[metaslider id=2951] … Read More
Phishing Attacks – A Concern for Healthcare
Healthcare continues to remain susceptible to cyber attacks – specifically phishing, whether it is to obtain private health information or disable their networks with a ransomware attack.
The healthcare industry relies heavily on their connectivity, probably more so than other industries and the impact of such breaches is devastating not only for the facility, but also for those who may have their personal information out in the wild. In some instances the phishing attacks are extremely sophisticated and even with training, it may still pass the inspection. A multi-layered security approach must be considered, including training, as well as endpoint protection and detection.
Contact us for more information.
Healthcare IT News – Two Phishing Attacks on Minnesota DHS Breach 21,000 Patient Records
Almost all business report being hit with an email-borne attack, survey
The almost total pervasiveness of phishing scams and other email-based attacks can be seen in a recent survey that found almost 90 percent of the cybersecurity executives saying their company was hit with an attempted or successful email-based cyberattack in the last year.
The Barracuda survey found employers are experiencing more email attacks with 81 percent seeing an increase in the last year, and 25 percent of those describing the increase as being dramatic. This is leading to the cost of mitigating costs with 81 percent seeing a jump in cost with 22 percent describing the price rising dramatically.
The price that must be paid in the wake of an attack is not just monetary. Sixty-seven percent of those surveyed said an email incident forced their IT team to divert needed resources from other priorities to deal with an attack; employee productivity was interrupted said 61 percent and 10 percent reported that their firm’s reputation took a hit.
Having sensitive corporate information stolen was judged to be the most costly kind of attack, followed by ransomware and business email compromise. When it came to recovering from a ransomware attack 12 percent of the companies decided their only option was to pay the ransom with the remaining 88 percent declining to do so. Interestingly, enterprise-size businesses were more likely to pay compared to small and medium-size operations.
“Based on how pervasive ransomware attacks have become, along with the accompanying media coverage, it’s somewhat surprising to see such a small percentage of companies paying. Perhaps it’s actually a glimmer of hope: maybe organizations had comprehensive backup solutions in place and were able to rapidly recover critical data without paying,” the report stated.
Thirty-five percent of the surveyed executives said their firm had been hit with a ransomware attack in the last year with 75 percent of those individual saying the malware was delivered via email, 32 percent from the web and 23 percent through network traffic.
Banking Trojans replaced Ransomware as top email-based payload in Q1
The concept of infecting targeted users with banking trojans has been so successful in the recent past that in the first quarter of 2018, banking trojans overtook ransomware as the top malicious payload distributed through email.
The concept of infecting targeted users with banking trojans has been so successful in the recent past that in the first quarter of 2018, banking trojans overtook ransomware as the top malicious payload distributed through email.
In all, banking trojans accounted for 59 percent of all malicious email payloads in the first quarter of 2018 which also saw email-based malware attacks rise significantly. A new report from Proofpoint has shown that the number of firms receiving more than 50 email-based malware attacks grew by 20 percent compared to in the last quarter of 2017.
Aside from injecting banking trojans that are designed to obtain confidential information about customers and clients using online banking and payment systems, hackers are also distributing information stealers, downloaders, remote access Trojans (RATS), and other banking malware via emails to steal credentials and to use them to commit fraud or theft.
Cyber-criminals are also leveraging sophisticated malware that are adept at defeating a majority of anti-malware protections installed on targeted systems. For example, Emotet, a polymorphic malware that has the ability to evade over 75 percent of antivirus engines, has been used in 57 percent of all banking malware attacks and 33 percent of all malicious payloads in Q1.
“Trojans are effective because they exploit weaknesses on different levels. Fraudsters often bait unsuspecting users to click on links in emails that seem to be legitimate, which lead them to a fake website or to download a malicious app,” said Gerhard Oosthuizen, CTO at Entersekt to SC Magazine UK.
“These fakes can look frighteningly real, and the emails baiting users often mimic the bank’s official communications in design and tone. It makes it very hard for users to know when an email, the site they’re clicking through to, or the app they’re downloading, is legitimate.
Phishing Attack Bypasses Two-Factor Authentication
Hacker Kevin Mitnick demonstrates a phishing attack designed to abuse multi-factor authentication and take over targets’ accounts.
Businesses and consumers around the world are encouraged to adopt two-factor authentication as a means of strengthening login security. But 2FA isn’t ironclad: attackers are finding ways to circumvent the common best practice. In this case, they use social engineering.
A new exploit, demonstrated by KnowBe4 chief hacking officer Kevin Mitnick, lets threat actors access target accounts with a phishing attack. The tool to do this was originally developed by white hat hacker Kuba Gretzky, who dubbed it evilginx and explains it in a technical blog post.
It starts with typosquatting, a practice in which hackers create malicious URLs designed to look similar to websites people know. Mitnick starts his demo by opening a fake email from LinkedIn and points out its origin is “llnked.com” – a misspelling people will likely overlook.
Those who fall for the trick and click the email’s malicious link are redirected to a login page where they enter their username, password, and eventually an authentication code sent to their mobile device. Meanwhile, the attacker can see a separate window where the victim’s username, password, and a different six-digit code are displayed.
“This is not the actual 6-digit code that was intercepted, because you can’t use the 6-digit code again,” Mitnick says in the demo. “What we were able to do was intercept the session cookie.”
With the session cookie, an attacker doesn’t need a username, password, or second-factor code to access your account. They can simply enter the session key into the browser and act as you. All they have to do is paste the stolen session cookie into Developer Tools and hit Refresh.
It’s not the first time 2FA has been hacked, says Stu Sjouwerman, founder and CEO at KnowBe4. “There are at least ten different ways to bypass two-factor authentication,” he explains in an interview with Dark Reading. “They’ve been known about but they aren’t necessarily well-published … most of them are flying under the radar.”
These types of exploits are usually presented as concepts at conferences like Black Hat. Mitnick’s demo puts code into context so people can see how it works. This can be used for any website but an attacker will need to tweak the code depending on how they want to use it.
To show how the exploit can make any site malicious, Sjouwerman sent me an email tailored to look like it came from Kelly Jackson Higgins, reporting a typo in an article of mine:
When I clicked the link, I ultimately ended up on Dark Reading but was first redirected to a site owned by the “attacker” (Sjouwerman). In a real attack scenario, I could have ended up on a truly malicious webpage where the hacker could launch several different attacks and attempt to take over my machine. Sjouwerman sent a screenshot of what he saw while this happened:
Event types go from processed, to deferred, to delivered, to opened.
“You need to be a fairly well-versed hacker to do this – to get it set up and have the code actually working,” he notes. This is a one-on-one attack and can’t be scaled to hit a large group of people at the same time. However, once the code works, the attack is fairly simply to pull off.
“You need to have user education and training, that’s a no-brainer, but you also have to conduct simulated phishing attacks,” Mitnick says in his demo.
Sjouwerman emphasizes the importance of putting employees through “new school” security awareness training, as opposed to the “death by PowerPoint” that many employees associate with this type of education. Instead of putting them through presentations, he recommends sending them phishing attacks and conducting online training in the browser.
Ransomware Attacks Double for Second Year in a Row
Dark Reading – Sara Peters – News
Outside attackers still the biggest problem – except in healthcare.
After doubling in 2016, the frequency of ransomware attacks doubled again in 2017, according to findings in the latest Verizon Data Breach Investigations Report (DBIR).
The 2018 DBIR is the 11th edition of the report, and includes data not only from forensic investigations conducted by Verizon, but also 67 contributing organizations. In total, the report covers analysis on over 53,000 incidents and 2,216 breaches from 65 countries.
Ransomware was found in 39% of the malware-related cases covered in the report. Dave Hylender, Verizon senior network analyst and co-author of the report, says he was “a bit surprised” at an explosion of that magnitude.
The type of targets is changing as well. “When we first started seeing [ransomware], it was smaller organizations, one desktop, one laptop,” says Hylender. “Now it’s more widespread and affecting critical systems,” including servers.
Further, attackers are using ransomware for more than collecting ransom payments. They’re also employing ransomware to distract, disrupt, or destroy – as part of a multi-pronged attacks or a ransomworm like NotPetya, for example.
“There are a lot of things that are going under the guise of ransomware,” says Hylender. He cites an example in which an attacker requested payment, but made it almost impossible for themselves to decrypt the data even if they receiveed the payment; the goal was definitely to disrupt or wipe data.
“I think [ransomware] is growing because it’s continuing to work, but that kind of attack is [also] one of the reasons it’s growing,” he says.