Data theft

IoT Security

June 6th, 2017

The Internet of Things (IoT) is seeing the rapid rise but it seems to repeat the history of technology evolution. The pace of growth is not matched with security requirements. IoT helps automation as well as real-time synchronization of business processes. The implementation helps for precise response in real time.

 “IoT devices assist businesses in real-time responses to supply-and-demand market effects, they empower patients and healthcare professionals to continuously monitor conditions, and they enable electric grid operators to adjust the production, flow, and cost of electricity according to real-time market demands to ensure the most efficient, resilient, and cost-effective solution,” says James Scott, senior fellow at the Institute for Critical Infrastructure Technology, a Washington DC-based cybersecurity think tank.

 Hundreds of companies now provide IoT solutions. But security aspect is lagging behind.

 “As was shown in the Dyn attack, we appear doomed to repeat the mistakes we made with PCs and mobile devices in IoT,” says Tom Byrnes, founder and CTO of ThreatSTOP. “Once again, cost reduction has made security an afterthought, if a consideration at all, with predictably disastrous consequences.”

It is different than other systems as threat involved is higher due to many connection points. As per the Intel, 200 billion IoT devices will be online by 2020.

“Most IoT devices and sensors lack any form of security or security-by-design,” says Scott.

 “Without the layered security of the IoT microcosms, hacktivists can disrupt business operations, cyber-criminals can compromise and ransom pacemakers, and cyber-jihadists or nation-state sponsored threats can compromise and control the grid,” to name just a few of the potential IoT security attack scenarios.

“Every IoT device has inherent vulnerabilities and exploitable weaknesses resulting from a culture that sacrifices security in the design process in favour of meagre savings and in the rush to market,” says Scott. “The overwhelming preponderance of insecure IoT devices in the future will render security an impossibility in the future.”

Most of IoT devices do not have computational power or battery life to have security applications.

“We need to develop cost-effective IoT devices that incorporate security-by-design rather than cheaper and less secure alternatives,” says Scott. “While that may save a few dollars in the short-term, it puts the public and critical infrastructure at risk of losing millions of dollars and valuable data in the long-term.” 

Also, there is a lack of platform standards.  

“With old devices lasting longer than ever before, there are many devices currently in use that do not support new standards,” says Sam Rehman, Chief Technology Officer of Arxan. “Hackers will always see legacy devices as a prime choice of the entry.”

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Verizon Survey

May 5th, 2017

Verizon mentioned that increase in the propriety research, prototypes, and amounts of confidential personal data is the major factor for the rise in the phishing attack. It also mentioned that there is an increase in 50 percent in the attacks last year.

Almost 95% of the attacks include the phishing technique of software installation on the user device. There is also rise in getting the information by pretending someone else. These are called pretexting attacks. Eighty-eight percent of pretexting attacks originated from emails.

Many smaller organizations also suffered a data breach. Sixty-one percent of breach occurred at the companies having less than 1000 employees.

“Cyber-attacks targeting the human factor are still a major issue,” Verizon Enterprise Solutions Global Security Services Executive Director Bryan Sartin said in a statement. “Cybercriminals concentrate on four key drivers of human behaviour to encourage individuals to disclose information: eagerness, distraction, curiosity and uncertainty. And as our report shows, it is working, with a significant increase in both phishing and pretexting this year.”

Verizon mentioned that three quarters of the breaches was caused by outsider. Almost 51% involves criminal groups.

Finance sector was the major area where attacker focused. Almost 24% attacks counted for this sector. Healthcare involves 15% of data breaches.

“The cybercrime data for each industry varies dramatically,” Sartin explained. “It is only by understanding the fundamental workings of each vertical that you can appreciate the cyber security challenges they face and recommend appropriate actions.”

Survey also found out that 73% percent of the attacks are financially motivated.

“Social engineering is a common means for cybercriminals to establish a foothold,” report authors warned. “And employees are making this easy by using easy-to-guess passwords. Users, and even IT departments are even often guilty of not changing the default passwords that devices come with, and can easily be looked up online.”

The report author at Verizon mentioned that encryption and two-factor authentication also help to limit the damage.

____________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by CheckPoint and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

Hacking of Amazon third-party sellers’ accounts

April 16th, 2017

Hackers use passwords for high-profile breaches to compromise Amazon third-party sellers’ accounts. The attackers stole tens of thousands of dollars from sellers’ accounts. They also posted nonexistent items for sale in order to get more funds.

The incident has affected two million seller accounts on Amazon.com account which counts for more than half of its sales. As per the reports, over 100,000 sellers earn more than $100,000 a year.

Amazon seller Margina Dennis told NBC News about the fraud. She got 100 emails from customers. They were complaining of not getting a Nintendo Switch. The product was uploaded on site through her account by hacker. They also changed the accounts password.

An Amazon spokesman said “There have always been bad actors in the world; however, as fraudsters get smarter so do we. Amazon is constantly innovating on behalf of customers and sellers to ensure their information is secure and that they can buy and sell with confidence on Amazon.com.”

Third-Party Risk

CyberGRX CEO Fred Kneip mentioned that hackers are targeting Amazon’s third-party ecosystem for financial gain.

“Amazon is a high-profile example of how increasingly connected businesses have become, but organizations across the world in every industry are undergoing a similar transformation as outsourcing, globalization and the digitization of business expand their digital ecosystems exponentially,” he said.

“Whether it’s one of the world’s largest retailers or a small business, companies need to approach third-party cyber risk as a real threat to their business that needs to be continuously managed,” Kneip added.

AlienVault security advocate Javvad Malik mentioned that third party vendors should look for their own security.

“It is therefore, important that all companies of all sizes have at least a basic level of threat detection controls in place that can alert when unexpected changes occur, or when systems start behaving in an unusual manner,” he said.

“Compromised credentials are the leading attack vectors in cyber breaches, as hackers target networks through trusted third-party suppliers and contractors who likely have less rigorous security than the ultimate target,” Centrify senior director of products and marketing Corey Williams said.

“This certainly won’t be the last time we see third parties being hacked — organizations need to up the security stakes with multi-factor authentication, which requires more than one method of authentication to verify the user’s identity for a login or other transaction, in order to stop the use of stolen credentials,” Williams added.

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Keeping sensitive information from leaks

April 11th, 2017

Today companies needs to keep the data very secure due to need of protecting corporate data and  also regulations which require consumer data to be protected. EU General Data Protection Regulation (GDPR) are increasing the fines for non compliance. It is daunting task for companies to comply with regulations.

“I can see the difference from before GDPR and after GDPR,” he said of companies scrambling to shore up data leaks. “Even if I have a tiny office somewhere, I need to check for confidential data.” And automating this scrutiny is the only way to effectively manage it.” said Angel Serrano, senior manager of advanced risk and compliance analytics at PwC UK in London.

What is DLP?

ISACA mention it “data leak prevention”.

Gartner calls it “data loss protection” or “data loss prevention”.

It prevents unauthorized users from sending sensitive data.

“DLP is not one thing, like a tomato,” GBT Technologies co-founder Uzi Yair said, referring to GBT’s enterprise suite of products. In addition to more traditional practices such as scanning endpoints, network and storage as well as policy management and workflow tools, it includes an information rights management (IRM) policy server that applies file-level control over who has access to what, where – it might be solely on-premises – and when.

Recent reports on DLP has below highlights:

  • An average of 20 data loss incidents occur every day all around the world
  • Eighty three percent of organisations have security solutions but still thirty three percent suffer from data loss
  • DLP detects incidents and has regular expressions, dictionary-based rules, and unstructured data for breach detection.
  • Many facilities use DLP only for email instead of full business applications

DLP takes two forms:

  • Agent software for desktops and servers, physical and virtual appliances for monitoring networks and agents, or soft appliances for data discovery
  • Integrated DLP products that may offer more limited functionality

“All these web applications like Google Drive and Office 365 are integrating with other satellite applications,” said Krishna Narayanaswamy, founder and chief scientist at Netskope.” Salesforce uses Google Drive as a place to store files. DocuSign can put documents in Google Drive. You need to be at all the points where data is going into these applications. You need to be able to inspect that data at rest and determine who uploaded that data. Also inspect and apply policies to outgoing email.”

Many companies do not use new ways.

“The new generation considers email a dinosaur. They go to social media – Twitter, LinkedIn, Facebook – you have to cover those as well. More and more communication is coming via SSL, and that’s a big blank spot that many DLP vendors have not considered,” Narayanaswamy said.

“When you look at the web, there are many reasons for sending data from inside to the outside,” Narayanaswamy said. “Modern applications constantly post information about how users are using the application, response times, and so forth, to improve user experience. When you look at every post transaction, there’s a potential for many false positives,” which have been the bane of DLP.

___________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by CheckPoint and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

Ransomeware attack at ABCD

April 8th, 2017

ABCD Pediatrics recently suffered ransomware attack. According to the statement, a virus was inserted to gain access to the healthcare organization’s servers. Patient data was encrypted in the process. Facility contacted IT personnel to take all servers offline. It is conducting detailed analysis.

Experts came to conclusion that this particular type of virus has likely not removed the information from the server.  Facility also mentioned that user accounts may have been accessed through it’s network. Affected information includes names, addresses, phone numbers, dates of birth, Social Security numbers, insurance billing information, medical records, and lab reports.

As per the OCR data breach reporting tool, approximately 55,447 patients may have been affected. ABCD has successfully removed the virus from the system. Corrupted data was also removed from its servers. Secure backup of the facility is not affected and thus used to restore all impacted data. It also mentioned that no PHI was lost or destroyed in the incident.

“Also, please note that ABCD never received any ransom demands or other communications from unknown persons,” ABCD stated. “However, ABCD remains concerned because it discovered user logs indicating that computer programs or persons may have been on the server for a limited period of time.”

Facility has upgraded it cyber security monitoring program to stop future incidents. Call centre is setup for the affected patients.

“Patients also can place a fraud alert on their credit files with the three major credit reporting agencies. A fraud alert is a consumer statement added to one’s credit report. The fraud alert signals creditors to take additional steps to verify one’s identity prior to granting credit. This service can make it more difficult for someone to get credit in one’s name, though it may also delay one’s ability to obtain credit while the agency verifies identity.”

___________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Data breach trends in 2016

April 5th, 2017

As per the IBM report, data breach increased 566 percent in 2016 from 600 million to more than 4 billion. The report also mentioned that healthcare in no longer the most attacked sector. Most of the attack was carried out on financial services industry.

In 2016, 12 million records were affected in healthcare. In previous year, the breach was 100 million records which counts to eighty eight percent drop. IBM surveyed 8000 security clients in 100 countries.

IBM Security Vice President of Threat Intelligence Caleb Barlow mentioned that the cyber attacks was carried out with innovative techniques.

“While the volume of records compromised last year reached historic highs, we see this shift to unstructured data as a seminal moment,” Barlow said in a statement. “The value of structured data to cyber-criminals is beginning to wane as the supply outstrips the demand. Unstructured data is big-game hunting for hackers and we expect to see them monetize it this year in new ways.”

IBM mentioned that for ransomware attacks, 70 percent of the companies paid more that $10,000 to regain the access to data. According to the FBI, cyber-criminals were paid $209 million in first three months of 2016.

Ransomware attacks are on the rise with 400 percent increase. In the coming time healthcare will do many reforms which includes increase in internet of things (IoT) technology. This will increase the attacks.

“Retail and financial services have battened down their hatches,” IDC Health Insights Research President Lynne Dunbrack told HealthITSecurity.com in a 2016 interview. “Now the cyber criminals might still be nipping at those heels, but they are looking at other targets, healthcare being one of them.”

CynergisTek Vice President Dan Berger mentioned that attacks against healthcare are carried out with sophistication.

“The dramatic increase in hacking attacks in 2016, coupled with the large number of patient records compromised in those incidents, points to a pressing need for providers to take a much more proactive and comprehensive approach to protecting their information assets in 2017 and beyond,” Berger stated.

___________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Data breach due to computer virus

March 29th, 2017

Lane Community College (LCC) health clinic recently announced data breach when one of its technician  found a computer virus in the system. The incident has affected PHI of some patients.

As per the reports, virus was transmitting the names, addresses, phone numbers, diagnoses, and Social Security numbers to unidentified third party almost for a year. Facility has notified potentially impacted patients.

“We have no evidence that any of the information was transmitted (from LCC), but there’s the possibility,” LCC Vice President of College Services Brian Kelly said in a statement to the Register-Guard.

Facility conducted internal investigation. It checked 20 other computers at the health clinic. It concluded that only computer was infected with virus. The incident has affected 2,500 individuals.

LCC has advised patients to monitor their bank accounts. Suspicious activity or any threat should be reported to the police. The college health clinic also asked patients to report data breach to their banks, credit bureaus, and credit card companies.

July 2016 HIPPA Journal mentioned that, “Cyberattacks on healthcare organizations are now a fact of life.”

OCR breach portal do not include all the data breaches that are happening around. But the current breach reports gives us the idea of pattern –

48 data breaches were reported as unauthorized access

43 data breaches were attributed to hacking or network server incidents

37 breaches were caused by the loss or theft of devices used to store ePHI or the loss/theft of physical records

4 breaches were due to the improper disposal of records

Stolen records or exposed data includes pattern as below:

60% were due to hacking (2,703,961 records)

78% were due to loss/theft (1,342,125 records)

6% were the result of unauthorized access or disclosure (342,748 records)

63% were the result of improper disposal (118,594 records)

___________________________________________________________________________________

Alertsec provides a solid foundation on which organizations can build compliance program.

iCloud hacking incident

March 27th, 2017

“Turkish Crime Family”, the group of hacker is threatening to reset millions of iCloud accounts and delete all data from iPhones if ransom of $75,000 in crypto currency or $100,000 in iTunes gift cards is not paid.

Apple mentioned that its systems are not hacked.

“There have not been any breaches in any of Apple’s systems including iCloud and Apple ID,” the company mentioned. “The alleged list of email addresses and passwords appears to have been obtained from previously compromised third-party services.”

“To protect against these types of attacks, we always recommend that users always use strong passwords, not use those same passwords across sites and turn on two-factor authentication,” the company added.

As per the reports, passwords and email addresses matched to data from the linkedin breach that was disclosed last year.

John Bambenek, threat systems manager at Fidelis Cybersecurity, said the threat ultimately sounds like a stunt. “There are always people who make unfounded threats to organizations in the hope of an easy payday — in this case, the hackers want $100,000 in iTunes gift cards,” he said.

“Companies must take due diligence but assess the adversary before paying to see if the threat is real,” Bambenek added. “As in the physical world, the odds are that paying a ransom, especially in a public manner, means the threats only increase.”

Still, Lamar Bailey, director of security research and development for Tripwire mentioned that iPhones can be wiped remotely if hacker posses the data.

“The hackers cannot remove backups for Apple devices from the cloud, but changing the passwords will make it hard for the legitimate users to reset and recover their devices,” Bailey said.

In recent survey of 1001 iPhone users, forty seven percent said that they are not comfortable in storing sensitive data in icloud.

“The worst thing in the world would be if someone thought they backed something up, deleted it, and found that it wasn’t on the cloud,” Network Remedy business development manager Aaron Mangal told Clutch.

___________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by CheckPoint and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

Data breach at JobLink

March 25th, 2017

America’s JobLink (AJL) recently suffered data breach due to hacking incident. It works with state governments to help job seekers with necessary information across the United States. As per the reports, hacker viewed the personal information of job seekers across 10 states.

Affected information includes the names, Social Security numbers and birthdates of job seekers in Alabama, Arizona, Arkansas, Delaware, Idaho, Illinois, Kansas, Maine, Oklahoma and Vermont. The incident has affected 4.8 million accounts.

After creating a new account hacker exploited a vulnerability  to access data. Company is working with law enforcement. It has also contracted a forensic firm to determine the extent of breach.

“The firm has verified that the method of the hacker’s attack has been remediated and is no longer a threat to the AJLA-TS system,” AJL mentioned.

Lisa Baergen, director of marketing at NuData Security said that whenever personally identifiable information (PII)  is involved, the stolen data can be cross-referenced with data from other breaches to present an even greater threat.

“As a society, we’ve reached the point where every organization entrusted with PII should be constantly testing and hardening its external and internal defenses, and embracing more proactive, effective levels of defense such as consumer behavior analytics solutions, which can constantly validate legitimate users — even when the stolen but accurate credentials are presented,” Baergen said. “That would be the best way to help prevent the sorts of deceitful transactions and identify theft that otherwise may lie ahead for these unfortunate JobLink victims.”

The recent surveys can be summarised as below. It shows the vulnerabilities present in the organizations:

  • Sixty nine percent of respondents mentioned that some of their organization’s existing security solutions are outdated
  • Ponemon Institute survey which was sponsored by Citrix mentioned that just 32 percent of respondents are confident that their employees’ devices are not providing criminals with access to their corporate networks and data
  • Forty eight percent of respondents said their organization has security policies
  • Thirty seven percent of respondents said their organization is highly effective in protecting sensitive data

___________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Data breaches due to unauthorized access

March 23rd, 2017

Virginia Commonwealth University (VCU) Health System recently announced data breach which affected over 2,700 patients. The incident occurred due to unauthorized access over a three-year period between January 3, 2014 and January 10, 2017.

Facility conducted investigation which found out that employees of community physician groups, and an employee of a contracted vendor had access to patient records without proper explanation. Concerned employees are terminated.

“As part of the health system’s partnership with community physicians, access is provided to their practices so they can view the medical records of their patients who are referred to the VCU Health System for care and treatment. Access also is provided to certain contracted vendors who provide medical equipment to patients for continuity of care at discharge from the hospital.”

Affected information included patient names, addresses, dates of birth, medical record numbers, health care providers, visit dates and Social Security numbers.

Facility is providing one year of free credit monitoring.

Second incident involves Tarleton Medical who announced data breach recently. Incident involves unauthorized access of a data server containing PHI from patient medical records.

Affected information included patient names, addresses, dates of birth, Social Security numbers, and healthcare claims information.

Facility did not mention number of individuals affected. As per the OCR reporting tool, incident affected 3,929 individuals.

“We have taken steps to enhance the security of TM patient information to prevent similar incidents from occurring in the future,” the healthcare organization explained in its notification letter.

Tarleton Medical contacted FBI. It is also offering patients free access to a credit monitoring service for one year.

As per the statement, it advised patients to follow below guidelines:

You can follow the recommendations on the following page to protect your personal information. You can also contact ID Experts with any questions Please note that the deadline to enroll is three months following the date of this letter. To receive the aforementioned services, you must be over the age of 18, have established credit in the U.S., have a Social Security number in your name, and have a U.S. residential address associated with your credit file. Your services start on the date that you enroll in the services and can be used at any time thereafter for 12 months following  enrollment.

___________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by CheckPoint and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.