Symtrex Inc.

Cyber Security Specialist

Call - 866-431-8972 | Send an Email | Request a Quote
Visit Us On FacebookVisit Us On TwitterVisit Us On Linkedin

Profile

Archives for December 2016

Major Cyberattacks on Healthcare Grew 63% in 2016

by

From Dark Reading – Kelly Sheridan

US hospitals lack new technologies and best practices to defend against threats, new report says.

Some 93 major cyberattacks hit healthcare organizations this year, up from 36 in 2015, new research shows.

TrapX Labs, a division of TrapX Security, found this 63% increase in attacks on the healthcare industry for the period between January 1, 2016 and December 12. Some may have been ongoing prior to Jan. 1, but for consistency, researchers only used official reporting dates to the Department of Health and Human Services, Office of Civil Rights (HHS OCR).

Among the largest attacks were those on Banner Health (3.6M records), Newkirk Products (3.4M records), 21st Century Oncology (2.2M records), and Valley Anesthesiology Consultants (0.88M records).

The hippa compliance training is always recommended for any organization that requires it, regardless of size or annual budget. Everyone, from multibillion-dollar healthcare conglomerates to a country doctor with one administrative worker, must follow HIPAA training rules in order to protect patient data. However, even after all these measures, sophisticated attackers have now invaded that also. They are responsible for 31% of all major HIPAA data breaches reported this year, a 300% increase over the past three years, according to the report. Cybercriminals were responsible for 10% of all major data breaches in 2014 and 21% in 2015.

Despite the rise in attacks, the number of records breached dropped to about 12,057,759. That said, so many millions of health records have been stolen that the value of individual records decreased this year, TrapX reported.

Researchers pinpointed two major trends from 2016: the continued discovery and evolution of medical device hijacking, which TrapX calls MEDJACK and MEDJACK.2, and the increase of ransomware across a variety of targets.

MEDJACK involves the use of backdoors in medical devices like diagnostic or life-support equipment. Hackers use emailed links, malware-equipped memory sticks, and corrupt websites to load tools into these devices, most of which run standard/older operating systems and proprietary software.

“Once inside the network, these attackers move laterally in search of high-profile targets from which they can ultimately exfiltrate intellectual property and patient data,” says Moshe Ben-Simon, co-founder and VP of services at TrapX Labs.

One successful penetration is often enough to give hackers access to the network, where they can find unprotected devices to host attacks, chat with humans, and access information. It’s difficult to mitigate the effects of MEDJACK; many hospitals don’t even know it happens.

“Unfortunately, hospitals do not seem to be able to detect MEDJACK or remediate it,” Simon explains. “The great majority of existing cyber-defense suites do not seem able to detect attackers moving laterally from these compromised devices.”

Ransomware attacks on large and mid-sized healthcare organizations have also become more diverse. The financial depth and criticality of operations make them easy targets. It’s one thing to close a business for one day; it’s entirely different to force a hospital shutdown. For hospitals to prevent such attacks on their financial information, they may need secure and reliable Hospital revenue cycle management software. It is possible to neutralize most cyber-attacks with the help of such advanced technologies

A July 2016 survey conducted by Solutionary discovered healthcare is the industry most frequently targeted by malware, accounting for 88% of all detections in Q2. Hackers target healthcare because organizations will usually pay ransom for valuable patient data.

TrapX researchers predict ransomware will reach “unprecedented levels” next year as quick ROI, and easy access to untraceable money such as Bitcoin, make it easier for hackers to launch more attacks at once.

It’s one prediction among many that spell trouble for the healthcare industry in 2017.

Experts anticipate cyberattacks targeting the industry will continue to set records, as most hospitals are unaware of breaches and will remain vulnerable to advanced attacks via medical devices. Mid-sized healthcare businesses will be targeted more often, they predict.

However, more advanced equipment may not necessarily solve problems. The Internet of Things is expected to generate new attack vectors, as most IoT devices don’t have built-in security and don’t let third parties install protective software. If compromised, they provide a backdoor for hackers that can be used for months without hospitals noticing.

Going forward, healthcare organizations will be forced to implement sorely needed security practices. A study from the Healthcare Information and Management Systems Society (HIMSS) found most fail to adopt basic safeguards like anti-malware tools, firewalls, and encryption.

Even as major breaches make headlines, it’s difficult to get healthcare execs to tighten their focus on security. Perhaps, telehealth and cloud software can benefit to set necessary security measures since a lot of pre-designed healthcare software may come with existing safety standards. For instance, an ai medical transcription software that can let a doctor record online conversations with patients, track and document notes, as well as share prescriptions, etc., could have security measures incorporated in the application along with password access and other criteria.

Looking for and employing the right healthcare technology can resolve a lot of cybersecurity issues as long as the healthcare organization is well aware of what the basic necessities are for the complete protection of medical data.

“Traditionally healthcare providers are in the business of saving lives, so the IT security staffs have a difficult time competing for budget dollars,” says Lee Kim, HIMSS director of privacy and security. “As recent as five years ago, you would hear people saying that people wouldn’t want to attack a healthcare facility because they didn’t believe anyone would want to do harm to the patients.”

Anti-Malware Is Necessary In The Data Center: 3 Examples

by

By Jeremiah Grossman – Dark Reading

Simply because data center endpoints don’t have the same threat profile as general desktops doesn’t mean they don’t need anti-malware software. Here’s why.

People often ask about the value of anti-malware software on data center endpoints (to learn what a data center is, read the blog posts of Fortinet) such as Web servers, databases, file servers – the list goes on. This is a reasonable question because, with respect to malware, data center endpoints simply don’t have the same threat profile or business use-cases as general desktops, where users click on things all day, every day. Also, when endpoints don’t have all those pesky users, it would seem malware would have a much harder time getting onto data center endpoints. Yet, it happens all the time. How?

Before providing the best practices for a successful data center relocation, a security guidance is required. I would first like to share the most common attack patterns seen in the wild, and recommendations backed up by data. For this, I rummaged through the Verizon Data Breach Investigations Report (DBIR) 2016, which combines knowledge from more than 3,000 confirmed data breaches, and has a lot to say about malware usage. This report and its findings, some of which are further detailed, can be extremely helpful for people who are planning to set up their own data center, possibly with the assistance of personnel like Walt Coulston.

The figure below, from the DBIR, presents an insightful attack pattern. What’s happening is, through a variety of extremely common techniques, such as phishing and others, a user’s desktop is compromised and infected with malware. While the data on this particular compromised endpoint may not be of high value, the malware is used to harvest static credentials (user names and passwords) just the same.

Source: Verizon DBIR

The next step in the breach is often to leverage the stolen credentials to pivot across the network, logging into point-of-sale systems, databases, Web servers, and file servers – where the real crown jewels are located – and infecting them with malware for command and control, and data exfiltration purposes. Since the threat actor is using valid credentials to access these data center endpoints, and not exploits, intrusion detection alarm bells are less likely to be triggered. So, in this case, if anti-malware software had been installed on these endpoints, that’s one more effective security control a threat actor would have had to bypass in order to obtain what they were after.

Another topic the Verizon DBIR discusses is “secondary motives.” For example, threat actors will compromise Web servers in the data center, often through exploiting SQL Injection or a PHP Remote File Include, and implant malware on the endpoint. The malware will typically have a couple of common purposes separate from data exfiltration.

One purpose is what’s referred to as a watering hole attack. The threat actor selects a certain website to compromise and serves up malware to a particular set of users – their primary targets – who are likely to visit the website. Another purpose is for the malware to launch spam campaigns or DDoS attacks on more primary targets.

Websites often have far more computing resources and bandwidth at their disposal than a typical user PC, which makes them attractive targets. Again, if sufficient anti-malware technology had been installed on Web servers, it would have made it that much harder for the bad guys to establish a foothold, even though they successfully exploited a vulnerability.

– Also read: Decommissioning An Outdated Server With Professional Help.

Count of Hashes by Lifespans in Seconds

Image Source: Verizon DBIR

Source Verizon DBIR

These examples show how important anti-malware software would have been in protecting against these unwarranted attacks. When reviewing common attack patterns, anti-malware software absolutely has value in the data center. With the introduction of new, signature-free next-generation approaches that use machine learning and dynamic behavior tracking, organizations can deploy this technology in a minimally invasive manner.

This is crucial to understand. As the Verizon DBIR also said, and the figure above illustrates, “99% of malware hashes are seen for only 58 seconds or less.” If we can disrupt the way adversaries generally conduct their operations, we can make the biggest impact in protecting our systems.

The big cybersecurity trends that will likely continue through 2017

by

By George V Hulme – BitDefender

Predictions are never easy, and they are seldom right or very useful: but they are always fun. And as the holiday season is upon us and the New Year approaches so does the time of year reflection and, you guessed it: cybersecurity predictions.

Here’s my attempt at highlighting what I see as some of the bigger trends that are likely to keep security professionals struggling to keep up in the year ahead, and how I see these trends continuing.

Big cybersecurity trend 1: The information wars heat up

If cybersecurity taught us anything in 2016, it’s that data breaches can now be as much about the damage that can be wrought when private information is made public than data theft for financial gain or competitive advantage. The hacking of the Democratic National Committee (DNC) and email systems, for instance, brought the resignation of Debbie Wasserman Schultz as chairwoman of the DNC. Email server security also plagued candidate Hillary Clinton to the very end of her campaign to become the 45th President of the United States of America. And as 2016 was quite the eventful year when it came to cybersecurity, it’s forgivable to have forgotten Sigmundur Davíð Gunnlaugsson, Iceland’s Prime Minister, for having to step down because of the Panama Papers breach.

These types of events, where large amounts of data are made public as part of a whistleblowing campaign or to publicly embarrass some type of opponent in government or business, are going to increase. And they will continue to be extremely disruptive to our institutions and those who currently have power.

Big cybersecurity trend 2: Nation state meddling

We saw accusations of nation state driven data breaches increase this year. It was in the summer of 2015 that the Obama administration decided to retaliate against China for the theft of the personal information of more than 20 million Americans from the databases of the Office of Personnel Management. This year, U.S. Senator Marco Rubio (R-Fla.) warned Russia that there should be consequences to election meddling.

This is another trend that will continue, and the risks of a (hopefully) measured cyber-conflict exchange between nation states increases every year.

Enterprises need to understand if they are operating in a critical infrastructure industry (healthcare delivery, finance, power generation and distribution, manufacturing, etc.) or support such industry than they need to prepare for the possibility of getting caught in the crossfire.

Big cybersecurity trend 3: Fraud is dead, long live credit fraud

As the US, has deployed chip cards, and more people have embraced chip-enabled EMV cards and digital wallets such as Apple Pay and Google Wallet, point of sale system fraud rates have fallen, and this category of fraud is expected to continue to fall. However, card not present fraud was only $10 billion in 2014, it will be more than $20 billion by 2018.

According to this story, New Trends in Credit Card Fraud, in 2015, identity thieves moved from cloning counterfeit cards of existing accounts to opening new fraudulent accounts through identity theft. Expect that to continue, as well as more online fraud. Crime never goes away, it just moves to the paths of least resistance. One thing you could do is keep a consumer law attorney on retainer so that if any case of identity theft happens, it could be dealt with as swiftly as possible. These types of lawyers have experience with cybersecurity cases, and they could guide you through the process with deft and expertise.

This shift in cyber breaches also means fraudsters will take aim at your website systems, especially any that accept payments. Watch your online systems and look for ways to detect fraud, such as behavior analysis.

Big cybersecurity trend 4: The Internet of Things (IoT)

For a couple of years now, experts have been predicting that the Internet of Things was creating an emergent set of risks – but as with the rise of most new technologies the hype arrives long before reality. Unfortunately for us, the cybersecurity predictions around IoT began to come true in 2016. A big part of this is not only because these devices have been adopted by so many consumers, but they are also being embraced by enterprises. In fact, roughly 31 percent of organizations, per IDC’s Global IoT Decision Maker Survey, have launched an IoT initiative, with 43 percent planning to deploy IoT in the next twelve months. Most enterprises don’t view these initiatives as trials, but strategic.

This situation is going to get considerably worse. One of the biggest challenges with IoT isn’t enterprises securing these devices – it’s that the device makers are shipping inherently insecure devices. They are too often shipping with default passwords that don’t require they be changed, or communication with the devices doesn’t require proper authentication, firmware updates can occur without being properly signed. And the list goes on.

Organizations are going to continue to get hit by attacks directly attributable to IoT weaknesses, whether a continuation of distributed denial of service attacks – or by encroachments onto their networks made possible by IoT weaknesses.

Big cybersecurity trend 5: Regulatory upheaval

Government and industry regulations that affect cybersecurity are about to get volatile. In the European Union, IT will face data security and breach notification operational changes from the General Data Protection Regulation (GDPR). And in early 2018 the GDPR becomes a legal requirement. Many expect that the GDPR will increase the costs of doing business as new data protection measures are put into place to control how, who, and when data is accessed. For those who are new to the concept of GDPR or lack enough knowledge about the same, it might be prudent to click through to these guys to avail better consultancy services and understand every concept of GDPR.

Expect more data privacy and security harmonization changes, government surveillance law changes, as well as the potential for Internet of Things cybersecurity design and implementation regulations (maybe not next year for this one, but it’s likely coming soon.).

The regulatory landscape will be changing swiftly, and enterprises will need to be ready to have their security, privacy, and overall risk posture adapt.

The Top 8 Things to Analyze in Your Network to Detect a Compromised System

by

By LogRhythm – Rob McGovern

This paper, based in part on Rob McGoverns conversation with Randy Franklin Smith, describes common security threats and how to detect them through your network using Network Monitor Freemium.

In this paper, you can read about how to use Network Monitor to answer questions, such as:

  • Where is your network traffic going? Do you know all the outbound IP and URL destinations? Are they safe?
  • What is your network traffic? Does it behave properly? Do you have surprising protocols using well-known ports?
  • What’s going on with DNS? Are you missing security threats hiding in low-level chatty protocol?
  • What’s the frequency of your traffic? Do you have beaconing or C2 traffic hiding in the noise?
  • Are you sure you’ve got your security set up correctly? Can you verify that you aren’t seeing protocols or traffic that you think you’ve blocked?
  • Are you sure you are covered by DLP? Do you have personally identifiable information (PII) moving around your network in clear text?

To learn the top 8 indicators of a compromised system in your network traffic, download the whitepaper , “Detecting Compromised Systems: Analyzing the Top 8 Indicators of Threat Traffic.”

Malware Most Common Smart Hospital Data Security Threat

by

By Elizabeth Snell – HealthIT Security

The European Union Agency for Network and Information Security reviewed top smart hospital data security threats, mitigation techniques, and good practices.

Malware is the most common type of potential attack scenario for smart hospitals that poses a data security threat, according to a recent study from the European Union Agency for Network and Information Security (ENISA).

Smart hospitals have become more prevalent as Internet of Things (IoT) components support core functions of a hospital, ENISA stated in its study.

Information security is a key issue for these organizations, and malicious actions, human errors, system and third-party failures, and natural phenomena should all be considered as a potential threat. When healthcare organisations look to collaborate with third-party providers for medicare credentialing and other essential services, it is very important to keep information security and associated risks in mind. Both parties must keep the confidentiality of patient information at the helm of operational processes and data handling by implementing strong cybersecurity measures.

“The risks that result from these threats and corresponding vulnerabilities are typically mitigated by a combination of organisational and technical security measures taken by smart hospitals which comprise good practices,” the report’s authors wrote. “With respect to organisational measures, compliance with standards, staff training and awareness raising, a sound security organisation, and the use of guidelines and good practices are particularly relevant.”

ENISA investigated the current status of Smart Hospitals and related information security issues, focusing on deployments in the EU for the study.

Respondents included hospital representatives, industry representatives, and policy makers.

Along with malware, those surveyed said that device tampering, social engineering, denial of service attacks, and theft, were also top attack scenarios for smart hospitals.

Traditional hospitals may also be vulnerable to these types of attacks, researchers noted. However, the consequences can be much more severe in connected organizations.

“Protection becomes difficult because, with the high number of networked devices, many potential points of attack are emerging,” the report states. “The consequences become more severe because information systems and devices are more intensely connected within hospitals and across organisational boundaries.”

Respondents also rated threat categories according to their likelihood of occurrence on a scale from 1 (low likelihood) to 5 (high likelihood). Human errors were the most likely to occur, according to the survey, while a natural phenomena was given the lowest likelihood of taking place.

“With respect to human errors, user errors, non-compliance with policies and procedures and loss of hardware, for instance, were perceived as posing considerable risk to smart hospitals,” the researchers explained.

However, malicious actions, which include threats from malware, social engineering, hacking, denial of service and device tampering, were considered particularly critical for smart hospitals by a larger group of respondents than human errors.

Specifically, 77 percent of respondents said that malicious actions were a critical threat, while 70 percent said human errors were the top threat. Just over half of those surveyed – 53 percent – listed system failures as a critical threat.

ENISA recommended that hospitals establish effective enterprise governance for cybersecurity, and also provide specific IT security requirements for IoT components in the hospital. Conducting a risk assessment and vulnerability assessment was also recommended, which can be essentially necessary for US organizations under HIPAA regulations.

Industry representatives should perform the following measures to enhance smart hospital data security:

  • Incorporate security into existing quality assurance systems
  • Involve third parties (healthcare organisations) in testing activities
  • Consider applying medical device regulation to critical infrastructure components
  • Support the adaptation of information security standards to healthcare

Additionally, healthcare organizations that provide special services, such as for disabled people, can explore a free NDIS registration guide online and employ software to make progress notes, track patients, and provide care services through an app with quality security integration. This can ensure the complete safety of sensitive data with regard to patients as well as hospital administration.

Several of the healthcare security recommendations are also already being considered for US-based healthcare organizations.

For example, the National Health Information Sharing and Analysis Center (NH-ISAC), the Medical Device Innovation, Safety and Security Consortium (MDISS), and the U.S. Food and Drug Administration (FDA) Center for Devices and Radiological Health (CDRH) recently signed a memorandum of understanding to help organizations identify, mitigate, and prevent medical device cybersecurity threats.

The Information Sharing and Analysis Organization Standards Organization (ISAO SO) also released several documents in October 2016 on cybersecurity information sharing guidance, which focused on cybersecurity risks, incidents, and best practices. In terms of healthcare cybersecurity information sharing, one document discussed privacy and security aspects of cybersecurity risk.

“At a minimum, privacy considerations should include the individual members of an organization, the privacy of any individuals whose data may be included in cyber threat indicators to the extent provided by law, and a full range of other constituencies, customers, and individuals,” the document stated. “To adequately protect privacy while accomplishing the goals of an ISAO, it is important for the ISAO to provide guidance to members, participants, and ISAO staff that will be helpful in striking a balance between allowable sharing of cyber threat information and protecting privacy.”