information security

Almost One Third U.S. Businesses breached in 2017

December 26th, 2017

Twenty-nine percent of U.S. businesses were affected by a data breach in the 2017. The analysis was done by HSB of 403 senior executives in the U.S., and conducted by Zogby Analytics.

Company reputation gets a hit after the breach says two third of respondents. The amount spent was $5,000 and $50,000 to respond to a breach as per the twenty seven respondents. Thirty  percent said they spent between $50,000 and $100,000.

Fifty one percent mentioned that lack of knowledge is the reason behind the success of the attack.

“The results highlight how closely our economy and society are interconnected digitally,” HSB vice president Timothy Zellman said in a statement. “Almost all of our personal and business data can be accessible on the Internet through online business connections, websites and social media. And that exposes our private information to attacks from hackers and cyber thieves.”

Another survey conducted by Balabit of 222 IT executives and IT security professionals shows that 35 percent of respondents see themselves as the largest internal security risk to networks within their companies. IT staff has higher rights than other users.

The report also has below findings –

Forty seven percent of respondents mentioned that the time and location of login, followed by private activities using corporate devices (41 percent), and biometrics identification characteristics such as keystroke analytics (31 percent) is the most important user data for spotting malicious activity

“As attacks become more sophisticated, targeted attacks and APTs more commonly involve privileged users inside organizations — often via hacks involving stolen credentials,” Balabit security evangelist Csaba Krasznay said in a statement. “Today, IT security professionals’ tough job has become even tougher. It is not enough to keep the bad guys out; security teams must continuously monitor what their own users are doing with their access rights.”

__________________________________________________________________________________________

AlertSec ACCESS is a patent pending technology. It is designed to enforce that devices are encrypted before access to a network is granted. 

Devices and Data Breach

December 24th, 2017

Pennsylvania-based Washington Health System (WHS) Greene mentioned that it suffered data breach due to missing external hard drive.

The device was used for Bone Densitometry machine. Facility mentioned that data of patients who underwent bone density studies at WHS Greene from 2007 until October 11, 2017 may have been present in the hard drive.

Affected information included certain patient information which includes patient names, height, weight, race, and gender information, medical record numbers and health issues may have been included for some patients. Social Security and financial information were not present.

WHS Greene mentioned that there are no signs of information misuse.

“Washington Health System Greene is committed to maintaining the privacy and security of patient information, including regular review and evaluation of the security of all processes in place,” WHS Green stated. “This unprecedented situation has our full attention and please be assured that we have taken and will continue to take steps to ensure that a breach of this nature will not happen in the future.”

As per the OCR data breach reporting tool, total 4,145 individuals may have been affected.

Data sold online in another breach

New Jersey-based Chilton Medical Center recently mentioned that an employee removed a computer hard drive. The person sold it on the internet. Hard drive was sold in the last month.

Patients treated May 1, 2008 to October 15, 2017 may have had their information present on the device.

Affected information included patients’ names, dates of birth, addresses, medical record numbers, allergies, and medications the patient may have received at Chilton Medical Center.

“During our investigation, we determined that the former employee removed other devices and assets from Chilton Medical Center to sell on the internet in violation of policy,” the statement explained. “While we currently have no indication that any of these devices or assets contain patient information, we continue to investigate this incident and, if we determine additional patients are affected, we will notify them as appropriate.”

____________________________________________________________________________________________

AlertSec ACCESS checks for full disk encryption on PCs running Windows 7, 8, and 10 Home, Pro and Enterprise as well as Mac OS El Capitan and Sierra.

Security Budgets After WannaCry, NotPetya Attacks

December 22nd, 2017

AlienVault conducted survey of 233 IT professionals worldwide. The report shows that only 14 percent increased budgets for cyber security after the WannaCry and NotPetya cyber attacks. Only twenty percent were able to apply changes or implement security projects that had previously been put on hold.

Only 16 percent mentioned that their company leadership and boards took interest in security after the attacks.

“WannaCry and NotPetya are generally believe to have marked a turning point in cyber awareness, but the reality on the ground paints a different picture,” AlienVault security advocate Javvad Malik said in a statement. “Destructive malware poses existential threats to companies across all industries and can no longer be ignored.”

“To improve our cyber resilience, corporate strategy needs to be developed that covers how to plan for, detect, mitigate and recover from such destructive attacks,” Malik added.

“The IT security profession remains a very tough place to work, where resilience is the key to success — particularly if you are blamed in the event of your company suffering a security incident,” Malik said.

Twenty percent said that IT advice is now taken seriously after the attacks.

Another survey conducted by Spiceworks shows that thirty two percent hope to look for another job.

Eight one percent mentioned that its critical to have cyber security expertise.

“Although the majority of IT professionals are satisfied with their jobs, many also believe they should be making more money, and will take the initiative to find an employer who is willing to pay them what they’re worth in 2018,” Spiceworks senior technology analyst Peter Tsai said in a statement.

“Many IT professionals are also motivated to change jobs to advance their skills, particularly in cyber security,” Tsai added. “As data breaches and ransomware outbreaks continue to haunt businesses, IT professionals recognize there is high demand for skilled security professionals now, and in the years to come.”

____________________________________________________________________________________________

AlertSec ACCESS checks all computers and smartphones and detects all encryption types.

Keeper Security Patches Password Protection Flaw

December 19th, 2017

Google Project Zero security researcher Tavis Ormandy sent a email to Keeper Security about a new vulnerability. Company replied to Ormandy and delivered a patch within 24 hours to the users. The security issue is identified as “privileged UI injection into pages”.

“I’ve heard of Keeper, I remember filing a bug a while ago about how they were injecting privileged UI into pages,” Ormandy wrote in a bug report. “I checked and, they’re doing the same thing again with this version.”

The first time Ormandy informed Keeper Security of the privileged UI injection into pages” issue was in August 2016. At that time, Ormandy explained how the flaw could simply enable an attacker to steal passwords from Keeper users.

“This is a complete compromise of Keeper security, allowing any website to steal any password,” Ormandy wrote in his new advisory.

Keeper browser extension has this particular flaw.

“This potential vulnerability requires a Keeper user to be lured to a malicious website while logged into the browser extension, and then fakes user input by using a clickjacking and/or malicious code injection technique to execute privileged code within the browser extension,” Keeper wrote in its advisory.

Google Project Zero has a 90-day disclosure policy to publicly reveal the issue. But Keeper solved the issue in 24 hours.

Keeper browser extension has already been automatically updated.

“Assume that everything is hackable,” Jeff Bohren, Chief Software Engineer at Optimal IdM suggests.

Boren mentioned that users look for a password manager which is cloud based along with two-factor authentication.

“2FA does a good job of allowing only individual account owners access to their login credentials,” Bohren said. “If hackers do succeed in guessing a password, they must still breach additional authentication steps before they can reach important data.”

 ___________________________________________________________________________________

AlertSec ACCESS is a patent pending technology. It is designed to enforce that devices are encrypted before access to a network is granted. Encrypted devices secure your data in case a device is lost or stolen.

ICS Malware

December 16th, 2017

FireEye researchers mentioned that the company’s Mandiant subsidiary is attacked by new industrial control systems(ICS) malware. The hackers shut down plant operations by targeting emergency shutdown systems.

Schneider Electric’s Triconex Safety Instrumented System (SIS) controllers were targeted specifically. The researchers are calling the malware Triton. The operations were shut down during reconnaissance performance by attackers.

“FireEye has not connected this activity to any actor we currently track; however, we assess with moderate confidence that the actor is sponsored by a nation state,” the researchers wrote. “The targeting of critical infrastructure as well as the attacker’s persistence, lack of any clear monetary goal and the technical resources necessary to create the attack framework suggest a well-resourced nation state actor.”

Russian, Iranian, North Korean, U.S. and Israeli state actors may be behind the attacks. “Intrusions of this nature do not necessarily indicate an immediate intent to disrupt targeted systems, and may be preparation for a contingency,” the researchers mentioned.

Phil Neray, vice president of industrial cyber security at CyberX, mentioned that his company believes the targeted plant was in Saudi Arabia, which would likely mean that Iran was responsible for the attack.

“It’s widely believed that Iran was responsible for destructive attacks on Saudi Arabian IT networks in 2012 and more recently in 2017 with Shamoon, which destroyed ordinary PCs,”

Neray said. “This would definitely be an escalation of that threat because now we’re talking about critical infrastructure — but it’s also a logical next step for the adversary.”

Chris Morales, head of security analytics at Vectra, mentioned that an attack like this was all but inevitable. “The connectivity and integration of traditional information technology with operational technology — IT/OT convergence — is increasing exponentially,” he said.

“The IoT and IT/OT convergence is accelerated by the speed of business and the implementation of AI to drive decisions in ICS environments,” Morales added. “In addition, more ICS devices are running commercial operating systems, exposing ICS systems to a wider swath of known vulnerabilities.”

____________________________________________________________________________________________

AlertSec ACCESS is a patent pending technology designed to check that devices are encrypted before access to a network is granted.

New Google Patch for Android

December 2nd, 2017

Google released possibly its final Android security update for 2017. The latest patch addresses at least 42 different vulnerabilities which includes 11 flaws in the media framework (five are critical remote code execution issues).

“The most severe vulnerability in this section could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process,” Google warned in its advisory.

Libmedia and libstagefright components of the Android media framework is patched in every single security update provided by Google since August 2015. Google provided update every single month after the Stagefright vulnerability which was first publicly disclosed at Black Hat USA 2015.

“The state of the union for Android security is strong and I have spent time making sure it stays strong,” Adrian Ludwig said, the man who runs Android security for Google. “It’s not just about building a safe; it’s about building something that can react and respond to security quickly.”

In this new update, the critical remote code execution flaw in the system component is also addressed.

“We’re updating all Nexus devices — the Nexus 4, 5, 6, 7, 9 and 10 and even the Nexus players — and we’re patching for libstagefright,” Ludwig said. “This is the single largest mobile software update the world has ever seen.”

Security support will extend for three years from a time Nexus device appears in the market.

“The industry has looked at recent events and realized that it needs to move fast, and we need to tell people what we’re doing,” Ludwig said.

“The most severe vulnerability in this section could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process,” Google warned in its advisory.

Ludwig also mentioned that, “We’re taking an aggressive stance to see if an application is doing something wrong, and we’re working with the developers and the development process to make it right.”

 ___________________________________________________________________________________

AlertSec ACCESS is a patent pending technology designed to check that devices are encrypted before access to a network is granted.

DDoS Attack

November 29th, 2017

DDoS attack attempts on organizations was 237 per month or eight attack attempts a day in third quarter of 2017.

“The growing availability of DDoS-for-hire services is causing an explosion of attacks, and puts anyone and everyone into the crosshairs,” Corero CEO Ashley Stephenson said in a statement. “These services have lowered the barriers to entry in terms of both technical competence and price, allowing anyone to systematically attack and attempt to take down a company for less than $100.”

“Alongside this trend is an attacker arms race to infect vulnerable devices, effectively thwarting other attackers from commandeering the device,” Stephenson added. “Cyber criminals try to harness more and more Internet-connected devices to build ever larger botnets. The potential scale and power of IoT botnets has the ability to create Internet chaos and dire results for target victims.”

In second quarter of 2017, the attack leveraged multiple vendors “Often lasting just a few minutes, these quick-fire attacks evade security teams and can sometimes be accompanied by malware and other data exfiltration threats,” Stephenson said.

Sapio Research conducted survey on behalf of CDNetworks. It shows that 88 percent of U.S. respondents are confident in their current DDoS mitigation capabilities. Among them 69 percent got affected by DDoS attack within the past 12 months.

“The results show that most U.S. companies are mindful of the alarming recent rise in DDoS attacks, and are increasing their investment in mitigation technology in response,” CDNetworks Americas managing director Alex Nam said in a statement. “This has understandably led to a confidence in resilience. But when comparing alongside the frequency of DDoS attacks and the likelihood of their success, this confidence tips worryingly into complacency.”

There was increase in attack on gaming services and on platforms offering new financial services such as initial coin offerings (ICOs).

“Entertainment and financial services — businesses that are critically dependent on their continuous availability to users — have always been a favorite target for DDoS attacks,” Kaspersky head of DDoS protection Kirill Ilganaev said in a statement. “For these services, the downtime caused by an attack can result not only in significant financial losses but also reputational risks that could result in an exodus of customers to competitors.”

____________________________________________________________________________________________

AlertSec ACCESS is a patent pending technology. It is designed to enforce that devices are encrypted before access to a network is granted. Encrypted devices secure your data in case a device is lost or stolen.

Ransomware Attack and Phony Websites

November 23rd, 2017

ECKAAA

East Central Kansas Area Agency on Aging (ECKAAA) mentioned that they were affected by the ransomware attack.The incident left files encrypted and inaccessible to the company. Cybersecurity company is hired to investigate.

“The ransomware only affected portions of ECKAAA’s server; not every file stored on the server was encrypted,” the statement read. “Although not every file was encrypted, the ransomware perpetrators would have had access to every file stored on the attacked server. Based on its investigation, the company does not believe any data was removed from ECKAAA’s servers.”

Affected information includes names, addresses, and telephone numbers. They also may have contained names, addresses, telephone numbers, dates of birth, Social Security numbers and/or Medicaid numbers.

Facility mentioned that they have backups and the services are not hampered. As per the OCR data breach reporting tool, total 8,750 individuals possibly got affected by this incident.

“ECKAAA has also provided education to its workforce regarding ransomware, including, but not limited to, the importance of using robust passwords,” ECKAAA continued. “All passwords were changed following the ransomware incident. ECKAAA also intends to update its cybersecurity policies and procedures as necessary to prevent similar incidents in the future. As of October 30, 2017, no malicious activity has been detected.”

PHONY WEBSITES

The Recovery Institute of the South East, P.A. (RISE Therapeutic Services) mentioned that it was victim of cyber attack.

Organization said that certain individuals may have been contacted by websites that were claiming to be connected to RISE

“As of now we know that it was used to redirect any contact through the website, email, and also the phone number,” RISE stated. “Through Psychology Today it was confirmed that approximately 200 plus calls and 75 plus emails through their site were rerouted to an unauthorized individual who has yet to be identified.”

 ___________________________________________________________________________________

AlertSec ACCESS checks for full disk encryption on PCs running Windows 7, 8, and 10 Home, Pro and Enterprise as well as Mac OS El Capitan and Sierra. AlertSec ACCESS will also verify that all smartphones running iOS and Android are encrypted before access is granted.

Device Theft Incidents

November 20th, 2017

Brevard Physician Associates

Brevard Physician Associates mentioned that it was burglarized which possibly affected health data for 7,976 patients. The incident came to notice when the company saw tripped security alarm. An employee of the company found that three computers were missing.

Affected information included patient names, the names of patients’ insurance providers, the amount charged for the services provided, and the CPT codes of the services provided. However, patient addresses, dates of birth, telephone numbers, Social Security numbers, insurance ID numbers, and financial information were not included.

“We believe that the information contained on the stolen computers presents a minimal risk of future identity theft or financial fraud,” Brevard stated. “All three computers were password protected with strong passwords. Additionally, all of the data from all three computers will be automatically deleted upon their connection to the internet.”

Brevard also mentioned that it has “enhanced the security” at its office. Additional policies are in place to ensure it is “appropriately secured in the future.”

Martinsville Henry County

Martinsville Henry County (MHC) Coalition for Health and Wellness recently suffered data breach at Bassett Family Practice. The incident involved stolen laptop from the Bassett employee’s car.

Facility believe that the thief was after the laptop and not the information. As per the OCR data breach reporting tool, total 5,806 individuals may have been impacted.

Affected information includes patient names, dates of birth, account numbers, identity of providers, and/or details about patient visits with the practice. There is currently no indication that Social Security numbers or financial information was on the device.

“We are currently upgrading our IT security policies, procedures and related equipment to prevent future information from being stored on a laptop in an unencrypted manner,” Bassett said. “Please understand we value our relationship with you and take the security of your personal information very seriously. We have taken immediate steps and we will continue to evaluate our technology, policies and procedures in our efforts to prevent another occurrence such as this from happening in the future.”

 ___________________________________________________________________________________

AlertSec ACCESS is a patent pending technology. It is designed to enforce that devices are encrypted before access to a network is granted. Encrypted devices secure your data in case a device is lost or stolen. AlertSec ACCESS checks all computers and smartphones and detects all encryption types.

Ransomware Attack and Phony Websites

November 17th, 2017

ECKAAA

East Central Kansas Area Agency on Aging (ECKAAA) mentioned that they were affected by the ransomware attack.The incident left files encrypted and inaccessible to the company. Cybersecurity company is hired to investigate.

“The ransomware only affected portions of ECKAAA’s server; not every file stored on the server was encrypted,” the statement read. “Although not every file was encrypted, the ransomware perpetrators would have had access to every file stored on the attacked server. Based on its investigation, the company does not believe any data was removed from ECKAAA’s servers.”

Affected information includes names, addresses, and telephone numbers. They also may have contained names, addresses, telephone numbers, dates of birth, Social Security numbers and/or Medicaid numbers.

Facility mentioned that they have backups and the services are not hampered. As per the OCR data breach reporting tool, total 8,750 individuals possibly got affected by this incident.

“ECKAAA has also provided education to its workforce regarding ransomware, including, but not limited to, the importance of using robust passwords,” ECKAAA continued. “All passwords were changed following the ransomware incident. ECKAAA also intends to update its cybersecurity policies and procedures as necessary to prevent similar incidents in the future. As of October 30, 2017, no malicious activity has been detected.”

PHONY WEBSITES

The Recovery Institute of the South East, P.A. (RISE Therapeutic Services) mentioned that it was victim of cyber attack.

Organization said that certain individuals may have been contacted by websites that were claiming to be connected to RISE

“As of now we know that it was used to redirect any contact through the website, email, and also the phone number,” RISE stated. “Through Psychology Today it was confirmed that approximately 200 plus calls and 75 plus emails through their site were rerouted to an unauthorized individual who has yet to be identified.”

 ___________________________________________________________________________________

AlertSec ACCESS checks for full disk encryption on PCs running Windows 7, 8, and 10 Home, Pro and Enterprise as well as Mac OS El Capitan and Sierra. AlertSec ACCESS will also verify that all smartphones running iOS and Android are encrypted before access is granted.