security

Massive New Ransomware Attack

June 29th, 2017

Recently world suffered a massive WannaCry attack. Now new ransomware attack was launched using same Windows vulnerability. Ukraine is the most affected country affecting government, transport systems, banks and power utilities and companies like WPP, pharma giant Merck, manufacturing company Saint-Gobain, and Russian steel and oil giants Evraz and Rosneft.

One WPP subsidiary has asked staff to turn off and disconnect all Windows machines as it was a victim of “massive global malware attack, affecting all Windows servers, PCs and laptops.”

Shipping company Maersk tweeted, “We can confirm that Maersk IT systems are down across multiple sites and business units due to a cyber attack. We continue to assess the situation. The safety of our employees, our operations and customers’ business is our top priority.”

Merck tweeted “We can confirm our company’s computer network was compromised today as part of the global hack. Other organizations have also been affected. We are investigating the matter and will provide additional information as we learn more.”

Kaspersky Lab researchers mentioned that it is entirely new threat and named it as NotPetya.

“Organizations in Russia and the Ukraine are the most affected, and we have also registered hits in Poland, Italy, the UK, Germany, France, the U.S. and several other countries,” the researchers mentioned. ”This appears to be a complex attack which involves several attack vectors. We can confirm that a modified EternalBlue exploit is used for propagation at least within the corporate network.”

Jake Kouns, CISO at Risk Based Security mentioned that the attack by WannaCry should have been taken seriously. “Unfortunately, the fast spread of Petya makes it pretty clear that regardless of the reasons for not updating systems, whether they were valid or not, many companies were unable to properly address things the first time around,” he said.

He added that unpatched software is at risk.

“It is critical that all organizations which are able to apply patches for these known vulnerabilities,” he said. “If there is some legit reason for this not being possible, it is imperative to take other precautions and implement compensating controls to protect their systems and mitigate the risk.”

“Companies need to rapidly adopt a much more continuous strategy around patching and security testing, along with a robust disaster recovery plan that gets tested frequently.”Cybric CTO Mike Kail mentioned.

Netskope co-founder and CEO Sanjay Beri said the implications could be massive. “The Petya ransomware attack should serve as an urgent warning for the U.S. — we need a plan in place and the administration has to stop dragging its feet on hiring a Federal CISO,” he said.

“Worse than the recent WannaCry attack, the Petya ransomware campaign is targeting critical infrastructure which, according to an MIT report, is essentially defenseless against cyber criminals,” Beri added. “If this attack reaches us — and given the rate and manner with which it’s spreading it’s only a matter of time — the country’s critical infrastructure is at enormous risk of shutting down.”

“The extortion model is here to stay,” the report states. “More stable growth, which is at a higher level on average, could indicate an alarming trend: a shift from chaotic and sporadic actors’ attempts to gain foothold in [the] threat landscape to steadier and higher volumes.”

___________________________________________________________________________________________

The Alertsec service protects everything stored on the computer such as Word, PowerPoint, Excel, Outlook, Gmail, Photos, Credit Card data files etc. 

U.S Election Systems Attacked by Russian Hackers

June 22nd, 2017

Thirty-nine states were hit by Russian hackers prior to the 2016 U.S. election. In Illinois, hackers got access to the database and tried to delete or alter voters data. A software was also accessed which was used by poll workers on Election Day.

“Last year, as we detected intrusions into websites managed by election officials around the country, the administration worked relentlessly to protect our election infrastructure,” Eric Schultz, spokesman for former President Barack Obama, told Bloomberg.

“Given that our election systems are so decentralized, that effort meant working with Democratic and Republican election administrators from all across the country to bolster their cyber defenses.”

A former senior U.S official mentioned that Russians now possess knowledge of U.S. election systems prior to the next presidential election.

“The U.S. must start putting precautions in place today that assures voter data and election systems are protected, or else history is bound to repeat itself.”Seclore CEO Vishal Gupta said.

Federal agents found traces of hacking into the database. Many states refused to cooperate with the agency.

“It’s laughable how systems we thought were immune to attack were so woefully under-secured.” Venafi chief security strategist Kevin Bocek said.

“We’ve seen this with ATMs and POS systems,” Bocek added. “The finance and retail industries have effectively responded to their own deep vulnerabilities, and now state, local and federal governments need to respond in the same way to protect voting systems.”

“Without a record of who is accessing, changing or deleting data, it’s virtually impossible to detect the compromise,” he said. “It’s not hard to imagine a scenario where voter data has been compromised but has gone undetected due to lack of auditing or evidence of a breach.”Varonis vice president of field engineering Ken Spinner said

“It’s more important than ever to monitor file activity and user behaviour, so that if an outside party is attempting to manipulate or delete information — as happened in Illinois — that activity is able to be flagged and investigated right away,” Spinner added.

“Whether you’re a small company or a national government, the best risk reduction is to limit access to those who need it the most, keeping sensitive data locked down, and to monitor data access so that when something suspicious happens, you can catch it before it turns into global headlines,” Spinner said.

____________________________________________________________________________________________

The Alertsec service protects everything stored on the computer such as Word, PowerPoint, Excel, Outlook, Gmail, Photos, Credit Card data files etc. Perhaps, most importantly, your login credentials to cloud applications are protected. 

New SiteLock Application to Protect WordPress

June 19th, 2017

WordPress open-source publishing is the popular platform for companies. It has also attracted cyber criminals. Sites face attacks frequently. SiteLock, a Scottsdale, Ariz. website security vendor has started private beta of its new SMART Database (SMART/DB) solution. This application scans detects and automatically removes spam and malware from WordPress databases.

 SiteLock was formed in 2008. President Neill Feather mentioned that company specializes in helping small and midsized businesses (SMBs) mount a defence against cyber attackers. It also provides easy-to-deploy web application firewall (WAF) and distributed denial-of-service (DDoS) mitigation capabilities. SMBs to strengthen their WordPress deployments are also implemented.

 Operating a website is a risky affair in the current cybersecurity landscape.

“On average, websites face over 8,000 attacks per year from cyber criminals trying to steal valuable resources such as website bandwidth, traffic, and customer data. Popular, well-recognized websites that utilize e-commerce or a large number of interactive features or plugins can be obvious targets for cyber attacks and are often reported in mainstream media,” Feather said.

 “According to SiteLock data, websites using 10 to 20 plugins are two times more likely to be compromised than the average website, and websites linking to Twitter, Facebook and LinkedIn accounts are 2.5 times more likely to be compromised than the average website.”

 Many small business owners do not pay much attention towards cyber security but the trend of attacks is increasing.

 “In fact, 43 percent of all cyber attacks targeted small businesses in 2016,” Feather informed. “Given that the majority of small businesses manage or maintain their own websites, they typically aren’t aware of the time or resources required to ensure adequate protection against ever-evolving security threats such as malware and other vulnerabilities.”

 “It’s important to understand that any website, regardless of the number of features or amount of traffic, is constantly at risk,” he added.

 Many WordPress websites face attack today.

 “As most WordPress websites include customer engagement features such as blog comments, blog contributors, and content aggregation, this emerging malware monitoring technology keeps comments and posts clean from spam, ensuring site content is search engine friendly and is most valuable for visitors,” Feather said. “SMART/DB also mitigates other database malware like malicious redirects and backdoors, ultimately keeping website visitors safe.”

____________________________________________________________________________________________

 Alertsec Endpoint Encrypt is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Security of the end point devices

June 15th, 2017

A Recent survey conducted by Ponemon Institute shows that Sixty-three percent of participants are not able to monitor endpoint devices after they leave the corporate network. Fifty-five percent of endpoint devices contain sensitive data.

Absolute sponsored the survey which also contains below findings –

Fifty-six percent of participants don’t have a cohesive compliance strategy

Seventy percent mentioned that they have a below average ability to limit endpoint failure damages

Twenty-eight percent use automated analysis and inspection for determining compliance.

“It’s clear that enterprises face real visibility and control challenges when it comes to protecting the data on corporate endpoints, ensuring compliance and keeping up with threats,” Ponemon Institute chairman and founder Dr Larry Ponemon said.

The number of malware-infected endpoints devices has increased in the past one year. Also, forty-eight percent are not happy with their endpoint security solution.

“The trends that drove the extraordinary activity in 2016 are continuing unabated in 2017,” Risk-Based Security executive vice president Inga Goddijn said in a statement. “We have seen the return of widespread phishing for W-2 details, large datasets continue to be offered for sale, and misconfigured databases remain a thorny problem for IT administrators.”

Another survey by SACA shows that fifty-three percent reported an increase in cyber attacks. There is a general rise in data breaches.

“There is a significant and concerning gap between the threats an organization faces and its readiness to address those threats in a timely or effective manner,” ISACA board chair Christos Dimitriadis said in a statement. “Cyber security professionals face huge demands to secure organizational infrastructure, and teams need to be properly trained, resourced and prepared.”

Many believe there should be a rise in the budget for the security.

“The rise of CISOs in organizations demonstrates a growing leadership commitment to securing the enterprise, which is an encouraging sign,” Dimitriadis said. “But that’s not a cure-all. With the number of malicious attacks increasing, organizations can’t afford a resource slowdown. Yet with so many respondents showing a lack of confidence in their teams’ ability to address complex issues, we know there is more that must be done to address the urgent cybersecurity challenges faced by all enterprises.”

___________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Records available online due to flaw in the system

May 29th, 2017

Molina Healthcare had patients’ medical claims online. The duration of the breach is not clear. Also, the reason behind the leak is also not available. Investigative reporter Brian Krebs received tip about the breach.

According to the reports, customer could see other customers’ medical claims only by changing a single number in the URL. There was no requirement of the authentication.

“It’s unconscionable that such a basic, Security 101 flaw could still exist at a major healthcare provider today,” Krebs wrote. “However, the more I write about these lame but otherwise very serious vulnerabilities at healthcare firms the more I hear about how common they are from individual readers.”

Records did not include Social Security numbers. Affected information included patient names, addresses and birthdates, as well as diagnosis, medication and medical procedure information. Molina said that it has fixed the problem.

“Because protecting our members’ information is of utmost importance to Molina and out of an abundance of caution, we are taking our ePortal temporarily offline to perform additional testing of our system security,” the company said. “Molina has also engaged Mandiant to assist the company in continuing to strengthen our system security.”

World focus remains on cyber threats like WannaCry but many organizations lack basic security, Bitglass CEO Nat Kausik mentioned. “This is especially true in the heavily regulated healthcare industry,” he said. “Molina Healthcare is just one example of an IT oversight that led to massive exposure of PHI.”

“Healthcare organizations are major targets and will see any and all flaws exploited by malicious individuals,” Kausik added. “As healthcare organizations make patient data more accessible to individuals and new systems, they must make information security their top priority.”

There is increase in data breach this year.

“Unauthorized disclosures continue to tick up and are now the leading cause of breaches as data moves to cloud and mobile and as external sharing becomes easier. Unauthorized disclosures includes all non-privileged access to PII or PHI,” the report states. “Hacking and IT-related incidents doubled year-over-year, an indication that malicious actors are not letting up and are increasingly aware of PHI’s high long-term value.”

____________________________________________________________________________________________

Alertsec is powered by Check Point and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

Security Patch at Twitter

May 24th, 2017

One can send message to anyone using ‘@‘ from any given account in Twitter platform. But this arrangement is challenged by a security bug. Security researcher who goes by alias ‘Kedrisch’ reported this bug to the twitter through Twitter’s bug bounty program run by Hackerone.

“The reporter discovered a flaw in the handling of Twitter Ads Studio requests which allowed an attacker to tweet as any user,” the Hackerone bug report states. “By sharing media with a victim user and then modifying the post request with the victim’s account ID, the media in question would be posted from the victim’s account.”

Kedrisch also provided detailed writeup on the flaw and the steps to discover the vulnerability. The process involves intercepting the owner_id and user_id parameters and using it as a part of the GET and POST actions.

The bug allowed hackers to publish post through any user. Twitter mentioned that the vulnerability was not exploited.

“As former appsec tech lead for twitter, I’ll just say I’m not shocked this was in code from the ads team,” security researcher Charlie Miller wrote in a Twitter message.

Miller has won the famous Pwn2own hacking competition. He is also one who hacked iPhone first time.

Miller responded to one of his team mate, “if a team is responsible for the vast majority of security issues, maybe they should feel not awesome?”

Twitter awarded Kedrisch with $7,560 for the disclosure of the bug. Kedrisch has also disclosed the bug in the twitter platform in December 2016. He got $1,120 for a low severity bug. The ethical hacker also got $1,260 in Oct 2016 for reporting disclosure flaw in the publish.twitter.com. This particular bug was rated as medium security issue.

Kedrisch received three other bounties totaling $1,540 which was not publicly disclosed.

____________________________________________________________________________________________

The Alertsec service protects everything stored on the computer such as Word, PowerPoint, Excel, Outlook, Gmail, Photos, Credit Card data files etc.

Keeping sensitive information from leaks

April 11th, 2017

Today companies needs to keep the data very secure due to need of protecting corporate data and  also regulations which require consumer data to be protected. EU General Data Protection Regulation (GDPR) are increasing the fines for non compliance. It is daunting task for companies to comply with regulations.

“I can see the difference from before GDPR and after GDPR,” he said of companies scrambling to shore up data leaks. “Even if I have a tiny office somewhere, I need to check for confidential data.” And automating this scrutiny is the only way to effectively manage it.” said Angel Serrano, senior manager of advanced risk and compliance analytics at PwC UK in London.

What is DLP?

ISACA mention it “data leak prevention”.

Gartner calls it “data loss protection” or “data loss prevention”.

It prevents unauthorized users from sending sensitive data.

“DLP is not one thing, like a tomato,” GBT Technologies co-founder Uzi Yair said, referring to GBT’s enterprise suite of products. In addition to more traditional practices such as scanning endpoints, network and storage as well as policy management and workflow tools, it includes an information rights management (IRM) policy server that applies file-level control over who has access to what, where – it might be solely on-premises – and when.

Recent reports on DLP has below highlights:

  • An average of 20 data loss incidents occur every day all around the world
  • Eighty three percent of organisations have security solutions but still thirty three percent suffer from data loss
  • DLP detects incidents and has regular expressions, dictionary-based rules, and unstructured data for breach detection.
  • Many facilities use DLP only for email instead of full business applications

DLP takes two forms:

  • Agent software for desktops and servers, physical and virtual appliances for monitoring networks and agents, or soft appliances for data discovery
  • Integrated DLP products that may offer more limited functionality

“All these web applications like Google Drive and Office 365 are integrating with other satellite applications,” said Krishna Narayanaswamy, founder and chief scientist at Netskope.” Salesforce uses Google Drive as a place to store files. DocuSign can put documents in Google Drive. You need to be at all the points where data is going into these applications. You need to be able to inspect that data at rest and determine who uploaded that data. Also inspect and apply policies to outgoing email.”

Many companies do not use new ways.

“The new generation considers email a dinosaur. They go to social media – Twitter, LinkedIn, Facebook – you have to cover those as well. More and more communication is coming via SSL, and that’s a big blank spot that many DLP vendors have not considered,” Narayanaswamy said.

“When you look at the web, there are many reasons for sending data from inside to the outside,” Narayanaswamy said. “Modern applications constantly post information about how users are using the application, response times, and so forth, to improve user experience. When you look at every post transaction, there’s a potential for many false positives,” which have been the bane of DLP.

___________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by CheckPoint and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

Ransomeware attack at ABCD

April 8th, 2017

ABCD Pediatrics recently suffered ransomware attack. According to the statement, a virus was inserted to gain access to the healthcare organization’s servers. Patient data was encrypted in the process. Facility contacted IT personnel to take all servers offline. It is conducting detailed analysis.

Experts came to conclusion that this particular type of virus has likely not removed the information from the server.  Facility also mentioned that user accounts may have been accessed through it’s network. Affected information includes names, addresses, phone numbers, dates of birth, Social Security numbers, insurance billing information, medical records, and lab reports.

As per the OCR data breach reporting tool, approximately 55,447 patients may have been affected. ABCD has successfully removed the virus from the system. Corrupted data was also removed from its servers. Secure backup of the facility is not affected and thus used to restore all impacted data. It also mentioned that no PHI was lost or destroyed in the incident.

“Also, please note that ABCD never received any ransom demands or other communications from unknown persons,” ABCD stated. “However, ABCD remains concerned because it discovered user logs indicating that computer programs or persons may have been on the server for a limited period of time.”

Facility has upgraded it cyber security monitoring program to stop future incidents. Call centre is setup for the affected patients.

“Patients also can place a fraud alert on their credit files with the three major credit reporting agencies. A fraud alert is a consumer statement added to one’s credit report. The fraud alert signals creditors to take additional steps to verify one’s identity prior to granting credit. This service can make it more difficult for someone to get credit in one’s name, though it may also delay one’s ability to obtain credit while the agency verifies identity.”

___________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Insider security breach at KY

April 2nd, 2017

Kentucky-based Med Center Health mentioned that a former employee accessed certain patient billing information without permission. As per the reports, facility found out that on two instances the person “obtained certain billing information by creating the appearance that they needed the information to carry out their job duties for Med Center Health.”

“The evidence we have gathered to date suggests that the former employee intended to use these records to assist in the development of a computer-based tool for an outside business interest which had never been disclosed to Med Center Health officials,” Med Center Health explained in its letter, signed by CEO Connie Smith.

Person accessed the data and copied it on encrypted CD and encrypted USB drive. Facility mentioned that the data is not related to work responsibilities of the employee. Affected information included Social Security numbers, health insurance information, diagnoses and procedure codes, and charges for medical services. Patients medical records were not copied.

Patients who were treated at The Medical Center Bowling Green, The Medical Center Scottsville, The Medical Center Franklin, Commonwealth Regional Specialty Hospital, Cal Turner Rehab and Specialty Care and Medical Center EMS between 2011 and 2014 got impacted.

Law enforcement asked the facility to delay its data breach notification process.

“We sincerely apologize for any concern and inconvenience this incident may cause you,” the letter read. “We continue to review the incident and to take steps aimed at preventing similar actions in the future. Those actions include re-enforcing education with our staff regarding our strict policies and procedures in maintaining the confidentiality of patient information.”

Facility did not mention the number of individuals affected. It has established a dedicated call center to answer patients’ queries.

As per the statement, “We are offering credit monitoring and identity protection services to eligible patients and enrollment instructions are contained in the letters sent to the patients. We also recommend that you review the explanation of benefits that you receive from your health insurer. If you see services that you did not receive, please contact your health insurer immediately.”

___________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by CheckPoint and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

Data breach due to computer virus

March 29th, 2017

Lane Community College (LCC) health clinic recently announced data breach when one of its technician  found a computer virus in the system. The incident has affected PHI of some patients.

As per the reports, virus was transmitting the names, addresses, phone numbers, diagnoses, and Social Security numbers to unidentified third party almost for a year. Facility has notified potentially impacted patients.

“We have no evidence that any of the information was transmitted (from LCC), but there’s the possibility,” LCC Vice President of College Services Brian Kelly said in a statement to the Register-Guard.

Facility conducted internal investigation. It checked 20 other computers at the health clinic. It concluded that only computer was infected with virus. The incident has affected 2,500 individuals.

LCC has advised patients to monitor their bank accounts. Suspicious activity or any threat should be reported to the police. The college health clinic also asked patients to report data breach to their banks, credit bureaus, and credit card companies.

July 2016 HIPPA Journal mentioned that, “Cyberattacks on healthcare organizations are now a fact of life.”

OCR breach portal do not include all the data breaches that are happening around. But the current breach reports gives us the idea of pattern –

48 data breaches were reported as unauthorized access

43 data breaches were attributed to hacking or network server incidents

37 breaches were caused by the loss or theft of devices used to store ePHI or the loss/theft of physical records

4 breaches were due to the improper disposal of records

Stolen records or exposed data includes pattern as below:

60% were due to hacking (2,703,961 records)

78% were due to loss/theft (1,342,125 records)

6% were the result of unauthorized access or disclosure (342,748 records)

63% were the result of improper disposal (118,594 records)

___________________________________________________________________________________

Alertsec provides a solid foundation on which organizations can build compliance program.