Ransomeware

Cyber Insurance - Is a must have - you will need it

Cyber Insurance - Is a must have - you will need it.

It’s every healthcare organization’s nightmare to get the call that their data has been breached or hacked. As a result, many have turned to cyber insurance to protect assets and business operations.

As cyber policies and carriers lack a universal policy, there’s an even greater worst case scenario: An organization is breached, and the policy doesn’t cover what the leaders thought it did. Now, not only is the healthcare provider strapped with the burden of the breach, it wasted money on a useless cyber insurance policy.

To get a better grasp on how to choose the right policy, Healthcare IT News asked attorney Matthew Fisher, partner with Mirick O’Connell, and Jane Harper, Henry Ford Health System’s director of privacy and security risk management, to outline the biggest policy mistakes -- and how to avoid them.

Mistake #1: Rushing the process

When buying a policy, a carrier will provide a questionnaire that will evaluate your organization’s security posture, program, tools and policies. The biggest mistake is to rush the pre-policy process to see the rates and what the carrier will cover, explained Fisher.

Organizations need to be conservative with how they answer the questions, as “it could be a ground for denial, if you don’t have the policies you said you have in place,” said Fisher. “You have to make sure you’re not unintentionally misleading the insurance company when it comes to coverage.”

Often these questionnaires attempt to create a black and white policy and “it can be tough to answer correctly,” explained Fisher.

“Your ability to be as transparent and truthful upfront is critical to the nonpayment discussion,” said Harper. “If you tell the insurance company that you have everything in place and are compliant, if you tell them that and then you have an issue, and you weren’t truthful, it ends up being a legal battle.”

“When you submit your checklist that they have you fill out, meet with the underwriter to make sure you understand what you’ve documented,” she added. “You also need the copy that was provided to the insurance company because it will come back into play when you submit the final documents.”

For example, if you say you have a specific control in place, and you actually don’t, Harper explained that can create a situation where “they thought they had an understanding of something, but they didn’t.”

“Be honest, transparent and accurate -- because they can deny your policy if you were inaccurate or misleading in your responses,” she said.

Mistake #2: Lax, incomplete risk assessment

It’s easier to prevent a misleading or false statement to an underwriter, when an organization has a strong assessment and inventory of the processes and tools on the system. But far too often, hospitals “don’t know everything about the control environment,” explained Harper.

“When you talk about protecting an system and preventing a cyber incident, you have to have a good understanding of the organization’s overall control environment,” Harper said. “It’s key, as the longer it takes you to identify that you’ve had an incident, it leads to more exposure and the longer it takes to recover.”

But it’s also important to remember to update this inventory or assessment when buying new tools, merging with other organizations, hiring new staff and the like, Harper explained.

“Think about all of the activities and operations that happen,” she said. “And every three years, you’re updating a cybersecurity checklist -- that may not be frequent enough.”

For example, Harper explained that an organization filling out the policy questionnaire may have all of the right elements in place. But if another tool was purchased and the controls weren’t updated or the control was removed and the underwriter was not notified, there could be a problem.

“If those controls played into how the underwriter rated you: that can be key,” said Harper. “Think about your own home: you get additional discounts when you have a burglar alarm. So if you get one, and let them know, you may get a lower rate…  But if you no longer have that control, you have to tell the carrier.”

“It’s the same kind of practice that we want to get into when we get into cyber insurance for our organization,” she added.

Mistake #3: Failing to involve the right people

Many organizations understand that security needs to exist outside of the IT team. In the same vein, it’s crucial when buying a cyber insurance policy that the same mentality is applied to make sure all of your bases are covered.

“Make sure you are talking to the right individuals,” Harper said. “The appropriate key stakeholders are not only involved with the evaluation process - how many patients, how much data, etc. -- but also the responses to the questions the policy is going to ask.”

“Risk folks typically talk about it as it relates to patients,” she continued. “Those folks are key, but in addition, you need your privacy and security risk professionals, security officers, IT leader, your key business leaders/owners and those driving the data. It’s key.”

Also crucial? Making sure the facilities team is involved, as there can sometimes be a cyber incident based on a physical issue. Harper explained that “often people tend to focus on things like electronic PHI, but there’s physical PHI. If there’s a break in at a warehouse and data is stolen, OCR considers that a breach.”

Mistake #4: Failing to understand coverage

Far too often organizations make large assumptions as to just what cyber insurance will cover. Fisher explained that these leaders are often shocked to learn that they did not receive the full spectrum of coverage they wanted.

“Relying on blind faith on those terms, or what the broker or agent is telling you is a major mistake,” said Fisher. “It’s always up to up to you to go into something with eyes fully wide open to make sure you know what you’re actually buying.”

Harper took it a step further and laid to rest a common misconception when it comes to coverage: “Insurance will not cover fines and penalties associated with noncompliance. If you’re not complaint, and you didn’t do risk assessments, cyber insurance won’t protect you from that, so don’t expect it.”

Risk Facing Financial Services

Risk Facing Financial Services

Financial services institutions have changed significantly over the last decade – from utilizing technology in new ways to stay competitive and drive efficiencies, to adapting business practices in light of the global financial crisis and recent narrow interest margin markets.

As these businesses evolve, they’re faced with a new range of exposures that can result in significant and lasting commercial costs, and traditional exposures come to light in a different context. Crime has also changed for these businesses, with a growing number of attacks against financial institutions taking place online and through digital means.

To better understand this changing landscape, we’ve outlined the top risks facing financial institutions today:

 

Social engineering and funds transfer fraud

Financial Services .jpg

Some of the most frequent cyber claims made by businesses in the past year involved funds transfer fraud and some form of social engineering. Funds transfer fraud is often carried about by criminals leveraging fraudulent emails or phone calls to request the transfer of funds from a legitimate account to their own. In some cases, fraudsters will pose as a senior executive appearing to give urgent instructions to a junior employee. While financial institutions have greater control processes, including separation of responsibilities, both banks and their clients are at risk of falling victim to these types of attacks, and as long as they continue to prove successful, we expect this threat to grow in both frequency and severity. Financial institutions should consider employee training on these newer forms of fraud, including how to identify phishing emails. Banks should also be concerned about their customers’ susceptibility to social engineering fraud, and should consider education campaigns where relevant.

 Adherence to post-crisis regulation

Following the mortgage crisis in 2007-2008 and the subsequent global financial crisis, the regulatory burden for banks has increased significantly. This brings additional costs when meeting these new requirements, along with higher potential penalties if an institution fails to comply. In many instances, resultant fines and penalties following regulatory failures are uninsured or uninsurable. Financial institutions should seek cover where regulatory enquiry costs and expenses are covered.

 Falling prey to predatory banking

Financial institutions have found themselves in a narrow interest margin environment, which means the pressure on banks to generate revenue from non-interest earnings is intense. In some cases, the desire to drive revenue through new or existing products has led to instances of selling inappropriate products to consumers, resulting in significant consumer claims. Institutions must ensure that their products are suitable and that they meet the needs of the consumer and the consumer’s expectations. It’s also important for institutions to ensure their remuneration policies do not inadvertently encourage the miss-selling of products. The fallout from consumer protection scandals can be costly not only from a legal and regulatory standpoint, but also in terms of damage to the brand.

 Reputational damage

Predatory banking is only one type of behavior that can bring reputational harm to financial institutions. Large institutions can suffer backlash for a variety of misdeeds made public, for instance the failure in anti-money laundering controls by Wells Fargo or HSBC, who were hammered in the media for their behavior. On a smaller scale, for regional and community-based institutions, the power of social media can mean that reputational damage spreads far faster than ever before.

 Systemic instability

Nearly a decade later, the effects of the global financial crisis are still being felt by financial institutions around the world. Recent concerns over Deutsche Bank’s operational cut backs and stock price decline have shown there is still uncertainty around the performance of even the biggest financial organizations. Additionally, recent instability in Europe – particularly in Italy and Spain, as well as the still incomplete negotiation – could have effect elsewhere, including the US, where European headquartered institutions such as Deutsche Bank, Barclays and HSBC are systemically significant institutions.

 Challenger banks and new technology

The traditional banking model is increasingly challenged by newcomers trying to use technology to replace existing processes and disrupt the status quo. In the UK and Europe, challenger banks are gaining steam and traction among younger generations and early adopters. In the US, there are few online-only challenger banks, but there is increasing competition from payment processors, online non-bank lenders and other providers who are edging their way towards areas conventionally controlled by banks. The risk for traditional institutions will not only be economic, but they will also need to provide more services to their clients to ensure they are competitive and relevant, and they may need to reassess their cyber exposure as they put more systems online.

 

HOW DOES RANSOMWARE WORK?

HOW DOES RANSOMWARE WORK?

  1. Ransomware infections occur when a user opens a malicious email attachment, clicks on a malicious link, or visits a website infected with malicious code, known as a drive-by download.

  2. Once a system is infected, the ransomware contacts a command and control (C2) server to generate an encryption key and begins encrypting files on the victim’s machine.

  3. The ransomware runs quietly in the background performing in-depth searches of all disk folders, including removable drives and network shares, and encrypts as many files as it can.

  • Ransomware may also delete Shadow Volume Copies, destroy restore points, and overwrite free disk space to prevent victims from recovering their files and systems without paying the ransom.

  • If a system is powered off as files are being encrypted, some ransomware variants resume where they left off when the system or device is powered on again.

After files are encrypted, a ransom note is displayed on the screen with instructions on how and where to pay the ransom and the length of time before the hacker or software destroys the decryption key.

  • Some recent variants offer victims a ‘second chance’ to pay after the initial timer expires; however, the ‘second chance’ is often at least double the original ransom amount.

  1. If the victim pays the ransom, the malware is supposed to contact the C2 server for the decryption key and begin decrypting the victim’s files; however, in many cases, the files are never decrypted.

  • Some ransomware files can delete themselves in order to avoid detection and analysis by security researchers or law enforcement.

CyberSecOP: Ransomware Remediation and Prevention Service

RANSOMWARE MITIGATION STRATEGIES

For many organizations, preventing ransomware entirely is nearly impossible, however, the impact of a successful infection can be greatly reduced if a robust data backup process is in place. Comprehensive data backups should be scheduled as often as possible and must be kept offline in a separate and secure location. The most effective method to prevent ransomware infections is to conduct regular training and awareness exercises with all employees to ensure users are proficient in safe Internet-browsing techniques and the ability to identify phishing emails. For specific recommendations for data protection, systems management, network management, mobile device management, and post-infection remediation.

Remediate Ransomware Attack - Ransomware Survival

 

Made famous by the WannaCry attack that crippled the NHS in 2017, ransomware is continuing to hit businesses.  According to security research firm Symantec, infections have steadily increased every year since 2013, reaching record levels in 2017.

Even over the last few months, ransomware has impacted multiple organizations, including the PGA of America, and the borough of Matanuska-Susitna in Alaska – where government workers were forced to use typewriters to carry out their daily tasks.

It is not surprising that governments are concerned about the impact of the malicious software, which locks a user’s device or data until they pay a ransom. In the UK, the National Cyber Security Centre (NCSC) has published advice on mitigating against ransomware. Meanwhile, the UK government’s behavioral change campaign for cybersecurity, Cyber Aware, promotes simple measures to stay more secure online.


RANSOMWARE REMEDIATION, RANSOMWARE PREVENTION, AND THREAT RESPONSE SERVICES


But according to security researchers, there has been a decline in ransomware compared to other threats including cryptomining. Yet the malicious software remains a very real risk: attacks are becoming fewer but more targeted. “The major difference between 2017 and 2018 appears to be a trend towards more targeted ransomware,” says Matt Shabat, strategy director at Glasswall Solutions. “Instead of seeking mass infections through relatively blunt means, threat actors are using more precise infection vectors to achieve initial compromise.”


Identifying ransomware

Ransomware comes in two types. The first encrypts the files on a computer or network; the second locks a user's screen. “Some ransomware will also act like a worm – as was the case with WannaCry – and once inside a network, will spread laterally to other machines without interaction by the attacker or the infected user,” says a NCSC spokesman.

Occasionally, malware is presented as ransomware, but after the ransom is paid the files are not decrypted. This is known as ‘wiper’ malware.

The ‘ransom’ is often demanded in a cryptocurrency such as Bitcoin as a prepaid card or gift voucher. In many cases the ransom amount is modest, a tactic designed to make paying the quickest and cheapest way to resume use.

Generally, if a firm is hit by ransomware, they will have no problem realising. Infected computers will be inaccessible because key files have been encrypted, with a ransom note displayed on-screen.

Most ransomware pops up a pay page, either in a text editor or on a browser, says Paul Ducklin, senior technologist at Sophos. “But a lot of it also changes your desktop wallpaper to a graphical image of the pay page.”

And sadly, the first sign of compromise may already be too late, especially if ransomware has spread network-wide and every desktop is hijacked, says Chris Boyd, malware analyst at Malwarebytes. “Much of it comes down to basic social engineering, and fake emails aimed at HR with dubious receipt attachments harboring an infection.”

Recognizing the warning signs: Ransomware and email phishing

Email still remains the top attack vector for all malicious activity, says Adenike Cosgrove, cybersecurity strategist, EMEA, Proofpoint. She says the easiest route for cyber criminals is to exploit the vulnerability of humans “through simple yet sophisticated social engineering tactics”. She explains: “Cybercriminals have found new ways to exploit the human factor — the instincts of curiosity and trust that lead well-intentioned people to play into the hands of the attacker. This could be in the form of a disguised URL or seemingly benign attachment, but all it takes is one click and the ransomware can take hold immediately.”

The majority of ransomware is spread via massive spam campaigns involving hundreds of thousands of emails sent daily, says Dick O'Brien, threat researcher at Symantec.

Ransomware may also be spread via websites compromised to host what’s known as an exploit kit. “This is a tool that scans the visitor’s computer to see if it’s running software with known vulnerabilities,” says O’Brien. “If it finds any, it will exploit one of these vulnerabilities to download and install ransomware on the victim’s computer.”

In a small number of cases, firms may be specifically targeted by groups who attempt to break into the company’s network and infect as many computers as possible before triggering the ransomware.

How to fight off ransomware

You’ve been hit. So, what do you do?

“A lot of ransomware is poorly coded, or master keys are leaked, and it's worth checking online to see if anyone has built a decryptor tool,” says Boyd. He says his firm Malwarebytes has released standalone versions for certain versions of Petya and Chimera, “and there's many more out there”.

Whatever you do, it is agreed that paying the ransom is a big mistake. Indeed, the National Crime Agency encourages industry and the public not to pay the ransom.

“We strongly advise not to pay the ransom, as it simply encourages the scammers to continue with their profitable business model,” agrees Boyd.

Jake Moore, cybersecurity specialist at ESET says he always advises against paying. “But I have seen CEOs with their heads in their hands asking me, ‘what else can we do?’ when they realise their resilience measures have also been attacked.”

Yet there is no guarantee that you will ever receive the data back and if you do, it might be damaged. “Funding cyber criminals also funds larger cyber-attacks, so it must be reiterated that paying won't always get make the issue go away,” says Moore.

Avoiding future attacks requires preparation such as incident response plans and educating employees.

organizations aren't training employees in security basics. “Perhaps they're not sending out emails warning about common scams, or maybe they aren't bothering with security tools known to prevent exploits and ransomware.”

Employees should be trained on how to spot attacks. This helps to avoid becoming a victim, and also means staff can raise the alarm straight away, says Rick Hemsley, managing director, Accenture Security. “Employees can become your strongest line of defense. Attackers will hit as many people in an organization as possible, and one click is all it takes. So, having a workforce of people ready to sound the alarm will help prevent that one click.”

Helen Davenport, director, Gowling WLG says it’s important to look for less obvious attacks. “Looking out for the less obvious attacks is highly advisable. If any hint of files being corrupted or encrypted is immediately addressed at the source, it will help to reduce the extent of an attack.”

It might seem obvious, but backup is integral. Even without other measures, firms would still be able to bring their files back with ease if they had a sensible backup process in place.

What is Botnet - Cybercriminals #1 Weapon

The word Botnet is formed from the words ‘robot’ and ‘network’. Cybercriminals use special Trojan viruses to breach the security of several users’ computers, take control of each computer and organise all of the infected machines into a network of ‘bots’ that the criminal can remotely manage.

Botnet Prevention- What is Botnet   

Botnet Prevention- What is Botnet   

 

How Botnets can impact you
Often, the cybercriminal will seek to infect and control thousands, tens of thousands or even millions of computers – so that the cybercriminal can act as the master of a large ‘zombie network’ – or ‘bot-network’ – that is capable of delivering a Distributed Denial of Service (DDoS) attack, a large-scale spam campaign or other types of cyberattack.

In some cases, cybercriminals will establish a large network of zombie machines and then sell access to the zombie network to other criminals – either on a rental basis or as an outright sale. Spammers may rent or buy a network in order to operate a large-scale spam campaign.

How to prevent your computer becoming part of a Botnet
Installing effective anti-malware software will help to protect your computer against Trojans and other threats.

Botnet.gif

Businesses Expansion of Attack Surfaces

One of the main reasons cyber risk continues to increase exponentially is due to the rapid expansion of attack surfaces – the places where software programs are vulnerable to attack or probe by an adversary. Attack surfaces, according to the SANS Institute, can include any part of a company’s infrastructure that exposes its networks and systems to the outside, from servers and open ports to SQLs, email authentication and even employees with “access to sensitive information.” It can also include user input via keyboard or mouse, network traffic and external hardware that is not protected by cyberhardening technology.

It would be easy to blame the Internet of Things (IoT) for the expanding attack surfaces, as Intel projects two billion smart devices worldwide by 2020. But in reality, the IoT is only part of the attack surface epidemic.

According to Cybersecurity Ventures, there are now 111 billion new lines of code written each year, introducing vulnerabilities both known and unknown. Not to be overlooked as a flourishing attack vector are humans, which some argue are both the most important, but also the weakest link in the cyberattack kill chain. In fact, in many cybersecurity circles there is a passionate and ongoing debate regarding just how much burden businesses should put on employees to prevent and detect cyber threats. What is not up for debate, however, is just how vulnerable humans are to intentionally or unintentionally opening the digital door for threat actors to walk in. This is most evident by the fact that 9 out of 10 cyberattacks begin with some form of email phishing targeting workers with mixed levels of cybersecurity training and awareness.

Critical Infrastructure Protection Remains a Challenge

Critical infrastructure, often powered by SCADA systems and equipment now identified as part of the Industrial Internet of Things (IIoT) is also a major contributor to attack surface expansion. Major attacks targeting these organizations occur more from memory corruption errors and buffer overflows exploits than from spear-phishing or email spoofing and tend to be the motive of nation states and cyber terrorists more so than generic hackers.

“Industrial devices are designed to have a long-life span, but that means most legacy equipment still in use was not originally built to achieve automation and connectivity.” The IIoT does provide many efficiencies and cost-savings benefits to companies in which operational integrity, confidentiality and availability are of the utmost importance, but the introduction of technology into heavy machinery and equipment that wasn’t built to communicate outside of a facility has proven challenging. The concept of IT/OT integration, which is meant to merge the physical and digital security of corporations and facilities, has failed to reduce vulnerabilities in a way that significantly reduces risk. As a result, attacks seeking to exploit critical infrastructure vulnerabilities, such as WannaCry, have become the rule and not the exception.

To date cyber criminals are winning? 

To date, critical infrastructure cybersecurity has relied too much upon network monitoring and anomaly detection in an attempt to detect suspicious traffic before it turns problematic. The challenge with this approach is that it is reactionary and only effective after an adversary has breached some level of defenses.

We take an entirely different approach, focusing on prevention by denying malware the uniformity it needs to propagate. To do this, we use a binary randomization technique that shuffles the basic constructs of a program, known as basic blocks, to produce code that is functionally identical, but logically unique. When an attacker develops an exploit for a known vulnerability in a program, it is helpful to know where all the code is located so that they can repurpose it to do their bidding. Binary randomization renders that prior knowledge useless, as each instance of a program has code in different locations.

One way to visualize the concept of binary randomization is to picture the Star Wars universe at the time when Luke Skywalker and the Rebel Alliance set off to destroy the Death Star. The Rebel Alliance had the blueprints to the Death Star and used those blueprints to find its only weakness. Luke set off in his X-Wing and delivered a proton torpedo directly to the weak spot in the Death Star, destroying it. In this scenario, the Death Star is a vulnerable computer program, and Luke is an adversary trying to exploit said computer program.

Now imagine that the Galactic Empire built 100 Death Stars, each protected by RunSafe’s new Death Star Weakness Randomization. This protection moves the weakness to a different place on each Death Star. Now imagine you are Luke, flying full speed toward the weakness in the Death Star, chased by TIE fighters, only to find that the weakness is not where the blueprint showed. The Rebel attack fails, and the Galactic Empire celebrates by destroying another planet. Similar to the Death Star scenario above, code protected with binary randomization will still contain vulnerabilities, but an attacker’s ability to successfully exploit that vulnerability on multiple targets becomes much more difficult.

 

Cyber Criminals Loves the Cloud (Hackers Cloud Life)

Are hackers smarter and more creative than cyber guardians? This is becoming the eternal question of the digital age. While we would like to think the protection of customer passwords and personal credentials is the job of IT experts, reports of recent data breaches now suggest we are losing the battle against online criminals. The situation at hand can be likened to a carjacker who enters a parking lot and simply strolls to the stall where all the keys are kept. The parking guard is mysteriously missing, and the keys are ripe for the taking, even to the big, expensive vehicles. This is essentially the situation hackers are now enjoying on the Cloud—a relatively unguarded and highly accessible environment.

Organizational growth and development have led to increased use of the Cloud, which has exacerbated the problem of compromised user data. Companies have essentially transferred VPN and cloud access credentials to available cloud storage. Hackers are sending bots to scour GitHub, the source code administration framework, searching for advanced access keys to Amazon Web Services and other cloud frameworks. In 2015, one indiscreet developer woke to discover his stolen keys were being utilized to run 140 AWS servers mining bitcoin. Indeed, even U.S. Intelligence facts, including security keys to access “distributed intelligence systems,” were also left exposed to the public suggest Bay Area security firm, UpGuard.

Further, even if credentials aren’t left in a discoverable location, hackers can break into a network and find unprotected or unencrypted keys lying around to gain access. In spite of the dangers, developers are still consistently putting away the digital assets and resources and even client data in the source code, setup documents, and different random, unencrypted areas. Not like run of the mill user who can remember their passwords or store them with a protected secret word, engineers and IT professionals regularly need to keep security credentials where automated programs can find them. What’s more, the sensitive information of ordinary clients is also being inadvertently left unattended on some organization networks, where hackers don’t have to work very hard for access.

SECURING THE CLOUD

Cloud managers are struggling to stop the leak of critical data. Sophisticated new cybersecurity tools designed to safely store these important credentials in a legitimate, automated way are looking to revamp accessibility by scanning uploaded files to the cloud storage to ensure passwords and keys aren’t exposed. According to industry experts, this effort is doing much to turn the tide of cybercrime.

Cloud managers are also trying to close the entryway leading to the exposure of more basic data. Refined new cybersecurity tools want to safely store these sorts of credentials in a genuine way that grants access to automated procedures but not hackers.

Armon Dadgar, founder and co-CTO of San Francisco-based software company HashiCorp explains, “Everyone knew this was a bad thing to do. It wasn’t like anyone had an illusion that keeping these credentials in plain text was smart or sane, but no one had a better answer.”

Amazon launched AWS Secrets Manager last month, its own credential management tool. This was followed by Microsoft’s Azure Key Vault which securely stores, monitors, and controls access to this kind of data. But even as these tools become available, companies with avid developers, all of whom have a wide array of remote tools using credentials, are being continually challenged by security issues. Christoffer Fjellström, a developer at Swedish security firm Detectify says, “The main problem is that companies really don’t have policies for it or they don’t follow up and make sure those policies are followed.”

Recent hacks have made it clear that few organizations can hope to keep their networks entirely free from intrusion. Dadgar goes on to explain, “Many companies paid less attention to the security of data within their firewalls. In that world, things like secret management were just less important. Does it matter that you have my database credential if you’re not on my network?”

Other new tools help detect if secure data is being sent and stored where it doesn’t belong. UpGuard, known for its frequent role in detecting leaks tied to data stored on insecure cloud machines, has released BreachSight which scours the internet for its clients’ exposed code, credentials, personally identifiable information, and other sensitive data.

“You might have this world-class team, but the project manager has an online Kanban board sitting out in the open that he’s using for notes, and it’s full of API keys. But nobody thought to look for it because the company believes everything’s internal,” co-founder and co-CEO Mike Baukes says. “It’s examples like that, which are things happening in the real world, that nobody’s had an answer for until now.”

Amazon has also offered a service called Amazon Macie, which uses machine learning to detect unusual access patterns in cloud storage and uploads of potentially sensitive data like access keys. Amazon also released open source software to prevent the accidental storing of passwords and keys to source code repositories, while other developers have offered similar tools to scrub credentials from existing code. According to Fast Company, those types of tools will be automatically provided as part of cloud computing contracts, just like standard seatbelts in a new car.

Cyber-Digital Task Force

The Department of Justice’s internal “Cyber-Digital Task Force,” created by Attorney General Jeff Sessions in February, will release its first-ever public report later this month at the Aspen Institute’s annual Security Forum, a department spokesperson told CyberScoop.

The report is expected to detail a series of security recommendations that the government should consider to protect future U.S. elections from a myriad of different threats, including foreign hacking attempts.

A statement by the DOJ previously explained that the Task Force will “prioritize its study of efforts to interfere with our elections; efforts to interfere with our critical infrastructure; the use of the Internet to spread violent ideologies and to recruit followers; the mass theft of corporate, governmental, and private information; the use of technology to avoid or frustrate law enforcement; and the mass exploitation of computers and other digital devices to attack American citizens and businesses.”

When Sessions launched the group earlier this year, he requested that an initial report be completed by June 30. The recommendations were submitted ahead of time, according to DOJ spokesperson Ian Prior. The answers are currently being reviewed ahead of publication.

The DOJ’s disclosure was made hours after the Democratic National Committee (DNC) issued a press release criticizing the department and Trump administration for missing various cybersecurity policy deadlines, including the June 30 submission. The agency contends that it in fact made the deadline, although the publication won’t occur for a few weeks. The Aspen Security Forum begins on July 18.

The creation of the Cybersecurity Task Force on Feb. 20 came less than a week after Special Counsel Robert Mueller indicted a group of Russian internet trolls for interfering in U.S. politics. The Russians allegedly ran an extensive social media campaign that worked to trick American voters in the run-up to the 2016 presidential election, the indictment claims.

Deputy Attorney General Rod Rosenstein is expected to make “an exclusive policy announcement” on July 19 at the Aspen Institute event.

Will WPA3 Helps With The Fight Against Cyber Crimes

WPA3 Technology - Wirelsess Security 

A big update with the wireless LAN technology is on the horizon. Fourteen long years in the making, WPA 3 promises to correct the vulnerabilities of its predecessor, WPA2. WPA3 has been finally been ratified which will officially end the problems the industry has been tolerating regarding WPA2. Some well-known exploits against WPA2 were 2017 Key Reinstallation Attack, the Predictable Group Temporal Key vulnerability of 2016 and the Hole196 in the Group Temporal Key. The wi-fi hardware manufacturers are to blame, given that they refuse to support their own consumer-grade routers and wi-fi hotspots. They prefer for their customers to buy new hardware, instead of releasing a firmware update to plug the security exploits with their current products.

WPA3 simplifies the complex four-way handshake protocol used by WPA2 in generating encryption keys. As highlighted by Joe Hoffman, director of SAR Insights & Consulting: “Wi-Fi security technologies may live for decades, so it’s important they are continually updated to ensure they meet the needs of the Wi-Fi industry. Wi-Fi is evolving to maintain its high-level of security as industry demands increase.” WPA3 in a corporate setting will take advantage of 192-bit encryption, which is missing in any corporate version of the current WPA2 standard.

The healthcare industry is looking forward to the standardization of WPA3, for its increase level of encryption necessary with complying better with HIPAA (Health Insurance Portability and Accountability act). Phil Raymond, wireless director of Philips said: “Hospitals are keenly aware of the critical importance of data privacy and security and maintaining a robust security policy means accessing the strongest security measures available. Philips applauds Wi-Fi Alliance for building upon the success of WPA2 with the latest security mechanisms now available in WPA3.”

Hospitals require strict security when it comes to communication, as they have the legal responsibility to keep patient record private. Edgar Figueroa, Wi-Fi Alliance President emphasized: “WPA3 takes the lead in providing the industry’s strongest protections in the ever-changing security landscape. WPA3 continues the evolution of Wi-Fi security and maintains the brand promise of Wi-Fi Protected Access.”

The less known feature of WPA3 that the healthcare industry is also looking forward to is Easy Connect. It is using the QR-code technique to detect and establish network connections, useful with IOTs and other modern networking devices. As this is not included by default, only certain models of wi-fi router will have this enabled as part of the package. Phil Solis, Research Director of IDC concluded: “The evolution of Wi-Fi to stay ahead of market needs has been critical to it remaining one of wireless technology’s greatest success stories. Wi-Fi Alliance has been instrumental in Wi-Fi’s evolution, and diligent about delivering Wi-Fi CERTIFIED programs so users and a variety of markets can rely on the convenience of Wi-Fi connectivity and security to meet their needs.”

IOT’s penetration in the healthcare industry is not yet very visible. However, compatibility with WPA3 is there if ever a hospital or any healthcare institution choose to use those devices in their network.

Secure all networks, from the Internet?

In the coming years in 2019-2020, the active mobile users will cross the 5 billion mark globally, and add to this the number of tablet user will also increase. When we analyze these figures it is not difficult to estimate that there are more than 20 million IoT devices in the pipeline ready to hit the base by 2020. It means the above-given figures are all set to be part of the connected world.

All these devices mean lots of valuable data, and where there’s valuable data there are hackers trying to get access to it. Not only do we need to wrestle with new kinds of networks, many of them wireless, but we need to tackle the security of these networks while simultaneously tackling the massive scale of the problem.

Now imagine the kind of valuable data that will be churned out from these devices, and how it will be a gala time for the hackers to break into these devices and get access. No doubt we need to bring such device in our daily life, but the challenge is to get them all secured taking into account the massive breach in the line.

We asked vendors and resellers how they approach security of the WAN in this challenging environment

The internet is the network

The data center is no more the enter of the universe, but it is the Internet that new network that brings all the network closer to each other.

Mobile phone networks are rapidly being repurposed as a general-purpose data network over which voice calls are just one more application. Inside the telcos themselves, the core networking is already running over IP networks, and consumers are very comfortable with messaging applications that talk over IP networks instead of SMS. Devices in the field are adding LTE interfaces as a cheap and easy way to add networking capability to what were once disconnected devices.

“We have to rethink how we approach things,” Kopelke says. “We need to change our thinking from ‘How do I secure and protect the network?’ to ‘How do I secure and protect the data and applications?’”

Gavin Wilson, Asia-Pacific managing director at Cradlepoint “People expect to always be connected. Increasingly the connection is a mix of technologies, rather than a single layer-1 or layer-2 approach.” Instead of a loose collection of isolated technologies, the network is now an abstraction operating at a higher level, and there is no longer a functional difference between “the internet” of decades past and what all these modern mobile devices use to connect”.

The connected world and benefits

This ubiquitous networking is enabling associations to do things that basically weren’t conceivable previously. Without a system to send the information, gadgets in trucks or conveyed by field laborers would need to store information for later use. Presently they can stream a lot of information back to a server farm or straight into the cloud, and they can be inconsistent contact with different parts of the framework.

“The ability to get information out to remote people is a massive benefit, and, if a truck roll over on a delivery, an immediate duress notification can let others know the driver is in trouble,” says Michael Dyson, general manager at Advanced Mobile IT‌

“We also have digital signage that can be remotely updated,” Dyson says. “You can receive diagnostics from remote locations without having to send a technician out to the site and there are buses in New Zealand that can do on-board ticketing and have a GPS for accurate next-stop announcements.”

As it turned out to be consistently more steadily and reasonable, the requirement for the specialist like; satellite telephones, CB radios have dropped abruptly. These more seasoned technologies are turning into a fallback — as opposed to the essential strategy for building up correspondences. The generously higher transfer speed access, combined with the across the board accessibility of the supporting framework, influences the cost/to profit examination straightforward: you’d be distraught not to.

Security

Obviously, simply being associated isn’t sufficient. We likewise need to keep information and applications secure when they’re interfacing with an indistinguishable web from each content kiddie and solidified digital crime with a hunger for other individuals’ data.

“The traditional way to secure the WAN was using firewalls at each branch or backhauling branch traffic to a datacenter and use firewalls there to protect the traffic,” says Stree Naidu, vice president. Asia-Pacific and Japan for Cato Networks. “As long as we think about the firewall as a box that sits somewhere, that box defines the perimeter. But what if the perimeter was defined by a firewall that is everywhere? This is the notion of Firewall as a Service (FWaaS).”

Moving from the physical system of security that is as pervasive as the availability itself is it all about. “Systems that are secured from commencement is the name of the diversion. Rather than being a bit of hindsight or an extra, security in a world with no border implies heating it in from the start.

“It has to be about more than taking an appliance and virutalizing it,” says Zscaler’s Kopelke. “We say that’s just cloud-washing.”

Cato Networks’ Scree agrees. “The challenge most organizations face is how to extend enterprise-grade security to all their branches and mobile users globally,” he says. “Cloud networks with built-in network security can offer a way forward.”

“With users expecting a higher standard of service, these standalone appliances won’t cut it anymore,” says Dell EMC’s Elmarji. “You need to be able to provide full security on all connected devices, fast access to data, and 24/7 connectivity.”

While it’s still relatively early days for software-defined networks, it’s clear where the momentum is. Customers and resellers alike should be investigating how they can move to using software-based networking to create the secure, ubiquitous networks of the future

YAHOO To Pay $35 Millions, Massive CyberSecurity Breach

Altaba, the company formerly known as Yahoo, agreed to pay the Securities and Exchange Commission a $35 million fine for failing to disclose to investors a massive data breach for two years, the regulator announced Tuesday.

yahoo-cybersecurity-breach.JPG

Altaba agreed to pay the fine without admitting nor denying any wrongdoing.

According to the SEC, Yahoo learned of an intrusion by Russian hackers in 2016 just days after it occurred. The incident resulted in the theft of sensitive information and credentials of 500 million users. And while news of the breach circulated within the company, Yahoo didn’t properly investigate the breach or consider whether to inform its investors, the SEC said. News of the incident only became public when Yahoo was in the midst of being acquired by Verizon.

“Yahoo’s failure to have controls and procedures in place to assess its cyber-disclosure obligations ended up leaving its investors totally in the dark about a massive data breach,” said Jina Choi, director of the SEC’s San Francisco regional office, in a statement. “Public companies should have controls and procedures in place to properly evaluate cyber incidents and disclose material information to investors.”

The SEC notes that Yahoo could have disclosed its breach in several quarterly filings during the two years between the breach and its public revelation. But the company said that it faced “only the risk of, and negative effects that might flow from, data breaches,” the SEC said.

The regulator said that Yahoo did not have proper procedures in place to make sure that information from its information security team was vetted for potential disclosure.

Sen. Mark Warner, D-Va., the ranking member on the Senate Banking Subcommittee on Securities, Insurance, and Investment, tweeted in vindication, saying that breaches like Yahoo’s can’t be swept “under the rug.”

In February, the SEC issued guidance telling companies to be transparent with investors when it comes to cybersecurity incidents and risks.

Sentencing proceedings for one of the hackers implicated in the 2014 incident began Tuesday in federal court. Canadian citizen Karim Baratov pleaded guilty in November to assist in the attack.

Yahoo the web service continues to operate by the same name under Oath, Verizon’s digital media division. Yahoo the corporation became Altaba, a holding company, after the Verizon sale in 2017.

Ransomware campaign up around the world

A new email ransomware campaign is spreading around the world. Researchers at Fortinet say it’s a spam effort, meaning the messages are not targeted. Instead they are addressed generally, like “Dear customer.” The subject line in the email would be something like “Document number…”, “Your order number” or “Ticket number.” With the email is a malicious attachment that leads to the installation of malware. The initial targets are corporate mail servers used to forward this email. These have been found in Canada, the U.S. the United Kingdom and other countries. 

ransomware-cbyersecurity-consulting.jpg

The best defense against ransomware – or any email-delivered malware – is to watch out for it. Be cautious about unsolicited emails, especially those with attachments. And it’s vital you always have a separate backup of your data made it a way that can’t be infected, just in case you make a mistake.

Meanwhile McAfee reports some Canadian organizations have been victimized by a separate operation. A group security that researchers call Hidden Cobra, believed to be backed by North Korea, has been putting surveillance software on the systems of companies. The suspicion is the Canadian victims have been used as listening or data relay points. The malware that this campaign has installed has not stolen financial or sensitive data but appears to be there find out what’s on a computer, and be ready to launch further attacks.

Companies have to make sure their systems have the latest security patches. In addition, because the malware appears to be distributed through email, employees have to be reminded to be careful on what they click on.

For more on this see my story today on ITWorldCanada.com.

The U.S. National Security Agency has just suffered a black eye from an international standards body. According to a blog on Bitdefender, the International Organization of Standardization – known more commonly as ISO – rejected two new encryption algorithms suggested by the NSA to secure Internet of Things devices. The algorithms would scramble information on Internet-connected devices like home surveillance cameras and toys. But the NSA’s reputation for creating tools to hack into applications apparently give it a bad name at the ISO. One ISO delegate accused the NSA of telling half-truths and lies in its presentation.

If that allegation is accurate, it isn’t good. Internet of Things devices badly need better security. People and companies around the world buy tens of thousands of them a year. Insecure devices don’t improve security.

That’s it for Cyber Security Today. Subscribe on Apple Podcasts, Google Play, or add us to your Alexa Flash Briefing. Thanks for listening.