NTSC Technology Security Roundup

Weekly News Roundup: January 7, 2019

Ryuk Ransomware Source of Cyberattack Against Various US Newspapers

A form of ransomware called Ryuk is the source of a malware attack against various US newspapers that rely on Tribune Publishing systems (especially for printing). According to the Los Angeles Times, “This piece of ransomware managed to throw a monkey wrench into Tribune Publishing newspaper operations, which under-gird its printing plants as well as those of The Times and the San Diego Union-Tribune. […] The problem surfaced near midnight [on December 27, 2018], when sports editors at the Union-Tribune struggled to transmit finished pages to the printing facility. It spread rapidly over the following day, impeding distribution of the Saturday editions of The Times and Union-Tribune, as well as papers in Florida, Chicago and Connecticut and the West Coast editions of the Wall Street Journal and New York Times, which are printed in downtown Los Angeles.” While the Ryuk ransomware shares similarities with past North Korean cyberattacks, attribution is not yet confirmed.

Marriott Data Breach Estimate Reduced to 383 Million But Company Still Faces Heavy Financial Losses

While the reduced estimate of 383 million people breached is slightly better news than 500 million, additional bad news has emerged in the wake of the Marriott data breach. According to the Chicago Tribune, “[Marriott] confirmed Friday that approximately 5.25 million unencrypted passport numbers were accessed. […] The hackers accessed about 20.3 million encrypted passport numbers. There is no evidence that they were able to use the master encryption key required to gain access to that data. Unencrypted passport numbers are valuable to state intelligence agencies because they can be used to compile detailed dossiers on people and their international movements.” Marriott could face a loss of somewhere between $200 million and $600 million as a result of the data breach, according to Computer Weekly.

Cybersecurity Standards Updates

Two government entities recently released updates to cybersecurity standards and guidelines:

  • NIST Risk Management Framework 2.0 Updates Cyber-Security Policy: According to eWeek, “The National Institute of Standards and Technology is out with the final version of its Risk Management Framework (RMF) 2.0 update, providing organizations with new detailed insight into how to define and manage risk. RMF 2.0 was officially released on Dec. 20 and follows seven months of consultation and comments. RMF 2.0 is formally titled NIST Special Publication (SP) 800-37 Revision 2 and outlines how federal agencies and those that wish to align with the standard can address security and privacy risk management. Among the key additions in the RMF 2.0 updates is an alignment and integration with the NIST Cybersecurity Framework, which outlines controls and processes that should be used by U.S. government agencies.”
  • HHS Releases Voluntary Cybersecurity Practices for Health Industry: According to Nextgov, “The Department of Health and Human Services on [December 28, 2018] released a publication containing voluntary cybersecurity practices to healthcare organizations ranging in size from local clinics to large hospital systems. Titled ‘Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients,’ the four-volume publication is the result of a two-year public-private partnership between HHS and healthcare industry professionals.”

FBI Releases Alert About Critical Infrastructure Security Vulnerability

Building control systems have an ongoing significant security vulnerability that caused the FBI to release an alert to the private sector during the week of December 17, 2018. According to CyberScoop, “Major universities, state governments, and communications companies are among the organizations at risk of having their building-system data exposed, the bureau said in an industry advisory obtained by CyberScoop. The port in question – port 1911 – is serving up building-network information on the internet that could be of use to hackers. […] The concern is that attackers can collect data on a building network to eventually gain further access to the system.”

Cybersecurity Reports and Surveys Roundup

We’ve rounded up a few of the best cybersecurity reports and surveys released last week:

  • Here’s what to expect in cybersecurity in 2019: According to TechCrunch, 2019 will include “more data leaks and exposures—but not just breaches,” the California Consumer Privacy Act going into effect by end of year, Facebook’s problems becoming mirrored in other Silicon Valley companies, and the encryption debate ready to reemerge at any time if a significant incident occurs.
  • 2019 To See Increase In Nation-State Cyberattacks, Ransomware: Reported in PYMNTS.com, “According to Robert Ackerman, Jr., founder and managing director of cybersecurity venture firm AllegisCyber, and co-founder of DataTribe, a cybersecurity startup in Washington, D.C., companies should expect to see a rise in breaches in 2019, ‘as chronically improving malware will be deployed more aggressively on more fronts.’”
  • Crypto-mining malware saw 4,000% increase in 2018: Reported in The Next Web, “According to the latest report from cyber security firm McAfee Labs, 2018 saw a 4000-percent increase in instances of crypto-mining malware. The report states there were over 4 million new threats in Q3 of this year alone, compared to the 500,000 of the same period last year.”