data breach

Content to Prevent Data Breach

July 3rd, 2017

Egnyte a Calif. based content collaboration and governance specialist has launched a new cloud-based solution which looks after insider threat. The product focus on IT security professionals. Nowadays distributed workspace needs shared information system which uses on-premises collaboration platforms or cloud-based services which may cause data breach.

“As users and organizations are more global and interdependent they need to share more content with each other and then need to do it in a secure way using EFSS [enterprise file synchronization and sharing] solutions not email attachments for instance,” Isabelle Guis, chief strategy officer at Egnyte mentioned.

“But as you hire contractors and have many places where your content resides (on-premises, cloud, cloud apps, etc.) it is very difficult to enforce the security policies at the repository level or even train all your users and new hires to properly handle their content.”

Data leaks can occur due to various loopholes.

“For example, a merger and acquisition folder could be shared via a public link and one of the intended recipients forwards the link to someone who should not see that data,” Guis said. “Or, a very common example – a disgruntled employee downloads all of ‘their’ work, which is actually the company’s IP [intellectual property], right before leaving your company and going to a competitor,” a situation allegedly at the center of the high-stakes Google-Uber lawsuit.

Egnyte product looks for sensitive content in the database.

Then it “provides real–time analysis of all the content within an organization and presents actionable insights to help administrators prevent these types of aforementioned data breaches,” Guis said.

“Egnyte Protect continuously analyzes an organization’s entire content environment and classifies the most sensitive information, such as credit card numbers, social security numbers, sensitive IP, HIPAA information, and much more,” she added. “Then, in real–time, Egnyte Protect identifies vulnerabilities, alerts administrators, and offers actions that can immediately fix any issue that is found across all of the organization’s content repositories.”

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Massive New Ransomware Attack

June 29th, 2017

Recently world suffered a massive WannaCry attack. Now new ransomware attack was launched using same Windows vulnerability. Ukraine is the most affected country affecting government, transport systems, banks and power utilities and companies like WPP, pharma giant Merck, manufacturing company Saint-Gobain, and Russian steel and oil giants Evraz and Rosneft.

One WPP subsidiary has asked staff to turn off and disconnect all Windows machines as it was a victim of “massive global malware attack, affecting all Windows servers, PCs and laptops.”

Shipping company Maersk tweeted, “We can confirm that Maersk IT systems are down across multiple sites and business units due to a cyber attack. We continue to assess the situation. The safety of our employees, our operations and customers’ business is our top priority.”

Merck tweeted “We can confirm our company’s computer network was compromised today as part of the global hack. Other organizations have also been affected. We are investigating the matter and will provide additional information as we learn more.”

Kaspersky Lab researchers mentioned that it is entirely new threat and named it as NotPetya.

“Organizations in Russia and the Ukraine are the most affected, and we have also registered hits in Poland, Italy, the UK, Germany, France, the U.S. and several other countries,” the researchers mentioned. ”This appears to be a complex attack which involves several attack vectors. We can confirm that a modified EternalBlue exploit is used for propagation at least within the corporate network.”

Jake Kouns, CISO at Risk Based Security mentioned that the attack by WannaCry should have been taken seriously. “Unfortunately, the fast spread of Petya makes it pretty clear that regardless of the reasons for not updating systems, whether they were valid or not, many companies were unable to properly address things the first time around,” he said.

He added that unpatched software is at risk.

“It is critical that all organizations which are able to apply patches for these known vulnerabilities,” he said. “If there is some legit reason for this not being possible, it is imperative to take other precautions and implement compensating controls to protect their systems and mitigate the risk.”

“Companies need to rapidly adopt a much more continuous strategy around patching and security testing, along with a robust disaster recovery plan that gets tested frequently.”Cybric CTO Mike Kail mentioned.

Netskope co-founder and CEO Sanjay Beri said the implications could be massive. “The Petya ransomware attack should serve as an urgent warning for the U.S. — we need a plan in place and the administration has to stop dragging its feet on hiring a Federal CISO,” he said.

“Worse than the recent WannaCry attack, the Petya ransomware campaign is targeting critical infrastructure which, according to an MIT report, is essentially defenseless against cyber criminals,” Beri added. “If this attack reaches us — and given the rate and manner with which it’s spreading it’s only a matter of time — the country’s critical infrastructure is at enormous risk of shutting down.”

“The extortion model is here to stay,” the report states. “More stable growth, which is at a higher level on average, could indicate an alarming trend: a shift from chaotic and sporadic actors’ attempts to gain foothold in [the] threat landscape to steadier and higher volumes.”

___________________________________________________________________________________________

The Alertsec service protects everything stored on the computer such as Word, PowerPoint, Excel, Outlook, Gmail, Photos, Credit Card data files etc. 

WannaCry ransomware attacked Honda

June 28th, 2017

Honda recently stopped its production at its Sayama, Japan plant due WannaCry ransomware.

The production facility manufactures 1,000 vehicles per day. The plant was started next day.

Along with Honda, Nissan and Renault also halted production at plants in Japan, Britain, France, Romania and India.

“We recommend that you revisit your security patches immediately and ensure that all of your networked computers can connect to kill switches.”Webroot senior threat research analyst Tyler Moffitt said.

Tripwire senior systems engineer Paul Norris mentioned that companies need to take steps to protect themselves.”Effective measures in defeating these sorts of attacks include implementing an effective email filtering solution that is capable of scanning content on emails, hazardous attachments and general content for untrusted URLs,” he said. “Another option would be to better educate the workforce on how to recognize a suspicious email from unknown senders, knowing not to click an untrusted URL, as well as not opening an unexpected attachment.”

RiskVision CEO Joe Fantuzzi mentioned that the Honda plant shutdown shows growing risks in the manufacturing industry. “While manufacturing hasn’t experienced the same attention as other sectors in regards to emerging ransomware trends, it’s now clear that WannaCry and other advanced threats pose severe and crippling risks to this sector, which among other things can halt production, expose blueprints and intellectual property, aid competitors and decimate profit margins, while taking weeks or months to be fully remediated,” he said.

“What’s more, manufacturing isn’t beholden to the same security and compliance standards as healthcare, financial services and other market verticals, making enforcement of consistent security standards even more difficult,” Fantuzzi added. “Consequently, it’s imperative that manufacturers categorize assets in terms of business criticality to see where their most important vulnerabilities reside because taking the initiative to find and prioritize critical vulnerabilities is a small investment in comparison to the long-term damage that could result if these vulnerabilities are ever found by cyber criminals and exploited.”

“Warding off cyber threats, including cyber espionage, is a top corporate priority across industries, but manufacturers and distributors need to do much more to protect their patents, designs and formulas, as well as their private company and employee information,” Jim Wagner, partner-in-charge of Sikich’s manufacturing and distribution practice, said in a statement.

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Ransomware Attack at Airway Oxygen

June 25th, 2017

Michigan-based Airway Oxygen, Inc. recently suffered data breach due to ransomware attack. Facility is notifying patients that their PHI may have been affected. Airway Oxygen supplies medical equipment.  It mentioned that facility becomes aware of the breach when ransomware was installed in its technical infrastructure. The incident prevented Airway from accessing its own data.

Affected information included full names, home addresses, dates of birth, telephone numbers, diagnoses, types of services provided, and health insurance policy numbers. Bank account numbers, debit or credit card numbers, and Social Security numbers were not included in the breach.

As per the OCR tool, 500,000 individuals were affected by the breach.

“Since learning of the incident, we immediately took steps to secure our internal systems against further intrusion, including by scanning the entire internal system, changing passwords for users, vendor accounts and applications, conducting a firewall review, updating and deploying security tools, and installing software to monitor and issue alerts as to suspicious firewall log activity,” explained the statement, which was signed by Airway Oxygen President Stephen Nyhuis.

Facility in the statement mentioned that it has notified FBI. Also, the cyber security firm is hired to help in the investigation.

“We take the security of those with whom we work and their data very seriously and our team is working diligently to ensure breaches of this type do not happen in the future.”

As per the statement, facility mentioned that steps were taken to secure internal systems. Scanning of the technical infrastructure was carried out. Passwords were changed for the users. Vendor accounts are monitored and review is done for security firewall, security tools. New software installation is done to alert for any such incidents in future.

Customers are advised to place a credit fraud alert. Also, a toll-free number is provided to assist the users.

____________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by Check Point and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

New SiteLock Application to Protect WordPress

June 19th, 2017

WordPress open-source publishing is the popular platform for companies. It has also attracted cyber criminals. Sites face attacks frequently. SiteLock, a Scottsdale, Ariz. website security vendor has started private beta of its new SMART Database (SMART/DB) solution. This application scans detects and automatically removes spam and malware from WordPress databases.

 SiteLock was formed in 2008. President Neill Feather mentioned that company specializes in helping small and midsized businesses (SMBs) mount a defence against cyber attackers. It also provides easy-to-deploy web application firewall (WAF) and distributed denial-of-service (DDoS) mitigation capabilities. SMBs to strengthen their WordPress deployments are also implemented.

 Operating a website is a risky affair in the current cybersecurity landscape.

“On average, websites face over 8,000 attacks per year from cyber criminals trying to steal valuable resources such as website bandwidth, traffic, and customer data. Popular, well-recognized websites that utilize e-commerce or a large number of interactive features or plugins can be obvious targets for cyber attacks and are often reported in mainstream media,” Feather said.

 “According to SiteLock data, websites using 10 to 20 plugins are two times more likely to be compromised than the average website, and websites linking to Twitter, Facebook and LinkedIn accounts are 2.5 times more likely to be compromised than the average website.”

 Many small business owners do not pay much attention towards cyber security but the trend of attacks is increasing.

 “In fact, 43 percent of all cyber attacks targeted small businesses in 2016,” Feather informed. “Given that the majority of small businesses manage or maintain their own websites, they typically aren’t aware of the time or resources required to ensure adequate protection against ever-evolving security threats such as malware and other vulnerabilities.”

 “It’s important to understand that any website, regardless of the number of features or amount of traffic, is constantly at risk,” he added.

 Many WordPress websites face attack today.

 “As most WordPress websites include customer engagement features such as blog comments, blog contributors, and content aggregation, this emerging malware monitoring technology keeps comments and posts clean from spam, ensuring site content is search engine friendly and is most valuable for visitors,” Feather said. “SMART/DB also mitigates other database malware like malicious redirects and backdoors, ultimately keeping website visitors safe.”

____________________________________________________________________________________________

 Alertsec Endpoint Encrypt is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Security of the end point devices

June 15th, 2017

A Recent survey conducted by Ponemon Institute shows that Sixty-three percent of participants are not able to monitor endpoint devices after they leave the corporate network. Fifty-five percent of endpoint devices contain sensitive data.

Absolute sponsored the survey which also contains below findings –

Fifty-six percent of participants don’t have a cohesive compliance strategy

Seventy percent mentioned that they have a below average ability to limit endpoint failure damages

Twenty-eight percent use automated analysis and inspection for determining compliance.

“It’s clear that enterprises face real visibility and control challenges when it comes to protecting the data on corporate endpoints, ensuring compliance and keeping up with threats,” Ponemon Institute chairman and founder Dr Larry Ponemon said.

The number of malware-infected endpoints devices has increased in the past one year. Also, forty-eight percent are not happy with their endpoint security solution.

“The trends that drove the extraordinary activity in 2016 are continuing unabated in 2017,” Risk-Based Security executive vice president Inga Goddijn said in a statement. “We have seen the return of widespread phishing for W-2 details, large datasets continue to be offered for sale, and misconfigured databases remain a thorny problem for IT administrators.”

Another survey by SACA shows that fifty-three percent reported an increase in cyber attacks. There is a general rise in data breaches.

“There is a significant and concerning gap between the threats an organization faces and its readiness to address those threats in a timely or effective manner,” ISACA board chair Christos Dimitriadis said in a statement. “Cyber security professionals face huge demands to secure organizational infrastructure, and teams need to be properly trained, resourced and prepared.”

Many believe there should be a rise in the budget for the security.

“The rise of CISOs in organizations demonstrates a growing leadership commitment to securing the enterprise, which is an encouraging sign,” Dimitriadis said. “But that’s not a cure-all. With the number of malicious attacks increasing, organizations can’t afford a resource slowdown. Yet with so many respondents showing a lack of confidence in their teams’ ability to address complex issues, we know there is more that must be done to address the urgent cybersecurity challenges faced by all enterprises.”

___________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Kmart Attacked by Hackers Again

June 9th, 2017

Kmart suffered another data breach when its server was attacked by hackers.

“Our Kmart store payment data systems were infected with a form of malicious code that was undetectable by current anti-virus systems and application controls,” a Kmart FAQ on the data breach states. “Once aware of the new malicious code, we quickly removed it and contained the event.”

Sears Holdings owns Kmart. It has not mentioned the number of affected card holder in the statement. Also, the location impact is also not disclosed. But it mentioned that only card information got breached.

“All Kmart stores were EMV ‘Chip and Pin’ technology enabled during the time that the breach had occurred and we believe the exposure to cardholder data that can be used to create counterfeit cards is limited,” the company stated. “There is no evidence that kmart.com or Sears customers were impacted nor that debit PIN numbers were compromised.” 

This is the second breach in three years. Security of the card is crucial and online shops are finding it difficult to secure.

“Consumers should monitor the transactions on any account linked to credit or debit cards they have used in a Kmart store and report any fraudulent transactions to their bank as soon as they are identified,” Capps said. “Given the brisk migration to a chip-and-pin system, we are unlikely to see the stolen credentials used for in-person payments, but they can be used for online transactions. “

 In 2014, Kmart was affected by malware.

 “We will likely find that this attack started with a stolen credential, used to inject the malware into Kmart’s networks,” Nir Polak, CEO of security vendor Exabeam mentioned. “In this modern operating environment, better behavioural analysis — focused on both use of credentials and on the system processes that are spawned from malware — is the best way to detect and shut down these attacks.”

____________________________________________________________________________________________

 Alertsec encryption is powered by Check Point and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

Healthcare Industry Most Affected by Data Breach

June 2nd, 2017

As per reports, healthcare industry was frequently attacked by cyber hackers. Vectra Networks survey suggests that 164 threats were detected per 1,000 host devices. The education industry has 145 threat detections per 1,000 host devices.

“The data shows that healthcare and education are consistently targeted and attackers can easily evade perimeter defences,” the report mentions.

There is a rise of 265 percent in the average number of reconnaissance, lateral movement and exfiltration detections. Also, 333 percent rise was recorded for reconnaissance detections. Finance and technology received below-average threat detection rates mainly due to stronger policies and good response. Media companies has highest rates of exfiltration.

Healthcare industry now has a significant number of IoT.

“These unsecured devices are easy targets for cybercriminals,” the report mentions.

As per Synopsys survey, sixty percent of manufacturers and 49 percent of HDOs said that usage of mobile devices in hospitals and other healthcare organizations increase data risk. But only 17 percent are employing steps to prevent attacks.

“The security of medical devices is truly a life or death issue for both device manufacturers and healthcare delivery organizations,” Ponemon Institute chairman and founder Dr Larry Ponemon said in a statement. “According to the findings of the research, attacks on devices are likely and can put patients at risk. Consequently, it is urgent that the medical device industry makes the security of its devices a high priority.”

Medical devices are difficult to secure as per the eighty percent of respondents.

“These findings underscore the cyber security gaps that the healthcare industry desperately needs to address to safeguard the wellbeing of patients in an increasingly connected and software-driven world,” Synopsys global director of critical systems security Mike Ahmadi said in a statement.

“The industry needs to undergo a fundamental shift, building security into the software development lifecycle and across the software supply chain to ensure medical devices are not only safe but also secure,” Ahmadi added.

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Records available online due to flaw in the system

May 29th, 2017

Molina Healthcare had patients’ medical claims online. The duration of the breach is not clear. Also, the reason behind the leak is also not available. Investigative reporter Brian Krebs received tip about the breach.

According to the reports, customer could see other customers’ medical claims only by changing a single number in the URL. There was no requirement of the authentication.

“It’s unconscionable that such a basic, Security 101 flaw could still exist at a major healthcare provider today,” Krebs wrote. “However, the more I write about these lame but otherwise very serious vulnerabilities at healthcare firms the more I hear about how common they are from individual readers.”

Records did not include Social Security numbers. Affected information included patient names, addresses and birthdates, as well as diagnosis, medication and medical procedure information. Molina said that it has fixed the problem.

“Because protecting our members’ information is of utmost importance to Molina and out of an abundance of caution, we are taking our ePortal temporarily offline to perform additional testing of our system security,” the company said. “Molina has also engaged Mandiant to assist the company in continuing to strengthen our system security.”

World focus remains on cyber threats like WannaCry but many organizations lack basic security, Bitglass CEO Nat Kausik mentioned. “This is especially true in the heavily regulated healthcare industry,” he said. “Molina Healthcare is just one example of an IT oversight that led to massive exposure of PHI.”

“Healthcare organizations are major targets and will see any and all flaws exploited by malicious individuals,” Kausik added. “As healthcare organizations make patient data more accessible to individuals and new systems, they must make information security their top priority.”

There is increase in data breach this year.

“Unauthorized disclosures continue to tick up and are now the leading cause of breaches as data moves to cloud and mobile and as external sharing becomes easier. Unauthorized disclosures includes all non-privileged access to PII or PHI,” the report states. “Hacking and IT-related incidents doubled year-over-year, an indication that malicious actors are not letting up and are increasingly aware of PHI’s high long-term value.”

____________________________________________________________________________________________

Alertsec is powered by Check Point and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

IoT Threat Defense Platform of Cisco

May 22nd, 2017

Cisco has created new IoT Threat Defense Platform to tackle growing threats. It consists of integrated security technologies which protects enterprise IoT deployment from hackers. It uses the network segmentation capabilities. Its’ AnyConnect provides remote access functionality.

Marc Blackmer, product marketing manager of Industrial Solution at Cisco’s Security Business Group said that it’s best not to leave any stone unturned given the scale and complexity of IoT implementations.

“A characteristic of the IoT is that it opens a multitude of attack vectors,” Blackmer mentioned. “Now, organizations need to be aware of, not just what servers and workstations are online, but whether their HVAC system or connected lighting have been mistakenly connected to the Internet.”

Researchers at Dalhousie University in Canada and Weizmann Institute of Science in Israel conducted a test. It demonstrated a citywide bricking attack using smart bulbs. Companies are connecting their IoT devices to internet and hackers are looking for loopholes.

“A simple Shodan search can turn up medical devices and industrial equipment connected to the Internet, as well,” Blackmer said. “With this in mind, we selected the technologies in our portfolio that would, first, segment IoT devices, to protect them from external attacks, as well as protect the business should one of those devices be compromised, and then those that provide broad, complementary coverage across a range of attack vectors.”

Connecting virtual local area networks (VLANs) to the scale of the IoT can overwhelm even the most efficient IT teams. Cisco products and team is also helping companies to secure their networks from stealthier threats.

“We are inspecting the traffic throughout the organization (with Stealthwatch, Advanced Malware Protection, and our NGIPS [Next-Generation Intrusion Prevention System], which is included with our NGFW [Next-Generation Firewall]), as well as that attempting to exit the organization (with Umbrella and Cognitive Threat Analytics).”

____________________________________________________________________________________________

Alertsec is powered by Check Point Endpoint Security products, which are positioned in the leader’s quadrant in Gartner’s Magic Quadrant for Mobile Data Protection.