CYBER SECURITY CONSULTING SERVICE AWARDS AND RECOGNITIONS
CyberSecOp's comprehensive managed security services, cyber security consulting, professional services, and data protection technology are recognized as industry-leading threat detection and response solutions by major analyst firms, key media outlets, and others.
Understanding the UnitedHealth Data Breach: Lessons Learned and Cybersecurity Imperatives
In recent months, the healthcare industry has been rocked by a significant number of cybersecurity breaches, the most prolific of which was at UnitedHealth Group. This breach sheds light on the critical importance of robust cybersecurity measures in safeguarding sensitive patient data and ensuring the continuity of essential services.
Below we delve into the details of this breach and explore its broader implications for cybersecurity in the healthcare industry as a whole.
The breach at UnitedHealth's tech unit on February 12th was orchestrated by hackers who gained remote access to the network using stolen login credentials. This breach, attributed to the cybercriminal gang AlphV, aka BlackCat, underscored the vulnerabilities inherent in relying solely on passwords for authentication, particularly the absence of multi-factor authentication (MFA). The compromised Change Healthcare Citrix portal, lacking MFA, provided an open gateway for cybercriminals to infiltrate and encrypt the systems, leading to a ransom demand to restore access.
The aftermath of the breach highlighted the significant disruption to American healthcare. Change Healthcare was locked out of the essential systems impacting medical claims processing across the country. UnitedHealth Group has been diligently working with law enforcement agencies and cybersecurity firms, including Google, Microsoft, Cisco, and Amazon, to investigate the breach and secure affected systems.
However, the ransom payment made by UnitedHealth Group underscores the complex ethical and practical considerations surrounding ransomware attacks. While paying the ransom may, or may not truly ensure the decryption of systems and the restoration of services, it also incentivizes cybercriminals to continue their nefarious activities.
In response to the breach, UnitedHealth Group has taken proactive measures to support affected healthcare providers, providing over $6.5 billion in accelerated payments and no-interest, no-fee loans to mitigate the financial impact.
This breach serves as a stark reminder of the urgent need for healthcare organizations to prioritize cybersecurity and implement robust defenses against evolving cyber threats. CyberSecOp continues to provide award winning services, standing ready to assist organizations in mitigating risks, conducting comprehensive risk assessments, and implementing tailored cybersecurity strategies to safeguard sensitive data and ensure the integrity of critical systems.
As the healthcare industry grapples with the fallout of this breach, it is imperative for organizations to learn from these events and strengthen their cybersecurity posture to protect patient privacy and maintain the trust of stakeholders.
Together, we can work towards building a more resilient and secure healthcare ecosystem where patient data remains protected and essential services remain uninterrupted.
Cybercrime: A Booming Industry Threatening Your Business
If Cybersecurity is not part of your ongoing business planning and forethought, your business will likely become an afterthought.
By incorporating strong, enforceable cybersecurity policies, your organization becomes a defensible harder target. Per a recent MSN article, if cybercrime were a standalone economy, it would be third in line behind the U.S. and China. Cybercrime is on pace to pass $17.5 trillion by 2025.
How is your organization planning for and addressing your Cybersecurity and Governance, Risk & Compliance requirements?
43% of all data breaches involve small and medium-sized businesses.
68% of all cyber-attacks focused on business disruption first and data acquisition second.
72% of cybercrime victims are large businesses (affecting not only their employees and customers but also their partners and suppliers).
Over 75% of targeted cyberattacks start with an email (RoundRobin)
Approximately 84% of all events are caused by humans
Nearly 90% of ransomware attacks are preventable
In 2021 there was an estimated 2.7billion hours of lost production globally due to cybercrime (Norton)
Cyber Incident Response: A Comprehensive Guide
In today's world, cyber attacks are a fact of life. Every day, organizations of all sizes are targeted by hackers, criminals, and other malicious actors. While no organization is immune to attack, there are steps that can be taken to minimize the risk of a successful attack and to mitigate the damage caused by an attack that does occur.
One of the most important steps is to have a comprehensive cyber incident response plan in place. A good incident response plan will outline the steps that will be taken to identify, contain, and mitigate a cyber attack. It will also identify the roles and responsibilities of key personnel during an incident.
CyberSecOp is a leading provider of cyber security services. Our Emergency Incident Response team stands ready to support your organization in identifying, mitigating and preventing security incidents. We have the experience and expertise to help you respond to any type of cyber attack, quickly and effectively.
Our team of certified security professionals will work with you to:
Identify the nature of the attack
Contain the attack and prevent further damage
Restore your systems and data
Investigate the attack and identify the root cause
Develop a plan to prevent future attacks
We understand that a cyber attack can be a disruptive and stressful event. Our team is here to help you through the process and to get your business back up and running as quickly as possible.
The Cyber Incident Response Process
The cyber incident response process can be broken down into the following steps:
Identify the attack. The first step is to identify that an attack has occurred. This may involve detecting suspicious activity, such as unusual logins or changes to network configurations.
Contain the attack. Once an attack has been identified, it is important to contain the attack as quickly as possible. This may involve isolating the affected systems or networks, or removing malicious code.
Mitigate the damage. Once the attack has been contained, it is important to mitigate the damage. This may involve restoring data from backups, or repairing damaged systems. It is also important to investigate the attack to determine how it occurred and to prevent future attacks.
Investigate the attack. Once the attack has been contained, it is important to investigate the attack to determine how it occurred and to prevent future attacks. This may involve gathering evidence, such as logs and network traffic, and interviewing affected employees.
Develop a plan to prevent future attacks. Once the attack has been investigated, it is important to develop a plan to prevent future attacks. This may involve implementing security controls, such as firewalls and intrusion detection systems, and training employees on security best practices.
Cyber Incident Response Resources
There are a number of resources available to help organizations create and implement a cyber incident response plan. Some of these resources include:
CyberSecOp can assist with the development of a comprehensive incident response program.
The National Institute of Standards and Technology (NIST) has developed a set of guidelines for creating a cyber incident response plan. These guidelines can be found on the NIST website.
The SANS Institute offers a number of resources on cyber incident response, including a checklist for creating a plan. These resources can be found on the SANS website.
The International Organization for Standardization (ISO) has developed a number of standards for information security, including one for incident response. These standards can be found on the ISO website.
Conclusion
Cyber incident response is an essential part of any organization's security posture. By having a comprehensive plan in place, organizations can minimize the damage caused by a cyber attack and quickly recover from an incident.
If you need help with your cyber incident response plan, please contact CyberSecOp today. We would be happy to help you develop a plan that meets your specific needs.
Three Reasons Why You Need an Incident Response Solution
Imagine the following scenario: you arrive early to work in the morning, plop down at your desk with coffee in hand, and log in to your computer. You’re excited to start working on a big project, but first you are greeted with this message:
Quickly, you dash over to a colleagues’ desk. They too, have the same message on their desk. You try dialing your IT department, but they don’t start until normal business hours.
What do you do? Where do you even start?
It’s easy to think that the above scenario would never happen to you. In reality, a 2020 survey of 600 businesses in the United States revealed that a staggering 78% had been infected with ransomware that year. The average cost of recovering from a ransomware attack has spiked to $1.85 million in 2021!
Ransomware isn’t the only threat to your business continuity. In February 2021, the state of Texas suffered massive power outages due to a severe winter storm. At least 151 people died as a result. Property damage has been estimated at more than $195 billion.
What do these scenarios have in common? They demonstrate the need to prepare for the worst; this is the essence of Incident Response.
What is Incident Response anyway?
Every organization needs to have an Incident Response Plan (IRP). The team that executes the IRP is the Computer Incident Response Team (CIRT). The most important feature of both the IRP and CIRT is that they are clearly defined before the incident takes place! Disaster recovery is hardest when preparation is lacking.
The Incident Response Plan details who does what if an incident does happen. This can include using alternate systems, notifying stakeholders, or restoring from backups.
Perhaps the most important part of the Incident Response Plan is the postmortem. Now that you’ve recovered, what will you do in order to ensure that attackers won’t attack again using the exact same methods? The Incident Response Team will identify what door the attackers used to get in and make sure it stays shut.
Why do I need Incident Response?
I’m so glad you asked. Here’s three reasons why you need Incident Response for your organization:
1. The probability of an incident has never been higher.
Ransomware is pervasive. At this point, we need to ask ourselves not “will I get breached?” but “when will I get breached?”
A proper defense has multiple layers. Having a fence around your house is nice, but you’ll still have homeowners’ insurance. Incident Response is a way to mitigate the risks of ransomware that we can’t avoid.
2. The cost of an incident has never been higher.
How much would it cost to replace your entire infrastructure? The nasty aspect of ransomware is that, in some cases, the only way to ensure that the attackers have been completely removed from your environment is to start from scratch. This means replacing every workstation and server in your organization.
Sometimes, there simply isn’t a price to pay; there may not even be new hardware available to purchase with a global silicon chip shortage.
3. You can’t afford not to.
Every business owes itself to do a risk analysis of a ransomware attack. What would be the cost of not doing business for an hour? A day? A week? You will find that incident response is a necessary piece of the plan for protecting your assets and business continuity.
CyberSecOp is a leader in the Incident Response field. CyberSecOp consultants are cyber incident response subject matter experts who have collaborated on numerous security projects and operational improvement initiatives. We will support your security operational activities by helping to develop an incident response plan and work with your IT team to mitigate any potential risk. Our teams will create investigative processes and playbooks. In addition, we will be responsible for continuously identifying gaps and managing the improvements in the security response process, technologies, and monitoring. Working closely with internal architecture, engineering, and project management teams will ensure cyber-defense requirements are identified and communicated early in the project life cycle.
Security incident response services with CyberSecOp
Support cyber incident response actions to ensure proper assessment, containment, mitigation, and documentation
Support cyber investigations for large- and small-scale security incident breaches
Review and analyze cyber threats and provide SME support
Interact and assist other investigative teams within on time sensitive, critical investigations
Participate as part of a close team of technical specialists on coordinated responses and subsequent remediation of security incidents
Manage the security monitoring enrollment process to ensure adequate coverage and effectiveness of all new and existing cloud- and on-premise-based applications, services and platforms
Maintain detailed tracking plan of all internal/external enrollment outcomes/recommendations and provide support through to implementation
Act as a liaison between cyber-defense, engineering, security architecture, network & system operations, and functional project teams to ensure effective project implementation that meets incident response requirements
Define baseline security monitoring requirements for all new projects, services, and applications joining your organization's network
Facilitate the development and tuning of SIEM rules to support enrollments and ensure high fidelity alerting
Don’t delay in ensuring that your business can survive any threat. Join CyberSecOp on your journey towards a safe and protected future.
Author: Josh Cabrera
So, What Exactly Is the Dark Web, Anyway?
The first time I heard the term ‘Dark Web’ was in the context of a case of misappropriated identity. A close relative of mine had begun receiving all sorts of communications from credit card companies and debt collectors concerning delinquencies that they were completely unfamiliar with. One even included an attempt at collecting back premises rent for an apartment in Dallas, Texas where my relative had never visited in their life. After spending months fighting off financial claims and trying to repair their credit history, my relative contracted a computer security professional to perform a forensic investigation of their home PCs. It was ultimately discovered that some or all of the data breach enabling the identity theft had been the outcome of a fairly sophisticated spear-phishing attack combined with the installation of a key logger agent. The forensics also revealed that much of their Personal Identifying Information had migrated to the Dark Web and was presently freely available to whomever-or whichever entity-might be interested.
Dark Web and how it functions
Dark Web, I thought. Huh. I’ve heard of the Dark Web but don’t know much about what it is or more specifically, how it functioned. Heretofore I’d (wrongly) believed it was composed of a bunch of gamers sharing logins to cloud gaming services along with the ever-present and always thriving market for pornography. My investigatory efforts yielded that the Dark Web is so, so much more, however; and I thought it was important to share my findings to clear up any popular misconceptions of which there is legion. Therefore, I’ve decided to put together a brief post that provides the nuts and bolts of what’s become an increasingly important cog in the global economy for ill-gotten bits and pieces of data and information. It turns out, the Dark Web wasn’t nearly as elemental as I’d initially suspected.
The Dark Web is a collection of thousands of websites that use anonymity tools to hide their IP addresses. While it's most famously been used for black market drug sales and even child pornography, the Dark Web also enables anonymous whistleblowing and protects users from surveillance and censorship. Readers will recall that the Dark Web played an intermediary role in WikiLeaks dissemination of certain confidential U.S. Department of Defense documents related to the conflicts in Iraq and Afghanistan.
Who created the Dark Web and how can it be assessed?
The majority of Dark Web sites use the anonymity software Tor with was created by the U.S. Department of Defense, though a smaller number also uses a similar tool called I2P. Both of those systems encrypt web traffic in layers and bounce it through randomly-chosen computers around the world, each of which removes a single layer of encryption before passing the data on to its next hop in the network. In theory, that prevents any spy—even one who controls one of those computers in the encrypted chain—from matching the traffic’s origin with its destination. In layman’s terms-traffic on the Dark Web is untraceable.
Though the Dark Web is most commonly associated with the sale of drugs, weapons, counterfeit documents, and child pornography, not everything on the Dark Web is quite so “dark.” One of the first high profile Dark Web sites was the Tor hidden service WikiLeaks created to accept leaks from anonymous sources. Even Facebook has launched a Dark Web site aimed at better catering to users who visit the site using Tor to evade surveillance and censorship. The Dark Web is also a vehicle for hackers to buy and sell personal information such as names, addresses, social security numbers, credit card information, etc. The more information they obtain from the unsuspecting victim, the higher the price.
Can Dark Web provide privacy
Just how completely Dark Web users can evade the surveillance of highly-resourced law enforcement and intelligence agencies, however, remains an open question. The FBI and EUROPOL have both launched successful Dark Web investigations aimed at stopping human trafficking, identity theft, and drug smuggling, and in most cases, the agencies were able to identify the threat actor by setting up relays and scripts on websites they frequently visit. It's also possible that the agencies employed sophisticated DNS attacks on TOR servers or used other exploits; then again, it’s also possible they were able to rely on good old Human Intelligence-informants. Everyone seems to have a price.
So in summary, we know that the Dark Web exists, it’s a marketplace for all sorts of data and information exchange, not all of it legal or voluntarily disclosed. The best way to ensure you don’t wind up on the wrong side of information exchange? Secure your information systems, be very, very judicious in responding to emails and if you have any questions or concerns, contact a licensed information technology security professional. The stakes are high, and only getting higher.
Author: Rich Fiore
Hackers Taking Advantage of Covid19 to attack major industries
With the unprecedented events of the past few months and no end in sight to the COVID-19 pandemic, hackers are leveraging the related chaos as a means of targeting, hi-jacking, infiltrating, and generally creating havoc among major industries around the globe.
The suddenness of the global governmental response combined with the rapid shift to remote work solutions has created a haphazard environment for many businesses that simply do not have the time to implement due diligence and information security controls. Unfortunately, the smart bad guys are taking advantage.
In California’s’ Bay Area, two school districts have become recent victims of breaches that exploited the unexpected thrust to online learning. Video conferencing sessions were hacked and infiltrated by uninvited guests; hundreds of online learning passwords were inadvertently exposed to public consumption. School administrators were left scrambling and ultimately had to ban all usage of video conferencing until proper security measures were implemented.
Hospitals and medical facilities are reeling from the virus spread, and hackers are paying no solace to this industry as they hammer away with targeted phishing campaigns and other website-based attacks. The World Health Organization (WHO) has reported several unsuccessful attacks against their network, with one geared around impersonating the WHO email system. Hammersmith Medicines Research (HMR) a UK based research team tasked with creating a Covid19 vaccine, unfortunately, did fall victim to a cyber-attack, as malicious actors were able to access and then post medical data from thousands of patients.
Education and healthcare are not the only sectors being infiltrated. Financial firms are being hit with targeted phishing attacks called whale or spear-phishing - Using Covid19 as the backdrop. Attackers are creating very specific, sophisticated emails that create a sense of urgency and ultimately increase the odds of the recipient becoming a victim.
It is an important time to ensure that your business leaders are setting an example by exhibiting best practice security behaviors that will ultimately set the tone and trickle down the entire organization. Top management commitment, effective strong policies that are communicated to the entire organization, and a measurable security awareness along with a sound risk management framework; are just some of the layers in security that will decrease the attack surface of any business.
CyberSecOp offers a full suite of cyber-security solutions that include:
Full Security Assessments
Gap Analysis
Policy Creation
Security Awareness Training and Measurement
24/7 Security Operations Center (SOC)
Ransomware Response
Penetration Testing
Vulnerability Scanning and Management
Forensics
VISO (Virtual Information Security Officer)
What is a Data Breach?
A data breach is the unauthorized access, use, disclosure, or theft of sensitive, confidential, or personal information. Data breaches can occur when cybercriminals gain access to a system or database and steal or expose the information stored there. They can also occur when information is accidentally or improperly disclosed by an individual or organization.
Data breaches can have serious consequences, including financial losses, reputational damage, and legal liabilities. They can also have serious impacts on individuals whose information is compromised, including identity theft and other forms of fraud.
There are several ways that data breaches can occur, including through cyber attacks, such as hacking and ransomware, and through physical means, such as the loss or theft of a device containing sensitive information. To prevent data breaches, it is important for individuals and organizations to implement strong security measures, such as using strong passwords, regularly updating software and operating systems, and implementing controls to prevent unauthorized access to sensitive information.
data breach laws
There are various laws that protect against data breaches and provide consequences for individuals and organizations that fail to protect sensitive information. These laws vary by jurisdiction, but some common examples include:
The General Data Protection Regulation (GDPR) is a data protection law that applies to organizations in the European Union (EU) and European Economic Area (EEA). It requires organizations to protect personal data and to report certain types of data breaches to authorities and individuals affected by the breach.
The Health Insurance Portability and Accountability Act (HIPAA) is a law that applies to the healthcare industry in the United States. It requires organizations that handle protected health information (PHI) to implement safeguards to protect the privacy and security of PHI.
The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards that apply to organizations that handle payment card information. It requires organizations to implement measures to protect against data breaches and to report certain types of data breaches to authorities and card issuers.
In addition to these laws, many countries have their own data protection laws that apply to the collection, use, and storage of personal information. It is important for organizations to be aware of and comply with these laws to protect against data breaches and the potential consequences of such breaches.
Prevent Data Breach
There are several steps that individuals and organizations can take to prevent data breaches and protect sensitive information:
Use strong, unique passwords: Use strong, unique passwords for all accounts and devices, and regularly update them. Avoid using the same password for multiple accounts.
Enable two-factor authentication: Enable two-factor authentication, which requires the use of a second form of authentication in addition to a password, for all accounts and devices.
Keep software and operating systems up to date: Regularly update software and operating systems to ensure that the latest security patches are installed.
Use a firewall: Use a firewall to block incoming connections from known malicious sources.
Use antivirus software: Use antivirus software to identify and block malware, including ransomware.
Implement access controls: Implement controls to prevent unauthorized access to sensitive information, such as by requiring users to authenticate before accessing certain data or systems.
Regularly back up data: Regularly back up data and store it in a secure location to minimize the impact of a data breach.
Train employees: Train employees on the importance of data security and best practices for protecting sensitive information.
By implementing these measures, individuals and organizations can significantly reduce their risk of suffering a data breach and the potential consequences of such a breach.
Popular Ransomware & Largest Data Breaches
Our data breach incident response team works with clients to build a timely, comprehensive & compliant response plan to mitigate data loss. They have done some research and came up with the following. The Incident response team assist clients with data breach response plan, which provides a roadmap your organization can follow in the event a data breach is discovered.
Largest data breaches?
LinkedIn | 117 million
Cybercriminals absconded with email addresses and encrypted passwords for 117 million LinkedIn users in this 2012 data breach. The passwords were encrypted, right? No big deal. Unfortunately, LinkedIn used that darn SHA1 encryption we talked about earlier. And if you have any doubts that your stolen passwords are being decrypted, CyberSecOp News reported on hacked LinkedIn accounts being used in an InMail phishing campaign. These InMail messages contained malicious URLs that linked to a website spoofed to look like a Google Docs login page by which cybercriminals harvested Google usernames and passwords. Still better than that temp-to-perm ditch-digging job recruiters keep sending you.
eBay | 145 million
In early 2014, cybercriminals clicked “Steal It Now” when they broke into the network of the popular online auction site and pinched the passwords, email addresses, birth dates, and physical addresses for 145 million users. One positive takeaway, financial information from sister site PayPal was stored separately from user information in a practice known as network segmentation (more on that later). This had the effect of limiting the attack and prevent criminals from getting to the really sensitive payment info.
Equifax | 145.5 million
The credit reporting company Equifax took a hard hit to their own “credit” score, at least in the eyes of American consumers, when the company announced they had experienced a data breach back in 2017. All of this could have been avoided if Equifax just kept their software up-to-date. Instead, hackers were able to take advantage of a well-known software bug and hack into the underlying software supporting the Equifax website. What makes the Equifax data breach so awful is not the size, though considerable; rather, it’s the value of the information stolen. The perpetrators made off with the names, birthdates, Social Security numbers, addresses, and drivers license numbers for 145.5 million Americans. Add to that approximately 200,000 credit card numbers and you get one of the worst data breaches in terms of sensitivity of the compromised data.
Under Armour | 150 million
Sports apparel company Under Armour’s slogan is “Protect This House.” Apparently, they didn’t take their own advice when their diet and exercise app MyFitnessPal was hacked in February of 2018. In the attack, cybercriminals managed to steal the usernames, emails and encrypted passwords for 150 million users. Under Armour did well to announce the data breach within a week of its discovery. On the flip side, the company used weak SHA1 encryption on some of the stolen passwords, meaning criminals could crack the passwords and reuse them on other popular websites.
Exactis | 340 million
The Exactis data breach is a little different in the sense that there’s no proof cybercriminals stole any data. However, the cybersecurity researcher who discovered the “data breach” believes that criminals did. Speaking with Wired, Vinny Troia said, “I’d be surprised if someone else didn't already have this.” Exactis, a Florida-based marketing firm, had records for 340 million Americans (that’s every single US citizen) stored on an unsecure server. Any cybercriminal could have found the data using a special search engine called Shodan that lets users find Internet-connected devices. While the breach did not include data like credit card and Social Security numbers it did include detailed lifestyle information, like religion and hobbies, that could be used in phishing attacks.
Myspace | 360 million
Remember Myspace? The social networking site that came before Facebook? If you had a Myspace account and you reuse passwords from site-to-site, you may be at risk. Cybercriminals stole data on 360 million pre-2013 Myspace users. This may not seem like a big deal, but the stolen passwords used that weak SHA1 encryption we keep talking about. As mentioned previously, criminals can try and reuse your old passwords on other popular sites in a credential stuffing attack.
AdultFriendFinder | 412 million
You’d think a site like AdultFriendFinder, billed as the “World’s Largest Sex and Swinger Community,” would know to use protection. Instead cybercriminals penetrated the site’s defenses and stole usernames, encrypted passwords, emails, date of last visit, and membership status for 412 million accounts. A previous data breach at AdultFriendFinder, affecting 4 million users, included sexual preference and whether or not the user was looking for an extramarital affair. Yikes.
Yahoo | 500 million
Yahoo? More like oh no! Yahoo makes its first appearance on our countdown with the 2014 attack on the former Internet tech giant. At its height during the dot-com boom years, Yahoo was one of the most visited sites on the web. This huge attack surface caught the attention of various bad actors. In the attack, cybercriminals made off with the personal information for as many as 500 million Yahoo users. In 2017, the US Department of Justice filed charges against four Russian nationals in connection with the Yahoo attack, two of whom were Russian government officials. To date, only one of the Russians has seen the inside of a jail cell.
Marriott International | 500 million
Just like housekeeping, hackers ignored the “Do Not Disturb Sign” and caught the world’s largest hotel company Marriott International in a compromising situation. The 2014 Starwood-Marriott attack wasn’t discovered until September of 2018. During the intervening years cybercriminals had unrestricted access to the personal information of 500 million Starwood-Marriott customers—anyone who ever booked a reservation at a Starwood property—including names, mailing addresses, phone numbers, email addresses, passport numbers, and dates of birth.
Yahoo—again | 3 billion
Yahoo has the embarrassing distinction of being the only company to make our list of biggest data breaches twice. To add insult to injury, Yahoo also takes the top spot. In August of 2013, cybercriminals stole data on every Yahoo user in the world—all three billion of them. The sheer size of the data breach is difficult to fathom. Over one-third of the world’s population was affected. When the attack was first revealed in 2016, Yahoo claimed only one billion of its users were affected by the data breach, later changing the figure to “all Yahoo user accounts” less than a year later. The timing couldn’t have been worse. At the time Yahoo revealed the updated data breach numbers, the company was in negotiations to be acquired by Verizon. News of the data breach allowed Verizon to scoop up Yahoo at a fire sale price. Yahoo was acquired by Verizon in 2017.
Popular Ransomware:
Ryuk: Ryuk the new ransomware in town that’s very carefully targeting enterprise and businesses. Say hello to Ryuk. In the first two weeks after its August debut, the ransomware has made their cyber attackers over $640,000 USD. By contrast, SamSam has taken about three years to make its author about $6 million USD.
Dharma: Dharma ransomware appeared as early as 2006, and has continued to this day with regular updates. Because of the continuous evolution of this ransomware, free decryptors for previous malware versions were released by Kaspersky and Eset. Unfortunately, files encrypted with the new variants of Dharma ransomware are not currently decryptable for free as was the case for the older variants.
LeChiffre: "Le Chiffre", which comes from the French noun "chiffrement" meaning "encryption", is the main villain from James Bond's Casino Royale novel who kidnaps Bond's love interest to lure him into a trap and steal his money. Unlike other variants, hackers must run LeChiffre manually on the compromised system. Cyber criminals automatically scan networks in search of poorly secured remote desktops, logging into them remotely and manually running an instance of the virus.
Locky: Locky's approach is similar to many other types of ransomware. The malware is spread in an email message disguised as an invoice. When opened, the invoice is scrambled and the victim is instructed to enable macros to read the document. When macros are enabled, Locky begins encrypting a large array of file types using AES encryption.
NotPetya: Initial reports categorized NotPetya as a variant of Petya, a strain of ransomware first seen in 2016. However, researchers now believe NotPetya is instead a malware known as a wiper with a sole purpose of destroying data instead of obtaining a ransom.
Petya: Unlike some other types of ransomware, Petya encrypts entire computer systems. Petya overwrites the master boot record, rendering the operating system unbootable.
Spider: A form of ransomware spread via spam emails across Europe. Spider ransomware is hidden in Microsoft Word documents that install the malware on a victim’s computer when downloaded. The Word document, which is disguised as a debt collection notice, contains malicious macros. When these macros are executed, the ransomware begins to download and encrypt the victim's data.
TeslaCrypt: TeslaCrypt is another new type of ransomware on the scene. Like most of the other examples here, it uses an AES algorithm to encrypt files. It's typically distributed via the Angler exploit kit specifically attacking Adobe vulnerabilities. Once a vulnerability is exploited, TeslaCrypt installs itself in the Microsoft temp folder.
TorrentLocker: TorrentLocker is typically distributed through spam email campaigns and is geographically targeted with email messages delivered to specific regions. TorrentLocker is often referred to as CryptoLocker, and it uses an AES algorithm to encrypt file types. In addition to encoding files, it also collects email addresses from the victim’s address book to spread malware beyond the initially infected computer—this is unique to TorrentLocker.
WannaCry: WannaCry is a widespread ransomware campaign that is affecting organizations across the globe. The ransomware hit over 125,000 organizations in over 150 countries. The ransomware strain is also known as WCry or WanaCrypt0r and currently affects Windows machines through a Microsoft exploit known as EternalBlue.
ZCryptor: ZCryptor is a self-propagating malware strain that exhibits worm-like behavior, encrypting files and also infecting external drives and flash drives so it can be distributed to other computers.
SamSam: SamSam ransomware is a custom infection used in targeted attacks, often deployed using a wide range of exploits or brute-force tactics. Based on our own run-ins with the infection, we’ve observed that attacks were made on targets via vulnerable JBoss, and RDP host servers during a previous wave of SamSam attacks in 2016 and 2017.
KeyPass: KeyPass ransomware first appeared on 8 August and so far has spread to hundreds of victims in more than 20 countries around the world via fake software installers which download the ransomware onto the victim's PC.
Benefits of Mobile device management (MDM)
Mobile device management (MDM) is a type of security software used by an IT department to monitor, manage and secure employees' mobile devices that are deployed across multiple mobile service providers and across multiple mobile operating systems being used in the organization. Mobile device management (MDM) capabilities give you the fundamental visibility and IT controls needed to secure, manage, and monitor any corporate or employee owned mobile device or laptops that accesses business critical data.
Mobile device management (MDM) solution provides immediate, on-device threat protection, protecting against device, app and network threats even when the device is offline.d:
Detect the attack immediately
Notify the device user through mobile clients and enterprise admin through centralized console
Take preventive actions to protect company data through custom compliance actions
Administrators can use our capabilities to find all the devices that have the vulnerable versions of WhatsApp on them and assign compliance actions to only those devices, while not affecting the productivity of users running updated version of the compromised app.
Benefits of Mobile device management (MDM)
More control and security
An effective MDM system guarantees the protection of company data, e-mails, and confidential documents. If a device is lost or stolen, the administrator can easily lock, disconnect, or lock the mobile device. SIM cards can also be blocked for employees’ mobile devices and if somebody tries to transfer the SIM to another device they will need a PUK code.
MDM offers better control over their devices. For example, a company’s sales employee will not have to register and configure all devices used by their sales agents. Instead, you can configure the device and use the security software automatically. Certain tools and applications can also be sent to agent devices. If you want the app to be configured at start-up or if you want an automatic application or replacement updates throughout the enterprise, you can easily do it manually without having to call the device.
Powerful and Highly Efficient Management
Practically, mobile devices can distract employees. If organizations want to limit or prohibit the use of certain apps on their devices and avoid unnecessary data costs, IT managers can block YouTube, Facebook, or other social media apps. Take, for example, the company’s rescue services. As drivers need to focus on the road, some companies use MDM to prevent them from using other apps than the transport app and Waze or Google Maps while driving. This not only ensures operational efficiency, but also security
Increased flexibility
Working from anywhere with a mobile device gives access to relevant files anytime, anywhere and in any situation. Some tools gives you that luxury, for example, the vendors of the company do not need to download the resources separately from different portals. The centralized MDM system enables more efficient distribution of business documents, such as training forms and learning materials, accessible only to authorized individuals.
Find the right MDM solution
As the businesses focus on productivity, efficiency, and security, and with more and more companies choosing BYOD (Bring your own device), MDM is ready to respond to feature requests that help them take control of the device while providing their employees with freedom, security, and productivity.
Decrease Potential Data Breach, with Simple Security Control
Some senior management folks might find this strange, but you can significantly make your organization harder to breach. In fact, just a handful of defenses can do more to lower your cybersecurity risk than anything else. These include fighting social engineering and phishing better, patching the most likely to be attacked software far better, and requiring multi-factor authentication (MFA) for all logons.
Zero-day and information system protection
Because zero-day flaws usually refer to software that is widely in use, it’s generally considered good form if one experiences such an attack to share any available details with the rest of the world about how the attack appears to work — in much the same way you might hope a sick patient suffering from some unknown, highly infectious disease might nonetheless choose to help doctors diagnose how the infection could have been caught and spread. patch management is critical in protecting information technology systems.
Ransomware Breach and Criminals
The typical use case for ransomware is a shotgun approach type distribution campaign of dropping ransomware on people's machines, and then you charge them for getting their data or services back,” says Jeffery Walker, CISO at CyberSecOp. “Another use case is for covering tracks. These tools have the façade of ransomware: They would encrypt data, they would post a ransom note, and they would ask for money. They will even give you details on how to pay, but they're used to remove things from the endpoint while throwing off defenders into believing that the reason why that data was lost was because of a random hit by ransomware, but in some cases this is a cover up of a more bigger breach”
Vulnerabilities and Exploits
These are all vulnerabilities that could be exploited by cybercriminals bent on stealing personally identifiable information and protected health information – activity that could also play havoc disrupting healthcare delivery processes.
The study, based on network traffic data monitored by CyberSecOp over a six-month period, found the most prevalent method attackers use to hide command-and-control communications in healthcare networks was hidden HTTPS tunnels.
CyberSecOp compliance solutions deliver cost-effective data protection, data discovery, data classification and data loss prevention for data privacy and compliance.
Data Breaches Ransomware and Cyber Attacks
Data Breaches Ransomware and Cyber Attacks
It’s unrealistic to think that you can completely avoid cyberattacks and data breaches, so it’s vital to have a proper data recovery plan in place. You can also tighten your defenses significantly by ensuring all of your network devices are properly configured, and by putting some thought into all of your potential network borders.
Data Recovery Capability
Do you have a proper backup plan in place? Have you ever tested it to see that it works? Disaster recovery is absolutely vital, but an alarming number of companies do not have an adequate system in place. A survey of 400 IT executives by IDG Research revealed that 40% rate their organizations’ ability to recover their operations in the event of disaster or disruption as “fair or poor.” Three out of four companies fail from a disaster recovery standpoint, according to the Disaster Recovery Preparedness Benchmark.
A successful malware attack can lead to altered data on all compromised machines and the full effects are often very difficult to determine. The option to roll back to a backup that predates the infection is vital. Backed up data must be encrypted and physically protected. It’s also important that a test team routinely checks a random sampling of system backups by restoring them and verifying data integrity.
Secure Configurations for Network Devices such as Firewalls, Routers, and Switches
The default configurations for network devices like firewalls, routers, and switches are all about ease of use and deployment. They aren’t designed with security in mind and they can be exploited by determined attackers. There’s also a risk that companies will create exceptions for business reasons and then fail to properly analyze the potential impact.
The 2015 Information Security Breaches Survey found that failure to keep technical configuration up to date was a factor in 19% of incidents. Attackers are skilled at seeking out vulnerable default settings and exploiting them. Organizations should have standardized secure configuration guidelines applied across devices. Security updates must be applied in a timely fashion.
You need to employ two-factor authentication and encrypted sessions when managing network devices, and engineers should use an isolated, dedicated machine without Internet access. It’s also important to use automated tools to monitor the network and track device configurations. Changes should be flagged and rule sets analyzed to ensure consistency.
Boundary Defense
When the French built the Maginot Line in World War II, a series of impregnable fortifications that extended along the border with Germany and beyond, it failed to protect them because the Germans invaded around the North end through neutral Belgium. There’s an important lesson there for security professionals: Attackers will often find weaknesses in perimeter systems and then pivot to get deeper into your territory.
They may gain access through a trusted partner, or possibly an extranet, while your defensive eye is focused on the Internet. Effective defenses are multi-layered systems of firewalls, proxies, and DMZ perimeter networks. You need to filter inbound and outbound traffic and take caution not to blur the boundaries between internal and external networks. Consider network-based IDS sensors and IPS devices to detect attacks and block bad traffic.
Segment your network and protect each sector with a proxy and firewall to limit access as far as possible. If you don’t have internal network protection, then intruders can get their hands on the keys to the kingdom by successfully breaching the outer defenses.
The real cost
A lot of businesses argue that they can’t afford a comprehensive disaster recovery plan, but they should really consider whether they can afford to lose all their data or be uncertain about its integrity. They may lack the expertise to ensure that network devices are securely configured, but attackers don’t lack the skills to exploit that. It’s understandably common to focus on the outer boundary of your network and forget about threats that come from unexpected directions or multiply internally, but it could prove costly indeed.
Compared to the cost of a data breach, all of these things are cheap and easy to set up