Cybersecurity News Bytes for Early August 2018
Posted on 08/12/2018
New Cyber Threat against Pacemakers
Early cyber attacks on pacemakers relied on manipulating the radio waves providing commands to the device. Researchers have focused on Medtronics pacemakers, discovering several new vulnerabilities that could allow malware to be placed directly onto the device and controlled remotely. This could allow the application of additional (or fewer) electrical impulses, potentially endangering the patient. The main vulnerability was in the software delivery process that supports home remote systems and other pieces of the pacemaker infrastructure. The researchers pointed out that, while Medtronic uses a proprietary cloud for software development, it does not digitally sign its code, making it vulnerable to manipulation. Wired, 9 August 2018.
Cellphone Vulnerabilities Reported
Research funded by the Department of Homeland Security (DHS) has uncovered serious vulnerabilities in cellphones used by all major U.S. carriers, including AT&T, Verizon, T-Mobile, and Sprint. Phones used by other carriers are also affected, including in other countries. DHS stated that the vulnerabilities are “deep within the operating system,” and that it is unclear whether they have been exploited. Fifth Domain, 7 August 2018.
New North Korean Malware Threat KEYMARBLE
US-CERT issued a malware analysis report on a new trojan designated KEYMARBLE, believed to be developed and deployed by North Korea. According to the report, KEYMARBLE “…contains one 32-bit Windows executable file, identified as a Remote Access Trojan (RAT). This malware is capable of accessing device configuration data, downloading additional files, executing commands, modifying the registry, capturing screen shots, and exfiltrating data.” The U.S. Government refers to malicious cyber activity by the North Korean Government as HIDDEN COBRA. More information about HIDDEN COBRA. these activities can be found at https://www.us-cert.gov/hiddencobra. US-CERT, MAR AR18-221A, 9 August 2018.
Singapore Attack Linked to Nation-State Group
A major cyber attack on Singapore exposed personal information on 1.5 million people, including the Prime Minister. Health care was apparently was the primary focus of the attack, specifically on personal health records and prescriptions. Singapore’s Minister for Communications and Information attributed the attack to an unnamed nation-state based on the sophisticated tactics, techniques, and procedures used. He said the government was highly confident in attributing the attack, but lacked sufficient information to take legal action. Reuters, 6 August 2018.
Global Health Records At “High Risk”
Cybersecurity researchers have discovered vulnerabilities in OpenEMR, the most widely used system in the world for managing patient records. More than 100 million people’s health records, including more than 30 million in the U.S., could be at risk based on the vulnerability. The company responded to the report by thanking the researchers and beginning to patch the vulnerabilities they discovered. BBC News, 7 August 2018.
Automated Twitter Botnet Used for Cryptocurrency Scam
Researchers at Duo Security conducted a case study to determine whether they could detect automated botnets. The researchers applied artificial intelligence techniques to classify the botnets they discovered. Looking at the last 200 tweets on 88 million Twitter accounts, they discovered a cluster of automated botnets that were being used in a cryptocurrency scam. The botnet generated tweets that appeared to be legitimate news items. Other, related botnets “liked” or retweeted the phony items in a process called “artificial inflation.” Twitter said they are aware of the problem and have AI tools that can identify spam botnets. Tech Crunch, 6 August 2018.
Return to our HOME PAGE.