Monday, December 18, 2017

iNews - Around The World This Week

1)     TRITON Malware Targeting Critical Infrastructure Could Cause Physical Damage – Security researchers have uncovered another nasty piece of malware designed specifically to target industrial control systems (ICS) with a potential to cause health and life-threatening accidents. Dubbed Triton, also known as Trisis, the ICS malware has been designed to target Triconex Safety Instrumented System (SIS) controllers —an autonomous control system that independently monitors the performance of critical systems and takes immediate actions automatically, if a dangerous state is detected. According to separate research conducted by ICS cybersecurity firm Dragos, which calls this malware "TRISIS," the attack was launched against an industrial organization in the Middle East.

2)     Newly Uncovered 'MoneyTaker' Hacker Group Stole Millions from U.S. & Russian Banks - Security researchers have uncovered a previously undetected group of Russian-speaking hackers that has silently been targeting Banks, financial institutions, and legal firms, primarily in the United States, UK, and Russia. In the past 18 months, the hacking group is believed to have conducted more than 20 attacks against various financial organizations—stolen more than $11 Million and sensitive documents that could be used for next attacks. Since its first successful attack in May last year, MoneyTaker has targeted banks in California, Illinois, Utah, Oklahoma, Colorado, South Carolina, Missouri, North Carolina, Virginia and Florida, primarily targeting small community banks with limited cyber defenses.

3)     Security Flaw Left Major Banking Apps Vulnerable to MiTM Attacks Over SSL - A team of security researchers has discovered a critical implementation flaw in major mobile banking applications that left banking credentials of millions of users vulnerable to hackers. The affected banking apps include HSBC, NatWest, Co-op, Santander, and Allied Irish bank, which have now been updated after researchers reported them of the issue. SSL pinning is a security feature that prevents man-in-the-middle (MITM) attacks by enabling an additional layer of trust between the listed hosts and devices. When implemented, SSL pinning helps to neutralize network-based attacks wherein attackers could attempt to use valid certificates issued by rogue certification authorities.

4)     Here's where 'Smart Hospitals' will make big tech investments in the near future - Building on top of today’s digital infrastructure, Smart Hospitals will focus on patient experience, outcomes, the Triple Aim and they’ll make expensive acquisitions between now and 2025. Smart hospitals optimize, redesign, or build new clinical processes, management systems and potentially infrastructure, enabled by underlying digitized networking of interconnected assets, to provide a valuable service or insight, which was not possible or available earlier, to achieve better patient care, experience, and operational efficiency. Digital transformation is happening in almost every industry and healthcare is no exception. Analyst house IDC earlier this year pegged the global DX market at escalating as high as $20 trillion in the coming years.

5)     The next big thing in pharmacy supply chain: Blockchain - With $200 billion lost to counterfeit drugs annually and patient safety issues, a chain-of-custody log that blockchain could enable holds promise. Blockchain has the potential to transform healthcare in general and the pharmacy supply chain in particular. The distributed ledger technology could offer legislative, logistical and patient safety benefits for pharmaceutical supply chain management. From a regulatory perspective in the United States, blockchain technological and structural capabilities, in fact, extraordinarily map to the key requirements of the Drug Supply Chain Security Act.

6)     Healthcare Faces Poor Cybersecurity Prognosis - The healthcare industry is underestimating security threats as attackers continue to seek data and monetary gain. Threat actors rarely attack with the intent of causing physical harm, most are looking for financial gain. eSentire reports patient records are worth between $0.05 and $2.42 USD each. Attackers can sell them on the Dark Web, use them for tax fraud or blackmail, or for conducting spear phishing campaigns. Opportunistic attacks are common because of the amount of vulnerable devices.

7)     As India Surveys Bitcoin Exchanges, West Toughens Its Regulations - Once voiced by a cryptocurrency enthusiast, “Bitcoin will do to banks what email did to the postal industry” has now been raised by Israel’s Prime Minister Benjamin Netanyahu while speaking of cryptocurrencies, exchanges and cryptocurrency regulations. “Is the fate of banks that they will eventually disappear? Yes. The answer is Yes. Does it need to happen tomorrow? And do we need to do it through Bitcoin? That’s a question mark!” stated the PM.

8)     Kaspersky Lab Detects 360,000 new Malicious Files Daily - The number of daily detected malicious files reflects the average activity of cybercriminals involved in the creation and distribution of malware. The number of daily detected malicious files reflects the average activity of cybercriminals involved in the creation and distribution of malware. This figure was calculated for the first time in 2011 and totaled 70,000 at that time. Since then it has grown five-fold, and as the 2017 data shows, it is still increasing. Most of the files identified as dangerous fall into the malware category (78 percent). However, viruses – whose prevalence significantly dropped 5-7 years ago, due to their complex development and low efficiency - still constitute 14 percent of daily detections.

9)     USB Encryption and Security Falls Well Short - A recent survey from Apricorn of more than 400 IT professionals from industries including education, finance, government, healthcare, legal, manufacturing, retail and manufacturing, reveals that most employees use USB drives, but that companies are leaving themselves open to data breaches and leaks by not effectively monitoring these devices and the data that gets written to them. However, eight out of 10 employees use non-encrypted USB drives such as those received free at conferences, tradeshow events or business meetings, which could be easily lost or stolen and fall into the wrong hands, or introduce malware into a company’s host system.

10)  We need to talk about mathematical backdoors in encryption algorithms - Governments and intelligence agencies strive to control and bypass or circumvent cryptographic protection of data and communications. Backdooring encryption algorithms is considered as the best way to enforce cryptographic control. Security researchers regularly set out to find implementation problems in cryptographic algorithms, but not enough effort is going towards the search for mathematical backdoors, two cryptography professors have argued.


Credits - Nagesh of Ivalue.

No comments:

Post a Comment