Cylance is revolutionizing cybersecurity with products and services that proactively prevent, rather than reactively detect the execution of advanced persistent threats and malware. Learn more at cylance.com.
March 31, 2016.
By The CyberWire Staff
The Baltimore Sun, which says it's got a copy of the ransom demand, reports that MedStar Health was indeed hit by ransomware, specifically Samsam, a.k.a. Samas, a.k.a. MSIL. The attackers are said to have offered a bulk discount rate—$18,500 to unlock all affected systems. (Thus the Hollywood Presbyterian incident, in which the hospital paid $17,000, seems to have set the market.) MedStar is gradually recovering: physicians' read-access to electronic health records was restored yesterday.
Ransomware is also appearing in attacks against some US Federal Government agencies. The Department of Homeland Security said yesterday that more than two-dozen US agencies have sustained ransomware attempts since July 2015. And Trend Micro reports that PowerWare ransomware is being used to target US taxpayers' information.
Problems other than ransomware arise for healthcare in the Internet-of-things. ICS-CERT warns that independent researchers have found some 1400 vulnerabilities in an older but still widely used automated cabinet for dispensing medical supplies, CareFusion’s Pyxis SupplyStation.
Cisco has patched its Firepower System Software.
US indictment of Iranian nationals in what we've come to think of as the Bowman Dam incident is seen as an example of American "name-and-shame" approach to agents of foreign governments who hack US targets. President Obama, warning that the country still faces a state of national emergency with respect to cyber, extends the Treasury Department's sanction authority.
The FBI's still not saying how it got into the San Bernardino jihadi's iPhone, but it's already been asked to unlock a phone in another murder investigation.
Today's issue includes events affecting Angola, Austria, European Union, Iran, Iraq, Italy, Portugal, Syria, United Arab Emirates, United Kingdom, United States.
We're en route to Dallas today, where tomorrow and Saturday we'll be covering the annual Women in Cyber Security conference. Watch for live tweeting and special issues.
ON THE PODCAST
Catch the CyberWire's Daily podcast this afternoon, including a talk with the Johns Hopkins University's Joe Carrigan on what you should do when you set that new computer up in your home.
Women in Cybersecurity (WiCYS) 2016(Dallas, TX, March 31 - April 2, 2016) The 3rd annual conference brings together women (students, faculty, researchers, professionals) in cybersecurity from academia, research organizations and industry for the sharing of knowledge and experience, networking and mentoring.
Following malware attack, MedStar docs regain EHR functionality(FierceHealthIT) Clinicians at MedStar Health can now review medical records and submit orders via the electronic health record after a malware attack March 28 forced computers offline, the Maryland-based hospital chain said in a statement Wednesday morning
1,400+ vulnerabilities found in automated medical supply system(Help Net Security) Security researchers have discovered 1,418 vulnerabilities in CareFusion’s Pyxis SupplyStation system – automated cabinets used to dispense medical supplies – that are still being used in the healthcare and public health sectors in the US and around the world
Commonly used IoT devices vulnerable to privacy theft(Help Net Security) A technical investigation by Bitdefender has discovered that four commonly used Internet of Things (IoT) consumer devices are vulnerable to attack. The analysis reveals that current authentication mechanisms of many Internet-connected devices can easily be bypassed to expose smart households and their inhabitants to privacy theft
Tax Day Extortion: PowerWare Crypto-ransomware Targets Tax Files(TrendLabs Security Intelligence Blog) As we are certain about some aspects of life, the same can be said about cybercrime. Tax Day draws closer in the U.S., and as millions of Americans are in the process of filing their taxes, cybercriminals are also stepping in to make this task profitable for them and difficult for their victims
Root Servers Were Not Targets of 2015 DDoS Attack(Threatpost) When the Internet’s root name servers are in the line of fire of a DDoS attack, people start to sweat, and with good reason since they are the authoritative servers used to resolve IP addresses
Online ‘activists’ a threat to Middle East security(National) The most prevalent cyber criminals in the Middle East are not online thieves out to pilfer your bank account, but “activists", according to a new report by a UK-based defence, security and aerospace company
FBI Warns of Rise in Schemes Targeting Businesses and Online Fraud of Financial Officers and Individuals (FBI) FBI officials and various federal and local partners warn potential victims of the business e-mail compromise scam or “B.E.C.,” a scheme targeting American businesses that has resulted in massive financial losses. Officials also warn of scams targeting victims of online fraud, to include “Operation Romeo and Juliet,” a series of cases involving American victims who are targeted when they subscribe to online dating services
Bad bots love the cloud(Enterprise Times) Distil Networks has released its 2016 Bad Bot Landscape Report and it makes for somewhat depressing reading. Subtitled The Rise of Advanced Persistent Bots the report makes the point that bots are cheap to deploy, are leveraging cloud providers and are becoming increasingly sophisticated. All of this increases the pressure on IT infrastructure teams as they struggle to keep the bad guys out
Security Patches, Mitigations, and Software Updates
Cisco Firepower Malware Block Bypass Vulnerability(Cisco) A vulnerability in the malicious file detection and blocking features of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system
Verizon Galaxy Note Edge Marshmallow Update Still Missing As Security Update Blooms(Android Origin) Samsung Galaxy Note Edge owners will have to wait a little longer until they can experience Marshmallow on their devices as Verizon hasn’t updated the device following March’s security update. This is bad news but you shouldn’t feel uneasy as the device is still scheduled to receive the Marshmallow update in the future
Encryption Is a Luxury(Atlantic) The people that most need privacy often can’t afford the smartphones that provide it
It takes 69 days to discover breaches(Business Insurance) It takes an average of 69 days for firms to discover they have been the victims of a data security incident and another seven days to achieve the problem's containment, says a law firm, in a survey issued Wednesday
Merging firms appealing targets for attackers(CSO) Companies going through a merger or acquisition, as well as their lawyers, financial advisers, and other associated firms are all tempting targets for cyberattackers, according to a new report from Digital Shadows
Aviation CEOs: Cybersecurity is Under Control(Aviation Today) The panel addressed how the aviation industry and regulatory awareness of aircraft cybersecurity issues have proliferated over the last year after the FBI set out to investigate claims that a professional hacker was able to control aircraft navigation systems after tapping into a seatback In-Flight Entertainment (IFE) interface
Businesses Turn Their Backs on Banks That Lack the Right IT Security(IT Security Guru) Over two-thirds of companies prefer to bank with a provider who has a solid security reputation, according to a Kaspersky Lab survey. Those banks that make security a priority and take every effort to ensure measures are in place to safeguard against online financial fraud will have an advantage, when it comes to retaining existing customers and reaching new ones
DarkMatter names PKI specialist to SVP(Financial News) DarkMatter has appointed Scott Rea as Senior Vice President – Public Key Infrastructure (PKI), where he will lead the company´s efforts to elevate Identity Management in the UAE and GCC region by establishing domestic Root Certification Authority services, the company said
Products, Services, and Solutions
LookingGlass Unveils Next-Generation Threat Intelligence Management Platform(NewsChannel10) LookingGlass Cyber Solutions™, the leader in threat intelligence and dynamic threat defense, today announced the availability of its next-generation threat intelligence management platform ScoutPrime™, as well as enhancements to its market leading Cyber Threat Center Open Source Intelligence (OSINT) collection platform and LookingGlass Cyveillance Malicious C2 (Command and Control) Machine Readable Threat Intelligence (MRTI) data feed
Add IRM, data security and encryption to any app(Help Net Security) Vera launched its new IRM-as-a-Service (IRMaaS) product, allowing developers to use Vera’s data security platform to build encryption, tracking, policy enforcement, and access control into custom business applications
Container security for enterprise computing(Help Net Security) The largest pain-point today for organizations moving to a container strategy is that containers are being adopted and managed by developers. Operations and security do not have the level of visibility and control that they are accustomed to. At the same time, for DevOps to succeed, security and operations controls must be as agile and move as quickly as the assets to be protected
Protecting identity could be key to enterprise security(TechCrunch) When you hear from people who know about security, the discussion often turns to end users, who are considered the weakest link in the security chain. While IT and the powers that be struggle to secure their networks and IP, the employees are forever screwing up succumbing to phishing scams, using weak credentials and generally causing problems for the security experts who know best — or so says conventional wisdom
4 Cybersecurity Pitfalls to Avoid(AICPA Insights) You might break out in a cold sweat at just the thought of criminals on the other side of the world stealing your clients’ or customers’ account information
Over 60 Organizations Take Part in DHS Cyber Storm Exercise(FEDWeek) Over 1,100 people across more than 60 organizations took part in Cyber Storm V, the latest DHS-led national cyber security exercise designed to test a coordinated response to cyber attacks across the nation’s 16 critical infrastructure sectors such as energy, communications and financial services
Opinion: The San Bernardino iPhone and the 'going dark' myth(Christian Science Monitor Passcode) By breaking into the iPhone at the crux of the FBI v. Apple legal battle, law enforcement officials undercut their argument that encrypted devices are their imperiling efforts to surveil criminal and terror suspects
Encryption: Why Backdoors Are a Bad Idea(Design & Reuse) I have always had a passing interest in encryption and security. My PhD is on network file systems, where managing who has access to what data is an important aspect. I also spent the best part of a year working for a biometric security company (fingerprints and one-time-passcodes)
Oil and gas website operator charged for hacking(Reuters via Business Insurance) The founder of an oil and gas networking website was arrested on Wednesday on charges that he hacked and stole information from a rival site he had created and sold to DHI Group Inc., the Federal Bureau of Investigation said
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Women in Cyber Security 2016(Dallas, Texas, USA, March 31 - April 2, 2016) With support from National Science Foundation, Award #1303441 (Capacity Building in Cybersecurity: Broadening Participation of Women In Cybersecurity through the Women in Cybersecurity Conference and Professional...
SANS Atlanta 2016(Atlanta, Georgia, USA, April 4 - 9, 2016) Learn the most effective steps to prevent attacks and detect adversaries with actionable techniques that you can directly apply when you get back to work. Take advantage of tips and tricks from the experts...
Billington CyberSecurity INTERNATIONAL Summit(Washington, DC, USA, April 5, 2016) On April 5, in Washington, D.C., join leading cybersecurity officials from across the globe at the Billington CyberSecurity INTERNATIONAL Summit to engage in an intensive information exchange between leading...
Cyber Security Summit Atlanta(Atlanta, Georgia, USA, April 6, 2016) The Inaugural Atlanta Cyber Security Summit will be held April 6th at the Ritz-Carlton, Buckhead. This event is for Sr. Executives only. We are Honored to have the US Asst. Attorney General of National...
ASIS 15th European Security Conference & Exhibition(London, England, UK, April 6 - 8, 2016) ASIS Europe 2016 invites you to join security professionals and experts from over Europe and beyond in one of the most dynamic centres of business and culture in the world
ISC West 2016(Las Vegas, Nevada, USA, April 6 - 8, 2016) ISC West is the leading physical security event to unite the entire security channel, from dealers, installers, integrators, specifiers, consultants and end-users of physical, network and IT products.
ASIS 15th European Security Conference & Exhibition (London, England, UK, April 6 - 8, 2016) ASIS Europe 2016 invites you to join security professionals and experts from over Europe and beyond in one of the most dynamic centres of business and culture in the world.
Cyber Risk Management 360(Baltimore, Maryland, USA, April 7, 2016) The Cybersecurity Association of Maryland, Inc. (CAMI) is partnering with the MD Department of Commerce, Chesapeake Regional Tech Council and Greater Baltimore Committee to host our first Signature event...
Cybersecurity and Privacy Protection Conference(Cleveland, Ohio, USA, April 7 - 8, 2016) The Center for Cybersecurity and Privacy Protection 2016 Conference will bring together experienced government officials, in-house counsels, business executives, cyber insurance leaders, litigators, information...
Spring Conference 2016: Creating a Cybersecurity Communtiy(Los Angeles, California, USA, April 11, 2016) The ISACA Los Angeles Chapter provides affordable quality training on fundamental information systems auditing concepts and emerging technology risks, and an opportunity to network with other auditing...
Rock Stars of Risk-based Security(Washington, DC, USA, April 12, 2016) Virtually every company will be hacked, and today, experts accept that a 100% security solution is not feasible. Advanced risk assessment and mitigation is the order of the day. Rock Stars of Risk-Based...
Federal Security Summit 2016(Washington, DC, USA, April 12, 2016) Advanced threats and more sophisticated hackers are making it increasingly difficult to protect mission-critical government systems and communications. The U.S. Government is probed 1.8 billion times per...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.