data breach

Kmart Attacked by Hackers Again

June 9th, 2017

Kmart suffered another data breach when its server was attacked by hackers.

“Our Kmart store payment data systems were infected with a form of malicious code that was undetectable by current anti-virus systems and application controls,” a Kmart FAQ on the data breach states. “Once aware of the new malicious code, we quickly removed it and contained the event.”

Sears Holdings owns Kmart. It has not mentioned the number of affected card holder in the statement. Also, the location impact is also not disclosed. But it mentioned that only card information got breached.

“All Kmart stores were EMV ‘Chip and Pin’ technology enabled during the time that the breach had occurred and we believe the exposure to cardholder data that can be used to create counterfeit cards is limited,” the company stated. “There is no evidence that kmart.com or Sears customers were impacted nor that debit PIN numbers were compromised.” 

This is the second breach in three years. Security of the card is crucial and online shops are finding it difficult to secure.

“Consumers should monitor the transactions on any account linked to credit or debit cards they have used in a Kmart store and report any fraudulent transactions to their bank as soon as they are identified,” Capps said. “Given the brisk migration to a chip-and-pin system, we are unlikely to see the stolen credentials used for in-person payments, but they can be used for online transactions. “

 In 2014, Kmart was affected by malware.

 “We will likely find that this attack started with a stolen credential, used to inject the malware into Kmart’s networks,” Nir Polak, CEO of security vendor Exabeam mentioned. “In this modern operating environment, better behavioural analysis — focused on both use of credentials and on the system processes that are spawned from malware — is the best way to detect and shut down these attacks.”

____________________________________________________________________________________________

 Alertsec encryption is powered by Check Point and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

Healthcare Industry Most Affected by Data Breach

June 2nd, 2017

As per reports, healthcare industry was frequently attacked by cyber hackers. Vectra Networks survey suggests that 164 threats were detected per 1,000 host devices. The education industry has 145 threat detections per 1,000 host devices.

“The data shows that healthcare and education are consistently targeted and attackers can easily evade perimeter defences,” the report mentions.

There is a rise of 265 percent in the average number of reconnaissance, lateral movement and exfiltration detections. Also, 333 percent rise was recorded for reconnaissance detections. Finance and technology received below-average threat detection rates mainly due to stronger policies and good response. Media companies has highest rates of exfiltration.

Healthcare industry now has a significant number of IoT.

“These unsecured devices are easy targets for cybercriminals,” the report mentions.

As per Synopsys survey, sixty percent of manufacturers and 49 percent of HDOs said that usage of mobile devices in hospitals and other healthcare organizations increase data risk. But only 17 percent are employing steps to prevent attacks.

“The security of medical devices is truly a life or death issue for both device manufacturers and healthcare delivery organizations,” Ponemon Institute chairman and founder Dr Larry Ponemon said in a statement. “According to the findings of the research, attacks on devices are likely and can put patients at risk. Consequently, it is urgent that the medical device industry makes the security of its devices a high priority.”

Medical devices are difficult to secure as per the eighty percent of respondents.

“These findings underscore the cyber security gaps that the healthcare industry desperately needs to address to safeguard the wellbeing of patients in an increasingly connected and software-driven world,” Synopsys global director of critical systems security Mike Ahmadi said in a statement.

“The industry needs to undergo a fundamental shift, building security into the software development lifecycle and across the software supply chain to ensure medical devices are not only safe but also secure,” Ahmadi added.

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Records available online due to flaw in the system

May 29th, 2017

Molina Healthcare had patients’ medical claims online. The duration of the breach is not clear. Also, the reason behind the leak is also not available. Investigative reporter Brian Krebs received tip about the breach.

According to the reports, customer could see other customers’ medical claims only by changing a single number in the URL. There was no requirement of the authentication.

“It’s unconscionable that such a basic, Security 101 flaw could still exist at a major healthcare provider today,” Krebs wrote. “However, the more I write about these lame but otherwise very serious vulnerabilities at healthcare firms the more I hear about how common they are from individual readers.”

Records did not include Social Security numbers. Affected information included patient names, addresses and birthdates, as well as diagnosis, medication and medical procedure information. Molina said that it has fixed the problem.

“Because protecting our members’ information is of utmost importance to Molina and out of an abundance of caution, we are taking our ePortal temporarily offline to perform additional testing of our system security,” the company said. “Molina has also engaged Mandiant to assist the company in continuing to strengthen our system security.”

World focus remains on cyber threats like WannaCry but many organizations lack basic security, Bitglass CEO Nat Kausik mentioned. “This is especially true in the heavily regulated healthcare industry,” he said. “Molina Healthcare is just one example of an IT oversight that led to massive exposure of PHI.”

“Healthcare organizations are major targets and will see any and all flaws exploited by malicious individuals,” Kausik added. “As healthcare organizations make patient data more accessible to individuals and new systems, they must make information security their top priority.”

There is increase in data breach this year.

“Unauthorized disclosures continue to tick up and are now the leading cause of breaches as data moves to cloud and mobile and as external sharing becomes easier. Unauthorized disclosures includes all non-privileged access to PII or PHI,” the report states. “Hacking and IT-related incidents doubled year-over-year, an indication that malicious actors are not letting up and are increasingly aware of PHI’s high long-term value.”

____________________________________________________________________________________________

Alertsec is powered by Check Point and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

IoT Threat Defense Platform of Cisco

May 22nd, 2017

Cisco has created new IoT Threat Defense Platform to tackle growing threats. It consists of integrated security technologies which protects enterprise IoT deployment from hackers. It uses the network segmentation capabilities. Its’ AnyConnect provides remote access functionality.

Marc Blackmer, product marketing manager of Industrial Solution at Cisco’s Security Business Group said that it’s best not to leave any stone unturned given the scale and complexity of IoT implementations.

“A characteristic of the IoT is that it opens a multitude of attack vectors,” Blackmer mentioned. “Now, organizations need to be aware of, not just what servers and workstations are online, but whether their HVAC system or connected lighting have been mistakenly connected to the Internet.”

Researchers at Dalhousie University in Canada and Weizmann Institute of Science in Israel conducted a test. It demonstrated a citywide bricking attack using smart bulbs. Companies are connecting their IoT devices to internet and hackers are looking for loopholes.

“A simple Shodan search can turn up medical devices and industrial equipment connected to the Internet, as well,” Blackmer said. “With this in mind, we selected the technologies in our portfolio that would, first, segment IoT devices, to protect them from external attacks, as well as protect the business should one of those devices be compromised, and then those that provide broad, complementary coverage across a range of attack vectors.”

Connecting virtual local area networks (VLANs) to the scale of the IoT can overwhelm even the most efficient IT teams. Cisco products and team is also helping companies to secure their networks from stealthier threats.

“We are inspecting the traffic throughout the organization (with Stealthwatch, Advanced Malware Protection, and our NGIPS [Next-Generation Intrusion Prevention System], which is included with our NGFW [Next-Generation Firewall]), as well as that attempting to exit the organization (with Umbrella and Cognitive Threat Analytics).”

____________________________________________________________________________________________

Alertsec is powered by Check Point Endpoint Security products, which are positioned in the leader’s quadrant in Gartner’s Magic Quadrant for Mobile Data Protection.

Data Breach at Zomato

May 20th, 2017

Zomato is the restaurant search portal which has more than 120 million users per month. The team of the company recently found that approximately 17 million user IDs, names, user names, email addresses and hashed passwords were unauthorizedly accessed.

”We hash passwords with a one-way hashing algorithm, with multiple hashing iterations and individual salt per password,” the company stated. “This means your password cannot be easily converted back to plain text. We however strongly advise you to change your pasword for any other services where you are using the same password.”

Zomato mentioned that the passwords of the affected accounts have been reset. Also, the database which contained payment information was not affected. It also mentioned that the hacker has agreed to stop sale of the data.

“The marketplace link which was being used to sell the data on the dark Web is no longer available,” the company said.

Hacker wanted company to start bug bounty program which got positive response. Hacker also gave information the way of hacking a present Zomato database. It will be made public when loopholes are closed.

“Having said that, we are going to be cautious and paranoid, as this is a sensitive matter,” the company added. “6.6 million users had password hashed in the ‘leaked’ data, which can be theoretically decrypted using brute force algorithms. We will be reaching out to these users to get them to update their password on all services where they might have used the same password.”

Breach harms the brands

Ponemon Institute study recently conducted survey on the brand impact of a data breach. It shows that breach causes decline in stock value.

The survey sponsored by Centrify mentioned that 31 percent of users stop using the services and products provided by company who gets affected by data breach. Sixty five percent said that they lost trust in company. Eight one percent mentioned that organizations should take reasonable steps to secure personal data.

Forty five percent of IT practitioners present in the survey mentioned that they don’t believe brand protection is taken seriously in the C-suite.

“It is no longer just an IT problem — it must be elevated to the C-suite and boardroom because it requires a holistic and strategic approach to protecting the whole organization,” Centrify CEO Tom Kemp said.

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organizations laptops and computers.

US Hit Hard by WannaCry Ransomware

May 18th, 2017

A Department of Homeland Security official mentioned that WannaCry ransomware campaigns affected some U.S. critical infrastructure operators. It also mentioned that there are no victims in U.S. federal government.

Dragos CEO Robert M. Lee mentioned that his company is “aware of infections that occurred in the industrial control system community and had impact,” including small utilities and manufacturing sites in the United States — though he said “no one’s been hurt and no safety was at risk.”

PAS Global CEO Eddie Habibi mentioned that companies that depend on industrial control systems (ICS) are put on high alert.

“In a corporate IT network, cyber security professionals have the option of isolating traffic or entire systems if they are compromised,” Habibi said. “Personnel can also apply patches in real time with confidence that patching will not impact system performance.”

“Those systems may have primary responsibility for controlling volative processes or ensuring worker and environmental safety,” Habibi said. “System uptime is paramount.”

“Real-time patches are also no-nos within a facility’s network,” Habibi added. “First, any Microsoft patch must have ICS vendor approval before application. Even with approval, patching typically occurs during maintenance windows and turnarounds when systems are offline — something that may occur only once or twice per year.”

Patches can’t be applied if there are chances of process disruption.

“In these cases, asset owners may place additional security controls in front of the unpatched system to mitigate risk,” Habibi said. “This assumes that there is a closed-loop, enterprise-wide patch management process in place that can evaluate the steps required to mitigate risk; many companies are missing this capability.”

Microsoft has released patches for security but it is not enough for limited ability work force of critical infrastructure.

“As we watch WannaCry continue to proliferate and see new variants spring up, the risk to industrial process facilities remains high,” he said.

Langner founder and CEO Ralph Langner mentioned that the abled attacker could hit industrial targets and force a production halt. “We haven’t seen that on a large scale yet, but I predict it’s coming, with ransom demands in the six and seven digits,” he said.

____________________________________________________________________________________________

The Alertsec service protects everything stored on the computer such as Word, PowerPoint, Excel, Outlook, Gmail, Photos, Credit Card data files etc.

Seventy four countries hit with WannaCry ransomware

May 14th, 2017

Kaspersky researchers mentioned that tens of thousands of computers are infected in 74 countries worldwide by WannaCry ransomware.

“It’s important to note that our visibility may be limited and incomplete and the range of targets and victims is likely much, much higher,” the researchers mentioned.

MalwareTech has published live map for the area affected in the world.

“Russia, Ukraine and Taiwan leading,” Avast researcher Jakub Kroustek tweeted on Friday. “This is huge.”

Major company affected included FedEx, the Spanish phone company Telefonica, the Russian mobile phone operator MegaFon, and the UK’s National Health Service (NHS).

“This attack was not specifically targeted at the NHS and is affecting organizations from across a range of sectors.” NHS mentioned.

Joshua Douglas, chief strategy officer at Raytheon Foreground Security mentioned that the target was vital services like healthcare.

“Organizations are beginning to fully appreciate their exposure to risk, whether from negligent or malicious insiders, the growing attack surface are represented by the Internet of Things, or from the growing number of sophisticated attackers,” Douglas said.

“Healthcare, an industry with mountains of sensitive personal data and lives at stake, should consider security measures that take into account network users in addition to outside threats,” Douglas added. “When dealing with ransomware, advance security protections, basic cyber hygiene, tested disaster recovery plans and employee training are critical to protecting data.”

The attack has devastating impact on the services and systems.

“This is the first time that a worm-link tool has been used in conjunction with ransomware that has created devastating impact against entire organizations,” Fidelis Cybersecurity threat research manager John Bambenek said by email. “Strong and swift patching would have helped mitigate this threat. It has undoubtedly captured the imagination of criminals who don’t want to hold individual machines ransom but to take entire organizations hostage, and surely we will see much more of this in the coming weeks.”

“The fact that a vulnerability developed by the NSA was used in this attack shows the dangers that can happen when this knowledge gets out into the wild even after a patch has been developed,” Bambenek added. “Intelligence agencies will always be developing zero-days, but unlike traditional weapons, these tools can be repurposed quickly for devastating criminal attacks.”

“The intelligence community should develop strong procedures that when such tools leak, they immediately give relevant information to software developers and security vendors so protections can be developed before attacks are seen in the wild,” Bambenek said.

____________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements.

Verizon Survey

May 5th, 2017

Verizon mentioned that increase in the propriety research, prototypes, and amounts of confidential personal data is the major factor for the rise in the phishing attack. It also mentioned that there is an increase in 50 percent in the attacks last year.

Almost 95% of the attacks include the phishing technique of software installation on the user device. There is also rise in getting the information by pretending someone else. These are called pretexting attacks. Eighty-eight percent of pretexting attacks originated from emails.

Many smaller organizations also suffered a data breach. Sixty-one percent of breach occurred at the companies having less than 1000 employees.

“Cyber-attacks targeting the human factor are still a major issue,” Verizon Enterprise Solutions Global Security Services Executive Director Bryan Sartin said in a statement. “Cybercriminals concentrate on four key drivers of human behaviour to encourage individuals to disclose information: eagerness, distraction, curiosity and uncertainty. And as our report shows, it is working, with a significant increase in both phishing and pretexting this year.”

Verizon mentioned that three quarters of the breaches was caused by outsider. Almost 51% involves criminal groups.

Finance sector was the major area where attacker focused. Almost 24% attacks counted for this sector. Healthcare involves 15% of data breaches.

“The cybercrime data for each industry varies dramatically,” Sartin explained. “It is only by understanding the fundamental workings of each vertical that you can appreciate the cyber security challenges they face and recommend appropriate actions.”

Survey also found out that 73% percent of the attacks are financially motivated.

“Social engineering is a common means for cybercriminals to establish a foothold,” report authors warned. “And employees are making this easy by using easy-to-guess passwords. Users, and even IT departments are even often guilty of not changing the default passwords that devices come with, and can easily be looked up online.”

The report author at Verizon mentioned that encryption and two-factor authentication also help to limit the damage.

____________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by CheckPoint and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

Companies planning to implement security-as-a-service model

April 29th, 2017

OPAQ Networks sponsored the recent survey of 301 US-based IT professionals. It shows that 87 percent of participants are planning to use security-as-a-service model. Survey also mentioned that 40 percent of companies manage security through part-time employees, contractors and Managed Security Service Providers (MSSPs).

According to eight two percent participants, the in-house staff spends 20 to 60 hours a week for procuring, implementing and managing a variety of security products.

“The security challenge for mid-tier businesses is multi-dimensional,” 451 Research analyst Daniel Cummins mentioned in a statement. “For these businesses, everything seems to be increasing — attack frequency, compliance requirements, complexity, costs, and the number of security products that need to be managed.”

Three-fourth of participants said that they dedicate between three to five full-time employees to security. The total cost incurred is $178,000 a year. Forty percent believe that the security spending is going to increase by 10 to 20 percent within one year. Seventy-two percent prefer security as service.

“We thought there would be a preference for the ease and simplicity of security-as-a-service solutions, but we were genuinely surprised by both the degree and urgency of the market demand,” OPAQ chief strategy and technology officer Ken Ammon mentioned in a statement.

“MSSPs are and will continue to play an important role in advising and supporting incident response, but this study reveals that MSSPs should look to leverage cloud-based solutions in order to deliver what the market is demanding,” Ammon added.

Survey participants mentioned that they seek cloud-based security functionality which includes data loss prevention, network access control and encryption.

Other survey conducted by Spiceworks and undertaken by Carbonite shows that only  11 percent of IT pros’ time is utilized on IT planning and strategy while 13 percent is utilized on modernizing technology.

“In a time when data threats are more prevalent than ever, it’s important IT teams have the capacity to focus on mission-critical tasks as well as proactively preparing for threats and strategizing ways to innovate their existing technology in order to facilitate a safe and secure organization,” Carbonite chief evangelist Norman Guadagno said in a statement.

____________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by CheckPoint and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

Hackers trying to gain access to US defence servers

April 27th, 2017

US Airforce is attacked by hackers. It was the continuation of bug bounty program which earlier allowed attacks on Pentagon and the Army. It is an effort to allow security researchers to attack a limited set of Pentagon IT assets. It is now widened to different branches of the armed forces.

The program plans to expand further and allow entities from the U.S and the United Kingdom, Canada, Australia and New Zealand.

“Hack the Air Force has the largest scope of participation yet,” Reina Staley, Chief of Staff at U.S Defense Digital Services.

Earlier the bug bounty program was limited only to US citizens.

“Since the success of Hack the Pentagon and the subsequent Hack the Army bounty, we’ve been working to continually expand the bounds for participation by everyone,” she said. “For this round with the Department of the Air Force, we’re excited to include the citizens of a few allied nations.”

This program is limited scope program where participants need to work on given scope. It’s not open invitation to hack anything. Unmanned Aerial Vehicles (UAVs), known as drones are not included in this program. Hack the Air Force is also limited period program.

“DDS: The Department of Defense launched a Vulnerability Disclosure Program (VDP) which allows security researchers across the globe to submit discovered vulnerabilities through the HackerOne platform for remediation by DoD security teams,” Staley said. “The VDP provides a safe and legal avenue for anyone to report these vulnerabilities at any time, even outside of a bug bounty program.”

“Our aim is for DoD organizations and all military Services to adopt this crowdsourced security tool,” Staley said. “It’s incredibly important for us to strengthen the assets that support services for our Service members, civilians, and their families around the world.”

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.