Archive for the ‘data encryption’ category

Cyber Attacks

December 25th, 2017

Austin Manual Therapy mentioned that they suffered data breach due to unauthorized access to its system. As per the reports, limited parts of the system were accessed. There is no data which shows that the attack was also carried on the organization’s core EHR system.

“Despite conducting a comprehensive forensic analysis, we have very little evidence as to what documents or information the attacker was able to access or steal,” Austin Manual Therapy stated. “We know that the attacker was able to access one of our computers and a shared file system.”

Affected information included addresses, phone numbers, occupations, dates of birth, insurance policy information, insurance coverage and eligibility information, charge amounts, dates of service, driver’s license information, diagnosis, health screening information, referring physician information, and full or partial Social Security numbers.

As per the OCR tool, total 1,750 individuals may have been affected.

“While our investigation is substantially complete, it remains ongoing and will likely continue through the end of the year,” Austin Manual explained. “We also have implemented and are continuing to implement additional security measures designed to prevent a recurrence of this type of attack, to quickly identify unusual activity, and to further protect the privacy of your information.”

CA Facility Data Breach

California-based Stanislaus County Behavioral Health and Recovery Services (BHRS) mentioned that it suffered data breach due to a ransomware attack.

“The network has been shut down and isolated from the County-wide network while online services and communication are being provided by other means temporarily, and client care has continued,” read a Stanislaus County statement from December 15, 2017.

Stanislaus County said that it has previously mitigated ransomware attacks, but this time “the particular techniques used in this attack were able to get past the security mechanisms that are in place.”

“All BHRS computers are being held in quarantine to prevent any further infection,” the statement read. “No breech of personal information has been detected at this time.”

Stanislaus County did not mention the affected number of individuals.

BHRS has more than 400 employees and provides services “for about 14,000 adults and children, including mental health services and help with overcoming addictions.”

__________________________________________________________________________________________

AlertSec ACCESS is a patent pending technology designed to check that devices are encrypted before access to a network is granted.

Google Encryption for Clouds

December 13th, 2017

Largest cloud networks in the planet is operated by Google. It employs multiple techniques to keep the data secure. Company is now providing some insight about the encryption techniques.

Google, like others, uses Transport Layer Security (TLS) to encrypt connections for data in motion from external hosts to the Google Cloud. But Google has its own method for encrypting data connections within its own data centers. It is called Application Layer Transport Security (ALTS).

“We get a lot of customer questions about encryption, so we’re trying to build trust through transparency,” Maya Kaczorowski, Security and Privacy Product Manager at Google, told eSecurityPlanet.

Kaczorowski mentioned that when a user connects to the Google Cloud, by default the connection is encrypted with TLS. Google is making use of TLS 1.3, which is not yet an official IETF standard.

Container vendor Docker has a model similar for its Swarm orchestration technology called mutually authenticated TLS (mTLS).

“TLS uses X.509 certificates, while ALTS uses protocol buffers,” Kaczorowski said.

Kaczorowski said that Protocol Buffers are a language-neutral technology for serializing data.

“It’s not based in hardware, Protocol Buffers are just a way for storing and transmitting information,” Kaczorowski said.

Kaczorowski mentioned that BeyondCorp is all about how Google employees access internal applications and resources.

“With ALTS, what we’re talking about is how every service at Google can authenticate with each other,” Kaczorowski said.

Company is also working on the open-source Istio service mesh project for Kubernetes.

“Istio authentication automatically aims to encrypt data transit between services,” she said. “The concept is similiar to ALTS.”

“For encryption in transit we have encryption at the network layer (Layer 3) and at the application layer (Layer 7),” Kaczorowski said. “With encryption at rest we’re encrypting both at the storage device layer and at the storage system layer.”

“We want to have multiple layers that we can fall back on,” she said.

____________________________________________________________________________________________

AlertSec ACCESS checks all computers and smartphones and detects all encryption types

NiceHash Breach

December 10th, 2017

The cryptocurrency mining marketplace NiceHash mentioned that its payment system had been affected by data breach. Contents of its Bitcoin wallet were stolen.

Company didn’t mention the number of bitcoin affected but according to Reddit, the hacker bitcoin address has 4,736 Bitcoin which values $83 million.

“Clearly, this is a matter of deep concern and we are working hard to rectify the matter in the coming days,” the company said in a statement. “In addition to undertaking our own investigation, the incident has been reported to the relevant authorities and law enforcement and we are cooperating with them as a matter of urgency.”

Company has temporarily stopped operations.

Webroot senior threat research analyst Tyler Moffitt mentioned email that the breach should serve as a reminder to the mining community that when mining for a pool, it’s always best to have payouts trigger at the smallest amount. “Even though there are fees associated with using the minimum payout, having the amount sit in the mining pool’s wallet is risky,” he said.

Cybercriminals targeting cryptocurrencies has increased. Imperva’s Global DDoS Threat Landscape Report shows that 73.9 percent of all Bitcoin exchanges were attacked by DDoS method.

“As a rule, extortionists and other cybercriminals are commonly drawn to successful online industries, especially emerging ones that are less likely to be well-protected,” Imperva security evangelist Igal Zeifman said by email. “Attackers can make a lot of money when attacking crypto exchanges due to factors such as the anonymity of the cryptocurrencies, hence the ability to ‘get rid’ of the stolen goods with limited risk.”

Recorded Future report also reported a rapid spike in mining malware.

“Our research has confirmed that cybercriminals are shifting attack vectors from highly damaging ransomware infections to long-term, low-velocity crypto mining operations,” the report states.

The researchers also found out that there are sixty two different types of cryptomining malware available for sale online.

____________________________________________________________________________________________

AlertSec ACCESS checks for full disk encryption on PCs running Windows 7, 8, and 10 Home, Pro and Enterprise as well as Mac OS El Capitan and Sierra.

Ransomware Attacks in 2017

December 7th, 2017

As compared to 2016, the ransomware attacks hitting business users increased from 22.6 percent in 2016 to 26.2 percent in 2017. Kaspersky Lab conducted survey.

“Welcome to ransomware in 2017 — the year global enterprises and industrial systems were added to the ever-growing list of victims, and targeted attackers started taking a serious interest in the threat,” the report states. “It was also a year of consistently high attack numbers, but limited innovation.”

Significant businesses lost amount or data due to ransomware.Three massive ransomware outbreaks in 2017 are WannaCry, NotPetya and Bad Rabbit.

”The headline attacks of 2017 are an extreme example of the growing criminal interest in corporate targets,” Kaspersky Lab senior malware analyst Fedor Sinitsyn said in a statement. “We spotted this trend in 2016, it has accelerated throughout 2017 and shows no signs of slowing down.”

“Business victims are remarkably vulnerable, can be charged a higher ransom that individuals and are often willing to pay up in order to keep the business operating,” Sinitsyn added. “New business-focused infection vectors, such as through remote desktop systems, are not surprisingly also on the rise.”

Another report by Malwarebytes shows that the number of ransomware attacks in the first three quarters of 2017 is more than 2016 by 62 percent.

The report also shows that ransomware has largely replaced botnets.

“Knowledge of cybercrime and security best practices has to go across the organization, driven from the top down,” the report states. “With an endless array of potential vulnerability points, from reception to external vendors, an exchange of knowledge, awareness and insight is key to recognizing threats.”

“This idea of a CEO as a cyber security champion evokes an even bigger shift which can ultimately help businesses better protect themselves: treating cyber security as an investment in trust, rather than a way to prevent losses or costs.”

____________________________________________________________________________________________

AlertSec ACCESS is a patent pending technology designed to check that devices are encrypted before access to a network is granted.

IoT Security Skills in Energy Companies

December 5th, 2017

Inmarsat survey of senior IT decision makers from 100 large energy companies worldwide shows that fifty four percent need additional security skills to deliver successful IoT projects. Fifty three percent need to make significant investments to fulfill requirements.

Other findings include-

Only two percent mentioned that IoT do not create new challenges

Thirty percent said they have given special consideration for IoT in security apparatus

Fifty nine percent mentioned that their board has insufficient knowledge of IoT

“The core operations of energy companies have traditionally been insulated from the destructive cyber attacks that have destablized other industries, as they were not connected to the Internet,” Inmarsat senior director for energy Chuck Moseley said in a statement. “But with the advent of IoT, more and more parts of their infrastructure are being connected, creating new vulnerabilities and risks.”

“Worryingly, our research shows that many energy businesses lack the security processes and skills to address these new vulnerabilities,” Moseley added. “This needs to be quickly addressed, and it must be driven by senior leadership within energy businesses, to ensure that they do not miss out on the huge potential value that IoT can bring to the energy sector.”

Another survey conducted by CyberX study of 375 industrial networks worldwide shows that thirty one percent are connected to the public Internet. Seventy six percent are running outdated and unpatchable operating systems like Windows XP and Windows 2000.

“Most of these ICS/SCADA sites were built years ago, long before the proliferation of Internet connectivity and the need for real-time intelligence,” the report states. “The key priorities were performance and reliability rather than security.”

“We don’t want to be cyber Cassandras — and this isn’t about creating FUD — but we think business leaders should have a realistic, data-driven view of the current risk and what can be done about it,” CyberX CEO and co-founder Omer Schneider said in a statement.

 ___________________________________________________________________________________

AlertSec ACCESS checks for full disk encryption on PCs running Windows 7, 8, and 10 Home, Pro and Enterprise as well as Mac OS El Capitan and Sierra.

New Google Patch for Android

December 2nd, 2017

Google released possibly its final Android security update for 2017. The latest patch addresses at least 42 different vulnerabilities which includes 11 flaws in the media framework (five are critical remote code execution issues).

“The most severe vulnerability in this section could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process,” Google warned in its advisory.

Libmedia and libstagefright components of the Android media framework is patched in every single security update provided by Google since August 2015. Google provided update every single month after the Stagefright vulnerability which was first publicly disclosed at Black Hat USA 2015.

“The state of the union for Android security is strong and I have spent time making sure it stays strong,” Adrian Ludwig said, the man who runs Android security for Google. “It’s not just about building a safe; it’s about building something that can react and respond to security quickly.”

In this new update, the critical remote code execution flaw in the system component is also addressed.

“We’re updating all Nexus devices — the Nexus 4, 5, 6, 7, 9 and 10 and even the Nexus players — and we’re patching for libstagefright,” Ludwig said. “This is the single largest mobile software update the world has ever seen.”

Security support will extend for three years from a time Nexus device appears in the market.

“The industry has looked at recent events and realized that it needs to move fast, and we need to tell people what we’re doing,” Ludwig said.

“The most severe vulnerability in this section could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process,” Google warned in its advisory.

Ludwig also mentioned that, “We’re taking an aggressive stance to see if an application is doing something wrong, and we’re working with the developers and the development process to make it right.”

 ___________________________________________________________________________________

AlertSec ACCESS is a patent pending technology designed to check that devices are encrypted before access to a network is granted.

IoT Security

November 30th, 2017

Healthcare organizations are now implementing connected medical devices for better services to patients. But healthcare technology leaders are worried about IoT security with connected devices.

Business technology professionals survey in healthcare shows that seventy one percent are skeptical towards IoT devices.

“Emerging technologies have to be embraced,” ISACA CEO Matt Loeb said in a statement. “As the research shows, the reluctance to deploy them is linked to the need to understand and mitigate the risks of doing so. Organizations that implement a strong information and technology governance program will better understand their capabilities, which leads to more effective risk management and increased confidence in deployment of these technologies.”

The survey also mentioned that forty seven percent do not consider their organizations’ head is digitally literate.

“The resounding message from our research is clear: senior leadership needs to invest in increasing its digital fluency,” Loeb said. “Organizations with digitally fluent leadership are more clearly recognizing the benefits and risks of emerging technologies.”

The trend shows that IoT devices are there to stay even there is resistance from senior leadership.

“[IoT] can also be remotely controlled and is highly automated across existing network infrastructure, resulting in improved efficiency, accuracy and economic benefit in addition to reduced human intervention,” researchers stated.

The research team also mentioned that there is variety of sectors and savings due to increasing automation. As per the Deloitte poll, the biggest cyber security challenge is to identify and mitigate potential risks in legacy and connected devices.

“Legacy devices can have outdated operating systems and may be on hospital networks without proper security controls,” said Russell Jones, Deloitte Risk and Financial Advisory partner, Deloitte & Touche LLP. “Connected device cybersecurity can start in the early stages of new device development, and should extend throughout the product’s entire lifecycle; but even this can lead to a more challenging procurement process. There is no magic bullet solution.”

____________________________________________________________________________________________

AlertSec ACCESS checks for full disk encryption on PCs running Windows 7, 8, and 10 Home, Pro and Enterprise as well as Mac OS El Capitan and Sierra.

DDoS Attack

November 29th, 2017

DDoS attack attempts on organizations was 237 per month or eight attack attempts a day in third quarter of 2017.

“The growing availability of DDoS-for-hire services is causing an explosion of attacks, and puts anyone and everyone into the crosshairs,” Corero CEO Ashley Stephenson said in a statement. “These services have lowered the barriers to entry in terms of both technical competence and price, allowing anyone to systematically attack and attempt to take down a company for less than $100.”

“Alongside this trend is an attacker arms race to infect vulnerable devices, effectively thwarting other attackers from commandeering the device,” Stephenson added. “Cyber criminals try to harness more and more Internet-connected devices to build ever larger botnets. The potential scale and power of IoT botnets has the ability to create Internet chaos and dire results for target victims.”

In second quarter of 2017, the attack leveraged multiple vendors “Often lasting just a few minutes, these quick-fire attacks evade security teams and can sometimes be accompanied by malware and other data exfiltration threats,” Stephenson said.

Sapio Research conducted survey on behalf of CDNetworks. It shows that 88 percent of U.S. respondents are confident in their current DDoS mitigation capabilities. Among them 69 percent got affected by DDoS attack within the past 12 months.

“The results show that most U.S. companies are mindful of the alarming recent rise in DDoS attacks, and are increasing their investment in mitigation technology in response,” CDNetworks Americas managing director Alex Nam said in a statement. “This has understandably led to a confidence in resilience. But when comparing alongside the frequency of DDoS attacks and the likelihood of their success, this confidence tips worryingly into complacency.”

There was increase in attack on gaming services and on platforms offering new financial services such as initial coin offerings (ICOs).

“Entertainment and financial services — businesses that are critically dependent on their continuous availability to users — have always been a favorite target for DDoS attacks,” Kaspersky head of DDoS protection Kirill Ilganaev said in a statement. “For these services, the downtime caused by an attack can result not only in significant financial losses but also reputational risks that could result in an exodus of customers to competitors.”

____________________________________________________________________________________________

AlertSec ACCESS is a patent pending technology. It is designed to enforce that devices are encrypted before access to a network is granted. Encrypted devices secure your data in case a device is lost or stolen.

Uber Breach

November 27th, 2017

Uber mentioned that it had covered up a massive data breach of 57 million customers’ and 600,000 drivers’ information in late 2016 by shelling out the hackers a $100,000 ransom.

Uber CEO Dara Khosrowshahi mentioned that two hackers “inappropriately accessed user data stored on a third-party cloud-based service that we use.”

Affected information includes 600,000 U.S. drivers’ names and driver’s license numbers, and 57 million global users’ names, email addresses and mobile phone numbers.

“At the time of the incident, we took immediate steps to secure the data and shut down further unauthorized access by the individuals,” Khosrowshahi said. “We subsequently identified the individuals and obtained assurances that the downloaded data had been destroyed. We also implemented security measures to restrict access to and strengthen controls on our cloud-based storage account.”

Uber paid the hackers a $100,000 ransom not to publish the data.

“None of this should have happened, and I will not make excuses for it,” Khosrowshahi said.

“While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes.”

“Breach disclosure is critical to get right, because it can have long lasting effects on the organization and its customers,” SecureAuth chief security architect Stephen Cox said by email.

“To the organization, every breached customer has a financial impact, and long term viability comes into question because of damage to the brand.”

AsTech chief security strategist Nathan Wenzler said the decisions made by Uber’s CISO is shocking after the incident.

“Quite simply, legitimate security professionals know better than this, and the community at large is built upon integrity in all matters,” Wenzler said. “When you act as the front line of defense for an organization, it is imperative that your security team operates in the most honest and forthright manner possible.”

 ___________________________________________________________________________________

AlertSec ACCESS checks all computers and smartphones and detects all encryption types.

Russian Cyber Security Threat

November 25th, 2017

Ciaran Martin, CEO of the U.K.’s National Cyber Security Centre (NCSC) mentioned that hostile states present a significant cyber threat to the country’s critical infrastructure security.

“I can confirm that Russian interference, seen by the National Cyber Security Centre, has included attacks on the U.K. media, telecommunications and energy sector,” Martin mentioned.

“That is clearly a cause for concern — Russia is seeking to undermine the international system,” he added.

As per the survey by Tripwire, forty seven percent said that water, electricity and gas utilities are the most likely entities to be attacked.

“Before the Internet brought almost universal connectivity, industrial security was very different from what it is today,” Tripwire chief research officer David Meltzer said in a statement. “Traditional industrial and critical infrastructure organizations had no Internet as we know it today. Perimeter defense typically meant physical security — gates, fences, barriers and guards. Nowadays, these systems are Internet-connected, more virtualized in many cases, and more remotely accessible than ever before.”

“There is no dispute that connectivity provides many business advantages, such as centralized management and control, remote engineering access and resource consolidation,” Meltzer added. “However, it’s important to remember that it also brings with it a large number of additional risks, mainly increased attack vectors, exposure of inherently insecure and sometimes obsolete IT systems, and the opportunity for attackers to exploit vulnerabilities that have not been patched.”

Survey conducted by a Ponemon Institute of 377 U.S. professionals shows that there is cyber security issue for oil and gas operations. Only thirty five percent believe that their companies are well equipped.

“The fact that nearly 70 percent of oil and gas companies were hacked in the past year must serve as a call to action,” Siemens USA CEO Judy Marks said in a statement. “As oil and gas producers use digitalization to become safer and more efficient, there is a clear need to bulk up defenses for operational technology, which is even more vulnerable to attacks than the IT environment.”

Nozomi Networks founder and chief product officer Andrea Carcano mentioned that energy sector companies are prone to attack 24/7. “It is essential that critical infrastructure operators take steps to increase the visibility into their ICS networks and deploy new innovations that enable early detection of advanced persistent threats, whoever is making them,” he said.

____________________________________________________________________________________________

AlertSec ACCESS is a patent pending technology. It is designed to enforce that devices are encrypted before access to a network is granted. Encrypted devices secure your data in case a device is lost or stolen.