Check Point

Data Breach at Anthem Vendor

August 21st, 2017

An Anthem vendor recently suffered a data breach that could affect 18,580 Medicare members. The company known as LaunchPoint Ventures, LLC (LaunchPoint) is a Medicare insurance coordination services vendor. It came to know that one of its employees “was likely involved in identity theft related activities.”

LaunchPoint also found out that “some other non-Anthem data may have been misused by the employee”. The person emailed file containing PHI. The investigation about the emails is going on.

Affected information included Medicare ID numbers (which includes a Social Security number), health plan ID numbers, Medicare contract numbers, dates of enrollment, and limited numbers of last names and dates of birth. 

“LaunchPoint terminated the employee, hired a forensic expert to investigate, and is working with law enforcement,” read Anthem’s online statement. “The employee is in prison and is under investigation by law enforcement for matters unrelated to the e-mailed Anthem file.”

Two years of credit monitoring and identity theft restoration services will be provided to the affected individuals.

The data breach is second largest for Anthem in the last two years. Previous breach involves hackers infiltrating an Anthem data base which affected names, dates of birth, medical IDs or Social Security numbers, street addresses, and email addresses.

Anthem CEO Joseph Swedish mentioned that it was sophisticated attack.

A California Department of Insurance report found out the attack originated from outside country.

“This was one of the largest cyber hacks of an insurance company’s customer data,” Insurance Commissioner Dave Jones said in a statement. “Insurers have an obligation to make sure consumers’ health and financial information is protected. Insurance commissioners required Anthem to take a series of steps to improve its cybersecurity and provide credit protection for consumers affected by the breach.”

Anthem took efforts to secure the data.

“Opening the email permitted the download of malicious files to the user’s computer and allowed hackers to gain remote access to that computer and at least 90 other systems within the Anthem enterprise, including Anthem’s data warehouse,” the Department stated.

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Staff Shortage for Cyber Security

August 15th, 2017

The findings of recent Tripwire survey of 108 people at Black Hat USA 2017 has below findings-

Eighty-five percent of cyber security pros mentioned that they need more people

Eighty four percent mentioned that they need new technology

Twenty-eight percent mentioned that they need vendor services

Seventy percent mentioned that hiring experienced professionals is on priority

Thirty percent mentioned that they are willing for on job training

“Tools alone can’t solve the challenges in cyber security,” Tripwire vice president Tim Erlin said in a statement. “Organizations need talented staff to drive process improvements, administer tools and push for continuous improvement.”

“If you think the answer to the problems that keep you up at night is a new cyber security tool, it’s time to reassess,” Erlin added. “Security is built on strong foundations, and the best practices need to adapt to the changing threat landscape, but the core of what’s necessary for defense remains consistent.”

As per the research firm Gartner,  information security spending will climb to $86.4 billion in 2017

“Rising awareness among CEOs and boards of directors about the business impact of security incidents and an evolving regulatory landscape have led to continued spending on security products and services,” Gartner principal research analyst Sid Deshpande mentioned in a statement.

Sid also mentioned that investing on new tech is not the complete solution “As seen in the recent spate of global security incidents, doing the basics right has never been more important,” he said.

“Organizations can improve their security posture significantly just by addressing basic security and risk related hygiene elements like threat centric vulnerability management, centralized log management, internal network segmentation, backups and system hardening.”

“Cyber attacks and data breaches are on the rise and being broadcast in the media, and with it a need for more security professionals, services and tools to protect organizations,” AsTech chief security strategist Nathan Wenzler said.

“Further, if we watch how the trend of attacks has gone over the past several years, we see more and more criminals moving away from targeting servers and workstations, and towards applications and people,” Wenzler added.

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Ukraine’s Postal Service Hit

August 11th, 2017

Ukraine’s national postal service website Ukrposhta was hit by DDoS attacks for two days. The facility mentioned that it was able to start the service after the first day attack. On the second day, the service was slowed down by the attack.

Igal Zeifman Imperva director of marketing said that its not unusual to see such repeat attacks. “Recently, such tactics had become more common due to their ability to disrupt some security measures and cause fatigue to the people in charge of the attack mitigation, forcing them to stay alert even in the quiet time between attacks,” he said.

“In the first quarter of the year, we saw the number of such repeat assaults reach an all-time high, with over 74 percent of DDoS targets attacked at last twice in the span of that quarter,” Zeifman added.

Ukposhta was attacked earlier by hackers. In the late June it was impacted by NotPetya attacks.

As per Kaspersky Lab Q2 2017 DDoS Intelligence Report this quarter saw a 277-hour DDoS attack and 131 percent longer than the longest DDoS attack in Q1 2017.

It also mentioned that DDoS attacks hit 86 countries, up from 72 countries in Q1 2017. The most affected countries were China, South Korea, the U.S., Hong Kong, the U.K., Russia, Italy, the Netherlands, Canada and France.

Kaspersky also said that there is an increase in Ransom DDoS or RDos attacks

“Nowadays, it’s not just experienced teams of hi-tech cybercriminals that can be Ransom DDoS attackers,” Kaspersky Lab head of DDoS protection Kirill Ilganaev said in a statement. “Any fraudster who doesn’t even have the technical knowledge or skill to organize a full-scale DDoS attack can purchase a demonstrative attack for the purpose of extortion.”

“These people are mostly picking unsavvy companies that don’t protect their resources from DDoS in any way and therefore can be easily convinced to pay ransom with a simple demonstration,” Ilganaev added.

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Complex Malware Installed by Simple Phishing Attacks

August 9th, 2017

A new JScript back door called Bateleur distributed by the FIN7 (a.k.a Carbanak) hacker group through phishing emails targeting U.S.-based restaurant chains has been identified by Proofpoint researchers.

The modus operands is simple. The receiver gets the email containing document which contains macro. The message of the email is “here is the check as discussed.”

The executed macro creates a scheduled task to run Bateleur which then sleeps for three seconds and then again executes Bateleur and then sleeps for 10 seconds. Finally, it deletes the scheduled task.

“The combined effect of these commands is to run Bateleur on the infected system in a roundabout manner in an attempt to evade detection,” the researchers note.

The JScript macro contains anti-sandbox and anti-analysis functionality.

“We continue to see regular changes to the tactics and tools used by FIN7 in their attempt to infect more targets and evade detection,” the researchers state. “The Bateleur JScript back door and new macro-laden documents appear to be the latest in the group’s expanding toolset, providing new means of infection, additional ways of hiding their activity, and growing capabilities for stealing information and executing commands directly on victim machines.”

Simon Taylor, vice president of products at Glasswall, mentioned that though the software is complex, a method of installing it is very straight forward through phishing email.

“Phishing is a tried and true method for attackers — largely because it is predictably and repeatedly successful,” he said.

“Historically, the security industry has attempted to change employee behaviour,” Taylor added. “But while education helps, cyber criminals are continuously adjusting their techniques and the authenticity of their messages in order to stay several steps ahead of their victims.”

“Humans are and always will be the weakest link in an organization, and going forward, defense and detection strategies must change to address these inevitable challenges,” Taylor said.

Cyber Resilience

____________________________________________________________________________________________

Alertsec is based on the 256-bit AES encryption algorithm and has the highest security certifications.

Qualys CEO mentions that WannaCry a “Godsend” for his Business

August 5th, 2017

Security vendor Qualys CEO Philippe Courtot mentioned that the WannaCry ransomware and the planned General Data Protection Regulations (GDPR) are “godsends” that will help the company to grow further. He said this during company’s second quarter fiscal 2017 earnings call.

Qualys revenue saw 14% increase compared to previous year. This year revenue is $55.3 million.  Company is now estimating growth of 17 to 18%.

“Recent attacks like WannaCry and Petya have made it clear that the days of scanning the network perimeter and a few critical servers are over,” Courtot said during his company’s earnings call. “Enterprises now require scalability, accuracy and speed in order to identify assets that are vulnerable and ensure they are rapidly and properly remediated, which is something traditional enterprise IT and IT security solutions cannot deliver effectively and at which Qualys excels.”

Qualys’ cloud platform consists of a host of expanding capabilities that help enterprises with vulnerability and security management tasks. It has also announced new SSL/TLS certificate and cloud visibility technologies which will further augment the cloud security platform.

Upcoming GDPR regulation is also the main contributing factor for the company growth. It will come into effect in May 2018 across the European Union (EU). GDPR makes it compulsory to take all possible efforts for the companies to ensure the security and the privacy of customer data.

“We see that GDPR is in fact a godsend for Qualys and we see the effect of that because specifically, it is now accelerating the digital transformation of many of the large European companies,” Courtot said.

The recent breaches due to WannaCry has boosted Qualys business prospect.

“WannaCry has been also a godsend for Qualys,” Courtot said. “People finally realize that instead of having to buy solutions that supposedly protect them, that in fact they better try to identify all of their assets and also identify the vulnerabilities on those assets because this is what WannaCry and then NotPetya absolutely demonstrated.”

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

IoT Security Bill

August 2nd, 2017

This week the Internet of Things Cybersecurity Improvement Act of 2017 was introduced by a bipartisan group of U.S. senators. The rules sets minimum conditions and requirements for the security of Internet-connected devices purchased by the U.S. government. It also provides legal protections to security researchers.

Features:

(1) Devices which are connected to the internet should be patchable

(2) Industry standard protocols should be implemented

(3) Hard-coded passwords that can’t be changed should be leveraged

(4) Security vulnerabilities should not be present

It also asked the Office of Management and Budget to create alternative security conditions for devices with limited data processing and software functionality.

As per the bill, the definition of an Internet-connected device “is capable of connecting to and is in regular connection with the Internet,” and “has computer processing capabilities that can collect, send, or receive data.”

“While I’m tremendously excited about the innovation and productivity that Internet of Things devices will unleash, I have long been concerned that too many Internet-connected devices are being sold without appropriate safeguards and protections in place,” Sen. Mark Warner said in a statement.

“This legislation would establish thorough, yet flexible, guidelines for Federal Government procurements of connected devices,” Warner added. “My hope is that this legislation will remedy the obvious market failure that has occurred and encourage device manufacturers to compete on the security of their products.”

Arxan Technologies VP EMEA Mark Noctor hopes that other government will also follow “While there has been useful work in the area from bodies such as ENISA in Europe, it appears that an act of law is the best way to get vendors to ensure security,” he said.

“While the focus on basic measures such as password management is a good starting point, we’d also like to see future legislation build on this to require more advanced security measures, such as using code hardening to protect a connected device’s software from being broken into and reverse engineered for malicious purposes,” Doctor said.

Security research is also provided legal protections.

“I’ve long been making the case for reforms to the outdated and overly broad Computer Fraud and Abuse Act and the Digital Millennium Copyright Act,” Sen. Ron Wyden said in a statement.

“This bill is a bipartisan, common-sense step in the right direction.”

“This bill is designed to let researchers look for critical vulnerabilities in devices purchased by the government without fear of prosecution or being dragged to court by an irritated company,” Wyden added. “Enacting this bill would also help stop botnets that take advantage of Internet-connected devices that are currently ludicrously easy prey for criminals.”

____________________________________________________________________________________________

No server, IT knowledge or training is needed as everything is included in an Alertsec subscription.

Cyber Insurance and Cloud Cyber Attacks

July 31st, 2017

According to the insurer Lloyd’s, a large cyber attack could cause $53 billion in economic losses which is almost same estimation as per 2012’s Superstorm Sandy. The report mentions the two possibilities. One where a disruptive attack which can lead to losses of $53 billion. Other includes an attack on computer operating systems which could lead to losses of $28.7 billion.

As per Lloyd’s estimation, the range of losses can vary between $15.6 billion to $121.4 billion. Average loss range is from $620 million for a large loss to $8.1 billion for an extreme loss.

“Just like some of the worst natural catastrophes, cyber events can cause a severe impact on businesses and economy, trigger multiple claims and dramatically increase insurers’ claims costs,” Lloyd’s CEO Inga Beale mentioned

“Underwriters need to consider cyber cover in this way and ensure that premium calculations keep pace with the cyber threat reality,” Beale added. “We have provided these scenarios to help insurers gain a better understanding of their cyber risk exposures so they can improve their portfolio exposure management and risk pricing, set appropriate limits and expand into this fast-growing, innovative insurance class with confidence.”

As per the RiskIQ study, cybercrime led to global economy $454 billion loss last year. it also mentioned that $858,153 is lost to cybercriminals every minute. Companies spent $142,694 per minute to protect.

“Today, an organization’s digital assets are subject to malware, malvertising, and phishing efforts on a scale never before seen, while rogue apps, domain and brand infringement, and social impersonation cause business disruption and material loss,” RiskIQ manager of content strategy Mike Browning wrote in a blog post examing the findings.

The report also mentioned that 818 pieces of unique malware are injected in the system per minute.

“As companies innovate Web, social, and mobile means to engage with their customers, partners and employees, threat actors will prey on business exposures and brands to capture users’ trust, access credentials, and sensitive data,” RiskIQ chief marketing officer Scott Gordon said in a statement. “This requires organizations to extend their security programs to monitor and mitigate threats outside the firewall.”

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Data Breach at Swedish Citizens’ Data Points

July 27th, 2017

Unscreened third-party IT workers were provided full access to the information of vehicles including police and military by the Swedish Transport Agency. Management of the operations were outsourced to IBM administrators without security checks in 2015.

According to the reports, as the data is handled in time pressure for this activity, there was no option to transfer bypassing standard security protocols.

Affected information included vehicle registration data for every Swedish citizen, data on all government and military vehicles, weight capacity of all roads and bridges — and the names, photos, and home addresses of air force pilots, police suspects, elite military operatives, and people under witness protection.

As per the Swedish Pirate Party founder Rick Falkvinge the breach is the “worst known governmental leak ever,” noting, “Sweden’s Transport Agency moved all of its data to ‘the cloud,’ apparently unaware that there is no cloud, only somebody else’s computer.”

“Many governments have had partial leaks in terms of method (Snowden) or relations (Manning) lately, but this is the first time I’m aware that the full treasure chest of every single top-secret governmental individual with photo, name, and home address has leaked,” Falkvinge wrote.

The entire register was sent to marketers which also included people in the witness protection program.

When that happened, Falkvinge wrote, “the sensitive identities were pointed out and named in a second distribution with a request for all subscribers to remove these:e records themselves. This took place in open clear text email.”

RiskVision CEO Joe Fantuzzi mentioned the risk of third party vendors.

While understanding your own risk environment is an important step in improving your risk posture, Fantuzzi said, it’s far from the only step.

“Organizations that fail to assess third party vulnerabilities will be left with gaping blind spots that will leave them susceptible to breaches and cyber attacks down the road,” Fantuzzi said.

“Ultimately, organizations need to truly consider third party environments as an extension of their own, and treat them as such from a security and risk perspective.”

____________________________________________________________________________________________

Alertsec is powered by Check Point Endpoint Security products, which are positioned in the leader’s quadrant in Gartner’s Magic Quadrant for Mobile Data Protection.

New additions to Qualys

July 25th, 2017

As per the new announcement, Qualys is upgrading its Software-as-a-Service cloud platform. It now provides customers with new cloud security and SSL/TLS certificate security abilities.

“CloudView a is an entirely new module built on the Qualys Cloud Platform,” Hari Srinivasan, Director of Product Management, Qualys, told eSecurityPlanet.

“CloudView is a new app framework in the Qualys Cloud Platform for a comprehensive and continuous protection of cloud infrastructure.”

Srinivasan mentioned that Cloudview has multiple apps which includes Cloud Inventory and Cloud Security Assessment, Cloud Inventory (CI) and Cloud Security Assessment (CSA).

CI and CSA provides a continuous security of public cloud infrastructure.

“These two apps allow teams to gain critical insights into these cloud resources and their security posture across them,” Srinivasan said.

The company provides insight into SSL/TLS certificate status and deployment.

“SSL Labs does not however store this data for later use,” Asif Karel, Director of Product Management at Qualys, told eSecurityPlanet. “CertView is a commercial offering intended for enterprise customers who will not only benefit from similar assessments of their public as well as internal servers and services, they will also be able to create and maintain an inventory of the certificates deployed in all of their environments and critical infrastructure.”

Karel also mentioned that the customers will be able to find the flaws in the certificate and related dangers

“The grading calculation highlights the support, or lack of support, for mechanisms such as HSTS that prevent protocol downgrade attacks as well as other TLS related vulnerabilities,” Karel said.

HTTP Strict Transport Security (HSTS) is a configuration on a webserver that only allows pages to be served over SSL/TLS as HTTPS.

The market is changed due to the arrival of free Let’s Encrypt. But it has a drawback which karel mentioned.

“Unsuspecting users might think they are communicating with trustworthy sites because the identity of the site has been validated by a CA (Certificate Authority), without realizing that these are just domain validated certificates with no assurance about the identity of the organization that owns the site, Karel said.

____________________________________________________________________________________________

The Alertsec service protects everything stored on the computer such as Word, PowerPoint, Excel, Outlook, Gmail, Photos, Credit Card data files etc.

Series A round for Security Startup

July 23rd, 2017

The San Francisco-based cyber security startup Insight Engines recently raised $15.8 million in a Series A round of financing for its threat intelligence gathering tool Splunk also known as called Cyber Security Investigator.

August Capital led the funding round which was backed by Real Ventures, Data Collective, Splunk and its co-founder, Erik Swan. Simon Crosby, co-founder and CTO of Bromium, is also part of an investor group.

Company makes big data easy to explore and work with natural-language processing technologies. Cyber Security Investigator can detect and understand cyber threats by asking questions.

“In today’s day and age, advisories are always changing their patterns of attack, making static alerts ineffective defense,” Grant Wernick, co-founder and CEO of Insight Engines, told e-security Planet. “CSI [Cyber Security Investigator] levels the playing field, allowing the good guys to be dynamic in ways they never imagined possible.”

This technology can help fill the IT companies with the workforce gap.

“CSI helps bridge the hiring chasm between the need for talented individuals and the work force available,” said Wernick. “CSI is a force multiplier for the most advanced security teams who can now achieve more effective results in a fraction of the time. With CSI we have been able to transform physical security staff to augment cyber security operations, which has resulted in both significant cost savings and fresh perspectives for the enterprise.”

It also reduces time to zero in on cyber security issues.

“CSI empowers analysts to escape search fatigue by helping them analyze more of their data and spend less time searching,” he said. They can “spend more time focused on mitigating real threats and significantly less time focused on crafting esoteric queries. Using CSI, analysts no longer need to be big data specialists and can focus back on defending against an ever-increasing threat landscape.”

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.