Archive for the ‘Password’ category

New Cyber Security Strategy – Deceiving the Deceivers

September 5th, 2017

New cyber security battle is fought in a new way. Deception is the old strategy used in business, warfare and politics. It is now implemented in IT security.

Cyber criminals are long using deception policy to gain information. Now, new generation start-ups are using the same idea to avoid them. They are confusing the attackers by masking the real system.

“The idea is to mask real high-value assets in a sea of fake attack surfaces,” said Ori Bach, VP of products and marketing at TrapX Security. “By doing so, attackers are disoriented.”

Once attackers enter the system through malicious ways, they are free to roam inside. As per the Gartner analyst Lawrence Pingree, attackers must “trust” the environment that they insert malware into.

“Deception exploits their trust and tempts the attacker toward alarms,” said Pingree. “Deception also can be used to move an attacker away from sensitive assets and focus their efforts on fake assets – burning their time and the attacker’s investment.”

The main aspect is to manage real user endpoint lures.

“Distributed deception platforms (DDP) are solutions that create faked systems (often real operating systems, but used as sacrificial machines), lures (such as fake drive maps and browser histories) and honeytokens (fake credentials) on real end-user systems to entice and mislead the attacker to faked assets in order to enhance detection and to delay their actions as they attack those decoy assets,” wrote Pingree.

Experts believe that deceptive technology must not only create honeypots but a whole system to make it real.

“Ideally, organizations can use DDP solutions to create ‘intimate threat intelligence’ and use that to enrich their other tools to enhance prevention at the network and other security defensive layers,” said Pingree.

“Since you never know where you might be attacked, the ideal deception strategy should cover as many layers of the network and as many types of assets as possible,” said Bach. “For a deception tool to be effective in an enterprise environment, it must be integrated with the infrastructure (e.g. Active Directory, the networking infrastructure) and the security ecosystem.”

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

IoT Security Bill

August 2nd, 2017

This week the Internet of Things Cybersecurity Improvement Act of 2017 was introduced by a bipartisan group of U.S. senators. The rules sets minimum conditions and requirements for the security of Internet-connected devices purchased by the U.S. government. It also provides legal protections to security researchers.

Features:

(1) Devices which are connected to the internet should be patchable

(2) Industry standard protocols should be implemented

(3) Hard-coded passwords that can’t be changed should be leveraged

(4) Security vulnerabilities should not be present

It also asked the Office of Management and Budget to create alternative security conditions for devices with limited data processing and software functionality.

As per the bill, the definition of an Internet-connected device “is capable of connecting to and is in regular connection with the Internet,” and “has computer processing capabilities that can collect, send, or receive data.”

“While I’m tremendously excited about the innovation and productivity that Internet of Things devices will unleash, I have long been concerned that too many Internet-connected devices are being sold without appropriate safeguards and protections in place,” Sen. Mark Warner said in a statement.

“This legislation would establish thorough, yet flexible, guidelines for Federal Government procurements of connected devices,” Warner added. “My hope is that this legislation will remedy the obvious market failure that has occurred and encourage device manufacturers to compete on the security of their products.”

Arxan Technologies VP EMEA Mark Noctor hopes that other government will also follow “While there has been useful work in the area from bodies such as ENISA in Europe, it appears that an act of law is the best way to get vendors to ensure security,” he said.

“While the focus on basic measures such as password management is a good starting point, we’d also like to see future legislation build on this to require more advanced security measures, such as using code hardening to protect a connected device’s software from being broken into and reverse engineered for malicious purposes,” Doctor said.

Security research is also provided legal protections.

“I’ve long been making the case for reforms to the outdated and overly broad Computer Fraud and Abuse Act and the Digital Millennium Copyright Act,” Sen. Ron Wyden said in a statement.

“This bill is a bipartisan, common-sense step in the right direction.”

“This bill is designed to let researchers look for critical vulnerabilities in devices purchased by the government without fear of prosecution or being dragged to court by an irritated company,” Wyden added. “Enacting this bill would also help stop botnets that take advantage of Internet-connected devices that are currently ludicrously easy prey for criminals.”

____________________________________________________________________________________________

No server, IT knowledge or training is needed as everything is included in an Alertsec subscription.

U.S Election Systems Attacked by Russian Hackers

June 22nd, 2017

Thirty-nine states were hit by Russian hackers prior to the 2016 U.S. election. In Illinois, hackers got access to the database and tried to delete or alter voters data. A software was also accessed which was used by poll workers on Election Day.

“Last year, as we detected intrusions into websites managed by election officials around the country, the administration worked relentlessly to protect our election infrastructure,” Eric Schultz, spokesman for former President Barack Obama, told Bloomberg.

“Given that our election systems are so decentralized, that effort meant working with Democratic and Republican election administrators from all across the country to bolster their cyber defenses.”

A former senior U.S official mentioned that Russians now possess knowledge of U.S. election systems prior to the next presidential election.

“The U.S. must start putting precautions in place today that assures voter data and election systems are protected, or else history is bound to repeat itself.”Seclore CEO Vishal Gupta said.

Federal agents found traces of hacking into the database. Many states refused to cooperate with the agency.

“It’s laughable how systems we thought were immune to attack were so woefully under-secured.” Venafi chief security strategist Kevin Bocek said.

“We’ve seen this with ATMs and POS systems,” Bocek added. “The finance and retail industries have effectively responded to their own deep vulnerabilities, and now state, local and federal governments need to respond in the same way to protect voting systems.”

“Without a record of who is accessing, changing or deleting data, it’s virtually impossible to detect the compromise,” he said. “It’s not hard to imagine a scenario where voter data has been compromised but has gone undetected due to lack of auditing or evidence of a breach.”Varonis vice president of field engineering Ken Spinner said

“It’s more important than ever to monitor file activity and user behaviour, so that if an outside party is attempting to manipulate or delete information — as happened in Illinois — that activity is able to be flagged and investigated right away,” Spinner added.

“Whether you’re a small company or a national government, the best risk reduction is to limit access to those who need it the most, keeping sensitive data locked down, and to monitor data access so that when something suspicious happens, you can catch it before it turns into global headlines,” Spinner said.

____________________________________________________________________________________________

The Alertsec service protects everything stored on the computer such as Word, PowerPoint, Excel, Outlook, Gmail, Photos, Credit Card data files etc. Perhaps, most importantly, your login credentials to cloud applications are protected. 

Data breach trends in 2016

April 5th, 2017

As per the IBM report, data breach increased 566 percent in 2016 from 600 million to more than 4 billion. The report also mentioned that healthcare in no longer the most attacked sector. Most of the attack was carried out on financial services industry.

In 2016, 12 million records were affected in healthcare. In previous year, the breach was 100 million records which counts to eighty eight percent drop. IBM surveyed 8000 security clients in 100 countries.

IBM Security Vice President of Threat Intelligence Caleb Barlow mentioned that the cyber attacks was carried out with innovative techniques.

“While the volume of records compromised last year reached historic highs, we see this shift to unstructured data as a seminal moment,” Barlow said in a statement. “The value of structured data to cyber-criminals is beginning to wane as the supply outstrips the demand. Unstructured data is big-game hunting for hackers and we expect to see them monetize it this year in new ways.”

IBM mentioned that for ransomware attacks, 70 percent of the companies paid more that $10,000 to regain the access to data. According to the FBI, cyber-criminals were paid $209 million in first three months of 2016.

Ransomware attacks are on the rise with 400 percent increase. In the coming time healthcare will do many reforms which includes increase in internet of things (IoT) technology. This will increase the attacks.

“Retail and financial services have battened down their hatches,” IDC Health Insights Research President Lynne Dunbrack told HealthITSecurity.com in a 2016 interview. “Now the cyber criminals might still be nipping at those heels, but they are looking at other targets, healthcare being one of them.”

CynergisTek Vice President Dan Berger mentioned that attacks against healthcare are carried out with sophistication.

“The dramatic increase in hacking attacks in 2016, coupled with the large number of patient records compromised in those incidents, points to a pressing need for providers to take a much more proactive and comprehensive approach to protecting their information assets in 2017 and beyond,” Berger stated.

___________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Insider security breach at KY

April 2nd, 2017

Kentucky-based Med Center Health mentioned that a former employee accessed certain patient billing information without permission. As per the reports, facility found out that on two instances the person “obtained certain billing information by creating the appearance that they needed the information to carry out their job duties for Med Center Health.”

“The evidence we have gathered to date suggests that the former employee intended to use these records to assist in the development of a computer-based tool for an outside business interest which had never been disclosed to Med Center Health officials,” Med Center Health explained in its letter, signed by CEO Connie Smith.

Person accessed the data and copied it on encrypted CD and encrypted USB drive. Facility mentioned that the data is not related to work responsibilities of the employee. Affected information included Social Security numbers, health insurance information, diagnoses and procedure codes, and charges for medical services. Patients medical records were not copied.

Patients who were treated at The Medical Center Bowling Green, The Medical Center Scottsville, The Medical Center Franklin, Commonwealth Regional Specialty Hospital, Cal Turner Rehab and Specialty Care and Medical Center EMS between 2011 and 2014 got impacted.

Law enforcement asked the facility to delay its data breach notification process.

“We sincerely apologize for any concern and inconvenience this incident may cause you,” the letter read. “We continue to review the incident and to take steps aimed at preventing similar actions in the future. Those actions include re-enforcing education with our staff regarding our strict policies and procedures in maintaining the confidentiality of patient information.”

Facility did not mention the number of individuals affected. It has established a dedicated call center to answer patients’ queries.

As per the statement, “We are offering credit monitoring and identity protection services to eligible patients and enrollment instructions are contained in the letters sent to the patients. We also recommend that you review the explanation of benefits that you receive from your health insurer. If you see services that you did not receive, please contact your health insurer immediately.”

___________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by CheckPoint and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

iCloud hacking incident

March 27th, 2017

“Turkish Crime Family”, the group of hacker is threatening to reset millions of iCloud accounts and delete all data from iPhones if ransom of $75,000 in crypto currency or $100,000 in iTunes gift cards is not paid.

Apple mentioned that its systems are not hacked.

“There have not been any breaches in any of Apple’s systems including iCloud and Apple ID,” the company mentioned. “The alleged list of email addresses and passwords appears to have been obtained from previously compromised third-party services.”

“To protect against these types of attacks, we always recommend that users always use strong passwords, not use those same passwords across sites and turn on two-factor authentication,” the company added.

As per the reports, passwords and email addresses matched to data from the linkedin breach that was disclosed last year.

John Bambenek, threat systems manager at Fidelis Cybersecurity, said the threat ultimately sounds like a stunt. “There are always people who make unfounded threats to organizations in the hope of an easy payday — in this case, the hackers want $100,000 in iTunes gift cards,” he said.

“Companies must take due diligence but assess the adversary before paying to see if the threat is real,” Bambenek added. “As in the physical world, the odds are that paying a ransom, especially in a public manner, means the threats only increase.”

Still, Lamar Bailey, director of security research and development for Tripwire mentioned that iPhones can be wiped remotely if hacker posses the data.

“The hackers cannot remove backups for Apple devices from the cloud, but changing the passwords will make it hard for the legitimate users to reset and recover their devices,” Bailey said.

In recent survey of 1001 iPhone users, forty seven percent said that they are not comfortable in storing sensitive data in icloud.

“The worst thing in the world would be if someone thought they backed something up, deleted it, and found that it wasn’t on the cloud,” Network Remedy business development manager Aaron Mangal told Clutch.

___________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by CheckPoint and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

Data breaches due to unauthorized access

March 23rd, 2017

Virginia Commonwealth University (VCU) Health System recently announced data breach which affected over 2,700 patients. The incident occurred due to unauthorized access over a three-year period between January 3, 2014 and January 10, 2017.

Facility conducted investigation which found out that employees of community physician groups, and an employee of a contracted vendor had access to patient records without proper explanation. Concerned employees are terminated.

“As part of the health system’s partnership with community physicians, access is provided to their practices so they can view the medical records of their patients who are referred to the VCU Health System for care and treatment. Access also is provided to certain contracted vendors who provide medical equipment to patients for continuity of care at discharge from the hospital.”

Affected information included patient names, addresses, dates of birth, medical record numbers, health care providers, visit dates and Social Security numbers.

Facility is providing one year of free credit monitoring.

Second incident involves Tarleton Medical who announced data breach recently. Incident involves unauthorized access of a data server containing PHI from patient medical records.

Affected information included patient names, addresses, dates of birth, Social Security numbers, and healthcare claims information.

Facility did not mention number of individuals affected. As per the OCR reporting tool, incident affected 3,929 individuals.

“We have taken steps to enhance the security of TM patient information to prevent similar incidents from occurring in the future,” the healthcare organization explained in its notification letter.

Tarleton Medical contacted FBI. It is also offering patients free access to a credit monitoring service for one year.

As per the statement, it advised patients to follow below guidelines:

You can follow the recommendations on the following page to protect your personal information. You can also contact ID Experts with any questions Please note that the deadline to enroll is three months following the date of this letter. To receive the aforementioned services, you must be over the age of 18, have established credit in the U.S., have a Social Security number in your name, and have a U.S. residential address associated with your credit file. Your services start on the date that you enroll in the services and can be used at any time thereafter for 12 months following  enrollment.

___________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by CheckPoint and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

Summit Reinsurances Services announces data breach

March 20th, 2017

Summit Reinsurance Services, Inc., recently suffered data breach when it became aware of a ransomware attack on its server. Patient PHI was present was involved in the incident. Facility immediately conducted Investigation. It mentioned that an unauthorized user accessed the server during March 13, 2016.

Affected information included Social Security numbers, health insurance information, provider names, and claim-focused medical records containing diagnoses and clinical information.

Facility didn’t mention the number of affected patients. Also, there is no information or evidence of any misuse of information. It is providing information about ways of protecting against identity theft and fraud. One year of free credit monitoring and identity restoration is provided.

As per the statement:

  • Facility is asking patients to remain vigilant against incidents of identity theft and fraud. Review of account statements should be done. Also, credit reports and explanation of benefits forms should be monitored for suspicious activity.
  • Three major credit bureaus can be reached directly to request a free copy of credit report.
  • Fraud alerts can be placed on the files that will alert affected patients before granting credit. But it will delay ability to obtain credit while the agency verifies identity.
  • Security freeze on credit reports can be placed. Once this is activated, credit bureau can’t release consumer’s credit report without the consumer’s written authorization. This facility will affect customers request for new loans, credit mortgages, employment, housing, or other services.

“In order to request a security freeze, you will need to supply your full name, address, date of birth, Social Security number, current address, all addresses for up to five previous years, email address, a copy of your state identification card or driver’s license, and a copy of a utility bill, bank or insurance statement, or other statement proving residence.”

____________________________________________________________________________ 

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Verifone suffers data breach

March 17th, 2017

Payment solutions provider Verifone recently announced data breach which affected its internal network.

Verifone CIO and senior vice president Steve Horan sent an email to employees and contractors. They need to change the password within 24 hours. Also, they will be blocked from installing software on a computer till investigation completes. It came to know about the breach from Visa and MasterCard.

Verifone spokesman Andy Payment mentioned that breach didn’t affect payment services network. “We believe today that due to our immediate response, the potential for misuse of information is limited,” he said.

The attack has been traced to Russian hacking group.

As per the statement, “According to the forensic information to date, the cyber attempt was limited to controllers at approximately two dozen gas stations, and occurred over a short time-frame. We believe that no other merchants were targeted and the integrity of our networks and merchants’ payment terminals remain secure and fully operational.”

“The fact that Verifone asked employees and contractors to change their passwords and restricted their control over their desktops and laptops suggests that the attackers followed the usual path to gain access to critical systems such as payment terminals: exploit different vulnerabilities to take control over the devices and the accounts of people already inside the company,” Balabit product manager Peter Gyongyosi told eSecurity Planet by email.

“This once again underscores the importance of a multi-layer, defense-in-depth approach to security,” Gyongyosi added. “Keeping endpoint devices completely secure, especially in a large enterprise, is an impossible task and organizations must prepare for situations where an attacker would gain access to internal accounts. Fine-grained access control and detailed monitoring of activities — especially those related to critical systems — and advanced analytics such as behavior analysis can help security teams gain an edge over the attackers.”

Fortune 1000 Security Performance is declining. Verifone is a member of the Fortune 1000.

“It is possible Fortune 1000 companies exhibit a higher frequency of system compromises due to having a large attack surface,” the report states. “Fortune 1000 companies tend to have a high number of employees, which often corresponds to more networked devices and more IP addresses owned. Criminals also may have more motivation to target these prominent companies as they manage PII, PCI and intellectual property.”

___________________________________________________________________________________

Alertsec is powered by Check Point Endpoint Security products, which are positioned in the leaders quadrant in Gartner’s Magic Quadrant for Mobile Data Protection.

CIA hacking docs on WikiLeaks

March 15th, 2017

WikiLeaks published the 1st part of documents which it claims are retrieved from U.S. Central Intelligence Agency. The initial upload consists of  8,761 documents and files.

“Recently, the CIA lost control of the majority of its hacking arsenal, including malware, viruses, Trojans, weaponized “zero-day” exploits, malware remote control systems and associated documentation,” the organization stated in a press release. “This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA.”

The source of the document is not clear. WikiLeaks mentioned that the documents were already in circulation among the group of hackers.

“The source wishes to initiate a public debate about the security, creation, use, proliferation and democratic control of cyberweapons,” WikiLeaks stated.

The ways of surveillance includes:

  • Accessing Samsung smart TVs even when the units are turned off
  • Installing software in vehicle control systems in cars and trucks
  • Use of smartphones to access the camera, microphone, user location, audio and texts
  • Efforts are done to bypass encryption of WhatsApp

CIA spokesman Jonathan said “We do not comment on the authenticity or content of purported intelligence documents.”

Skyport Systems EVP Rick Hanson told “Donald Trump previously praised WikiLeaks during his campaign,” he said. “When an organization like WikiLeaks is lauded in any forum there is reason to be concerned.”

“We are losing the cybersecurity war to other nation states and [are] at a deficit in our ability to protect ourselves,” Carbon Black nation security strategist Eric O’Neill said by email. “Now with the release of one of our offensive playbooks, our ability to attack is compromised. All of these tools will now proliferate among those for whom breaching security is a business or profession, leading to additional attacks.”

Contrast Security CTO Jeff Williams mentioned that answer isn’t to focus on “cyber arms control,” which he said will never work. “We need a massive increased focus on writing secure code and defending against attacks,” he said.

“As a nation, we are simply incapable of reliably writing code that isn’t susceptible to these attacks,” Williams continued. “But it’s not impossible. It’s not even that difficult. But we have to change the incentives in the software market, which currently don’t encourage writing secure code.”

Access Now senior legislative manager Nathan White said “Today, our digital security has been compromised because the CIA has been stockpiling vulnerabilities rather than working with companies to patch them,” he said. “The United States is supposed to have a process that helps secure our digital devices and services — the ‘Vulnerabilities Equities Process.'”

“Many of these vulnerabilities could have been responsibly disclosed and patched,” White added. “This leak proves the inherent digital risk of stockpiling vulnerabilities rather than patching them.”

___________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.