Archive for the ‘Identity and Information loss’ category

Ransomware Attack and Phony Websites

November 23rd, 2017

ECKAAA

East Central Kansas Area Agency on Aging (ECKAAA) mentioned that they were affected by the ransomware attack.The incident left files encrypted and inaccessible to the company. Cybersecurity company is hired to investigate.

“The ransomware only affected portions of ECKAAA’s server; not every file stored on the server was encrypted,” the statement read. “Although not every file was encrypted, the ransomware perpetrators would have had access to every file stored on the attacked server. Based on its investigation, the company does not believe any data was removed from ECKAAA’s servers.”

Affected information includes names, addresses, and telephone numbers. They also may have contained names, addresses, telephone numbers, dates of birth, Social Security numbers and/or Medicaid numbers.

Facility mentioned that they have backups and the services are not hampered. As per the OCR data breach reporting tool, total 8,750 individuals possibly got affected by this incident.

“ECKAAA has also provided education to its workforce regarding ransomware, including, but not limited to, the importance of using robust passwords,” ECKAAA continued. “All passwords were changed following the ransomware incident. ECKAAA also intends to update its cybersecurity policies and procedures as necessary to prevent similar incidents in the future. As of October 30, 2017, no malicious activity has been detected.”

PHONY WEBSITES

The Recovery Institute of the South East, P.A. (RISE Therapeutic Services) mentioned that it was victim of cyber attack.

Organization said that certain individuals may have been contacted by websites that were claiming to be connected to RISE

“As of now we know that it was used to redirect any contact through the website, email, and also the phone number,” RISE stated. “Through Psychology Today it was confirmed that approximately 200 plus calls and 75 plus emails through their site were rerouted to an unauthorized individual who has yet to be identified.”

 ___________________________________________________________________________________

AlertSec ACCESS checks for full disk encryption on PCs running Windows 7, 8, and 10 Home, Pro and Enterprise as well as Mac OS El Capitan and Sierra. AlertSec ACCESS will also verify that all smartphones running iOS and Android are encrypted before access is granted.

Device Theft Incidents

November 20th, 2017

Brevard Physician Associates

Brevard Physician Associates mentioned that it was burglarized which possibly affected health data for 7,976 patients. The incident came to notice when the company saw tripped security alarm. An employee of the company found that three computers were missing.

Affected information included patient names, the names of patients’ insurance providers, the amount charged for the services provided, and the CPT codes of the services provided. However, patient addresses, dates of birth, telephone numbers, Social Security numbers, insurance ID numbers, and financial information were not included.

“We believe that the information contained on the stolen computers presents a minimal risk of future identity theft or financial fraud,” Brevard stated. “All three computers were password protected with strong passwords. Additionally, all of the data from all three computers will be automatically deleted upon their connection to the internet.”

Brevard also mentioned that it has “enhanced the security” at its office. Additional policies are in place to ensure it is “appropriately secured in the future.”

Martinsville Henry County

Martinsville Henry County (MHC) Coalition for Health and Wellness recently suffered data breach at Bassett Family Practice. The incident involved stolen laptop from the Bassett employee’s car.

Facility believe that the thief was after the laptop and not the information. As per the OCR data breach reporting tool, total 5,806 individuals may have been impacted.

Affected information includes patient names, dates of birth, account numbers, identity of providers, and/or details about patient visits with the practice. There is currently no indication that Social Security numbers or financial information was on the device.

“We are currently upgrading our IT security policies, procedures and related equipment to prevent future information from being stored on a laptop in an unencrypted manner,” Bassett said. “Please understand we value our relationship with you and take the security of your personal information very seriously. We have taken immediate steps and we will continue to evaluate our technology, policies and procedures in our efforts to prevent another occurrence such as this from happening in the future.”

 ___________________________________________________________________________________

AlertSec ACCESS is a patent pending technology. It is designed to enforce that devices are encrypted before access to a network is granted. Encrypted devices secure your data in case a device is lost or stolen. AlertSec ACCESS checks all computers and smartphones and detects all encryption types.

Government of Canada Plans to Set CyberSecurity Policy

November 14th, 2017

The growing trend of attacks is worrying every corner of the world. Like other parts, Canadians are also at risk from cyber attack. The Government of Canada plans to fight this battle. They are implementing various measures to stop the attacks. At the SecTor conference here, Colleen Merchant, Director General for National Cyber Security at Public Safety Canada, explained the steps taken.

Merchant mentioned that government agencies will have different responsibilities for cyber security. The Royal Canadian Mounted Police (RCMP) is tasked to handle law enforcement and related investigations. Public Safety Canada handles the Canadian Cyber Incident Response Center (CCIRC).

“CCIRC also has a responsibility for coordinating the overall national response to significant cyber events affecting critical systems in Canada,” she said.

Public Safety Canada also provides helping hands to set policy for cyber security. Merchant mentioned that the role of policy is to help assess challenges and help to formulate overall approaches that work at a national level.

The Government of Canada has released its Cyber Security Strategy manifesto in 2010 which consists of  three core pillars including: securing government systems, partnering to secure vital system outside of the federal government, and helping Canadians to be more secure online.

“From 2010 and going up to 2020 we have committed $431.5 million for investment and improvement into cyber security,” Merchant said.

Government of Canada has taken views from various entities while drafting policy for cybersecurity. Merchant said that there was the need for more privacy, collaboration and skilled cyber security personnel.

“We are recognizing that cyber-security has become a source for economic prosperity,” Merchant said.

“The Government can’t solve all problems but we can find ways to force-multiply, by providing all partners with direction and to set out national-level objectives that we can all work toward,” she said.

____________________________________________________________________________________________

AlertSec ACCESS checks for full disk encryption on PCs running Windows 7, 8, and 10 Home, Pro and Enterprise as well as Mac OS El Capitan and Sierra. AlertSec ACCESS will also verify that all smartphones running iOS and Android are encrypted before access is granted.

Data Breach at Forever 21

November 12th, 2017

Retailer Forever 21 recently suffered data breach. Affected information includes credit and debit card information at some Forever 21 locations. Third party notified the company about the breach.

“We immediately began an investigation of our payment card systems and engaged a leading security and forensics firm to assist us,” the company mentioned.

Forever 21 has encryption and tokenization solutions. It mentioned that only some point of sale (PoS) devices where affected. The company do not  know the affected location.

Obsidian Security CTO Ben Johnson mentioned that the breach is a reminder that every retailer is a target. “Holiday shoppers should be diligent in monitoring their account activity, and should consider Apple Pay or cash if they are feeling less confident about the security of the retailers’ systems,” he said.

“Retailers should understand that any areas of weakness, such as those few systems without multi-factor authentication or encryption, will eventually find themselves victim of compromise,” Johnson added. “In some ways things are improving on the defensive side, but we cannot forget that the attackers often innovate faster.”

Recent survey by SiteLock shows that there is growing concern for online shopping. The findings are as below –

Twenty seven percent worry about the information being compromised

Sixty-five percent mentioned that they will not return to the website after it got hacked

Fifty two percent say a store  which provides a secure payment network makes them confident

Another survey conducted by Paysafe has below findings –

Fifty nine percent of U.S. consumers believe fraud is an inevitable part of shopping online

Fifty eight percent said that they are willing to accept any security measures needed to eradicate fraud

Thirty nine percent of US businesses believe their customers would prefer increased security

“For years, consumers have had to overcome the apprehension that businesses know too much about them — from shoe sizes to food preferences,” Paysafe CEO Todd Linden said in a statement. “But as the payment world evolves, it is this knowledge that will make individuals more secure.”

“The evolution of big data will make payments smarter and easier and help to redress the balance between security and convenience,” Linden added. “Big data will be the ultimate key to tightening up security at PoS, online and in brick and mortar environments.”

 ___________________________________________________________________________________

AlertSec ACCESS is a patent pending technology designed to check that devices are encrypted before access to a network is granted. Encrypted devices secure your data even if they are lost or stolen.

Managing Privileged Passwords

November 11th, 2017

Recent survey conducted by One Identity of 913 IT security pros shows that 86 percent of IT security professionals face challenges managing privileged passwords.

As per the One Identity website – “We believe that security is much more than the practice of denial and restriction. That’s why One Identity’s design and integration philosophy is that our solutions must add agility and efficiency to an organization – regardless of size or market – as well as secure its digital assets.”

Other findings of the survey include –

Eighteen percent use a paper logbook for privileged password management

Thirty six percent manage passwords in Excel or another spreadsheet

Twenty two percent are not able to monitor or record activity performed with admin credentials

Forty percent do not change the default admin password

“Over and over again, breaches from hacked privileged accounts have resulted in astronomical mitigation costs, as well as data theft and tarnished brands,” One Identity president and general manager John Milburn said in a statement. “These survey results indicate that there are an alarmingly high percentage of companies that don’t have proper procedures in place.”

LastPass research survey shows that the average security employee is managing 191 passwords.

Twenty six and half percent of businesses has multi-factor authentication to protect their password vaults.

“While we’re seeing that a significant portion of businesses are investing in multi-factor authentication, it is not yet adopted widely enough to compensate for the shortcomings of passwords,” the report states.

Duo Labs conducted survey of 443 individuals has below findings –

Twenty eight percent of respondents use two-factor authentication (2FA)

Fifty six percent of respondents had never heard of it

Forty-five percent of those who use 2FA said they do so on all services that offer it

“This survey underscores the reality that we as a security community still have a long way to go when it comes to educating the everyday person about proper security behaviors in general and 2FA in particular,” the researchers wrote.

____________________________________________________________________________________________

AlertSec ACCESS is a patent pending technology designed to check that devices are encrypted before access to a network is granted. Encrypted devices secure your data even if they are lost or stolen.

Ghostwriter AWS Issue

November 2nd, 2017

Skyhigh Networks researchers is warning about “GhostWriter,”. This entity misconfigures Amazon S3 buckets to allow public write access for a malicious third party to launch man-in-the-middle (MiTM) attacks.

“GhostWriter underlines the fact that security is just not the responsibility of the cloud service providers, but also the customer, and often it is a customer misconfiguration that exposes their data to threat,” Skyhigh chief scientist Sekhar Sarukkai wrote in blog.

According to Skyhigh, more than 1,600 S3 buckets get accessed from the enterprise network. Four percent are exposed to GhostWriter. “Skyhigh has identified thousands of such buckets being accessed from enterprise networks and has shared these affected buckets with AWS for remediation,” Sarukkai wrote.

Affected entities are major news sites, leading retailers, popular cloud services and ad networks.

“Bucket owners who store JavaScript or other code should pay particular attention to this issue to ensure that third parties don’t silently overwrite their code for drive-by attacks, Bitcoin mining or other exploits,” Sarukkai added.

This kind of misconfiguration is creating high profile data breaches which includes expose of 4 million Verizon customers’ data and 3 million WWE fans’ contact details.

Another survey conducted by AlgoSec of 450 senior security and network professionals showed that thirty percent of the participants plan to increase public cloud usage.  Forty four percent said that they faced challenges after migrating to public cloud.

AlgoSec director of communications Joanne Godfrey mentioned that it’s essential for organizations to maintain complete visibility”This enables them to better protect the business and fulfill compliance demands, while taking full advantage of the cost savings and agility offered by the hybrid cloud model,” she said.

“Companies of all sizes are adopting increasingly more complex technical solutions as the market democratizes what was previously reserved for software giants,” Threat Stack CSO Sam Bisbee said in a statement. “This has created an opening for internal and external threats as security teams catch up on cloud, containers, and more.”

____________________________________________________________________________________________

AlertSec ACCESS checks for full disk encryption on PCs running Windows 7, 8, and 10 Home, Pro and Enterprise as well as Mac OS El Capitan and Sierra. AlertSec ACCESS will also verify that all smartphones running iOS and Android are encrypted before access is granted.

DHS and FBI warns of APTs Targeting

October 27th, 2017

The U.S. Department of Homeland Security (DHS) and Federal Bureau of Investigation (FBI) have recently mentioned in a statement that an advanced persistent threat (APT) campaign is specifically targeting government entities and organizations. The affected entities are energy, nuclear, water, aviation and critical manufacturing sectors.

Attackers are targeting low security networks and third party suppliers.

“Based on malware analysis and observed [indicators of compromise], DHS has confidence that this campaign is still ongoing, and threat actors are actively pursuing their ultimate objectives over a long-term campaign,” the alert mentioned

Attackers use public website tor phishing attack.

“As an example, the threat actors downloaded a small photo from a publicly accessible human resources page,” the report states. “The image, when expanded, was a high-resolution photo that displayed control systems equipment models and status information in the background.”

Hackers try to steal login information through security loopholes.

“Although these watering holes may host legitimate content by reputable organizations, the threat actors have altered them to contain and reference malicious content,” the alert mentioned.

“Approximately half of the known watering holes are trade publications and information websites related to process control, ICS, or critical infrastructure.”

Attackers conduct reconnaissance operations after getting into system.

“Specifically, the threat actors focused on identifying and browsing file servers within the intended victim’s network,” the alert states. “The threat actors viewed files pertaining to ICS or Supervisory Control and Data Acquisition (SCADA) systems.”

In one case hackers got inside energy installation systems.

Virsec Systems CEO Atiq Raza told eSecurity Planet that attack has common pattern “Rather than directly attacking high security networks, hackers are doing careful reconnaissance of connected third parties, staging servers or watering holes for insiders,” he said. “Once hackers steal credentials, or find a less secure backdoor, they can quickly pivot to more secure servers, bypassing traditional network perimeter security.”

“IT security needs to assume the perimeter is porous and focus more directly on guarding sensitive applications and data,” Raza added.

____________________________________________________________________________________

AlertSec ACCESS is a patent pending technology designed to check that devices are encrypted before access to a network is granted. Encrypted devices secure your data even if they are lost or stolen.

Breaches in US Financial Service Organizations

October 23rd, 2017

As per the 2017 Thales Data Threat Report, forty two percent of U.S. financial services organizations got affected by data breach. Survey saw participation of 1,100 senior security executives worldwide. The findings are as below:

Twenty four percent of the organizations suffered data breach in last year alone

Nineteen percent suffered data breach in 2016

Eighty-six percent of participants believe they are vulnerable to data threats.

Ninety six percent will use sensitive data in an advanced technology environment

“Data breaches continue to hit the headlines and, as recently illustrated by the Equifax breach, the financial services industry is a prime target for hackers,” Thales e-Security vice president of strategy Peter Galvin said in a statement.

“As digitization continues to transform the industry’s online infrastructures it is critical organizations implement data security solutions that follow the data — wherever it is created, shared or stored,” Galvin added.

A recent survey conducted by ISMG survey of over 250 banking and security leaders found that 38 percent have confidence in threat detection deployed by companies.

“This survey certainly shows that while consumers may shoulder many direct costs and burdens associated with fraud, institutions are also suffering substantially,” NuData Security marketing director Lisa Baergen told eSecurity Planet by email.

“The global uptick in fraud, coupled with ever-increasing amounts of PII available on the black market, makes financial institutions more vulnerable and as a result, their security investments are growing yet their confidence in them isn’t,” Baergen added.

As per Symantec’s Q2 Mobile Threat Intelligence Report: Mobility and Finance found that twenty five percent of mobile devices used by employees at financial services organizations are at risk.

“Since user behavior is such a huge factor in mobile security, user education is one of the most important things an organization can do to… minimize the threat to their organizations through mobile devices,” the report suggests.

____________________________________________________________________________________________

AlertSec ACCESS is a patent pending technology. It is designed to enforce that devices are encrypted before access to a network is granted. Encrypted devices secure your data in case a device is lost or stolen. AlertSec ACCESS checks all computers and smartphones and detects all encryption types.

Increase in Ransomware Sales

October 16th, 2017

There was increase in sales of ransomware on the dark web by 2,502 percent. It raised to 6.2 million dollar from $250,000.

“This increase is largely due to a simple economic principle — supply and demand,” the report states. “Cyber criminals are increasingly seeing opportunities to enter the market and looking to make a quick buck via one of the many ransomware offerings available via illicit economies.”

There are around 6300 dark web marketplaces which sells ransomware. The listing includes 45,000 product which are priced in the range of $0.50 to $3,000.

“Based on our research, ransomware can no longer be perceived as petty criminals performing stick-ups and kidnappings,” Carbon Black security strategist Rick McElroy said in a statement. “Instead, ransomware has become a rapidly growing, cloud-based black market economy focused on destruction and profit.”

“Today, legitimate enterprises avoid heavy investments in infrastruture — and hackers are no different,” McElroy added. “In fact, with ransomware, hackers have set a model for a cloud-based, high-profit and effective turnkey service economy.”

Survey conducted by Crowd Research Partners of 516 cyber security professionals shows that –

Eighty percent view ransomware a moderate or extreme threat

Small fraction of respondents say they will pay ransom

It also found out that most successful insertion of malware is through email attachments.

“In many respects, ransomware is a game changer,” Cybersecurity Insiders founder and CEO Holger Schulze said in a statement. “It is incredibly easy and inexpensive for cyber criminals to execute highly profitable attacks on a global scale.”

Survey conducted by Magnet Networks of 205 shows that 48 percent do not have cyber security policy.

“We found that only 13 percent of respondents think that their business is very secure — and in the absolute world of cyber attacks you are either totally secure or you are vulnerable in some way,” Magnet Networks cyber security expert James Canty said in a statement.

In seventy percent of the companies under 10 employees, the security aspect is handled by business owner or office manager.

That means that as many as 171,000 Irish businesses, Canty said, “have no one qualified looking after their network security and may not be protected against a ransomware and cybercrime industry which is growing at a rapid rate.”

____________________________________________________________________________________________

AlertSec ACCESS is a patent pending technology designed to check that devices are encrypted before access to a network is granted. Encrypted devices secure your data even if they are lost or stolen.

North Korea Hackers Hit US Companies

October 14th, 2017

FireEye researchers recently mentioned that spear phishing emails were sent to U.S. electric companies which can be traced back to North Korea.

The emails contained fake invitations to a fundraiser. Anyone who opened attachment will get malware.

The researchers mentioned that the attack is early-stage reconnaissance.

“Nation-states often conduct cyber espionage operations to gather intelligence and prepare for contingencies, especially at times of high tension,” the researchers wrote.

Two years ago North Korean hackers has released sensitive data on South Korean nuclear power plants.

Researchers mentioned that North Korea linked hackers are bold and “likely remain committed to pursuing targets in the energy sector, especially in South Korea and among the U.S. and its allies, as a means of deterring potential war or sowing disorder during a time of armed conflict.”

“North Korea linked hackers are among the most profilic nation-state threats, targeting not only the U.S. and South Korea but the global financial system and nations worldwide,” the researchers wrote. “Their motivations vary from economic enrichment to traditional espionage to sabotage, but all share the hallmark of an ascendant cyber power willing to violate international norms with little regard for potential blowback.”

Eddie Habibi, CEO of PAS Global mentioned that with the growing tension between US and North Korea the frequency of the attack will rise.

And while critical infrastructure is as prepared as it has ever been for phishing attacks, Habibi said, it’s not well prepared for the consequences of attacks that provide the attackers with “access to the process control networks where you find systems that control volatile processes or ensure worker safety.”

“These systems are often 15 or 20 years old and consequently do not adhere to today’s secure by design principles,” Habibi said. “They are also not visible to security personnel, which makes detecting and reacting sufficiently to compromise difficult at best. Exploiting these systems can lead to loss of production, shareholder value, and even life under certain circumstances.”

____________________________________________________________________________________________

AlertSec ACCESS is a patent pending technology. It is designed to enforce that devices are encrypted before access to a network is granted. Encrypted devices secure your data in case a device is lost or stolen. AlertSec ACCESS checks all computers and smartphones and detects all encryption types.