Protected health information

Devices and Data Breach

December 24th, 2017

Pennsylvania-based Washington Health System (WHS) Greene mentioned that it suffered data breach due to missing external hard drive.

The device was used for Bone Densitometry machine. Facility mentioned that data of patients who underwent bone density studies at WHS Greene from 2007 until October 11, 2017 may have been present in the hard drive.

Affected information included certain patient information which includes patient names, height, weight, race, and gender information, medical record numbers and health issues may have been included for some patients. Social Security and financial information were not present.

WHS Greene mentioned that there are no signs of information misuse.

“Washington Health System Greene is committed to maintaining the privacy and security of patient information, including regular review and evaluation of the security of all processes in place,” WHS Green stated. “This unprecedented situation has our full attention and please be assured that we have taken and will continue to take steps to ensure that a breach of this nature will not happen in the future.”

As per the OCR data breach reporting tool, total 4,145 individuals may have been affected.

Data sold online in another breach

New Jersey-based Chilton Medical Center recently mentioned that an employee removed a computer hard drive. The person sold it on the internet. Hard drive was sold in the last month.

Patients treated May 1, 2008 to October 15, 2017 may have had their information present on the device.

Affected information included patients’ names, dates of birth, addresses, medical record numbers, allergies, and medications the patient may have received at Chilton Medical Center.

“During our investigation, we determined that the former employee removed other devices and assets from Chilton Medical Center to sell on the internet in violation of policy,” the statement explained. “While we currently have no indication that any of these devices or assets contain patient information, we continue to investigate this incident and, if we determine additional patients are affected, we will notify them as appropriate.”

____________________________________________________________________________________________

AlertSec ACCESS checks for full disk encryption on PCs running Windows 7, 8, and 10 Home, Pro and Enterprise as well as Mac OS El Capitan and Sierra.

IoT Security Skills in Energy Companies

December 5th, 2017

Inmarsat survey of senior IT decision makers from 100 large energy companies worldwide shows that fifty four percent need additional security skills to deliver successful IoT projects. Fifty three percent need to make significant investments to fulfill requirements.

Other findings include-

Only two percent mentioned that IoT do not create new challenges

Thirty percent said they have given special consideration for IoT in security apparatus

Fifty nine percent mentioned that their board has insufficient knowledge of IoT

“The core operations of energy companies have traditionally been insulated from the destructive cyber attacks that have destablized other industries, as they were not connected to the Internet,” Inmarsat senior director for energy Chuck Moseley said in a statement. “But with the advent of IoT, more and more parts of their infrastructure are being connected, creating new vulnerabilities and risks.”

“Worryingly, our research shows that many energy businesses lack the security processes and skills to address these new vulnerabilities,” Moseley added. “This needs to be quickly addressed, and it must be driven by senior leadership within energy businesses, to ensure that they do not miss out on the huge potential value that IoT can bring to the energy sector.”

Another survey conducted by CyberX study of 375 industrial networks worldwide shows that thirty one percent are connected to the public Internet. Seventy six percent are running outdated and unpatchable operating systems like Windows XP and Windows 2000.

“Most of these ICS/SCADA sites were built years ago, long before the proliferation of Internet connectivity and the need for real-time intelligence,” the report states. “The key priorities were performance and reliability rather than security.”

“We don’t want to be cyber Cassandras — and this isn’t about creating FUD — but we think business leaders should have a realistic, data-driven view of the current risk and what can be done about it,” CyberX CEO and co-founder Omer Schneider said in a statement.

 ___________________________________________________________________________________

AlertSec ACCESS checks for full disk encryption on PCs running Windows 7, 8, and 10 Home, Pro and Enterprise as well as Mac OS El Capitan and Sierra.

Ransomware Attack and Phony Websites

November 17th, 2017

ECKAAA

East Central Kansas Area Agency on Aging (ECKAAA) mentioned that they were affected by the ransomware attack.The incident left files encrypted and inaccessible to the company. Cybersecurity company is hired to investigate.

“The ransomware only affected portions of ECKAAA’s server; not every file stored on the server was encrypted,” the statement read. “Although not every file was encrypted, the ransomware perpetrators would have had access to every file stored on the attacked server. Based on its investigation, the company does not believe any data was removed from ECKAAA’s servers.”

Affected information includes names, addresses, and telephone numbers. They also may have contained names, addresses, telephone numbers, dates of birth, Social Security numbers and/or Medicaid numbers.

Facility mentioned that they have backups and the services are not hampered. As per the OCR data breach reporting tool, total 8,750 individuals possibly got affected by this incident.

“ECKAAA has also provided education to its workforce regarding ransomware, including, but not limited to, the importance of using robust passwords,” ECKAAA continued. “All passwords were changed following the ransomware incident. ECKAAA also intends to update its cybersecurity policies and procedures as necessary to prevent similar incidents in the future. As of October 30, 2017, no malicious activity has been detected.”

PHONY WEBSITES

The Recovery Institute of the South East, P.A. (RISE Therapeutic Services) mentioned that it was victim of cyber attack.

Organization said that certain individuals may have been contacted by websites that were claiming to be connected to RISE

“As of now we know that it was used to redirect any contact through the website, email, and also the phone number,” RISE stated. “Through Psychology Today it was confirmed that approximately 200 plus calls and 75 plus emails through their site were rerouted to an unauthorized individual who has yet to be identified.”

 ___________________________________________________________________________________

AlertSec ACCESS checks for full disk encryption on PCs running Windows 7, 8, and 10 Home, Pro and Enterprise as well as Mac OS El Capitan and Sierra. AlertSec ACCESS will also verify that all smartphones running iOS and Android are encrypted before access is granted.

Government of Canada Plans to Set CyberSecurity Policy

November 14th, 2017

The growing trend of attacks is worrying every corner of the world. Like other parts, Canadians are also at risk from cyber attack. The Government of Canada plans to fight this battle. They are implementing various measures to stop the attacks. At the SecTor conference here, Colleen Merchant, Director General for National Cyber Security at Public Safety Canada, explained the steps taken.

Merchant mentioned that government agencies will have different responsibilities for cyber security. The Royal Canadian Mounted Police (RCMP) is tasked to handle law enforcement and related investigations. Public Safety Canada handles the Canadian Cyber Incident Response Center (CCIRC).

“CCIRC also has a responsibility for coordinating the overall national response to significant cyber events affecting critical systems in Canada,” she said.

Public Safety Canada also provides helping hands to set policy for cyber security. Merchant mentioned that the role of policy is to help assess challenges and help to formulate overall approaches that work at a national level.

The Government of Canada has released its Cyber Security Strategy manifesto in 2010 which consists of  three core pillars including: securing government systems, partnering to secure vital system outside of the federal government, and helping Canadians to be more secure online.

“From 2010 and going up to 2020 we have committed $431.5 million for investment and improvement into cyber security,” Merchant said.

Government of Canada has taken views from various entities while drafting policy for cybersecurity. Merchant said that there was the need for more privacy, collaboration and skilled cyber security personnel.

“We are recognizing that cyber-security has become a source for economic prosperity,” Merchant said.

“The Government can’t solve all problems but we can find ways to force-multiply, by providing all partners with direction and to set out national-level objectives that we can all work toward,” she said.

____________________________________________________________________________________________

AlertSec ACCESS checks for full disk encryption on PCs running Windows 7, 8, and 10 Home, Pro and Enterprise as well as Mac OS El Capitan and Sierra. AlertSec ACCESS will also verify that all smartphones running iOS and Android are encrypted before access is granted.

DHS and FBI warns of APTs Targeting

October 27th, 2017

The U.S. Department of Homeland Security (DHS) and Federal Bureau of Investigation (FBI) have recently mentioned in a statement that an advanced persistent threat (APT) campaign is specifically targeting government entities and organizations. The affected entities are energy, nuclear, water, aviation and critical manufacturing sectors.

Attackers are targeting low security networks and third party suppliers.

“Based on malware analysis and observed [indicators of compromise], DHS has confidence that this campaign is still ongoing, and threat actors are actively pursuing their ultimate objectives over a long-term campaign,” the alert mentioned

Attackers use public website tor phishing attack.

“As an example, the threat actors downloaded a small photo from a publicly accessible human resources page,” the report states. “The image, when expanded, was a high-resolution photo that displayed control systems equipment models and status information in the background.”

Hackers try to steal login information through security loopholes.

“Although these watering holes may host legitimate content by reputable organizations, the threat actors have altered them to contain and reference malicious content,” the alert mentioned.

“Approximately half of the known watering holes are trade publications and information websites related to process control, ICS, or critical infrastructure.”

Attackers conduct reconnaissance operations after getting into system.

“Specifically, the threat actors focused on identifying and browsing file servers within the intended victim’s network,” the alert states. “The threat actors viewed files pertaining to ICS or Supervisory Control and Data Acquisition (SCADA) systems.”

In one case hackers got inside energy installation systems.

Virsec Systems CEO Atiq Raza told eSecurity Planet that attack has common pattern “Rather than directly attacking high security networks, hackers are doing careful reconnaissance of connected third parties, staging servers or watering holes for insiders,” he said. “Once hackers steal credentials, or find a less secure backdoor, they can quickly pivot to more secure servers, bypassing traditional network perimeter security.”

“IT security needs to assume the perimeter is porous and focus more directly on guarding sensitive applications and data,” Raza added.

____________________________________________________________________________________

AlertSec ACCESS is a patent pending technology designed to check that devices are encrypted before access to a network is granted. Encrypted devices secure your data even if they are lost or stolen.

Fast Flux Botnets is a Security Risk

October 8th, 2017

Attackers use many techniques which is hidden in nature. Akamai research mentioned that a botnet with over 14,000 IP addresses uses fast flux DNS technique to avoid detection. It is technique which uses Domain Name System (DNS) to hide the source of an attack.

Multiple sets of IP address are rapidly swapped in and out of the DNS records which avoids detection. Most of the attack are coming from eastern Europe.

“No attribution to a specific attacker, but the research shows that the majority of botnet IP addresses are from Ukraine, Romania and Russia,” Or Katz, Principal Lead Security Researcher, Akamai, told eSecurityPlanet.

Botnets have been using fast flux techniques earlier which includes the zBot and Avalanche networks.

It is not a new technique. The focus of the research conducted by Akamai is to show analysis using data science approaches.

“According to the evidence we were able to collect, we assume that the botnet infrastructure is based on compromised machines and the machines that are associated with the botnet are constantly changing,” Katz said. “The fast flux technique being used is abusing the features of DNS in a way that serve their objectives.”

Akamai has not given the specifics of the attack.

“While tracking fast flux botnet is challenging, it is possible to do so by using algorithms that capture the fluxing behavior by looking on the relevant features, and this can lead to detecting such networks out-of-the-box,” Katz said.

One can detect botnets attack by having threat landscape visibility along with DNS and web traffic monitoring.

“Fast flux botnets are using domain names as the way for communication with malware,” Katz said. “Having algorithms that can track those domain names, once they start to become active, can reduce the effectiveness of such botnets.”

____________________________________________________________________________________________

AlertSec ACCESS checks for full disk encryption on PCs running Windows 7, 8, and 10 Home, Pro and Enterprise as well as Mac OS El Capitan and Sierra. AlertSec ACCESS will also verify that all smartphones running IOS and Android are encrypted before access is granted.

Office Workers Not Sure of Phishing Attack

September 12th, 2017

Intermedia recent survey of more than 1,000 U.S. office workers has astonishing results. Fourteen percent do not have detailed knowledge about phishing attack or they can’t differentiate phishing email. Twenty-one percent are a victim of a phishing attack.

Thirty-four percent are company owners or executive managers who are a victim. Twenty-five percent are IT, workers.

Intermedia vice president of security and privacy Ryan Barrett mentioned that it is required to talk to employees more than considering it as a threat — otherwise, traditional education can actually lead to a false sense of security.

“Instead, companies need to offer regular interactive IT security training, simulate security incidents to help employees detect and prevent cyber attacks, and talk about the risks when big data breaches are in the news,” Barrett mentioned.

A Bitglass survey of 129 hackers at Black Hat 2017 has below findings –  

Fifty-nine mentioned phishing is the best strategy for data exfiltration

Malware and ransomware ranking second at 27 percent

“Phishing and malware are threats made all the more potent by cloud adoption and the ease with which employees can share corporate data,” Bitglass vice president of product management Mike Schuricht said in a statement.

Other survey conducted by Bromium of 500 CIOs in the U.S., U.K. and Germany found that fully 99 percent of respondents see end users as “the last line of defense” against hackers, and are spending an average of $290,033 per large enterprise on employee education in response.

“While end-users are often the easiest target for hackers, the idea that they should be ‘the last line of defense’ for a business is simply ridiculous,” Bromium CTO Simon Crosby said in a statement. “The fact is, most employees are focused on getting their jobs done, and any training will go out the window if a deadline is looming.”

“Instead of wasting time on user education policies, protect your users,” Crosby suggested. “Let them click with confidence. If they get attacked, let it happen, but do so in a contained environment. By isolating applications in self-contained hardware-enforced environments, malware is completely trapped. Users are free to download attachments, browse websites and click on links without fear of causing a breach.”

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

New Cyber Security Strategy – Deceiving the Deceivers

September 5th, 2017

New cyber security battle is fought in a new way. Deception is the old strategy used in business, warfare and politics. It is now implemented in IT security.

Cyber criminals are long using deception policy to gain information. Now, new generation start-ups are using the same idea to avoid them. They are confusing the attackers by masking the real system.

“The idea is to mask real high-value assets in a sea of fake attack surfaces,” said Ori Bach, VP of products and marketing at TrapX Security. “By doing so, attackers are disoriented.”

Once attackers enter the system through malicious ways, they are free to roam inside. As per the Gartner analyst Lawrence Pingree, attackers must “trust” the environment that they insert malware into.

“Deception exploits their trust and tempts the attacker toward alarms,” said Pingree. “Deception also can be used to move an attacker away from sensitive assets and focus their efforts on fake assets – burning their time and the attacker’s investment.”

The main aspect is to manage real user endpoint lures.

“Distributed deception platforms (DDP) are solutions that create faked systems (often real operating systems, but used as sacrificial machines), lures (such as fake drive maps and browser histories) and honeytokens (fake credentials) on real end-user systems to entice and mislead the attacker to faked assets in order to enhance detection and to delay their actions as they attack those decoy assets,” wrote Pingree.

Experts believe that deceptive technology must not only create honeypots but a whole system to make it real.

“Ideally, organizations can use DDP solutions to create ‘intimate threat intelligence’ and use that to enrich their other tools to enhance prevention at the network and other security defensive layers,” said Pingree.

“Since you never know where you might be attacked, the ideal deception strategy should cover as many layers of the network and as many types of assets as possible,” said Bach. “For a deception tool to be effective in an enterprise environment, it must be integrated with the infrastructure (e.g. Active Directory, the networking infrastructure) and the security ecosystem.”

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

IoT Security Bill

August 2nd, 2017

This week the Internet of Things Cybersecurity Improvement Act of 2017 was introduced by a bipartisan group of U.S. senators. The rules sets minimum conditions and requirements for the security of Internet-connected devices purchased by the U.S. government. It also provides legal protections to security researchers.

Features:

(1) Devices which are connected to the internet should be patchable

(2) Industry standard protocols should be implemented

(3) Hard-coded passwords that can’t be changed should be leveraged

(4) Security vulnerabilities should not be present

It also asked the Office of Management and Budget to create alternative security conditions for devices with limited data processing and software functionality.

As per the bill, the definition of an Internet-connected device “is capable of connecting to and is in regular connection with the Internet,” and “has computer processing capabilities that can collect, send, or receive data.”

“While I’m tremendously excited about the innovation and productivity that Internet of Things devices will unleash, I have long been concerned that too many Internet-connected devices are being sold without appropriate safeguards and protections in place,” Sen. Mark Warner said in a statement.

“This legislation would establish thorough, yet flexible, guidelines for Federal Government procurements of connected devices,” Warner added. “My hope is that this legislation will remedy the obvious market failure that has occurred and encourage device manufacturers to compete on the security of their products.”

Arxan Technologies VP EMEA Mark Noctor hopes that other government will also follow “While there has been useful work in the area from bodies such as ENISA in Europe, it appears that an act of law is the best way to get vendors to ensure security,” he said.

“While the focus on basic measures such as password management is a good starting point, we’d also like to see future legislation build on this to require more advanced security measures, such as using code hardening to protect a connected device’s software from being broken into and reverse engineered for malicious purposes,” Doctor said.

Security research is also provided legal protections.

“I’ve long been making the case for reforms to the outdated and overly broad Computer Fraud and Abuse Act and the Digital Millennium Copyright Act,” Sen. Ron Wyden said in a statement.

“This bill is a bipartisan, common-sense step in the right direction.”

“This bill is designed to let researchers look for critical vulnerabilities in devices purchased by the government without fear of prosecution or being dragged to court by an irritated company,” Wyden added. “Enacting this bill would also help stop botnets that take advantage of Internet-connected devices that are currently ludicrously easy prey for criminals.”

____________________________________________________________________________________________

No server, IT knowledge or training is needed as everything is included in an Alertsec subscription.

Kmart Attacked by Hackers Again

June 9th, 2017

Kmart suffered another data breach when its server was attacked by hackers.

“Our Kmart store payment data systems were infected with a form of malicious code that was undetectable by current anti-virus systems and application controls,” a Kmart FAQ on the data breach states. “Once aware of the new malicious code, we quickly removed it and contained the event.”

Sears Holdings owns Kmart. It has not mentioned the number of affected card holder in the statement. Also, the location impact is also not disclosed. But it mentioned that only card information got breached.

“All Kmart stores were EMV ‘Chip and Pin’ technology enabled during the time that the breach had occurred and we believe the exposure to cardholder data that can be used to create counterfeit cards is limited,” the company stated. “There is no evidence that kmart.com or Sears customers were impacted nor that debit PIN numbers were compromised.” 

This is the second breach in three years. Security of the card is crucial and online shops are finding it difficult to secure.

“Consumers should monitor the transactions on any account linked to credit or debit cards they have used in a Kmart store and report any fraudulent transactions to their bank as soon as they are identified,” Capps said. “Given the brisk migration to a chip-and-pin system, we are unlikely to see the stolen credentials used for in-person payments, but they can be used for online transactions. “

 In 2014, Kmart was affected by malware.

 “We will likely find that this attack started with a stolen credential, used to inject the malware into Kmart’s networks,” Nir Polak, CEO of security vendor Exabeam mentioned. “In this modern operating environment, better behavioural analysis — focused on both use of credentials and on the system processes that are spawned from malware — is the best way to detect and shut down these attacks.”

____________________________________________________________________________________________

 Alertsec encryption is powered by Check Point and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.