Category Archives: Data Breach

Ponemon Institute Reports Healthcare Data Under Attack by Criminals.

Posted on April 11, 2016 | Leave a comment

Linux
Results from the Ponemon Institute’s Fifth Annual Benchmark Study on Privacy & Security of Healthcare Data have confirmed what many in the healthcare industry had suspected and even feared: 65% of the healthcare organizations participating in the study had experienced electronic information-based security incidents over the past two years. In addition, some 87% of third-party vendors, identified by HIPAA as Business Associates (BAs), reported a data breach in the last two years.

More disturbing is the revelation that for the first time in the history of the study, criminal attacks are the number one cause of data breaches in healthcare. The number of criminal attacks on healthcare organizations and business associates has increased 125% compared to five years ago. According to the study, more than 90% of the healthcare organizations taking part had experienced a data breach, and 40% of the respondents had experienced more than five data breaches over the past two years.

No healthcare organization, no matter its size, is impervious to these attacks. And they are certainly not immune to the side effects of a breach.

The rapid growth of data breaches in the healthcare industry is putting health information at risk at an alarming rate. Moreover, it’s expensive—for all concerned. According to the Ponemon Institute study, “…the average cost of a data breach for healthcare organizations is estimated to be more than $2.1 million…the average cost of a data breach to BAs represented in this research is more than $1 million.”

The study’s findings also reveal that 45% of the healthcare organizations surveyed reported the occurrence of a Cyberattack indicated the source of the attack was criminal, while 12% cited the work of malicious insiders. 39% of the BAs reported breaches caused by criminal attackers while 10% attributed the attacks to malicious insiders.

The study described an increase in Web-borne malware attacks, citing 78% of the healthcare organizations surveyed as having experienced security incidents caused by malware; 82% of BAs had suffered security incidents attributed to malware.

Perhaps one of the most shocking data points reported is that in spite of the increased criminal activity and the rapidly evolving threat environment, the majority of healthcare organizations indicated implementing no changes to what they’re doing or how they’re doing it. Only 40% of healthcare organizations and 39% of BAs surveyed expressed concern about cyberattacks.

Other Findings Giving Cause for Increased Cyber security Measures

Policies and Procedures in Place

The survey results clearly illustrate the reality that healthcare organizations and the BAs with whom they work need to invest more in technologies that allow them to respond quickly to data breaches. While 58% of healthcare organizations responding agreed that they have policies and procedures in place that allow them to detect a data breach quickly and efficiently, fewer than half believe they have sufficient technologies in place to do so — and only 33% were confident they have the resources needed to prevent or quickly detect a data breach. Responses of BAs participating in the survey fell along similar lines. 50% of business associates responding stated that they have the policies and procedures in place to prevent or detect a security incident, while fewer than half believe they have sufficient technologies. Lastly, only 41% of BAs stated that they have adequate resources to be able to identify and repair data breaches.

Top Concerns of Respondents

The research also revealed interesting insights relating to the top concerns of survey respondents. While the number of criminal attacks on healthcare organizations and business associates has increased 125% compared to five years ago (and 45% of the organizations surveyed traced data breaches to criminal activity) only 40% of the respondents were most concerned about Cyberattacks as a security threat. BAs were even less immediately worried with only 35% citing Cyberattacks as a top concern. Here’s an overview of what they reported being most concerned about:

Source: The Ponemon Institute’s Fifth Annual Benchmark Study on Privacy & Security of Healthcare Data

The security threats BAs worry about most:

Source: The Ponemon Institute’s Fifth Annual Benchmark Study on Privacy & Security of Healthcare Data

How Attacks Are Discovered

Among other key findings detailed in the Poneman report are the statistics relating to how health organizations have uncovered the security attacks. 69% learned of a data breach through an audit or assessment, while 44 % were discovered by an employee. 30% of data breaches were reported by patients, 23% were uncovered accidentally, and 18%came from a legal complaint. Law enforcement was responsible for 6 % of the discoveries and loss prevention teams for 5%.

Source: The Ponemon Institute’s Fifth Annual Benchmark Study on Privacy & Security of Healthcare Data  

Business associates reported different statistics, with 60% of data breaches reported as being uncovered by employees and 49% discovered as a result of audit or assessment. BAs said 33% were found accidentally, 21% through a legal complaint, 17% from a patient complaint, 13% from loss prevention teams, and 12% by law enforcement.

Source: The Ponemon Institute’s Fifth Annual Benchmark Study on Privacy & Security of Healthcare Data

Conclusion

The findings of the Ponemon Institute survey paint an alarming picture: the healthcare industry, which manages vast amounts of personal data, is under attack by criminal elements and jeopardized by employee negligence, as well as the actions of malicious insiders. The number of data breaches is growing exponentially, and both healthcare organizations, and the business associates who serve them lack sufficient technologies, resources, and processes to ensure data is kept secure.

The report details a slow but steady increase in technologies used by both healthcare organizations and their business associates to detect and mitigate the impact of cybersecurity threats, but concludes that the pace of the investments in both technologies and security expertise is not sufficient at this time.

In conclusion, the Ponemon Institute calls for intensive employee training and awareness programs, ramped up investments in technologies and security expertise, and a broad application of innovative solutions to the industry to improve the current status of the privacy and security of the nation’s healthcare data.

 

Leave a comment

Posted in Big Data, Cyber Security, Data Breach, Encryption, Healthcare

Tagged , ,

Data Breaches, Hacking and Cybercrime – Oh My!

Posted on April 11, 2016 | Leave a comment

Keyboard_Lock

Whenever I visit my relatives, I’m often not shocked to take a look at their smartphone or tablet or PC and find the little “update” notification number on their apps light up – and it isn’t just usually one update, it’s like 99! Because of my experience and career path, we spend part of our visit going through and updating phones, tablets and computers. Sound familiar to anyone else?

After working in this field for more than 20 years, people often will ask me – how do you sleep at night? I tell them I sleep just like a baby – meaning I sleep for 4 hours and I’m up every half hour screaming (not my quote, but I love that one….) Truthfully though, I love what I do and I’m excited to provide some thoughts and advice to consumers on how to protect themselves from a range of cyberthreats from common hacking attacks to sophisticated newer techniques like ransomware. One of the things consumers need to focus on is personal “computer hygiene.” If consumers and businesses kept up basic computer hygiene, it would stop approximately 80-90 percent of attacks.

Here are a few key and simple things you can do to protect yourself from hackers and fraudsters alike:

1) Yes, you need anti-malware software on your PC or Mac.  But equally if not more important is that you need to keep all device software updated. Many computers are hacked because they are running on an outdated operating system or outdated version of Adobe or Java or other office software. Old software is vulnerable software.  Keep it up to date.

2) Don’t use the same password on different sites. Use a different password for financial sites, vs. other consumer/retail sites. Once a hacker has access to one password, they will usually try the same password on other major websites.

3) Use the strongest authentication options available to you. For example, when a site allows you to enroll via a mobile device, which triggers a code sent to you for verification, enroll for that. You’ll thank me later.

4) Remove your own “administrative rights” on your home computer.  Many companies remove general user’s ability to add new users, install software, etc.  This greatly limits what malware can do if it is accidentally downloaded by a user.  At home, most people don’t think to do this.  So, consider creating a “normal user” account for yourself, removing that “admin” access from it, and only use the default “Administrator” account or right when you need to install software, add new users, apply updates, etc.

Sincerely hope this helps you.

Leave a comment

Posted in Cyber Security, Data Breach, Encryption, Hacking, Malware

Tagged ,

Looking to improve cybersecurity? Fire some CEOs

Posted on April 5, 2016 | Leave a comment

Great Article by Bill Siwicki

Running security and IT under a CFO or chief administrative officer is bound to be problematic because they typically lack a technology background. One expert’s alternative: Empower CIOs and all employees to innovate a culture of security.

MansurHasibhitnThere’s a big problem thwarting cybersecurity today and it has to do with people – those at the top specifically, according to Mansur Hasib, a cybersecurity professor at the University System of Maryland.

“Many executives have taken the view that cybersecurity is control of people, limiting people’s use, essentially telling people they are dumb, that they cannot use technology, that their ability to load software on their computers will be disabled,” said Hasib, who wrote the books “Cybersecurity Leadership” and “The Impact of Security Culture on Security Compliance,” and earned a doctorate in cybersecurity from Capital Technology University in Laurel, Md. “Most companies run IT and cybersecurity where IT professionals live in these hallowed halls and they do not share knowledge.”

As part of his doctoral dissertation on cybersecurity in 2013, in fact, Hasib conducted a national study across a wide swath of organizations in the U.S. and found that half of healthcare entities operate IT and cybersecurity efforts through non-IT officers such as the CFO or the chief administrative officer.

Further, one-third of healthcare organizations have no CISO and one-fifth have no plan to hire a CISO anytime soon. He said this is an enormous problem for healthcare cybersecurity today.

Hasib will speak at The HIMSS and Healthcare IT News Privacy & Security Forum, May 11-12, 2016, in Los Angeles, California.

“Anthem, which had the biggest security breach in healthcare, runs IT through its chief administrative officer,” Hasib said. “These executives, with their MBA backgrounds, have no clue about IT and security, so why is this person in charge of it? Yes, they have a CIO, but no real CIO should work for a CFO or CAO. If I am a CIO and I am not reporting directly to the CEO, then I am not a CIO.”

That problem starts in graduate schools, Hasib said, where the lack of focus on IT or cybersecurity is partially responsible for what London Business School researcher and professor Gary Hamel determined, which is that innovation and productivity in the U.S. are half of what they were in 1972.

Individuals and employees, on the other hand,  are armed with greater access to technology than they have ever had. Today’s mobile phones and tablets, for instance, effectively democratize IT by putting it in just about everyone’s hands. As a result, the concept of technology run by a privileged few no longer works.

“That’s why there is a massive failure – the trust divide between executives and the common people,” Hasib explained. “Employees realize they do not have access or a role. But the reality is everyone handles data and technology, therefore the ultimate cybersecurity posture of any organization depends on people. Behavior of people determines ultimate success.”

Hasib learned about that massive failure when Anthem breached his own health data. And because of Anthem’s reporting structure, Hasib has a cure to the company’s cybersecurity woes that is blunt. “In order to improve cybersecurity, fire some CEOs,” he said. “If any CEO thinks their CFO can run their IT and cybersecurity, then that CEO does not belong in the CEO role.”

Hasib went on to say that the reason there has been such a decline in innovation in America – innovation by employees that is needed to bolster cybersecurity – is because Corporate America has put leaders on an anointed pedestal.

“We think authority is leadership, but it is not – knowledge is leadership,” he said. “Every one of us has some knowledge we can use to guide others in whatever it is we know. Leadership is guiding someone to a purpose, usually where that person wants to go. Management is forcing someone to go where you want that person to go. It is much better to inspire people and lead them to where they want to go.”

As such, any C-suite officer can inspire values in employees throughout an organization, values that in the case of cybersecurity can include, for example, loyalty, trust and innovation.

“A company that does not have the loyalty of the people in its organization will never have cybersecurity,” Hasib said. “Great companies have a culture where they allow people to take risks – and understand innovation by itself has risk.”

Hasib cited as an example a nuclear power plant he studied. Needless to say, safety was a value its leaders promulgated throughout the organization.

“There, safety is the culture,” he explained. “Every employee is incentivized. Their business is based on how many hours they can go without a safety incident. In healthcare, does any organization give incentives for how many days without data loss? You can certainly have a goal of zero data loss, that is easy enough. What if you rewarded people for that? Everything is negative today, and people are not excited about negative stimulus. Leaders should give people incentives and reward innovation.”

Cybersecurity must indeed be about continuous innovation, Hasib added. Without innovation, an organization will never have cybersecurity, and it’s people who create a culture of innovation.

Hasib will speak at The HIMSS and Healthcare IT News Privacy and Security Forum, May 11-12, 2016, in Los Angeles, in a session titled “Healthcare USA: How to Create a Human Firewall,” May 11 from 1:45-2:30 p.m. Register here

Twitter: @SiwickiHealthIT
Email the writer: bill.siwicki@himssmedia.com

Leave a comment

Posted in Cyber Security, Data Breach, Hacking, Healthcare, Security

Tagged , ,

FBI investigating attack against computer networks at U.S. law firms

Posted on March 31, 2016 | Leave a comment

thinkstockphotos450270251sma_763723The Federal Bureau of Investigation (FBI) and the Manhattan U.S. attorney’s office are investigating an attack in which hackers accessed the computer networks at U.S. law firms, including Cravath Swaine & Moore LLP and Weil Gotshal & Manges LLP, according to a Wall Street Journal report.

An individual familiar with the investigation told the Journal that investigators are looking into whether the hackers accessed the networks for insider trading or other purposes.

It is also likely that employee and client records were accessed in order to facilitate spearphishing and social engineering attacks, said Adam Levin, chairman and founder of IDT911 and author of “Swiped” in comments emailed to SCMagazine.com. “The bad guys gained privileged access by way of stolen credentials, infected computers with malware, monitor activity, collect information and then use it for their financial gain,” he noted.

The attackers have reportedly posted threats of similar attacks against other laws firms.

Darren Hayes, director of cybersecurity at Pace University’s Seidenberg School of Computer Science and Information Systems, noted that law firms have been a target for hackers because they possess large quantities of intellectual property. “The recent slew of attacks on Wall Street law firms is a new phenomenon, but makes sense given their access to sensitive information.”

Seclore Technology CEO Vishal Gupta said in an email to SCMagazine.com that financial institutions and Fortune 500 companies have improved their security preparedness, but he noted that “hackers are finding loopholes – and in this case, it’s through the top US law firms.”

Hayes also acts as a consultant on legal cases involving digital evidence. He said law firms “are not known to generally possess the best network security defenses.”

Forget the hospitals, it now appears that the world’s cyber hyenas have found an endless source of fat and slow moving wildebeests to prey on the digital savanna. Cash “cows” as it were for ransomware attacks.

Can you think of a slower, less well-defended beast with more cash that would be so highly motivated to pay the ransom to protect their reputation?

The ransomware challenge simply cannot be solved by playing defense alone. We need to de-monetize this exploit by either holding the perpetrators at risk of arrest — or disrupting their ability collect the ransom.

No matter what the security-industrial complex technologists try to sell you to allay your fears and let you play a losing rope-a-dope defense a bit longer — the only successful solution is to pursue and challenge these ransomware teams directly.

Leave a comment

Posted in Cyber Security, Data Breach, Forensic, Hacking, Security

Tagged ,

Do Not Respond To This Kind Of Email. It’s A Scam!

Posted on March 31, 2016 | 1 comment

Criminals are tricking corporate employees into giving them payroll information. Here is how the scam works – and how you can prevent yourself from falling prey to it.

getty_462568451_86094

IMAGE: Getty Images

Over the past couple months there have multiple well-publicized cases of criminals tricking corporate employees into giving them payroll information that the crooks then use to commit various crimes: commonly, employees’ identities are stolen and phony tax returns are filed in order to obtain illegal “refunds” of “overpayments,” but thieves continue to find other ways to monetize the data including filing fraudulent unemployment claims.

Here is how the scam works – and how you can prevent yourself (and your business) from falling prey to it.

In the first stage of the attack criminals perform reconnaissance – often checking social media for information that employees have “overshared.” Criminals love it when employees post nonpublic information about some work-related endeavor, for example, because anyone who later claims to be an employee of the company and refers to this information when contacting a real employee will be far more likely to be believed than someone who simply claims to work for the firm but does not know any “insider” information. Criminals also search social media and the Internet in general to find the right “target” employees within the firm whose data they are trying to steal.

After performing reconnaissance, criminals contact their targets – often via a “spear phishing” type email message, but sometimes through other media such as via social media, texting, or telephone. Spear phishing refers to communications targeting a specific intended victim and which impersonates a party whom the receiver is expected to trust. Several recent attacks have involved communications in which the “CEO” or other high level executive of a firm asks an employee with access to payroll information to send him or her the W2s for all employees of the firm; others forms of the attack ask an employee with authorization to make wire transfers to pay some particular party, others may ask the employee to visit some website for some purpose, when, in fact, the site actually installs malware.

Snapchat, Mercy Housing, and Sprouts Farmers Market have all fallen prey to the W2 scam within the last couple months, thereby exposing their employees to all sorts of risks. Other firms have been duped by similar attacks and sent out spreadsheets with personnel information, and the Federal Reserve Bank of New York is believed to have recently issued about $100-Million in fraudulent wire transfer payments as a result of receiving instructions fraudulent to do so.

Here are some ways to help prevent this problem from harming you and your business:

1.       Train employees not to overshare on social media and provide them with technology that warns them if they are doing so.

2.       Train employees not to respond to email requests for sensitive data without picking up the phone and speaking with the person requesting the data to be sent.

3.       Understand — and make sure your employees understand — how phishing works, and why it is a serious problem that is not getting better with time.

4.       Train employees to think about the risk level of requests. As Jonathan Sander, Vice President at Lieberman Software, noted, “If a payroll employee wants one W2, then maybe you just let them have it. If that same employee wants all of them all at once, then there should be something that triggers to say this is a different sort of request that deserves more scrutiny.”

5.       Utilize encryption – if a sensitive document is sent encrypted, an unauthorized party receiving it will have difficulty opening it. As Brad Bussie, Director of Product Management at STEALTHbits Technologies, phrased it: “As a best practice, personal identifiable information should never be transmitted in an un-encrypted format.” I agree.

6.       Use secure email – If a firm has the resources to do so, email security technology can help – but, do not rely on such technology to prevent problems since social engineering can come in through other channels (texting, social media messages, phone calls, etc.), and, sometimes problematic emails can still make it through. Nonetheless, reducing the threat via email can be useful; as Craig Young, Computer Security Researcher at Tripwire, noted “The use of cryptographically signed emails and securely configured mail services with advanced spam filters, sender policy framework (SPF), and DomainKeys Identified Mail (DKIM) configurations can also greatly reduce the likelihood of a successful e-mail scam.” Keep in mind that by reducing the number of problematic emails that reach users, email security technology can cause people to become less vigilant – so make sure to reinforce the need for vigilance via training.

7.       Utilize Data Loss Prevention systems – these types of systems can block certain types of files and attachments from going out to external email addresses.

These are just a few ideas to think about, there are several others !!!

1 Comment

Posted in Data Breach, Encryption, Malware, Security

Tagged , ,

Mobile Forensics Firm to Help FBI Hack Shooter’s iPhone

Posted on March 28, 2016 | Leave a comment

Terrorist

Israel-based mobile forensics firm Cellebrite is believed to be the mysterious “outside party” that might be able to help the FBI hack the iPhone belonging to the San Bernardino shooter.

Israeli newspaper Yedioth Ahronoth broke the news, which appears to be confirmed by a $15,000 contract signed by the FBI with Cellebrite on March 21, the day when the agency announced that it may have found a way to crack Islamic Terrorist Syed Rizwan Farook’s iPhone without Apple’s help.

The FBI convinced a judge in mid-February to order Apple to create special software that would allow the law enforcement agency to brute-force the PIN on Farook’s iPhone 5C without the risk of destroying the data stored on it.

Apple, backed by several other technology giants, has been preparing to fight the order, which it believes would set a dangerous precedent.

Just as the US government and Apple were about to face each other in court, the FBI announced on Monday that it may no longer need Apple’s help in cracking the phone. Federal prosecutors later cancelled the hearing set for Tuesday, stating that the FBI will be aided by an unidentified “outside party.”

That “outside party” appears to be Cellebrite, which has been working with the FBI since 2013. The company’s website shows that it has assisted law enforcement investigations in several countries over the past period.

“Cellebrite mobile forensics solutions give access to and unlock the intelligence of mobile data sources to extend investigative capabilities, accelerate investigations, unify investigative teams and produce solid evidence,” the company writes on its official site.

Experts have suggested several methods that could be used to gain access to the data on the San Bernardino shooter’s iPhone, including ones involving acid and lasers, but they didn’t appear to be very practical.

After the FBI announced that it might have found a practical alternative, iOS forensics expert Jonathan Zdziarski published a blog post describing some of the likely methods that might be used to accomplish the task.

The expert believes the technique that will be used has likely already been developed, as the FBI says it only needs two weeks to test the proposed method.

Zdziarski believes the company that will aid the FBI will either use a software exploit or a hardware technique known as NAND mirroring.

“This is where the NAND chip is typically desoldered, dumped into a file (likely by a chip reader/programmer, which is like a cd burner for chips), and then copied so that if the device begins to wipe or delay after five or ten tries, they can just re-write the original image back to the chip,” the researcher explained. “It’s possible they’ve also made hardware modifications to their test devices to add a socket, allowing them to quickly switch chips out, or that they’re using hardware to simulate this chip so that they don’t have to.”

“My gut still tells me this is likely a NAND hardware technique. A software exploit doesn’t scale well. I know this because my older forensics tools used them, and it required slightly different bundles for every hardware and firmware combination. Some also work against certain versions, but not against others,” he noted.

Zdziarski believes that if the technique already exists, it has likely been sold privately for well over $1 million.

Leave a comment

Posted in Cyber Security, Data Breach, eDiscovery, Encryption, Hacking, Law Enforcement

Tagged , ,

Cyber fraud stops Kiss from rocking and rolling all night long

Posted on March 25, 2016 | Leave a comment
kiss_941780

Kiss was due to head the Moonstone festival.

The organizers of a huge music festival featuring more than 50 acts and slated to start April 30 was totally derailed by a cyberattack forcing the promoters to reschedule the event for later this summer.

The Orlando Music Festival Moonstone organizers have given out few details regarding exactly what happened, but in a press release the they said the postponement was due to a cyber incident.

“The date change is based on the company suffering from a major cyber fraud crime. An ongoing investigation in now in process — by local law enforcement and the FBI — of cyber fraud involving a major Tampa, Florida bank and other local businesses,” the organizers said on the festival’s Facebook page late last week.

Attempts by SCMagazine to reach the festival’s promoter via email and social media went unanswered. The show’s social media pages have not been updated since the decision was made to hold off on the show. An inquiry to the FBI office in Tampa, Fla., has also not yet been returned.

“Because of this situation, we know our attention to the inaugural Moonstone might suffer and we want to ensure an amazing experience for everyone who attends the festival in September,” said MOONSTONE Founder Paul Lovett, in a press release.

The show was to run from April 30 to May 1 at the Central Florida Fairgrounds & Exposition Park, but now will be held Sept. 25-26. The show was to be headlined by the likes of Kiss, Def Leppard and Queensryche, but the organizers said the postponed version will likely have a different line up.

Leave a comment

Posted in Data Breach, Hacking, Law Enforcement, Security

Tagged

Multiple Hospitals Hit In Ransomware Attack Wave

Posted on March 24, 2016 | Leave a comment

mcafee-video-image_1102_65x70In the past week alone, three hospitals have reported being victimized by cyber-extortionists.

A flurry of ransomware attacks against hospitals in recent weeks suggests that online criminals may have found a new favorite target for cyber-extortion.

The latest to get hit are Methodist Hospital in Henderson, Kentucky, and Southern California’s Chino Valley Medical Center and Desert Valley Hospital, both of which belong to the Prime Healthcare Service chain.

The incident at Methodist Hospital forced it to declare a state of internal emergency earlier this week while administrators tried to restore access to encrypted files and email.

Security blog Krebs on Security, which was the first to report on the attack, quoted the hospital’s information system director Jamie Reid as describing the malware used in the attack as “Locky,” a particularly virulent ransomware sample that surfaced earlier this year.

According to Reid, after initially infecting a system, the ransomware spread to the entire internal network and compromised multiple systems. This prompted the hospital to turn off all desktop computers and bring them back up one and a time after ensuring they were infection-free.

Reid did not respond immediately to a Dark Reading request for comment, so it is unclear if the hospital ended up paying the $1,600 ransom demanded by the attackers to unlock the encrypted files. An attorney for Methodist Hospital interviewed by Krebs on Security had said the hospital had not ruled out paying the ransom.

Meanwhile, Fred Ortega, a spokesman for the two California hospitals that were also similarly hit, today claimed the malware did not impact patient safety or compromise health records, staff data, or patient care.

Ortega described the attacks as disrupting servers at both hospitals. But measures were quickly implemented that allowed a majority of operations to continue unhindered, he said in comments to Dark Reading.“The malware was ransomware,” Ortega says. “I can confirm that no ransom has been paid.”

According to Ortega, in-house IT teams were able to quickly implement certain protocols and procedures to contain and mitigate the disruptions. But he did not elaborate on what those measures were. “The hospitals remained operational without impacting patient safety, and at no point was patient or employee data compromised or leaked. As of today, most systems have been brought online,” Ortega says.

The attacks on the three hospitals continue a trend that first grabbed attention in February when Hollywood Presbyterian Hospital said it had paid $17,000 in ransom money to regain access to files that had been locked in a ransomware attack. Since then there have been reports of similar attacks on two hospitals in Germany, one at the Los Angeles County health department, and now the three over this past week.

Expect such attacks to increase, says James Scott, senior fellow at the Institute for Critical Infrastructure Security (ICIT), which recently released a report on the ransomware threat to organizations in critical infrastructure sectors.

“Hospitals are an easy target for many reasons,” Scott says. “Employees typically lack cyber hygiene training and their technology landscape, in most cases, is eerily absent of layered security centric protocols.”

Scott predicts that adversaries are going to start using ransomware as a diversionary tactic while they steal electronic health records and other sensitive data from healthcare networks. “The ransom will be secondary to the primary revenue generated by the sale of the data,” Scott says.

Another reason hospitals are being targeted is because threat actors know they simply cannot afford a prolonged disruption adds, Israel Levy, CEO of security vendor BufferZone. “The first attacks on hospitals, which may have been opportunistic rather than targeted, were successful for the attackers, so copycat attacks are now inevitable,” he said.

Regulatory pressures and public concerns have forced the healthcare sector to be more diligent about protecting private medical data in recent years, Levy says. But the same is not always true when it has come to protecting daily operations and common issues like email and Web use.

“Ransomware threat actors seem to be going after that weakness,” Levy said. “They aren’t going after personal medical data specifically, but are holding the hospital’s operational infrastructure hostage.”

Ron Zalkind, CTO and co-founder at CloudLock, says healthcare organizations are often viewed as soft targets by threat actors. A recent study that CloudLock conducted found that only five percent healthcare organizations on average are concerned with password protection, only 38% are concerned with personally identifiable information, and 30% are concerned with PCI, says Zalkind, who will talk cloud security issues at the upcoming Interop conference. “Similar vulnerabilities exist in other high-risk verticals, such as computer-controlled oil refineries and electrical grids,” he says.  “[The] consequences of such attacks to these sectors are just as significant.”

Leave a comment

Posted in Cyber Security, Data Breach, Encryption, Hacking, Security

Tagged , ,

Six Things Your Business Has That Cybercriminals Want

Posted on March 24, 2016 | Leave a comment

computer_hacker

The following article is excerpted from Under Attack: How To Protect Your Business and Your Bank Account From Fast-Growing, Ultra-Motivated and Highly Dangerous Cybercrime Rings, which was published by CelebrityPress on January 14th, 2016.

*****

Belief and opinion are the biggest hurdles in implementing effective security that can help prevent an attack by cybercriminals.

I remember growing up and hearing people say, “One man’s junk is another man’s treasure.” For businesses, what they perceive as something of “no value” can be extremely valuable to a criminal. They will maximize it and expose it, giving themselves a pretty sweet deal while the business and its customers suffer. This likely disturbs you to your very core, but it doesn’t disturb the perpetrator at all.

There are six specific areas of data that are considered the jackpot for cybercriminals. If you know what the gold is, you’ll know how to protect it better.

1. Banking credentials

Think about your payroll accounts and the abundance of information that is in them. A thief will not hesitate to figure out your banking credentials and piece them together, which will give them the ability to impersonate an authorized user on the account. Then—in a matter of a minute—the payroll account is drained. What would you do if your payroll account was suddenly emptied the night before payroll processing?

2. Sensitive data from customers, vendors, and staff

Credit card numbers, Social Security numbers, and other data that help a thief take over someone else’s identity are valuable pieces of information. In the cyber underground, they can go for anywhere from $10 to $300 per record, depending on its value. Does your business have any of this type of information stored on technology of any sort?

Related article — Cybersecurity Fails: 5 Times Businesses Put Their Customers at Risk

3. Trade secrets

Entrepreneurs and innovators work hard, many creating products and services that become a part of all our futures. Along with these exciting innovations come valuable information and data such as: secret formulas, design specs, and well-defined processes. There is a market out there for this information, because some people want to shortcut the path to success by copying those who paved the way. Are your ideas and processes safeguarded from thieves?

4. Email

under attack cybersecurity book cover kris fentonIt’s hard to imagine that an email account could be of real value, but there is information on there that cybercriminals love. Here are some numbers that a prominent credential seller in the cyber underground can get:
1. $8 for an iTunes account
2. $6 for accounts from Fedex.com, Continental.com, and United.com
3. $5 for a Groupon.com account
4. $4 for hacked credentials to hosting provider Godaddy.com, as well as the wireless providers ATT.com, Sprint.com, Verizonwireless.com, and Tmobile.com
5. $2.50 for active Facebook and Twitter accounts

If your inbox was held for ransom, would you pay to get it back? If your Webmail account got hacked and was used as the backup account to receive password reset emails for another Webmail account, do you know what would happen? The result would be that an attacker could now seize both your accounts!

And here’s a startling fact: If you have corresponded with your financial institution via email, the chances are decent that your account will eventually be used in an impersonation attempt to siphon funds from your bank account. Have you ever conducted any personal business on your email that you don’t want criminals to have access to?

5. Virtual hiding places

Using your unprotected network to launch attacks against others—perhaps one of your top clients or vendors—is a favorite technique for cyber attackers. They will expose the weakest link to their end target and literally “work their way up.”

They start with a smaller company that does business with a larger firm and may have access to some of its passwords and accounts due to the type of working relationship. Then the cybercriminal finds their way into that system and starts to extract the data that they desire. They may also infect the small business’ site with malware.

When larger corporate clients and vendors visit the infected site, the malware secretly attacks that person’s computer and infects the organization. This is known as a watering hole attack. If you were attacked and it impacted your clients, would they understand?

6. Your reputation

The higher up the scale of success you go compared to your peers, the more likely it is that some of them may desire to see you come back down a bit and “make room for someone else.” There are unscrupulous competitors out there, and also disgruntled employees.

Today, targeted reputation damage is a serious concern for small to mid-size businesses. In fact, damaging attacks, whether it be data theft or destruction by rogue employees, has moved up to the third leading cause of loss according to NetDiligence® 2013 Cyber Liability & Data Breach Insurance Claims — A Study of Actual Claim Payouts. Do you rely on your reputation to help drive your business?

Most everything that a business has access to using technology, whether it is to either retrieve or store information, is of value to someone who has made a career out of attacking businesses for their own malicious gain. It may be hard to accept this, because most of us do not think like a cybercriminal—we think about our futures, our reputations, and conducting the best business we can. However, in order to know what you’re up against, you really need to start understanding what criminals may see in your business through an honest and thoughtful perspective. It’s a conversation best had with someone who understands the full scope of cybersecurity.

********

Buy Under Attack at Amazon right here.

Leave a comment

Posted in Cyber Security, Data Breach, Hacking, Security

Tagged , ,

5 Ways to Keep your Domain Name Safe from Being Hacked

Posted on March 23, 2016 | Leave a comment

http_Hack

The proliferation in the number of people using the internet had led to a significant number of new websites and blogs popping up every day. The huge platform for sharing views and personal opinion about anything or host content that one deems suitable to share, casual users today have understood how good a business owning a website or even a personal blog can be.

However, although many people easily set up their own website or blog, there are hardly any who are knowledgeable enough in protecting their domains from hackers once they become the legal registrants of domains. Today, we discuss this issue to help owners of personal blogs and small websites.

How to protect your domain from hackers

The following methods can be used to protect your domain from the attacks of hackers:

1. Activity alerts

This is similar to receiving notifications about your Facebook activity. Whenever an activity is performed using your domain account, you can get a notification. Many good domain registrars provide this feature free of cost. This is a good way to keep track of any unauthorized activity on your domain account.

2. Make sure writeable and executable files and directories are not in web root

Not doing so basically means that any unauthorized user can access readable and/or writeable directories or archives. This is as easy as it can get for hackers to exploit non-secured scripts to run or place data on your web hosting account.

3. Keep your domain locked

Enabling your domain registrar’s lock is a simple yet effective way to prevent illicit third-party domain transfer request. Such domain transfer requests are frequently used to steal domains. Simply enabling domain registrar lock can prevent your domain from falling prey to this malicious practice.

4. Do away with unwanted Directories, Scripts, and Subdomains

It is a common mistake by website owners to leave old and less used directories and scripts on their website. The gravity of this mistake cannot be emphasized on enough. This is because hackers can use this information for the purpose of hacking into your website. Therefore, it is important that you routinely chunk out files and directories that you no longer need or use.

5. Use strong and complex passwords

All accounts that require security are secured by passwords, but users can be so naïve as to use passwords that can be guessed easily to protect their sensitive information. This is a textbook mistake, one which hackers never get tired of exploiting. Always, ALWAYS, use passwords that are a combination of letters and numbers and are not short in length. Also, make it a practice not to use common English words as your passwords, for there are a lot of password cracking tools that crack passwords quickly because the password includes common words.

Conclusion

A lot of people are victimized by hackers by stealing or hacking their domain names. It is most important to pay close attention to your domain’s security, especially when your blog or website becomes really popular. With the help of this article and perhaps a little more research on the matter, you will be much more secure than you previously were (if not using these methods already) against hackers.

Leave a comment

Posted in Data Breach, Encryption, Forensic, Hacks

Tagged , ,