Cybersecurity News in Review – Second Week of December

in security •  2 years ago 

Cybersecurity stories and insights for the second week of December 2017

Bitcoin: $64m in Cryptocurrency Stolen in 'Sophisticated' Hack, Exchange Says 

News Link: https://www.theguardian.com/technology/2017/dec/07/bitcoin-64m-cryptocurrency-stolen-hack-attack-marketplace-nicehash-passwords   

Comment: NiceHash, a cryptocurrency mining organization that pools the distributed resources of global 'miners', was hacked at a cost of $64 million. The skyrocketing valuation of cryptocurrency, which now exceeds $420B (was only $14B a year ago) is getting the attention of cybercriminals. Let us not forget the axiom "Where there is value there will be crime". Users, miners, and organizations must increase security practices as the value goes up.   

Ransomware Slows North Carolina County Government to a Crawl  

News Link: http://www.wral.com/deadline-looms-for-decision-by-hacked-north-carolina-county/17165343/   

Comment: Not a win, but not a total loss either. North Carolina county government declines a hacker's ransom demand. The key can be found in the managers statement "I am confident that our backup data is secure and we have the resources to fix this situation ourselves,". That my friends is Disaster Recovery and Business Continuity at its finest. When you can say No-Thanks to extortionists, it is a good day.    Yes, it would obviously better if they did not get hacked in the first place, but eventually it will happen to everyone. Those who are able to respond and recover quickly are the winners in that scenario.   

From Denial to Opportunity – The Five Stage Cyber Security Journey  

News Link: https://www.belfasttelegraph.co.uk/service/sponsored-articles/from-denial-to-opportunity-the-five-stage-cyber-security-journey-36376915.html   

Comment: The most accurate description of the Five Cybersecurity Stages that organizations progress through.  1. Denial of Risk  2. Worry and Spend  3. False Confidence  4. Hard Lessons of Reality  5. True Leadership (or crash back to #1).  Recommended read for the day.   

100,000-Strong Botnet Built on Router 0-Day Could Strike at Any Time 

News Link: https://arstechnica.com/information-technology/2017/12/100000-strong-botnet-built-on-router-0-day-could-strike-at-any-time/   

Comment: Did you think Mirai botnet writers were done? Say hello to Satori, the next gen IoT botnet which is already 100k strong. Successful malware, such as Mirai, always evolves over time. It is just the next move in the adversarial game between cybersecurity professionals and cyber attackers. Satori has some new features and is not just trying to exploit default passwords. It is a glimpse into the future of IoT malware.        

1.4 Billion Clear Text Credentials Discovered in a Single Database

News Link: https://medium.com/4iqdelvedeep/1-4-billion-clear-text-credentials-discovered-in-a-single-database-3131d0a1ae14   

Comment: Apparently this is where old passwords go to retire. Hackers aggregating 1.4 billion login/passwords, exposed from previous breaches, and sharing them to the threat community.  Such a large number of records, made openly available, makes for an interesting resource to both attackers and security researchers.       

The Hackers Behind Some of the Biggest DDoS Attacks in History Plead Guilty

News Link: https://motherboard.vice.com/en_us/article/d3xykq/hackers-behind-mirai-ddos-botnet-plea-guilty    

Comment: A win for the good guys! Mirai authors plead guilty. That code hijacked tens-of-thousands of IP cameras, DVD players, and other insecure IoT devices as part of a massive Denial-of-Service botnet. Responsible for some of the largest DDOS attacks and severely impacted Internet on the East coast last year. Sadly, this is just the beginning for IoT based attacks. New variants are already active to fill the void.   

Majority of U.S. Doctors Report Having a 'Cybersecurity Incident'

News Link: https://www.secureworldexpo.com/industry-news/u.s.-doctors-cybersecurity   

Comment: Doctor, it hurts when you suffer a data breach! 83% of doctors report having a "cyber incident". Healthcare is vulnerable to cyber attacks. As patients, we must talk to our medical providers about the privacy of our data (records, cameras in exam rooms) and potential risks for medical devices (pacemakers, implanted defibrillators, IV pumps, and many others). We own our health, we must also advocate for our privacy and safety. Patient concerns drive healthcare innovation   


Image Sources: 


Interested in more? Follow me on your favorite social sites for insights and what is going on in cybersecurity: LinkedIn, Twitter (@Matt_Rosenquist), YouTube, Information Security Strategy blog, Medium, and Steemit

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

this makes me skeptical about how seriously medical professionals are taking incidents like this and what theyre doing to help prevent it

Great, now doctors are being hacked.

What kind of person would hack a doctor?

Hacking doctors or hospitals?

This post has been voted on from MSP3K courtesy of @ScaredyCatGuide from the Minnow Support Project ( @minnowsupport ).

Bots Information:

Join the P.A.L. Discord | Check out MSPSteem | Listen to MSP-Waves

Thanks for sharing all this info, is a good wrap up of the newest news in the cybersecurity field

I found your post through scaredycatguide. I hope you will join the minnow support project discord and chat more with us about your knowledge ofcryptoccurrency.

Always happy to share. The more we communicate, the stronger we collectively become.

We need to use carefully our accounts because now i can see a lot of fishing pages trying to stole your coins. Thanks for your post

Yes. Better to be safe than sorry.

Congratulations @mrosenquist! You have completed some achievement on Steemit and have been rewarded with new badge(s) :

Award for the number of comments

Click on any badge to view your own Board of Honor on SteemitBoard.
For more information about SteemitBoard, click here

If you no longer want to receive notifications, reply to this comment with the word STOP

By upvoting this notification, you can help all Steemit users. Learn how here!