Symtrex Inc.

Cyber Security Specialist

Call - 866-431-8972 | Send an Email | Request a Quote
Visit Us On FacebookVisit Us On TwitterVisit Us On Linkedin

Daniel Reardon on Cybersecurity and Health Care Industry

by

This is another great article from Lifars - posted February 3, 2017

Click here to read the full interview of Danial Reardon

Here is a snippet:

LIFARS: Could you tell us about overall risk in the face of ransomware attacks in healthcare industry?

Daniel: The overall risks to the healthcare industry regarding ransomware attacks are very high and they will continue to increase in 2017. While most industries have experienced their issues combating ransomware, the healthcare industry is being targeted more and more and with even greater precision. Why is this?

The healthcare industry and healthcare data affects human lives, and these organizations are in the business of doing whatever they can to help and protect human life. This makes healthcare data (PHI) absolutely mission critical to the nature of their business. These healthcare organizations must operate under HIPAA compliance to satisfy the healthcare data requirements.

I believe the increased risk from ransomware is because the secret is out that hospitals and healthcare organizations have been paying ransoms to get their encrypted data or systems back online. Healthcare organizations are submitting to these criminals, and are taking no chances at losing patient data, potential lawsuits, or even worse, putting human lives at risk.

There are examples out there where healthcare organizations have paid tens of thousands in ransom to get patient data back. Cyber criminals are aware of these payments, and they are using ransomware as their weapon to expose this policy weakness.

While healthcare organizations should primarily focus on preventing ransomware from getting on their networks in the first place, some organizations are paying the ransom because it is the quickest way to get their data back and or/a system back online. Delta Risk has had clients seek our advice on whether they should pay a ransom if they are impacted. While we advise highly not to pay a ransom, there are clients considering it as part of a contingency plan if such a problem where to occur on a mission critical system.

Paying ransoms has really created momentum in the ransomware risks to a healthcare organization. Paying a ransom doesn’t guarantee you will be able to even get the data back, and it will also put a bigger bullseye on the organization’s back as the criminals begin to target any paying organization more aggressively.

Another factor I believe attributed to the increase in ransomware attacks is the cryptocurrency bitcoin. Bitcoin has been a boon for criminals looking to make a quick buck, and it compliments ransomware extremely well. Bitcoin is a means for these criminals to blackmail healthcare organizations without much trace to the financial transaction. It has gotten easier to setup a bitcoin account, and to link a bitcoin account to the malware so that a ransom can distributed easily and anonymously. Bitcoin has perpetuated the spreading of ransomware with criminal intent for financial gain.

As more healthcare devices get integrated online, these devices will continue to expose healthcare organizations to more risks as their digital footprint expands. As the old adage goes, “There is no honor amongst thieves”, so I foresee the ransomware threat to healthcare industry to continue to develop and in a more tactical manner, without any mercy. Spearheaded ransomware that targets entire business functions or operational systems that are mission critical will continue to disrupt healthcare organizations. As long as the potential for profit is greater than the likelihood of getting caught, healthcare organizations will to continue to be a criminal’s primary target.

12 Endpoint Solutions for Corporate Networks under Windows 10 Put to the Test

by

From AV-Test

Microsoft’s offers to users yielded results: Windows 10 installations for corporate users are constantly increasing and have already reached roughly 25 percent worldwide. That’s why the experts at AV-TEST decided to examine 12 corporate solutions for Windows 10.

Normally companies are slow to upgrade to new systems. For Windows 10, however, this trend is moving more quickly than expected. The worldwide share of Windows 10 among all operating systems is already at 25 percent. That is almost four times the market share of Windows 8.1.

Yet even with the new Windows 10, companies cannot rely on the built-in resources when it comes to security. A good client and server security solution is indispensable here. AV-TEST examined 12 security solutions for corporate users in the categories of protection, performance and usability. The tests took place over a two-month period in November and December 2016.

Two products achieve a top rating

The products can score up to 6 points in each test phase. This means a maximum of 18 points can be achieved. If a product reaches 18 or 17.5 points, it is rated a “top product”. The solutions from Bitdefender and Kaspersky Lab (Small Office Security) garnered this special recognition. A total of four products attained excellent results of 17 points: the packages from Symantec, Seqrite, Trend Micro and Kaspersky Lab (Endpoint Security).

All other corporate solutions tested still delivered good results of 14.5 to 16.5 points. This is also the range achieved by the free Microsoft System Center Endpoint Protection module.

For the full report ->

BitDefender Perspectives - Outsider Attacks Give Nightmares To CIOs, CEOs, CISOs

by

Cyberattacks via mobile devices, physical security and malware top the list of threats that US companies are not ready to handle, according to a recent Bitdefender study.

Outsider attacks give nightmares to US CIOs, according to a Bitdefender survey of 250 IT decision makers at US companies with more than 1,000 PCs. The survey notes that outsider attacks, data vulnerability and insider sabotage are the main threats companies aren’t ready to handle.

CIOs also know that cybercriminals can spend large amounts of time inside organizations without being detected; Advanced Persistent Threats (APTs) are often defined as threats designed to evade detection.

Accessing any type of data, whether stored in the private or public cloud, needs to be done via multiple authentication mechanisms, Bitdefender’s security specialists recommend. This should involve more than just usernames and passwords. For access to critical data, two-factor or biometric data offers additional control and authorization of qualified and accepted personnel. This is especially significant in organizations where access to critical and sensitive data is restricted, and only then under strict security protocols and advanced authentication mechanisms.

Image Source: Bitdefender

Insider sabotage is the third threat IT decision makers can’t yet handle
“To limit the risks of insider sabotage and user errors, companies must establish strong policies and protocols, and restrict the ways employees use equipment and infrastructure or privileges inside the company network,” recommends Bogdan Botezatu, Bitdefender’s senior e-threat specialist. “The IT department must create policies for proper usage of the equipment, and ensure they are implemented.”

In the past two years, companies witnessed a rise in security incidents and breaches, with a significant increase in documented APT type of attacks targeting top corporations or government entities (such as APT-28). This type of attack intends to exfiltrate sensitive data over a long period, or silently cripple industrial processes. In this context, concerns for security are rising to the top, with decisions taken at board level in most companies.

According to the Bitdefender survey of 250 IT decision makers at US companies with more than 1,000 PCs, IT decision makers, CISOs and CEOs are all concerned about security, not only because of the cost of a breach (unavailable resources and/or money lost), but also because their company’s reputation is at risk when customer data is lost or exposed to criminals. The more media coverage a security breach receives, the greater the complexity of the malware causing it. On top of this, migrating corporate information from traditional data centers to a cloud infrastructure has significantly increased companies’ attackable surface, bringing new threats and more worries regarding the safety of the data.

The demand for hybrid cloud, a mix of public cloud services and privately owned data centers, is estimated to be growing at a compound rate of 27% a year, outpacing overall IT market growth, according to researcher Markets and Markets. The company said it expects the hybrid cloud market to reach $85 billion in 2019, up from $25 billion in 2014. (Read the full white paper here.)

This survey was conducted in October 2016 by iSense Solutions for Bitdefender on 250 IT security purchase professionals (CIOs/CEOs/ CISOs – 26 percent, IT managers/directors – 56 percent, IT system administrators – 10 percent, IT support specialists – 5 percent, and others), from enterprises with 1,000+ PCs based in the United States of America.

Razvan, a security specialist at Bitdefender, is passionate about supporting SMEs in building communities and exchanging knowledge on entrepreneurship.

4 Reasons Why You Should Take Ransomware Seriously

by

From Dark Reading - Dan Larson

The threats keep getting more sophisticated and the stakes keep getting higher. Is your organization ready to meet the challenge?

According to a recent ransomware report from the Institute for Critical Infrastructure Technology (ICIT), 2016 saw a wave of ransomware attacks that were increasingly sophisticated and stealthy. The FBI forecast that the haul from ransomware would reach a billion dollars last year, and it seems as if no industry is safe from being targeted. As ICIT reports, even critical infrastructure entities such as healthcare organizations have become prime targets, with hospitals in the US and Germany paying ransoms rather than risk their patients’ lives.

Why is this alarming increase occurring? ICIT argues that it’s due to the highly profitable nature of ransomware attacks coupled with inadequate enterprise defenses. Combined, these two factors are attracting a more advanced breed of cybercriminal who is motivated by the potential of a bigger payout, faster and more anonymous — and thus less risky — than the advanced persistent threat exploits often used to steal credit card numbers and other sensitive data.

Compounding these challenges is the fact that law enforcement agencies have not provided a unified response to the ransomware threat, in some cases advising victim organizations to pay the ransom to retrieve their data. At the same time, criminal hackers have developed ways to circumvent standard security measures such as sandboxing and intrusion prevention systems.

If that’s not enough to convince you, here are four more reasons to take ransomware seriously:

  1. Ransomware continues to evolve. Whether your organization is the victim of a ransomware exploit that encrypts files or a type that encrypts the master boot record and blocks access to an entire system, the standard solutions you have in place may not be enough to protect you. New variants of ransomware are continually being developed. They employ an array of techniques aimed at circumventing your security, including deleting Volume Shadow Copies, making it impossible to restore from backup files or avoiding detection by hiding in Microsoft macros or JavaScript files. The criminals who develop ransomware have become so sophisticated that many are offering ransomware as a service, widening the pool of potential victims.
  2. Standard security solutions may not protect you. Ransomware’s ability to quickly change and mutate utilizing polymorphic or fileless malware has exponentially increased opportunities for ransomware to find its way into your organization. Conventional endpoint protection that relies on signature-based detection isn’t up to the task of finding ransomware before it strikes. Adding solutions such as whitelisting, the ability to detect indicators of compromise, or machine learning can increase your protection, but in some cases will be unable to prevent an attack. And unlike malware infections that slowly exfiltrate your data so that postinfection detection may minimize loss, in the case of ransomware, prevention is often your only recourse. Once ransomware enters undetected, your data is immediately encrypted and inaccessible, or your systems are locked down.
  3. Compliance may be at stake. Most organizations retain sensitive data that is subject to regulatory legislation mandating its protection. When a breach happens and data is exposed, the victim organization must inform its customers and partners, and can incur substantial fines if regulations are affected. Ransomware attacks may not result in protected data being stolen, but organizations are still responsible for alerting all their constituents if an attack occurs. This can cause significant damage to an organization’s brand. As Dark Reading reports, the Federal Trade Commission (FTC) has come down hard on companies that fail to protect their customers’ data. FTC Chairperson Edith Ramirez recently suggested that a company’s failure to take action to prevent a ransomware attack could result in enforcement action — even if the company hasn’t been the victim of an attack.
  4. Data recovery can be complex and costly. The cost and complexity of recovering files after a ransomware attack are why many companies, particularly smaller organizations, choose to pay the ransom. Even with a comprehensive backup system, in today’s widely distributed organizations, files can be located across hundreds of devices. Though the attack may begin on one laptop, the ransomware could have access to other systems connected to the laptop, resulting in a costly drain on IT resources as they struggle to map and contain the damage. Even worse, if you’re the victim of a new ransomware variant that’s able to delete your backup files, recovery won’t be an option.

The Best Defense Against Ransomware
To combat the escalating level of ransomware sophistication, organizations need a multifaceted approach with complementary prevention and detection methods. One important method is to focus on indicators of attack (IoAs), a form of behavior-based detection that looks at the underlying actions taken by the threat rather than trying to pattern-match a new file to a signature. An IoA can prevent multiple variants and versions of ransomware families, including new ones not detectable by known signatures or features. Coupled with endpoint detection and response, machine learning, and proactive threat hunting by security experts, organizations can ensure that they have the prevention capabilities in place to alert teams of ransomware attempts before encryption can be initiated.

Major Cyberattacks on Healthcare Grew 63% in 2016

by

From Dark Reading - Kelly Sheridan

US hospitals lack new technologies and best practices to defend against threats, new report says.

Some 93 major cyberattacks hit healthcare organizations this year, up from 36 in 2015, new research shows.

TrapX Labs, a division of TrapX Security, found this 63% increase in attacks on the healthcare industry for the period between January 1, 2016 and December 12. Some may have been ongoing prior to Jan. 1, but for consistency, researchers only used official reporting dates to the Department of Health and Human Services, Office of Civil Rights (HHS OCR).

Among the largest attacks were those on Banner Health (3.6M records), Newkirk Products (3.4M records), 21st Century Oncology (2.2M records), and Valley Anesthesiology Consultants (0.88M records).

Sophisticated attackers are now responsible for 31% of all major HIPAA data breaches reported this year, a 300% increase over the past three years, according to the report. Cybercriminals were responsible for 10% of all major data breaches in 2014 and 21% in 2015.

Despite the rise in attacks, the number of records breached dropped to about 12,057,759. That said, so many millions of health records have been stolen that the value of individual records decreased this year, TrapX reported.

Researchers pinpointed two major trends from 2016: the continued discovery and evolution of medical device hijacking, which TrapX calls MEDJACK and MEDJACK.2, and the increase of ransomware across a variety of targets.

MEDJACK involves the use of backdoors in medical devices like diagnostic or life-support equipment. Hackers use emailed links, malware-equipped memory sticks, and corrupt websites to load tools into these devices, most of which run standard/older operating systems and proprietary software.

“Once inside the network, these attackers move laterally in search of high-profile targets from which they can ultimately exfiltrate intellectual property and patient data,” says Moshe Ben-Simon, co-founder and VP of services at TrapX Labs.

One successful penetration is often enough to give hackers access to the network, where they can find unprotected devices to host attacks, chat with humans, and access information. It’s difficult to mitigate the effects of MEDJACK; many hospitals don’t even know it happens.

“Unfortunately, hospitals do not seem to be able to detect MEDJACK or remediate it,” Simon explains. “The great majority of existing cyber-defense suites do not seem able to detect attackers moving laterally from these compromised devices.”

Ransomware attacks on large and mid-sized healthcare organizations have also become more diverse. The financial depth and criticality of operations make them easy targets. It’s one thing to close a business for one day; it’s entirely different to force a hospital shutdown.

A July 2016 survey conducted by Solutionary discovered healthcare is the industry most frequently targeted by malware, accounting for 88% of all detections in Q2. Hackers target healthcare because organizations will usually pay ransom for valuable patient data.

TrapX researchers predict ransomware will reach “unprecedented levels” next year as quick ROI, and easy access to untraceable money such as Bitcoin, make it easier for hackers to launch more attacks at once.

It’s one prediction among many that spell trouble for the healthcare industry in 2017.

Experts anticipate cyberattacks targeting the industry will continue to set records, as most hospitals are unaware of breaches and will remain vulnerable to advanced attacks via medical devices. Mid-sized healthcare businesses will be targeted more often, they predict.

However, more advanced equipment may not necessarily solve problems. The Internet of Things is expected to generate new attack vectors, as most IoT devices don’t have built-in security and don’t let third parties install protective software. If compromised, they provide a backdoor for hackers that can be used for months without hospitals noticing.

Going forward, healthcare organizations will be forced to implement sorely needed security practices. A study from the Healthcare Information and Management Systems Society (HIMSS) found most fail to adopt basic safeguards like anti-malware tools, firewalls, and encryption.

Even as major breaches make headlines, it’s difficult to get healthcare execs to tighten their focus on security.

“Traditionally healthcare providers are in the business of saving lives, so the IT security staffs have a difficult time competing for budget dollars,” says Lee Kim, HIMSS director of privacy and security. “As recent as five years ago, you would hear people saying that people wouldn’t want to attack a healthcare facility because they didn’t believe anyone would want to do harm to the patients.”