Friday Five: 1/19 Edition
Catch up on the week's infosec news with this recap!
1. The Very Good Reason Why You Can't Get That Google Art-Selfie Feature in Illinois or Texas by Jennings Brown
Google’s Art & Culture app, which matches selfies with portraits from 1,000+ museums, went viral this week. And while the fact it went viral is interesting – especially since it was first released in 2016 – more fascinating is the reason why the face matching feature isn’t available in every state, namely Illinois and Texas, yet. Turns out biometric data privacy laws on the books in those states prevent the collection of biometric data like finger, retina, and face scans. In Illinois companies need to say a) how it plans to use the data b) how long it plans to store it and c) obtain a users’ consent before collecting data. Washington passed its own biometric data law last May but users in the state can apparently still access the app. It will be interesting to see how potential laws being mulled by Alaska, Connecticut, Montana, and New Hampshire legislation affect the discussion around biometric data acquisition, not just by Google, but other similar corporations in the future.
We’re guilty of sharing a lot of Lily Hay Newman articles in this space each Friday. She’s got another interesting read this week via Wired – a scoop of sorts on Red Balloon Security, a small New York-based firm that's developed a new strategy designed to thwart vulnerabilities in building controllers and automation systems. Researchers from the firm presented the research at Digital Bond’s S4 conference on Thursday. The crux of the work relies on taking disclosed zero days in IoT devices and using automation to mine industrial control devices for the same vulnerabilities. The technique isn’t without its faults (it isn't completely 100% automated yet) but certainly sounds promising. "You can’t depend on the vendor to fix every single problem, and you can't depend on the world to magically apply each patch. So that’s the real purpose here, we’re showing how easy it is to do this type of analysis in all sorts of embedded devices,” Ang Cui, one of the researchers told Newman.
Those looking for some heavy duty reading on advanced persistent threats (APTs) could do far worse than spending a few hours with the Electronic Frontier Foundation and Lookout's latest co-authored report (.PDF). A lengthy (51-page) document released on Thursday peels back the covers on Dark Caracal, a threat actor likely operating out of the Lebanese General Security Directorate in Beirut. Dubbed a “new kind of spyware for hire” by The Verge’s Russell Brandom, Dark Caracal’s attacks have been traced to victims in 21 countries. The group has relied on social engineering, spear phishing, and watering hole attacks to spread Trojanized Android apps that go on to spy on users. Hundreds of gigabytes of enterprise intellectual property and personally identifiable information from thousands of victims have been siphoned up by the group, according to the firms.
4. Allscripts Investigating Ransomware Incident, Some Services Unavailable to Customers by Julie Spitzer
We're only two weeks into 2018 but on Thursday we saw the second major ransomware incident affect the healthcare industry this year. Allscripts, a vendor that specializes in maintaining electronic health record systems for physician practices, hospitals, and healthcare systems, said this week it was looking into restoring systems that were impacted by ransomware. A spokeswoman for the company confirmed the attack, stressing there was no evidence any data had been removed from their systems, in an interview with Becker's Hospital Review's Julie Spitzer. The company told the publication the malware affected data centers in Raleigh and Charlotte, N.C and that its Professional EHR services and its electronic prescribing of controlled substances system were impacted as a result. Earlier this week it came to light that Hancock Regional Hospital paid a whopping $55K, or 4 Bitcoin, to restore its systems after it was hit by the SamSam strain of ransomware last week.
Attackers with the Lazarus Group, the same hacking group purportedly behind 2014's Sony Pictures Entertainment hack and WannaCry, the ransomware epidemic that knocked thousands of machines offline in May last year, can apparently put another feather in their cap: a campaign against South Korean cryptocurrency investors. Researchers with Recorded Future, a threat intelligence firm, said Tuesday it appears the group carried out attacks against South Korean cryptocurrency exchanges. The giveaway the attacks came from Lazarus? The malware's code shared code with Destover, the destructive malware used in both the Sony attacks and one of the first WannaCry victims. Those looking for in depth technical information should head to the firm's blog.