July Cyber Briefs

Worldwide news of cyber crime, research and more

This month’s briefing from our colleagues at the Multi State Information Sharing and Analysis Center includes reports that researchers have found security flaws that could allow commercial ships to be remotely tracked and moved by bad actors. Also, Arizona sentenced a hacker known as the “Bitcoin Barron” to 20 months in prison for DDoS attacks against Madison, WI; and the Wi-Fi Alliance has launched WPA3 to improve wireless security.

NGA helps Indiana, North Carolina, West Virginia and Wisconsin enhance state cybersecurity

The National Governors Association (NGA) Resource Center for State Cybersecurity announced that it will help Indiana, North Carolina, West Virginia, and Wisconsin modernize their cybersecurity plans and infrastructure by establishing The Policy Academy on Implementing State Cybersecurity. Industry experts, federal officials, private sector experts, research organizations, and academia will advise the four participating states to develop and share best practices in cybersecurity. The Policy Academy on Implementing State Cybersecurity aims to help participating states to defend themselves against cyber threats and will help states with technical assistance to implement cybersecurity planning.

OMB recommends standardized approach to filling shortfall in cybersecurity professionals

In June 2018, OMB issued its “Delivering Government Solutions in the 21st Century: Reform Plan and Reorganization Recommendations” report. The cybersecurity section of the report concluded that federal agencies struggle to recruit and retain cybersecurity professionals due to a shortage of talent and increasing demand for these employees in the private sector. Previously, responsibility for addressing cybersecurity workforce gaps fell on each federal department and agency independently, which resulted in redundant federal programs. To address this issue, the report includes recommendations to develop a standardized approach to identifying, hiring, developing, and retaining a talented cybersecurity workforce and work to build a cybersecurity talent pipeline.

Hacker sentenced to 20 months for distributed denial of service attacks against Madison, WI

Arizona sentenced Randall Tucker, who operated under the online persona Bitcoin Barron, to 20 months in prison for conducting distributed denial of service (DDoS) attacks against Madison, WI, in 2015. The attacks targeted the website, impacting the connected emergency communication system and prevented the automatic dispatch of a unit close to an emergency. In addition to the sentencing, Tucker also received a $69,000 fine.

Proofpoint: Banking Trojans top malware observed during first quarter of 2018

Proofpoint released their Quarter 1 (Q1) 2018 Quarterly Threat Report, discussing threats posed by email, exploit kits, and web-based attacks, as well as its social media and domain research. Proofpoint found that banking trojans were the top malware observed, replacing ransomware due to the disruption of the Necurs botnet. Emotet was the most popular banking trojan, targeting victims primarily through email. Exploit Kit activity continued its decline in Q1 2018. Proofpoint found that social media support fraud increased 200% from Q4 2017.

Akamai report: DDoS attacks in the rise during first half of 2018

Security firm Akamai released their State of the Internet Security Report for Summer 2018, summarizing their results for DDoS attacks observed in the first half of 2018. Akamai reported that DDoS attacks rose 16% compared to summer 2017 and that reflection amplification attacks rose 4% due to the “memcached” attacks that occurred in January and February 2018. Of note, several “memchached” DDoS attacks exceed 1 terabits per second (Tbps). Additionally, new variants of the Mirai DDoS attack were observed in the wild.

Researchers find flaws that could allow ships to be tracked and moved remotely

Researchers at Pen Test Partners found flaws in shipping devices that allowed them to both track ship locations via GPS and send commands to move the ships. Researchers found that most of the satellite terminals within ships had default credentials and passed commands in clear text. This allowed the researchers to successfully alter data that could potentially cause physical damage to ships. Pen Test Partners also successfully set up a GPS tracking map of ships at sea.

Officials arrest 74 in connection with business email compromise scams

On June 11, 2018, Operation Wire Wire, conducted by the U.S. Department of Justice (DOJ), DHS, Department of Treasury, and U.S. Postal Inspection Service, resulted in the arrest of 74 U.S. and overseas individuals involved in Business Email Compromise (BEC) scams. The operation seized $2.4 million and recovered $14 million in wire transfers. DOJ also arrested eight individuals associated with BEC scams based in Africa via Operation Keyboard Warrior on June 28, 2018. The eight individuals were responsible for stealing approximately $15 million from U.S. citizens since 2012.

Wi-Fi Alliance launches WPA3 to improve security, combat vulnerabilities in WPA2

The Wi-Fi Alliance launched WPA3 to improve upon previous features and combat security vulnerabilities present in WPA2. The improvements include configuration, authentication, and encryption enhancements to prevent network eavesdropping. WPA3 has two versions of security: WPA3-Personal and WPA3-Enterprise, which is for personal, enterprise, and Internet of Things (IoT) networks. New features will help combat brute force dictionary attacks, protect the wireless handshake, enhance privacy on public Wi-Fi networks, and offering strong encryption for sensitive-information networks.