Archive for the ‘mobile security’ category

Ghostwriter AWS Issue

November 2nd, 2017

Skyhigh Networks researchers is warning about “GhostWriter,”. This entity misconfigures Amazon S3 buckets to allow public write access for a malicious third party to launch man-in-the-middle (MiTM) attacks.

“GhostWriter underlines the fact that security is just not the responsibility of the cloud service providers, but also the customer, and often it is a customer misconfiguration that exposes their data to threat,” Skyhigh chief scientist Sekhar Sarukkai wrote in blog.

According to Skyhigh, more than 1,600 S3 buckets get accessed from the enterprise network. Four percent are exposed to GhostWriter. “Skyhigh has identified thousands of such buckets being accessed from enterprise networks and has shared these affected buckets with AWS for remediation,” Sarukkai wrote.

Affected entities are major news sites, leading retailers, popular cloud services and ad networks.

“Bucket owners who store JavaScript or other code should pay particular attention to this issue to ensure that third parties don’t silently overwrite their code for drive-by attacks, Bitcoin mining or other exploits,” Sarukkai added.

This kind of misconfiguration is creating high profile data breaches which includes expose of 4 million Verizon customers’ data and 3 million WWE fans’ contact details.

Another survey conducted by AlgoSec of 450 senior security and network professionals showed that thirty percent of the participants plan to increase public cloud usage.  Forty four percent said that they faced challenges after migrating to public cloud.

AlgoSec director of communications Joanne Godfrey mentioned that it’s essential for organizations to maintain complete visibility”This enables them to better protect the business and fulfill compliance demands, while taking full advantage of the cost savings and agility offered by the hybrid cloud model,” she said.

“Companies of all sizes are adopting increasingly more complex technical solutions as the market democratizes what was previously reserved for software giants,” Threat Stack CSO Sam Bisbee said in a statement. “This has created an opening for internal and external threats as security teams catch up on cloud, containers, and more.”

____________________________________________________________________________________________

AlertSec ACCESS checks for full disk encryption on PCs running Windows 7, 8, and 10 Home, Pro and Enterprise as well as Mac OS El Capitan and Sierra. AlertSec ACCESS will also verify that all smartphones running iOS and Android are encrypted before access is granted.

New Cyber Security Strategy – Deceiving the Deceivers

September 5th, 2017

New cyber security battle is fought in a new way. Deception is the old strategy used in business, warfare and politics. It is now implemented in IT security.

Cyber criminals are long using deception policy to gain information. Now, new generation start-ups are using the same idea to avoid them. They are confusing the attackers by masking the real system.

“The idea is to mask real high-value assets in a sea of fake attack surfaces,” said Ori Bach, VP of products and marketing at TrapX Security. “By doing so, attackers are disoriented.”

Once attackers enter the system through malicious ways, they are free to roam inside. As per the Gartner analyst Lawrence Pingree, attackers must “trust” the environment that they insert malware into.

“Deception exploits their trust and tempts the attacker toward alarms,” said Pingree. “Deception also can be used to move an attacker away from sensitive assets and focus their efforts on fake assets – burning their time and the attacker’s investment.”

The main aspect is to manage real user endpoint lures.

“Distributed deception platforms (DDP) are solutions that create faked systems (often real operating systems, but used as sacrificial machines), lures (such as fake drive maps and browser histories) and honeytokens (fake credentials) on real end-user systems to entice and mislead the attacker to faked assets in order to enhance detection and to delay their actions as they attack those decoy assets,” wrote Pingree.

Experts believe that deceptive technology must not only create honeypots but a whole system to make it real.

“Ideally, organizations can use DDP solutions to create ‘intimate threat intelligence’ and use that to enrich their other tools to enhance prevention at the network and other security defensive layers,” said Pingree.

“Since you never know where you might be attacked, the ideal deception strategy should cover as many layers of the network and as many types of assets as possible,” said Bach. “For a deception tool to be effective in an enterprise environment, it must be integrated with the infrastructure (e.g. Active Directory, the networking infrastructure) and the security ecosystem.”

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

App Install Advertising Fraud

August 27th, 2017

The recent trend shows that there are new ways of online advertising today which aim for mobile apps install. As per the security firm DataVisor, the app installs advertising marketplace is a hot spot for regular attacks by fraudsters. This industry is of approximately $300 million per year.

DataVisor’s new “The Underworld of App Install Advertising” report mentioned that on average, premium ad networks had app install fraud rates of less one percent. Non-premium advertising network stands at five percent.

Ting-Fang Yen, Director of Research at DataVisor mentioned eSecurityPlanet that premium ad network doesn’t usually outsource or broker out their traffic to other channels. They either advertise on their own sites or only partner with reputable publishers they know, she said.

DataVisor Global Intelligence Network analyzed 140 million app installs and 11 billion user events to determine this report.

“We were surprised to see how much fraudsters are faking in-app activities and retention behavior,” Yen said.

Yen mentioned that fraudulent installs generated at least one in-app event.

“This means that fraudsters are becoming much more sophisticated. They are moving beyond just installs to go after the bigger payouts from cost-per-engagement (CPE) campaigns,” Yen said.

Yen mentioned ways to limit the risk by detecting fraud. Techniques involve the use of heuristics such as device identification, IP filtering, or click-to-install-time anomalies to distinguish fake installs from genuine users.

“Fraudsters are constantly exploring new ways to take advantage of loopholes and avoid detection,” Yen said. “This dynamic nature of fraud means that advertisers must remain vigilant and select the right partners and targeting criteria for each campaign they run.”

Advanced fraud detection solutions which can adapt to constantly changing attack patterns should be implemented.

“As fraudsters become increasingly sophisticated at faking installs, we expect more advertisers to adopt cost-per-engagement user acquisition models to avoid fraudulent traffic,” Yen said.

“Fraud is dynamic, and fraudsters are always on the look out for vulnerable points of entry,” she said. “If an ad network scrutinizes their traffic and deploys anti-fraud solutions, fraudsters will move to another channel that is less vigilant about traffic quality.”

____________________________________________________________________________________________

Alertsec Endpoint Encrypt is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Security of the end point devices

June 15th, 2017

A Recent survey conducted by Ponemon Institute shows that Sixty-three percent of participants are not able to monitor endpoint devices after they leave the corporate network. Fifty-five percent of endpoint devices contain sensitive data.

Absolute sponsored the survey which also contains below findings –

Fifty-six percent of participants don’t have a cohesive compliance strategy

Seventy percent mentioned that they have a below average ability to limit endpoint failure damages

Twenty-eight percent use automated analysis and inspection for determining compliance.

“It’s clear that enterprises face real visibility and control challenges when it comes to protecting the data on corporate endpoints, ensuring compliance and keeping up with threats,” Ponemon Institute chairman and founder Dr Larry Ponemon said.

The number of malware-infected endpoints devices has increased in the past one year. Also, forty-eight percent are not happy with their endpoint security solution.

“The trends that drove the extraordinary activity in 2016 are continuing unabated in 2017,” Risk-Based Security executive vice president Inga Goddijn said in a statement. “We have seen the return of widespread phishing for W-2 details, large datasets continue to be offered for sale, and misconfigured databases remain a thorny problem for IT administrators.”

Another survey by SACA shows that fifty-three percent reported an increase in cyber attacks. There is a general rise in data breaches.

“There is a significant and concerning gap between the threats an organization faces and its readiness to address those threats in a timely or effective manner,” ISACA board chair Christos Dimitriadis said in a statement. “Cyber security professionals face huge demands to secure organizational infrastructure, and teams need to be properly trained, resourced and prepared.”

Many believe there should be a rise in the budget for the security.

“The rise of CISOs in organizations demonstrates a growing leadership commitment to securing the enterprise, which is an encouraging sign,” Dimitriadis said. “But that’s not a cure-all. With the number of malicious attacks increasing, organizations can’t afford a resource slowdown. Yet with so many respondents showing a lack of confidence in their teams’ ability to address complex issues, we know there is more that must be done to address the urgent cybersecurity challenges faced by all enterprises.”

___________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Keeping sensitive information from leaks

April 11th, 2017

Today companies needs to keep the data very secure due to need of protecting corporate data and  also regulations which require consumer data to be protected. EU General Data Protection Regulation (GDPR) are increasing the fines for non compliance. It is daunting task for companies to comply with regulations.

“I can see the difference from before GDPR and after GDPR,” he said of companies scrambling to shore up data leaks. “Even if I have a tiny office somewhere, I need to check for confidential data.” And automating this scrutiny is the only way to effectively manage it.” said Angel Serrano, senior manager of advanced risk and compliance analytics at PwC UK in London.

What is DLP?

ISACA mention it “data leak prevention”.

Gartner calls it “data loss protection” or “data loss prevention”.

It prevents unauthorized users from sending sensitive data.

“DLP is not one thing, like a tomato,” GBT Technologies co-founder Uzi Yair said, referring to GBT’s enterprise suite of products. In addition to more traditional practices such as scanning endpoints, network and storage as well as policy management and workflow tools, it includes an information rights management (IRM) policy server that applies file-level control over who has access to what, where – it might be solely on-premises – and when.

Recent reports on DLP has below highlights:

  • An average of 20 data loss incidents occur every day all around the world
  • Eighty three percent of organisations have security solutions but still thirty three percent suffer from data loss
  • DLP detects incidents and has regular expressions, dictionary-based rules, and unstructured data for breach detection.
  • Many facilities use DLP only for email instead of full business applications

DLP takes two forms:

  • Agent software for desktops and servers, physical and virtual appliances for monitoring networks and agents, or soft appliances for data discovery
  • Integrated DLP products that may offer more limited functionality

“All these web applications like Google Drive and Office 365 are integrating with other satellite applications,” said Krishna Narayanaswamy, founder and chief scientist at Netskope.” Salesforce uses Google Drive as a place to store files. DocuSign can put documents in Google Drive. You need to be at all the points where data is going into these applications. You need to be able to inspect that data at rest and determine who uploaded that data. Also inspect and apply policies to outgoing email.”

Many companies do not use new ways.

“The new generation considers email a dinosaur. They go to social media – Twitter, LinkedIn, Facebook – you have to cover those as well. More and more communication is coming via SSL, and that’s a big blank spot that many DLP vendors have not considered,” Narayanaswamy said.

“When you look at the web, there are many reasons for sending data from inside to the outside,” Narayanaswamy said. “Modern applications constantly post information about how users are using the application, response times, and so forth, to improve user experience. When you look at every post transaction, there’s a potential for many false positives,” which have been the bane of DLP.

___________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by CheckPoint and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

Ransomeware attack at ABCD

April 8th, 2017

ABCD Pediatrics recently suffered ransomware attack. According to the statement, a virus was inserted to gain access to the healthcare organization’s servers. Patient data was encrypted in the process. Facility contacted IT personnel to take all servers offline. It is conducting detailed analysis.

Experts came to conclusion that this particular type of virus has likely not removed the information from the server.  Facility also mentioned that user accounts may have been accessed through it’s network. Affected information includes names, addresses, phone numbers, dates of birth, Social Security numbers, insurance billing information, medical records, and lab reports.

As per the OCR data breach reporting tool, approximately 55,447 patients may have been affected. ABCD has successfully removed the virus from the system. Corrupted data was also removed from its servers. Secure backup of the facility is not affected and thus used to restore all impacted data. It also mentioned that no PHI was lost or destroyed in the incident.

“Also, please note that ABCD never received any ransom demands or other communications from unknown persons,” ABCD stated. “However, ABCD remains concerned because it discovered user logs indicating that computer programs or persons may have been on the server for a limited period of time.”

Facility has upgraded it cyber security monitoring program to stop future incidents. Call centre is setup for the affected patients.

“Patients also can place a fraud alert on their credit files with the three major credit reporting agencies. A fraud alert is a consumer statement added to one’s credit report. The fraud alert signals creditors to take additional steps to verify one’s identity prior to granting credit. This service can make it more difficult for someone to get credit in one’s name, though it may also delay one’s ability to obtain credit while the agency verifies identity.”

___________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Data breach trends in 2016

April 5th, 2017

As per the IBM report, data breach increased 566 percent in 2016 from 600 million to more than 4 billion. The report also mentioned that healthcare in no longer the most attacked sector. Most of the attack was carried out on financial services industry.

In 2016, 12 million records were affected in healthcare. In previous year, the breach was 100 million records which counts to eighty eight percent drop. IBM surveyed 8000 security clients in 100 countries.

IBM Security Vice President of Threat Intelligence Caleb Barlow mentioned that the cyber attacks was carried out with innovative techniques.

“While the volume of records compromised last year reached historic highs, we see this shift to unstructured data as a seminal moment,” Barlow said in a statement. “The value of structured data to cyber-criminals is beginning to wane as the supply outstrips the demand. Unstructured data is big-game hunting for hackers and we expect to see them monetize it this year in new ways.”

IBM mentioned that for ransomware attacks, 70 percent of the companies paid more that $10,000 to regain the access to data. According to the FBI, cyber-criminals were paid $209 million in first three months of 2016.

Ransomware attacks are on the rise with 400 percent increase. In the coming time healthcare will do many reforms which includes increase in internet of things (IoT) technology. This will increase the attacks.

“Retail and financial services have battened down their hatches,” IDC Health Insights Research President Lynne Dunbrack told HealthITSecurity.com in a 2016 interview. “Now the cyber criminals might still be nipping at those heels, but they are looking at other targets, healthcare being one of them.”

CynergisTek Vice President Dan Berger mentioned that attacks against healthcare are carried out with sophistication.

“The dramatic increase in hacking attacks in 2016, coupled with the large number of patient records compromised in those incidents, points to a pressing need for providers to take a much more proactive and comprehensive approach to protecting their information assets in 2017 and beyond,” Berger stated.

___________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Insider security breach at KY

April 2nd, 2017

Kentucky-based Med Center Health mentioned that a former employee accessed certain patient billing information without permission. As per the reports, facility found out that on two instances the person “obtained certain billing information by creating the appearance that they needed the information to carry out their job duties for Med Center Health.”

“The evidence we have gathered to date suggests that the former employee intended to use these records to assist in the development of a computer-based tool for an outside business interest which had never been disclosed to Med Center Health officials,” Med Center Health explained in its letter, signed by CEO Connie Smith.

Person accessed the data and copied it on encrypted CD and encrypted USB drive. Facility mentioned that the data is not related to work responsibilities of the employee. Affected information included Social Security numbers, health insurance information, diagnoses and procedure codes, and charges for medical services. Patients medical records were not copied.

Patients who were treated at The Medical Center Bowling Green, The Medical Center Scottsville, The Medical Center Franklin, Commonwealth Regional Specialty Hospital, Cal Turner Rehab and Specialty Care and Medical Center EMS between 2011 and 2014 got impacted.

Law enforcement asked the facility to delay its data breach notification process.

“We sincerely apologize for any concern and inconvenience this incident may cause you,” the letter read. “We continue to review the incident and to take steps aimed at preventing similar actions in the future. Those actions include re-enforcing education with our staff regarding our strict policies and procedures in maintaining the confidentiality of patient information.”

Facility did not mention the number of individuals affected. It has established a dedicated call center to answer patients’ queries.

As per the statement, “We are offering credit monitoring and identity protection services to eligible patients and enrollment instructions are contained in the letters sent to the patients. We also recommend that you review the explanation of benefits that you receive from your health insurer. If you see services that you did not receive, please contact your health insurer immediately.”

___________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by CheckPoint and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

Data breach at UNC

March 31st, 2017

University of North Carolina Health Care recently suffered data breach. It is notifying patients of a potential data breach at two UNC Health Care obstetric clinics. The incident involved PHI of 1,300 prenatal patients. The data was transmitted to local county health departments inadvertently.

Data breach involved patients who completed Pregnancy Home Risk Screening Forms at their clinical visits between April 2014 and February 2017 at the Women’s Clinic at N.C. Women’s Hospital and UNC Maternal-Fetal Medicine at Rex.

“If you completed a Pregnancy Home Risk Screening Form, it may have included information about you, such as demographic information (like your name and address), your race and ethnicity, your Social Security number, information about your physical and mental health, sexually transmitted diseases, your HIV status, smoking, drug and alcohol use, and medical diagnosis information related to your pregnancy and any prior pregnancies,” UNC Health Care said in the notification letter.

UNC Health Care after the incident set up a call center. It has also changed/modified its process for submitting patient pregnancy forms. The new provision will ensure eligible patients forms for Medicaid are sent to county health departments. Staff is trained to handle new procedure.

UNC has also asked all county health departments to delete the electronic health information on non-Medicaid patients from their systems.

As per the statement:

“UNC Health Care is committed to providing its patients with superior health care services and takes very seriously its obligation to protect the privacy of patients’ medical information. While UNC Health Care does not believe that any of the patients will be at financial risk as a result of the release any of this information to county health departments, UNC Health Care included in the letters a number of options available to patients for monitoring and reviewing their credit reports and has offered fraud resolution services for any patient who suffers from identity theft as a result of this incident, free of charge.”

___________________________________________________________________________________

Alertsec is powered by Check Point Endpoint Security products, which are positioned in the leaders quadrant in Gartner’s Magic Quadrant for Mobile Data Protection.

iCloud hacking incident

March 27th, 2017

“Turkish Crime Family”, the group of hacker is threatening to reset millions of iCloud accounts and delete all data from iPhones if ransom of $75,000 in crypto currency or $100,000 in iTunes gift cards is not paid.

Apple mentioned that its systems are not hacked.

“There have not been any breaches in any of Apple’s systems including iCloud and Apple ID,” the company mentioned. “The alleged list of email addresses and passwords appears to have been obtained from previously compromised third-party services.”

“To protect against these types of attacks, we always recommend that users always use strong passwords, not use those same passwords across sites and turn on two-factor authentication,” the company added.

As per the reports, passwords and email addresses matched to data from the linkedin breach that was disclosed last year.

John Bambenek, threat systems manager at Fidelis Cybersecurity, said the threat ultimately sounds like a stunt. “There are always people who make unfounded threats to organizations in the hope of an easy payday — in this case, the hackers want $100,000 in iTunes gift cards,” he said.

“Companies must take due diligence but assess the adversary before paying to see if the threat is real,” Bambenek added. “As in the physical world, the odds are that paying a ransom, especially in a public manner, means the threats only increase.”

Still, Lamar Bailey, director of security research and development for Tripwire mentioned that iPhones can be wiped remotely if hacker posses the data.

“The hackers cannot remove backups for Apple devices from the cloud, but changing the passwords will make it hard for the legitimate users to reset and recover their devices,” Bailey said.

In recent survey of 1001 iPhone users, forty seven percent said that they are not comfortable in storing sensitive data in icloud.

“The worst thing in the world would be if someone thought they backed something up, deleted it, and found that it wasn’t on the cloud,” Network Remedy business development manager Aaron Mangal told Clutch.

___________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by CheckPoint and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.