%20Data%2C%20Alaska%20CIO%20Jim%20Bates%20Resigns&utm_term=FBI%20Director%20Attempts%20to%20Quell%20Feud%20with%20Apple
• http://www.govtech.com/public-safety/Bill-Gates-Breaks-Away-from-Tech-Giants-Sides-With-FBI-on-iPhone-Hacking.html?utm_medium=email&utm_source=Act-On+Software&utm_content=email&utm_campaign=11%20Risky%20New%20Ideas%20Score%20Knight%20Foundation%20Funding%20|%2018F\u2019s%20Expertise%20Extends%20to%20Cities%2C%20States%20|%2010%20Places%20to%20Watch%20for%20Driverless%20Car%20Developments&utm_term=Bill%20Gates%20Breaks%20Away%20from%20Tech%20Giants%2C%20Sides%20With%20FBI%20on%20iPhone%20Hacking

FBI Director James Comey states that the FBI is not trying to set a dangerous precedent, and they are not trying to create a master key into all iPhones. Comey voiced a similar opinion I made myself where the software could be created one time and then destroyed by Apple never to be used again. The UHWO-CSCC and its director discussed what could be the problem with creating a one-time use firmware to later be destroyed. First of all the lives of those creating this piece of software to help the FBI would be in danger. Who’s to say someone won’t kidnap or hurt people surrounding such a project to break into phones of particular interest. Secondly, no matter how you look at it the world is watching. Comey is trying to reason with the public and technical world about their true intentions, but there are just one too many pieces involved in this puzzle now. I just found out that the FBI is trying to force Apple to give it access to about a dozen more iPhones in unrelated non-terrorism involved cases. This decision will create a precedence for future legal or even physical actions by other not so friendly actors. I personally believe all the consequences need to be weighed out before making any decision. As of right now I haven’t heard of any strategies to protect Apple’s employees and customer base. What is the FBI’s strategy of handling the consequences involved here? Closed door conversations need to take place as this can certainly affect the world of mobile usage at the very least.

Read this next for an insight into the technical aspects of what the FBI is requesting and why Apply refuses to help.

http://www.govtech.com/opinion/Can-Apple-Meet-the-FBIs-Demand-Without-Creating-a-Backdoor.html?utm_medium=email&utm_source=Act-On+Software&utm_content=email&utm_campaign=The%20Time%20to%20Develop%20IoT%20Security%20Policies%20Is%20Now%20|%20What%20Should%20We%20Expect%20from%20a%20CIO&utm_term=Can%20Apple%20Meet%20the%20FBI\u2019s%20Demand%20Without%20Creating%20a%20\u2018Backdoor\u2019

Something very important that’s happening next week (Mar. 1, 2016) is a Judiciary Committee Hearing in the US House of Representatives at 1PM. The hearing is entitled “The Encryption Tightrope: Balancing Americans’ Security and Privacy”

http://judiciary.house.gov/index.cfm/hearings?ID=89431275-E911-4D5C-BD70-BFE3EF91AD86

Note:The purpose of the weekly executive summary is to provide useful information that a business or agency could use in both its cybersecurity and business strategies. In order for this website to serve the community we need to know your concerns and questions about (for example) proper safeguards for technology you’re looking into or what sets of compliance and governance policies would you need to operate a particular business. The CSCC openly invites you to send in your inquiries. We’ll have students research your issues and provide an analysis of the information at hand to guide you with all things cybersecurity. Mail us at: uhwocscc@hawaii.edu