The Daily Roundup



Most Notable Info

Cybersecurity is definitely becoming a bigger priority for politicians. With the past (and probably future) Snowden revelations, and never-ending breaking news of new cyber-attacks, there is good reason for this shift in political focus.
There is word out that a bill is currently being drafted; the goal of which is allowance for “companies to monitor their computer networks for cyber-attacks, promotes sharing of cyber threat information and provides liability protection for companies who share that information.” The motivation behind this bipartisan bill is to “protect our corporate, governmental and personal digital assets from all cyber threats, foreign and domestic.”
Reuters reports that U.S. Homeland Security Secretary Jeh Johnson is observing an attitude shift in both political parties towards a more open dialogue between companies and the government when it comes to discussing cyber threats that could compromise multiple industries. Johnson believes cybersecurity to be an extremely important element for both the government and private businesses.
There is speculation about whether Congress will be able to agree on any sort of legislation that would mandate information sharing. One example of this disbelief comes from Peter Swire, Georgia Tech Professor and member of President Obama's spying practices panel, “I don't believe Congress is going to vote on a massive increase of information sharing at the same time as it is voting to end (NSA's) bulk collection.”
While the hesitation is valid, it is clear that these two actions are very different. The need for cybersecurity defenses is vitally important, especially when there are new and growing threats popping up everywhere.

On to the daily roundup...

IT Gravity 45, Risk 46
Beginning in July, Microsoft's Office 365 business customers will see a move from per-disk encryption to a model where every file stored in SharePoint Online and OneDrive for Business has its own encryption key. This change may be encouraging to businesses seeking a secure collaboration environment for company files. goo.gl/hWqdjn
Top Targets: Infrastructure and Utilities- Kuwait IT infrastructure

GOVERNMENT Gravity 26, Risk 29
A new report examines an Iranian sponsored hacking group that evolved from website defacements to targeted espionage campaigns aimed at defense organizations and Iranian dissidents. Dubbed “Operation Saffron Rose” the report analyzes the group’s methods and targets goo.gl/OBSfSS. The report can be found here:goo.gl/wCDMQk.
Top Targets: Infrastructure and Utilities- Kuwait IT infrastructure

OTHER ORGANIZATIONSGravity 8, Risk 14
A 17 year old student at a South Dakota high school cost his school $1,000 in damage after he hacked the schools network and shut down the phone, internet, and email systems. bit.ly/1v4em1Y
Top Targets: Customers/Clients- British Pregnancy Advisory Service (BPAS) clients

CONSUMER GOODS Gravity 8, Risk 10
Point-of-sale attacks have evolved over the past few years from opportunistic to sophisticated attacks. Ambitious threat actors are moving towards "highly targeted attacks that require a substantial amount of lateral movement and custom malware created to blend in with the target organization." Read the Arbor report: goo.gl/z7qapr
Top Targets: Group Members- Taiwanese mailing service agency

ENERGY Gravity 1, Risk 11
An advanced actor used the IE vulnerability to target defense and energy companies, claims FireEye. The advanced actor then shared the vulnerability with another threat actor. The actors utilized watering hole attacks to try to compromise targeted organizations. The two attack groups are state sponsored, claim FireEye.goo.gl/LLn61j
Top Targets: Infrastructure and Utilities- Tehran's nuclear company network

FINANCIALSGravity 5, Risk 9
A scam that targets social media uses directs the user to a fake facebook login page and steals the user's credentials. This same format is also being employed on a Chase Bank fake page from gifting sites. bit.ly/1jH7LG0
Top Targets: Websites- Corporate websites

ENTERTAINMENT Gravity 1, Risk 5
An AnonGhost member created a Facebook page for a campaign dubbed OpFifa. The hacktivists targets Fifa over its “attitude towards Muslim teams.” This years World Cup is a cause célèbre among hacktivists. Brazilian hacktivists have said they will attack FIFA and Brazilian government websites to protest the competition.goo.gl/zRHoRL
Top Targets: Social Media Accounts- Gary Barlow Twitter account

HEALTHCARE Gravity 2, Risk 4
Joel Scott and James Giscombe Jr., who work with patients treated at the NYU College of Dentistry, were busted for allegedly stealing credit card information from more than 350 victims using a mini card skimmer attached to the reader. Claims have circulated that the school covered up the crime by not reporting it. goo.gl/tyUalj
Top Targets: Medical Equipment- Medical device

Telecom Gravity 2, Risk 3
The French Telecom company, Orange, released a statement this week stating they were hit by a massive data theft. The theft could affect over 1.3 million subscribers and this comes only a few months after the company had over 800,000 customer records stolen in another data theft.bit.ly/Qe3ePm
Top Targets: Data- Orange S.A. database

UTILITIES Gravity 0, Risk 0
Ronald Ross from NIST said at Utilities Telecom Council convention that security shortfalls are in communication, not tools. "We're drowning in risk management frameworks. We're drowning in controls." The key is determining who is responsible for protecting software, equipment, and systems and for responding when attacks occur.goo.gl/aLtaiG

INDUSTRIALS Gravity 0, Risk 0
The Pakistan Haxors Crew breached and defaced a sub domain of Indian carmaker Tata. The hacker’s defacement calls out Tata’s lack of security on their website. The group target several numerous Indian websites, including several government websites and the country’s railway system. goo.gl/xXhqpR

MATERIALS Gravity 0, Risk 0
On Sunday Anonymous attacked the Monsato Brazil website via a DDoS and took it offline. This is not the first attack Anonymous has conducted against Monsato. The hacktivist organization is protesting the use of GE Trees that they claim poisons land and displaces communities in Latin America. inagist.com/all/4478...

In other news...

A 17-year-old South Dakota student has been arrested for hacking the computer system of Sioux Falls Catholic schools, and has been charged with “felony intentional damage to property.” The police are saying that phone, email, and internet services were shut down last week to at least eight different schools in the district, costing about $1,000 to get restored.
I mean, why? Why?