Pete Recommends – Weekly highlights on cyber security issues, May 30, 2021

Subject: FBI: Conti Ransomware Gang Behind Ireland Attack Also Hit 16 U.S. Health and Emergency Networks
Source: Gizmodo

The same hackers that took down the Irish health system last week also hit at least 16 U.S. medical and first responder networks in the past year, according to a Federal Bureau of Investigation alert made public Thursday by the American Hospital Association.

As first spotted by the security news site Bleeping Computer, the FBI Cyber Division said these hackers used the strain of ransomware known as Conti to target law enforcement agencies, emergency medical services, 9-1-1 dispatch centers, and municipalities in the U.S. Ransomware is a type of malicious software that breaks into a victim’s devices and encrypts their files so cybercriminals can then extort payment in exchange for restoring access.

The hackers that crippled the Irish health system are reportedly part of “Wizard Spider,” a sophisticated cybercrime gang based in Russia that’s been increasingly active in the past year. The group’s threatened to release patient records unless Irish authorities fork over $20 million.

Subject: Cloud Backup and Cloud Storage Guide
Source: Consumer Reports

If you’ve ever accidentally deleted or overwritten an important file, spilled a cup of coffee on your computer, or had a laptop that was lost or stolen, you understand the importance of backing up important files. But even backing up files to an external hard drive on your desk isn’t always enough. Another option is to store them in the cloud, which is made up of remote servers you access online.“The best advice around backup is to have it in three different places,” says Sean Metcalf, founder and chief technical officer of Trimarc Security, a company in Washington, D.C., that helps organizations secure their Microsoft platforms. The three places are typically a computer, an external hard drive, and a cloud service.

That way, if a natural disaster wipes out your computer and external hard drive, you can restore your files using an off-site service. That backup plan also comes in handy if your computer and external drive are both damaged by a power surge or malware.

You have two broad options for maintaining copies of your files online: cloud backup services and cloud storage services. They are similar but not the same.

Subject: How data manipulation could be used to trick fraud detection algorithms on e-commerce sites
Source: Help Net Security

As the marketing of almost every advanced cybersecurity product will tell you, artificial intelligence is already being used in many products and services that secure computing infrastructure. But you probably haven’t heard much about the need to secure the machine learning applications that are becoming increasingly widespread in the services you use day-to-day.Whether we recognize it or not, AI applications are already shaping our consciousness. Machine learning-based recommendation mechanisms on platforms like YouTube, Facebook, TikTok, Netflix, Twitter, and Spotify are designed to keep users hooked to their platforms and engaged with content and ads. These systems are also vulnerable to abuse via attacks known as data poisoning.

Manipulation of these mechanisms is commonplace, and a plethora of services exist online to facilitate these actions. No technical skills are required to do this – simply get out your credit card and pay for likes, subscribes, followers, views, retweets, reviews, or whatever you need. Because the damage from these attacks remains tricky to quantify in dollars – and the costs are generally absorbed by users or society itself – most platforms only address the potential corruption of their models when forced to by lawmakers or regulators.

However, data poisoning attacks are possible against any model that is trained on untrusted data. In this article, we’ll show how this works against fraud detection algorithms designed for an e-commerce site. If this sort of attack turns out to be easy, that’s not the kind of thing online retailers can afford to ignore.

What is data poisoning?…The art of generating data poison – For our experiment, we generated a small dataset to illustrate how an e-commerce fraud detection model works. With that data, we trained algorithms to classify the data points in that set. Linear regression and Support Vector Machines (SVM) models were chosen since these models are commonly used to perform these types of classification operations.

We used a gradient ascent approach to optimally generate one or more poisoned data points based on either a denial-of-service or backdooring attack strategy, and then studied what happened to the model’s accuracy and decision boundaries after it was trained on new data that included the poisoned data points. Naturally, in order to achieve each of the attack goals, multiple poisoned data points were required.

Subject: IRS Wants Tools for Cracking Crypto Wallets
Source: Nextgov

As more people across the globe get into trading and purchasing goods using cryptocurrencies—even the federal government—the IRS’s Criminal Investigations division wants “reliable” tools and processes for cracking crypto wallets….

For an added layer of security, some cryptocurrency traders use crypto wallets, which keep the private keys needed to access the cryptocurrency separate from the broker making the transaction.
These wallets can take the form of a segmented app with an extra layer of security or a separate piece of hardware—like a thumb drive—that stores the private keys offline until needed.

For the IRS Criminal Division’s Digital Forensics Unit, crypto wallets seized as part of investigations have been tough to crack.

“Though a few known cyber penetration testers have published vulnerabilities on specific devices, the process of decrypting the hardware devices to gain access to the wallets has been challenging,” according to a request for information posted to

The RFI seeks to garner industry feedback on the market, small and disadvantaged business set-asides and existing contract vehicles, like governmentwide acquisition contracts and the General Services Administration schedules.


Subject: How to Password-Protect Your Google Search History and More
Source: Gizmodo

Google’s added a new way to keep other people’s prying eyes out of your search history, YouTube faves, and more. As first spotted by Android Police, the company has started prompting users to password-protect their Web and Activity page, which shows off a person’s history across a slew of Google services.This added password protection is just one of the privacy buffs that Google’s been rolling out after this month’s Google I/O event. This includes a new optional locked folder you can add to your Google Photos account and a new quick-delete toggle that lets you automatically scrub the last 15 minutes of your Google search history.

What does my Google Activity page show, anyway?

Subject: Cryptocurrency Crackdown Won’t Stop Ransomware, CISA Official Says
Source: Nextgov

Cybersecurity professionals stress the importance of proactive defense to combat the growing number of attacks.

The scourge of ransomware will proceed with or without closer regulation of the ecosystem that facilitates victims paying anonymous criminals to unlock or return data they steal and hold hostage, a senior Cybersecurity and Infrastructure Security Agency official said.“Criminals have always found an innovative way to continue the attack [through] some mechanism so, you know, if we were to magically flip a switch and make Bitcoin for instance completely transparent, they’re going to find another way to do it,” said CISA Deputy Director Nitin Natarajan.

Natarajan was part of a panel discussion the U.S. Chamber of Commerce hosted on ransomware as a service Tuesday. Other participants included the United Kingdom’s National Cyber Security Centre Technical Director Harry W, McAfee Chief Scientist Raj Samani and Global Cyber Alliance Executive Director Megan Stifel.

Stifel recently co-chaired a public-private ransomware task force which produced a report that made a big splash, garnering interest with a congressional hearing and support from Homeland Security Secretary Alejandro Mayorkas.


Subject: Google, Hospital Chain Cut Data Deal on Patient Records
Source: Newser

(Newser) – Google is moving deeper into the health care business. Under a multiyear deal with HCA Healthcare, a hospital chain, the companies’ engineers will develop algorithms to help monitor patients, guide medical decisions, and increase efficiency. Google will store data generated by HCA’s medical devices, as well as information from health records, the Wall Street Journal reports. The company has about 2,000 US sites. “Part of what we’re building is a central nervous system to help interpret the various signals,” says Jonathan Perlin, the company’s chief medical officer. The companies hope to come up with algorithms that will, among other things, send an alert to clinicians’ mobile devices when there’s a change in a patient’s condition….

NB see also

Subject: European privacy groups challenge facial scan firm Clearview
Source: AP via Yahoo!

LONDON (AP) — Privacy campaign groups filed legal complaints Thursday with European regulators against Clearview AI, alleging the facial recognition technology it provides to law enforcement agencies and businesses breaches stringent European Union privacy rules. Four groups complained to data protection authorities in France, Austria, Greece, Italy and the U.K. about Clearview’s practices. They say the company stockpiled biometric data on more than 3 billion people without their knowledge or permission by “scraping” their images from websites.

The complaints say Clearview didn’t have any legal basis to collect and process this data under the European Union’s General Data Protection Regulation, which covers facial image data. Britain adopted its own version of the EU privacy rules after it left the bloc.

Subject: How Utah secures shared data
Source: GCN

To combat the rising number of cyberattacks, Utah’s Department of Technology Services is encrypting the data it shares internally and externally with other agencies and private entities. DTS contracted with Virtru, an encryption company, about five years ago to shore up its enterprise cloud-based email system after finding the administrative tools in its previous solution to be problematic.

“You’re somewhat spoiled when you have an on-prem system because you’re in full control of everything, and being able to deal with the encryption and handle issues as they come through,” said Corona Ngatuvai, enterprise architect at DTS.

Using an outside vendor for encryption makes it harder to perform administrative functions because “you have to go through the vendor,” he said. The vendor had to communicate with its third-party encryption group, which had to authorize a direct discussion, implement the change and then tweak it based on feedback. “It became too cumbersome to manage encryption when there was a middle man,” Ngatuvai said.

Maryland began using Virtru in 2015 to shore up its use of Google tools such as Gmail and Google Drive. They embed the platform into automated workflows, including but not limited to email because data comes off many endpoints, such as file sharing.

Subject: Email provider says bomb threat came after Protasevich flight was diverted to Belarus

May 27 (UPI) — A Swiss email provider on Thursday said that an email Belarusian authorities said contained an in-flight bomb threat arrived after a plane carrying opposition journalist Roman Protasevich was diverted to Minsk. ProtonMail issued a statement contradicting claims from Belarusian officials that they alerted cockpit crew after receiving a bomb threat against the plain carrying Protasevich — a vocal opponent of Belarusian President Alexander Lukashenko who had been in self-exile — by the militant group Hamas, The Washington Post reported.

Subject: After Colonial attack, TSA issues new cyber regs for pipelines
Source: FCW

The Transportation Safety Administration on Thursday issued new security directives for pipeline owners and operators concerning how they respond and report cybersecurity incidents.The directives, according to a Department of Homeland Security statement emailed on Thursday morning, require companies to report “confirmed and potential” cybersecurity incidents to DHS’s Cybersecurity and Infrastructure Security Agency. Companies also must designate a “cybersecurity coordinator” to be available at any time.

“It will also require critical pipeline owners and operators to review their current practices as well as to identify any gaps and related remediation measures to address cyber-related risks and report the results to TSA and CISA within 30 days,” according to the statement.

DHS Secretary Alejandro Mayorkas in the statement highlighted the recent attack on Colonial Pipeline, which sparked a major gasoline supply crunch along the East Coast for several days, as the reasoning for the new directives.

Turf battles could be in the offing, however. Lawmakers in the House and Senate are divided about jurisdiction over pipeline security, with some insisting that TSA retain its authorities while others back giving the Energy Department or the Federal Energy Regulatory Commission a more authoritative role in regulating pipeline security.


Posted in: AI, Criminal Law, Cybercrime, Cybersecurity, E-Commerce, Economy, Email Security, Encryption, Energy, Healthcare, Privacy, Search Engines