security breach

Quest Diagnostics Data Breach: 12 Million Patient Records

Clinical laboratory firm Quest Diagnostics Inc. has admitted exposure of personal information of nearly 12 million customers after its web payment page was accessed by an unauthorized individual. On Monday, the diagnostic testing provider confirmed in a filing with securities regulators that up to 12 million patients may be affected by a recent data breach at the American Medical Collection Agency. The AMCA was also the third party responsible for a recent LabCorp data breach affecting 7.7 million customers, the testing company said Tuesday. Apart from personal medical information, the company reported that the affected patients’ Social Security numbers and financial data were breached as well, leaving patients susceptible to financial fraud.

The breach happened through a contractor of a contractor. Quest outsources its billing collections to Optum360, which in turn used American Medical Collection Agency for such services. AMCA told Quest on May 14 that it suffered a possible incident, but it's unclear exactly when a hack might have occurred. Quest said it doesn't have "detailed or complete information about the AMCA data security incident, including which information of which individuals may have been affected."

Quest also said it hasn't been able to verify the accuracy of the information received from AMCA. Quest said that it hasn't used AMCA for collections since it learned of the incident and that it is "working with forensic experts to investigate the matter."

Quest was made aware of the breach on May 14, but has not been able to verify AMCA's statement, nor does the company know exactly which patients have been involved. Once the firm has a better understanding of the situation, impacted patients will be told. Since learning of the data breach, AMCA collection requests have been suspended. Law enforcement has been notified and a cyber forensics firm has been hired to investigate the security incident.

"We hired a third-party external forensics firm to investigate any potential security breach in our systems, migrated our web payments portal services to a third-party vendor, and retained additional experts to advise on, and implement, steps to increase our systems' security," Quest said in a statement.

Quest said it's taking the matter "very seriously" and has suspended collections requests to the AMCA. Quest said patients will be notified and that it's working with forensic experts to investigate the breach.

Decrease Potential Data Breach, with Simple Security Control

Some senior management folks might find this strange, but you can significantly make your organization harder to breach. In fact, just a handful of defenses can do more to lower your cybersecurity risk than anything else. These include fighting social engineering and phishing better, patching the most likely to be attacked software far better, and requiring multi-factor authentication (MFA) for all logons.

Zero-day and information system protection

Because zero-day flaws usually refer to software that is widely in use, it’s generally considered good form if one experiences such an attack to share any available details with the rest of the world about how the attack appears to work — in much the same way you might hope a sick patient suffering from some unknown, highly infectious disease might nonetheless choose to help doctors diagnose how the infection could have been caught and spread. patch management is critical in protecting information technology systems.

Ransomware Breach and Criminals

The typical use case for ransomware is a shotgun approach type distribution campaign of dropping ransomware on people's machines, and then you charge them for getting their data or services back,” says Jeffery Walker, CISO at CyberSecOp. “Another use case is for covering tracks. These tools have the façade of ransomware: They would encrypt data, they would post a ransom note, and they would ask for money. They will even give you details on how to pay, but they're used to remove things from the endpoint while throwing off defenders into believing that the reason why that data was lost was because of a random hit by ransomware, but in some cases this is a cover up of a more bigger breach”

Vulnerabilities and Exploits

These are all vulnerabilities that could be exploited by cybercriminals bent on stealing personally identifiable information and protected health information – activity that could also play havoc disrupting healthcare delivery processes.

The study, based on network traffic data monitored by CyberSecOp over a six-month period, found the most prevalent method attackers use to hide command-and-control communications in healthcare networks was hidden HTTPS tunnels.

CyberSecOp compliance solutions deliver cost-effective data protection, data discovery, data classification and data loss prevention for data privacy and compliance.

INSC Cyber Security acquire CyberSecOp Strategic Security firm

INSC Cyber Security acquired CyberSecOp Strategic Security firm

INSC Cyber Security acquired CyberSecOp Strategic Security firm to boost it’s cyber security services across the world, CyberSecOp company provide services including technical, risk, governance, and compliance solutions.

"This acquisition will strengthen INSC cybersecurity capabilities as CyberSecOp will be the global cybersecurity arm of INSC. integrate CyberSecOp's advisory services into INSC's security offerings across the US and worldwide.

CyberSecOp's software-as-a-service platform Security Conform provides access to information security management systems, policies, standards, and templates for subscribers.

"Protecting businesses from data breaches, disruption of operations, and loss of IP and economic assets has become a key objective for C-suite and board-level executives," INSC CEO and CyberSecOp Cyber Security CEO Vinny La Rocca said.

"Additionally, US business leaders already leveraging CyberSecOp as a preferred security advisor now have direct access to the complete CyberSecOp portfolio of security solutions, managed security services, and advanced education programs."

The CyberSecOp staffers provide the business with cyber security expertise while they work on developing solutions and providing training and guidance "to help bridge US cyberskills shortage" for seven years.

INSC business had added cybersecurity prevention, detection, and monitoring capabilities to government and enterprise managed security services portfolio in September 2016.

CyberSecOp will be providing security services to enterprise and government agency. To ensure national and worldwide cyber security.

Cyber Security: Information Data Protection

With the introduction of machine to machine communications, generally referred to using terms such as Industry 4.0 or more generically as the Internet of things (IoT), security models applied to such communications are undergoing a fundamental change. New authentication and authorization mechanisms are being introduced and, with them, the methodologies used to ensure such communications are secure and reliable are consequently changing.

The revolution that has taken place over the past 20 years has had an impact on both consumers and enterprises. The devices and applications that millions of individuals use on a daily basis contain increasingly more complex information, within a constantly evolving technological environment. The growing digital innovation trends such as cloud computing, big data and the IoT create new opportunities to communicate and exchange information. However, this massive amount of confidential data must consequently be managed and secured efficiently and continuously.

How can a company guarantee the security of its data and of its users' data? What solutions are currently available on the market that can help enterprises optimize the management of information while maintaining their privacy?

CyberSecOp, an american base market leader in the Managed Security Service Provider industry, responds to the companies' need for security, offering a range of solutions and services designed to help customers identify cyber security risks in order to mitigate and monitor them over time.

Through its diverse solutions portfolio, CyberSecOp provides the right mix of technology, processes and sector-specific knowledge, supporting customers during the initial planning phase, from design to implementation, in order to identify the best solutions both in terms of process, as well as technology. The company’s strategic partnerships with key suppliers and expertise with market technologies guarantee customers a solution that provides effective operational coverage, on-premise or remote, with vertical expertise throughout the duration of the project and during the delivery of services.

Moreover, thanks to a Cyber Security Operations Center (CSOC), the delivery of timely services and continuous security monitoring are seamlessly integrated to reduce cyber security-related risks. The service is designed to offer the customer a growth-oriented path aimed at improving the company’s overall security position and risk level awareness.

The Industry 4.0 evolution and the arrival of the IoT have significantly increased the complexity and the level of risk to which all enterprises are subject, necessitating an efficient management of corporate security. In a changing environment characterized by increasing opportunities, while at the same time offset by an exponential increase in associated risks, the availability of CSOC services represents an essential guarantee of security.

HealthCare.gov system hack leaves 75,000 individuals exposed

Centers for Medicare and Medicaid Services (CMS) experienced a data breach leading to exposure of highly sensitive personal data of nearly 75,000 people. The CMS is a government system linked with healthCare.gov which assists insurance agents and brokers in helping people register for its healthcare plans.

A hack was detected earlier this month in a government computer system that works alongside HealthCare.gov, exposing the personal information of approximately 75,000 people, according to the agency in charge of the portal.

The Centers for Medicare and Medicaid Services made the announcement late in the afternoon ahead of a weekend, a time slot that agencies often use to release unfavorable developments.

The announcement was made late Friday by the CMS to confirm the data breach but details about the stolen data and content haven’t been provided as yet. It is, however, confirmed that personal files of 75,000 people have been exposed to hackers.

The brokers and agents use the Federally Facilitated Exchange’s Direct Enrollment pathway to convince customers to enroll in health insurance. The pathway was compromised by the attackers between 13 Oct and 16 Oct 2018, confirmed CMS.

The hacked system was connected to the Healthcare.gov website, the front-facing portal for anyone signing up for an insurance plan under former President Obama’s healthcare law, the Affordable Care Act. Hackers targeted the behind-the-scenes system that insurance agents used to help customers directly enroll in new plans, and not the consumer Healthcare.gov site itself. 

In order to sign up for healthcare plans, customers have to give over a ton of personal data — including names, addresses, and their social security number. CMS didn’t say exactly what kind of data was included in the stolen files, nor did it say how the breach happened.

About 10 million people currently have private coverage under former President Barack Obama’s health care law.

Consumers applying for subsidized coverage have to provide extensive personal information, including Social Security numbers, income and citizenship or legal immigration status.

The system that was hacked is used by insurance agents and brokers to directly enroll customers. All other signup systems are working.

CMS spokesman Johnathan Monroe said “nothing happened” to the HealthCare.gov website used by the general public. “This concerns the agent and broker portal, which is not accessible to the general public,” he said.

Federal law enforcement has been alerted and affected customers will be notified and offered credit protection.

Facebook Data Taken- Breach

SAN FRANCISCO – Facebook says 30 million fewer accounts were breached than originally thought in one of the worst security incidents at the giant social network – 30 million instead of 50 million – but attackers made off with sensitive personal information from nearly half of those users that could put them at serious risk, including phone number and email address, recent searches on Facebook, location history and the types of devices people used to access the service.

Hackers got their hands on data from 30 million accounts as part of last month's attack, Facebook disclosed Friday. Facebook originally estimated that 50 million accounts could have been affected but the company didn't know if they had been compromised.

For about half of those whose accounts broken into – some 14 million people – the hackers looted extensive personal information such as the last 10 places that Facebook user checked into, their current city and their 15 most recent searches. For the other 15 million, hackers accessed name and contact details, according to Facebook. Attackers didn’t take any information from about 1 million people whose accounts were affected. Facebook says hackers did not gain access to financial information, such as credit-card numbers.

The company would not say what the motive of the attackers was but said it had no reason to believe the attack was related to the November midterm elections.

Facebook users can check if their data was stolen by visiting the company's Help Center. Facebook says it will advise affected users on how they can protect themselves from suspicious emails and other attempts to exploit the stolen data. Guy Rosen, Facebook's vice president of product management, said the company hasn't seen any evidence of attackers exploiting the stolen data or that it had been posted on the dark web.

Affected users should be on the lookout for unwanted phone calls, text messages or emails from people they don't know and attempts to use their email address and phone number to target spam or attempts to phish for other information. Facebook users should also be wary of messages or emails claiming to be from Facebook, the company said.

Third-party apps and Facebook apps such as Instagram and WhatsApp were not compromised, according to Facebook. Hackers were not able to access any private messages but messages received or exchanged by Facebook page administrators may have been exposed.

Security experts say the 14 million users who had extensive personal information swiped are now extremely vulnerable. Colin Bastable, CEO of Lucy Security, which focuses on cybersecurity prevention and awareness, painted an especially grim scenario.

"The truth is that, as a result of this news, millions of phishing attacks will now be launched, pretending to be from Facebook. Up to 20 percent of recipients will click and a large number of those will be successfully attacked, many of them using work computers and mobile devices," Bastable said. "Businesses and governments will lose money, ransomware attacks will result from this leak, and the attack will reverberate over many months."

The culprits behind the massive hack have not been publicly identified. The FBI is actively investigating the hack and asked Facebook not to disclose any information about potential perpetrators, Rosen said. When they disclosed the breach two weeks ago, Facebook officials said they didn't know who was behind the attacks.

The latest disclosure, another in a series of security lapses that have shaken public confidence in Facebook, may intensify political heat on the company. An investigation is underway by Ireland's Data Protection Commission, and Rosen said Facebook is also cooperating with the Federal Trade Commission and other authorities. The FTC declined to comment if it's investigating.

“Today's update from Facebook is significant now that it is confirmed that the personal data of millions of users was taken by the perpetrators of the attack," Ireland’s Data Protection Commission, the watchdog agency charged with privacy protection in the European Union, said in a tweet.

The extent of the personal information compromised by attackers delivered a blow to the public relations campaign Facebook has been waging to convince the more than 2 billion people who regularly use the service that it's serious about protecting their personal information after the accounts of 87 million users were accessed by political targeting firm Cambridge Analytica without their consent and Russian operatives spread propaganda during and after the 2016 presidential election.

This week, Google acknowledged that half a million accounts on its Google + social network could have been compromised by a software bug. The admission prompted lawmakers to call for an FTC investigation. Both incidents could further fuel a congressional push for a national privacy law to protect U.S. users of tech company services.

"These companies have a staggering amount of information about Americans. Breaches don't just violate our privacy, they create enormous risks for our economy and national security," Federal Trade Commission Commissioner Rohit Chopra told USA TODAY after Facebook disclosed the data breach last month. "The cost of inaction is growing, and we need answers."

More: Facebook breach puts your identity at risk. Here's what you can do to protect yourself

More: Largest Facebook hack ever turns up heat on Mark Zuckerberg

More: Facebook's 50 million account breach is already its biggest ever -- and may get even worse

More: Midterms: 'Furious' Democrats purchase blitz of Facebook ads on Kavanaugh, far outpacing GOP spending

After the accounts were compromised last month, more than 90 million users were forced to log out of their accounts as a security measure.

Facebook says attackers exploited a feature in its code that allowed them to commandeer users' accounts. Those accounts included Facebook CEO Mark Zuckerberg and his second-in-command, Sheryl Sandberg.

The attack began Sept. 14. A spike in traffic triggered an internal investigation. More than a week later, on Sept. 25, Facebook identified the vulnerability and fixed it two days later.

The vulnerability was introduced in July 2017 when a feature was added that allows users to upload happy birthday videos.

Attackers exploited a vulnerability in Facebook’s code that affected "View As," a feature that lets people see what their own profile looks like to someone else. The feature was built to give users more control over their privacy. Three software bugs in Facebook's code connected to this feature allowed attackers to steal Facebook access tokens they could then use to take over people's accounts.

These access tokens are like digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use Facebook.

Here's how it worked: Once the attackers had access to a token for one account, call it Jane's, they could then use "View As" to see what another account, say Tom's, could see about Jane's account. The vulnerability enabled the attackers to get an access token for Tom's account as well, and the attack spread from there. Facebook said it has turned off the "View As" feature as a security precaution.

Last month, Facebook reset the tokens of nearly 50 million accounts that it believed were affected and, as a precaution, also reset the tokens for another 40 million accounts that had used "View As" in the past year. Resetting the tokens logged the affected Facebook users out of the service.

A breach of this kind is not a single, isolated event, warned Adrien Gendre, CEO of Vade Secure North America, an email security company. Hackers don't profit from breaking into Facebook accounts. Money's made, he noted, by launching spear phishing attacks using the data they've purloined, an increasingly common form of cyberattack where hackers spoof someone's identity to get them to complete a write transfer or share confidential information.

And that's very bad news for the 14 million Facebook users who had intimate personal information stolen.

Cyber security IT skills in-demand in US

There’s no doubt that demand for the technologically skilled will only increase in the upcoming years, as practically every company becomes a software-driven enterprise. A survey by the jobs site Monster found that in the US, jobs in the digital sector have multiplied at more than twice the rate of other non-digital tech sectors, and are predicted to grow by 20% in the next decade.

However, which skills will be particularly in demand? While it’s unlikely that the IT skills demanded by the jobs market today will become redundant within our lifetimes, the field is constantly evolving, and there are certainly growth areas on the horizon that IT professionals would do well to educate themselves in.

Cyber security

Cyber security is an area set to grow exponentially in importance in the upcoming years. Every time a breach is suffered by an organisation, there is a huge cost both in terms of financial loss and loss of reputation and brand value.

A recent study carried out by jobs site Indeed indicated that the US is dangerously short on cyber security skills and that the number of cyber security jobs advertised in the US is the third highest globally, meaning demand exceeded candidate interest by more than three times.

Development

Demand for skills in development is here to stay (for the time being anyway – this could change as soon as AI is more widely used to code). In 2017, the demand for software developers and engineers increased by 13% in the UK.

Devops

Another important area of growth is the trend for companies to take a devops approach to their IT departments, meaning that developers well versed in this outlook will be the most employable.

Cloud computing

It’s widely recognised that cloud computing is the future, and every IT professional should feel comfortable using these systems. Demand for cloud infrastructure specialists is increasing across the board.

Machine Learning and AI

These are two obvious areas of increasing growth. In the US, demand for AI jobs increased threefold between 2015 and 2018, even surpassing the UK in terms of demand.

T-Mobile Hit With Security Breach 2 Millon Affected

On Aug. 20, hackers hit T-Mobile and, according to a statement from the company, gained access to personal information for some of its customers. While no financial data or Social Security numbers were exposed, information including names, billing ZIP codes, phone numbers, email addresses, account numbers, and account types was potentially compromised.

While the company has not released concrete numbers for the hack, it is estimated that approximately 2 million customers were affected.

The company, with approximately 77 million total users, has notified affected customers via text message and post the following message for it customers. 

T-Mobile Notice 

Dear Customer –

Out of an abundance of caution, we wanted to let you know about an incident that we recently handled that may have impacted some of your personal information.

On August 20, our cyber-security team discovered and shut down an unauthorized access to certain information, including yours, and we promptly reported it to authorities. None of your financial data (including credit card information) or social security numbers were involved, and no passwords were compromised. However, you should know that some of your personal information may have been exposed, which may have included one or more of the following: name, billing zip code, phone number, email address, account number and account type (prepaid or postpaid).

If you have questions about this incident or your account, please contact Customer Care at your convenience. If you are a T-Mobile customer, you can dial 611, use two-way messaging on MyT-Mobile.com, the T-Mobile App, or iMessage through Apple Business Chat. You can also request a call back or schedule a time for your Team of Experts to call you through both the T-Mobile App and MyT-Mobile.com. If you are a T-Mobile For Business or Metro PCS customer, just dial 611 from your mobile phone.

We take the security of your information very seriously and have a number of safeguards in place to protect your personal information from unauthorized access. We truly regret that this incident occurred and are so sorry for any inconvenience this has caused you.

Prevent DDoS attacks across your enterprise

DDoS (Distributed Denial of Service) attacks feature amongst the most dreaded kinds of cyber attacks, for any enterprise today. This is especially because, as the name itself suggests, there it causes a total denial of service; it exhausts all resources of an enterprise network, application or service and consequently it becomes impossible to gain access to the network, application or the service.

In general, a DDoS attack is launched simultaneously from multiple hosts and it would suffice to host the resources, the network and the internet services of enterprises of any size. Many prominent organizations today encounter DDoS attacks on a daily basis. Today DDoS attacks are becoming more frequent and they are increasing in size, at the same time becoming more sophisticated. In this context, it becomes really important that enterprises look for DDoS attack prevention services, in fact the best DDoS attack prevention services, so as to ensure maximum protection for their network and data.

The different kinds of DDoS attacks

Though there are different kinds of DDoS attacks, broadly speaking there are three categories into which all the different kinds of DDoS attacks would fit.

The first category is the volumetric attacks, which include those attacks that aim at overwhelming network infrastructure with bandwidth-consuming traffic or by deploying resource-sapping requests. The next category, the TCP state-exhaustion attacks, refer to the attacks that help hackers abuse the stateful nature of the TCP protocol to exhaust resources in servers, load balancers and firewalls. The third category of DDoS attacks, the application layer attacks, are basically the ones targeting any one aspect of an application or service at Layer 7.

Of the above-mentioned three categories, volumetric attacks are the most common ones; at the same time there are DDoS attacks that combine all these three vectors and such attacks are becoming commonplace today.

DDoS attacks getting sophisticated, complex and easy-to-use

Cybercriminals today are getting cleverer and smarter. They tend to package complex, sophisticated DDoS attack tools into easy-to-use downloadable programs, thereby making it easy even for non-techies to carry out DDoS attacks against organizations.

What are the main drivers behind DDoS attacks? Well, there could be many, ranging from ideology or politics to vandalism and extortion. DDoS is increasingly becoming a weapon of choice for hacktivists as well as terrorists who seek to disrupt operations or resort to extortion. Gamers too use DDoS as a means to gain competitive advantage and win online games.

There are clever cybercriminals who use DDoS as part of their diversionary tactics, intending to distract organizations during APT campaigns that are planned and executed in order to steal data.

How to prevent DDoS attacks

The first thing that needs to be done, to prevent DDoS attacks from happening, is to secure internet-facing devices and services. This helps reduce the number of devices that can be recruited by hackers to participate in DDoS attacks.

Since cybercriminals abuse protocols like NTP, DNS, SSDP, Chargen, SNMP and DVMRP to generate DDoS traffic, it’s advisable that services that use any of these ought to be carefully configured and run on hardened, dedicated servers.

Do repeated tests for security issues and vulnerabilities. One good example is doing penetration tests for detecting web application vulnerabilities.

Ensure that your enterprise implements anti-spoofing filters as covered in IETF Best Common Practices documents BCP 38 and BCP 84. This is because hackers who plan DDoS attacks would generate traffic with spoofed source IP addresses.

Though there are no fool-proof techniques that can prevent DDoS attacks completely, you can ensure maximum protection by ensuring proper configuration of all machines and services. This would ensure that attackers don’t harness publicly available services to carry out DDoS attacks.

It’s to be remembered that it’s difficult to predict or avoid DDoS attacks and also that even an attacker with limited resources can bring down networks or websites. Hence, for any organization, it becomes important that the focus is always on maximum level protection for enterprise networks, devices, websites etc.

What is Botnet - Cybercriminals #1 Weapon

The word Botnet is formed from the words ‘robot’ and ‘network’. Cybercriminals use special Trojan viruses to breach the security of several users’ computers, take control of each computer and organise all of the infected machines into a network of ‘bots’ that the criminal can remotely manage.

Botnet Prevention- What is Botnet   

Botnet Prevention- What is Botnet   

 

How Botnets can impact you
Often, the cybercriminal will seek to infect and control thousands, tens of thousands or even millions of computers – so that the cybercriminal can act as the master of a large ‘zombie network’ – or ‘bot-network’ – that is capable of delivering a Distributed Denial of Service (DDoS) attack, a large-scale spam campaign or other types of cyberattack.

In some cases, cybercriminals will establish a large network of zombie machines and then sell access to the zombie network to other criminals – either on a rental basis or as an outright sale. Spammers may rent or buy a network in order to operate a large-scale spam campaign.

How to prevent your computer becoming part of a Botnet
Installing effective anti-malware software will help to protect your computer against Trojans and other threats.

Botnet.gif

Businesses Expansion of Attack Surfaces

One of the main reasons cyber risk continues to increase exponentially is due to the rapid expansion of attack surfaces – the places where software programs are vulnerable to attack or probe by an adversary. Attack surfaces, according to the SANS Institute, can include any part of a company’s infrastructure that exposes its networks and systems to the outside, from servers and open ports to SQLs, email authentication and even employees with “access to sensitive information.” It can also include user input via keyboard or mouse, network traffic and external hardware that is not protected by cyberhardening technology.

It would be easy to blame the Internet of Things (IoT) for the expanding attack surfaces, as Intel projects two billion smart devices worldwide by 2020. But in reality, the IoT is only part of the attack surface epidemic.

According to Cybersecurity Ventures, there are now 111 billion new lines of code written each year, introducing vulnerabilities both known and unknown. Not to be overlooked as a flourishing attack vector are humans, which some argue are both the most important, but also the weakest link in the cyberattack kill chain. In fact, in many cybersecurity circles there is a passionate and ongoing debate regarding just how much burden businesses should put on employees to prevent and detect cyber threats. What is not up for debate, however, is just how vulnerable humans are to intentionally or unintentionally opening the digital door for threat actors to walk in. This is most evident by the fact that 9 out of 10 cyberattacks begin with some form of email phishing targeting workers with mixed levels of cybersecurity training and awareness.

Critical Infrastructure Protection Remains a Challenge

Critical infrastructure, often powered by SCADA systems and equipment now identified as part of the Industrial Internet of Things (IIoT) is also a major contributor to attack surface expansion. Major attacks targeting these organizations occur more from memory corruption errors and buffer overflows exploits than from spear-phishing or email spoofing and tend to be the motive of nation states and cyber terrorists more so than generic hackers.

“Industrial devices are designed to have a long-life span, but that means most legacy equipment still in use was not originally built to achieve automation and connectivity.” The IIoT does provide many efficiencies and cost-savings benefits to companies in which operational integrity, confidentiality and availability are of the utmost importance, but the introduction of technology into heavy machinery and equipment that wasn’t built to communicate outside of a facility has proven challenging. The concept of IT/OT integration, which is meant to merge the physical and digital security of corporations and facilities, has failed to reduce vulnerabilities in a way that significantly reduces risk. As a result, attacks seeking to exploit critical infrastructure vulnerabilities, such as WannaCry, have become the rule and not the exception.

To date cyber criminals are winning? 

To date, critical infrastructure cybersecurity has relied too much upon network monitoring and anomaly detection in an attempt to detect suspicious traffic before it turns problematic. The challenge with this approach is that it is reactionary and only effective after an adversary has breached some level of defenses.

We take an entirely different approach, focusing on prevention by denying malware the uniformity it needs to propagate. To do this, we use a binary randomization technique that shuffles the basic constructs of a program, known as basic blocks, to produce code that is functionally identical, but logically unique. When an attacker develops an exploit for a known vulnerability in a program, it is helpful to know where all the code is located so that they can repurpose it to do their bidding. Binary randomization renders that prior knowledge useless, as each instance of a program has code in different locations.

One way to visualize the concept of binary randomization is to picture the Star Wars universe at the time when Luke Skywalker and the Rebel Alliance set off to destroy the Death Star. The Rebel Alliance had the blueprints to the Death Star and used those blueprints to find its only weakness. Luke set off in his X-Wing and delivered a proton torpedo directly to the weak spot in the Death Star, destroying it. In this scenario, the Death Star is a vulnerable computer program, and Luke is an adversary trying to exploit said computer program.

Now imagine that the Galactic Empire built 100 Death Stars, each protected by RunSafe’s new Death Star Weakness Randomization. This protection moves the weakness to a different place on each Death Star. Now imagine you are Luke, flying full speed toward the weakness in the Death Star, chased by TIE fighters, only to find that the weakness is not where the blueprint showed. The Rebel attack fails, and the Galactic Empire celebrates by destroying another planet. Similar to the Death Star scenario above, code protected with binary randomization will still contain vulnerabilities, but an attacker’s ability to successfully exploit that vulnerability on multiple targets becomes much more difficult.

 

A Step-by-Step Guide to a Successful SIEM Deployment

SIEM (Security Information and Event Management) deployment based on firsthand experience implementing SIEM for a broad range of customers.

SIEM-2.jpg

 

Discovery Phase - Laying the Groundwork

  1. Review the organizational security posture and the initial business case for SIEM. Then prioritize the goals of the SIEM implementation from the most critical to the optional—taking into account the tasks that must be performed in order to support the effort.
  2. Review in detail the organizational security policy to consider the intent behind the policy. Separate those policies from a priority standpoint. Determine what’s critical, what’s necessary for mandatory compliance and what policies are best practices to ensure a secure environment.
  3. Identify current controls that are auditing those policies to determine compliance level. Ideally, a SIEM implementation should not be the first time the organization identifies that its security policy or how it’s implemented isn’t working according to plan. The reality is that these deployments often expose gaps in security execution that must be remediated before those elements can be integrated into a daily alerting and reporting structure.  
  4. Identify a smaller representative subset of the current policy and devices where SIEM can be applied and enough data can be gathered to determine what changes need to occur.
     

Pilot Phase - Beginning the Implementation

The primary goal of this phase is to determine which specific SIEM project goals can be implemented in order to establish initial ROI while creating a baseline operational model and run-book.

  1. The lessons learned from the discovery phase are used to implement a larger subset of technology.
  2. The assumptions developed during the discovery phase are tested in real time.
  3. The list of devices should be expanded to incorporate a wider set of technologies and numbers.
  4. The information developed from this phase is used to determine the final steps of controlled deployment and maturity phase.


Controlled Deployment Phase - Building Capacity

The primary goal of this phase is to develop a deployment workflow that enables the organization to build capacity as full deployment approaches. This phase also serves as the initial production test run and the completion of operational run-books necessary to manage a full deployment.

Maturity Phase - Continuing to Evolve

Significant work must be performed in order to mature the organization’s security posture and implement the finer points of the deployment. This phase never has an end point—since SIEM must continually evolve.

Data Protection Officer- Consultants

Why do I need a Data Protection Officer?

While the desire to protect company, customer, and vendor information isn’t new, there are new laws that are requiring organizations to take a more active role in protecting their data.  The EU recently passed the General Data Protection Regulation that requires certain businesses to have a Data Protection Officer.  In order to comply with the rule, it has been estimated that nearly 28,000 DPOs will be needed by the end of 2018.

Specifically, the General Data Protection Regulation requires companies that process data with a public authority or that regularly monitor data subjects on a large scale to have a DPO and a plan in place to protect that data.  It’s important to note that the rule not only effects companies that are biased in the EU, but also those that conduct business with its partner countries.

Because of the non-specific wording of the GDPR, one of the first steps that any company operating within the EU will need to take is to determine whether or not they are subject to the regulations in the law.  It may be necessary to hire a security consultant on a short-term basis to determine this.  Fortunately,  CyberSecOp has plenty of experience in helping companies comply with EU law and IT security background that this position would require.

What is a Data Protection Officer?

In order to comply with the new regulation, a Data Protection Officer must have, “expert knowledge of data protection law and practices”.  Additionally, the DPO must have a good understanding of the organizations' technical structure, organization, IT infrastructure, and technology.

It’s important to note that as long as an employee is capable of performing the basic functions of the role, there is no formal training requirement.  This means that the job can be assigned to an existing employee.  It is also permissible for an organization to hire an outside consultant or security firm to take on this role.

How will this affect my company?

Due to the massive penalties involved with ignoring the new GDPR, any company that meets the criteria and operates in at least some capacity in the EU will need to appoint a Data Protection Officer.  For larger companies, this role is most likely already filled by a data security team.  Small companies will most likely find it to be the most cost-effective to hire an outside company to handle its data security issues.

Mid-size companies, however, will likely struggle to come into compliance with this rule.  Keeping a full-time Data Protection Officer on staff might prove to be cost prohibitive, but it’s also possible that contracting with an outside firm may also run up costs beyond a sustainable level.  In many cases, the solution might be to find a professional with multiple skill sets who could act as the company’s Data Protection Officer while also performing other duties. CyberSecop have a team of security professionals dedicated to helping an organization in comping with GDPR and other data security frameworks.

Secure all networks, from the Internet?

In the coming years in 2019-2020, the active mobile users will cross the 5 billion mark globally, and add to this the number of tablet user will also increase. When we analyze these figures it is not difficult to estimate that there are more than 20 million IoT devices in the pipeline ready to hit the base by 2020. It means the above-given figures are all set to be part of the connected world.

All these devices mean lots of valuable data, and where there’s valuable data there are hackers trying to get access to it. Not only do we need to wrestle with new kinds of networks, many of them wireless, but we need to tackle the security of these networks while simultaneously tackling the massive scale of the problem.

Now imagine the kind of valuable data that will be churned out from these devices, and how it will be a gala time for the hackers to break into these devices and get access. No doubt we need to bring such device in our daily life, but the challenge is to get them all secured taking into account the massive breach in the line.

We asked vendors and resellers how they approach security of the WAN in this challenging environment

The internet is the network

The data center is no more the enter of the universe, but it is the Internet that new network that brings all the network closer to each other.

Mobile phone networks are rapidly being repurposed as a general-purpose data network over which voice calls are just one more application. Inside the telcos themselves, the core networking is already running over IP networks, and consumers are very comfortable with messaging applications that talk over IP networks instead of SMS. Devices in the field are adding LTE interfaces as a cheap and easy way to add networking capability to what were once disconnected devices.

“We have to rethink how we approach things,” Kopelke says. “We need to change our thinking from ‘How do I secure and protect the network?’ to ‘How do I secure and protect the data and applications?’”

Gavin Wilson, Asia-Pacific managing director at Cradlepoint “People expect to always be connected. Increasingly the connection is a mix of technologies, rather than a single layer-1 or layer-2 approach.” Instead of a loose collection of isolated technologies, the network is now an abstraction operating at a higher level, and there is no longer a functional difference between “the internet” of decades past and what all these modern mobile devices use to connect”.

The connected world and benefits

This ubiquitous networking is enabling associations to do things that basically weren’t conceivable previously. Without a system to send the information, gadgets in trucks or conveyed by field laborers would need to store information for later use. Presently they can stream a lot of information back to a server farm or straight into the cloud, and they can be inconsistent contact with different parts of the framework.

“The ability to get information out to remote people is a massive benefit, and, if a truck roll over on a delivery, an immediate duress notification can let others know the driver is in trouble,” says Michael Dyson, general manager at Advanced Mobile IT‌

“We also have digital signage that can be remotely updated,” Dyson says. “You can receive diagnostics from remote locations without having to send a technician out to the site and there are buses in New Zealand that can do on-board ticketing and have a GPS for accurate next-stop announcements.”

As it turned out to be consistently more steadily and reasonable, the requirement for the specialist like; satellite telephones, CB radios have dropped abruptly. These more seasoned technologies are turning into a fallback — as opposed to the essential strategy for building up correspondences. The generously higher transfer speed access, combined with the across the board accessibility of the supporting framework, influences the cost/to profit examination straightforward: you’d be distraught not to.

Security

Obviously, simply being associated isn’t sufficient. We likewise need to keep information and applications secure when they’re interfacing with an indistinguishable web from each content kiddie and solidified digital crime with a hunger for other individuals’ data.

“The traditional way to secure the WAN was using firewalls at each branch or backhauling branch traffic to a datacenter and use firewalls there to protect the traffic,” says Stree Naidu, vice president. Asia-Pacific and Japan for Cato Networks. “As long as we think about the firewall as a box that sits somewhere, that box defines the perimeter. But what if the perimeter was defined by a firewall that is everywhere? This is the notion of Firewall as a Service (FWaaS).”

Moving from the physical system of security that is as pervasive as the availability itself is it all about. “Systems that are secured from commencement is the name of the diversion. Rather than being a bit of hindsight or an extra, security in a world with no border implies heating it in from the start.

“It has to be about more than taking an appliance and virutalizing it,” says Zscaler’s Kopelke. “We say that’s just cloud-washing.”

Cato Networks’ Scree agrees. “The challenge most organizations face is how to extend enterprise-grade security to all their branches and mobile users globally,” he says. “Cloud networks with built-in network security can offer a way forward.”

“With users expecting a higher standard of service, these standalone appliances won’t cut it anymore,” says Dell EMC’s Elmarji. “You need to be able to provide full security on all connected devices, fast access to data, and 24/7 connectivity.”

While it’s still relatively early days for software-defined networks, it’s clear where the momentum is. Customers and resellers alike should be investigating how they can move to using software-based networking to create the secure, ubiquitous networks of the future

New Data Privacy Law in India

Like EU India is putting tight restrictions on data privacy.

India is quick tilting into the computerized age, however, its laws and directions are dated and unsuited to the circumstances, consequently raising worries about protection.

In an offer to modernize them, the former Supreme Court judge B.N. Srikrishna is heading a panel to draft new data privacy laws to manage and regulate the conduct of tech giants, and the move has put the likes of Google and Facebook in a jitter.

The committee was constituted after a landmark Supreme Court judgment headed by Srikrishna after the Supreme Court, in August 2017, declared the right to privacy to be a fundamental right. The apex court further recognized the complexities in data protection and instructed the government to formulate and enact a comprehensive data protection law. After almost a year, the committee is slated to submit its draft this week.

Current data-privacy laws in India are narrow in scope

As of now, the primary statutes administering data protection in India are the Information Technology Act, 2000, and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. This is just not enough as it is just a thin line that separates the two that regulates the processing of sensitive personal data or information like password and financial information. Non-sensitive personal data have no such control.

The Srikrishna committee seeks to curb unhindered data collection practices and to curb such practices.

It seeks to detail several specifics, including defining what fair use is, deciding whether tech giants can transfer data across international borders, and designing an effective enforcement mechanism.

BENEFITS OF IMPLEMENTING AN INFORMATION SECURITY

THE BENEFITS OF IMPLEMENTING AN INFORMATION SECURITY MANAGEMENT SYSTEM (ISMS)

 

SECURES YOUR INFORMATION IN ALL ITS FORMS

An ISMS helps protect all forms of information, including digital, paper-based, intellectual property, company secrets, data on devices and in the Cloud, hard copies and personal information.

INCREASES RESILIENCE TO CYBER ATTACKS

Implementing and maintaining an ISMS will significantly increase your organisation’s resilience to cyber attacks.

PROVIDES A CENTRALLY MANAGED FRAMEWORK

An ISMS provides a framework for keeping your organisation’s information safe and managing it all in one place.

OFFERS ORGANISATION-WIDE PROTECTION

It protects your entire organisation from technology-based risks and other, more common threats, such as poorly informed staff or ineffective procedures.

HELPS RESPOND TO EVOLVING SECURITY THREATS

Constantly adapting to changes both in the environment and inside the organisation, an ISMS reduces the threat of continually evolving risks.

REDUCES COSTS ASSOCIATED WITH INFORMATION SECURITY

Thanks to the risk assessment and analysis approach of an ISMS, organisations can reduce costs spent on indiscriminately adding layers of defensive technology that might not work.

PROTECTS CONFIDENTIALITY, AVAILABILITY AND INTEGRITY OF DATA

An ISMS offers a set of policies, procedures, technical and physical controls to protect the confidentiality, availability and integrity of information.

IMPROVES COMPANY CULTURE

The Standard’s holistic approach covers the whole organisation, not just IT, and encompasses people, processes and technology. This enables employees to readily understand risks and embrace security controls as part of their everyday working practices.

 

Corporate Information Security Steering Committee

Organizations are becoming increasingly aware that if they fail to implement successful security management processes, it could expose them to untenable risk.

The role of the corporate information security steering committee has become an important tool in the quest for a coordinated corporate security strategy, for reducing duplication in security spending, for taking control of complex infrastructures and ultimately, for reducing security risk. 

One of the first steps for many organizations has been to set up a common security team and to embark on enterprise-wide information security programs. However, many of these teams have struggled to align corporate business objectives with strategic security investment.

META Group's research indicates that the majority of new security teams struggle to define and establish their corporate missions, scope, influence and power bases. Furthermore, these security teams have poorly defined executive charters and operate without effective communications plans. The unfortunate result of such poor grounding is the temptation for newly established teams to immerse themselves in technology quests, searching for elusive enterprise-wide technical solutions.

In contrast, the most effective security organizations are those with clear responsibilities and well-defined processes, based upon five primary organizational roles:

  • Leadership - this is the role of the chief information security officer who deals with both the day to day management of the security team as well as continuous communication of the importance and value of security measures
  • Analysis/design - these security analysts help information owners develop meaningful security policy as well as effective security solutions
  • Security administration - these people look after the day to day administration of access rights, passwords, etc
  • Security operations - resources that continuously monitor the security status of the organization, and manage incident response procedures.
  • Awareness communication - resources that design and manage ongoing security awareness and training programs. 
    Executive custody and governance -represented by an information security committee

The role of the corporate security steering committee is to coordinate corporate security initiatives at the executive level and thus enable an organization to optimize spending, manage their infrastructure and minimize security risk. Obtaining consensus and support for corporate-wide security initiatives is especially difficult in highly decentralized and multinational organizations with a high level of devolved authority and autonomy. In this type of organization, an executive governance body becomes essential.

Corporate information security steering committees (CISSC) must have a clear charter with a range of functions that should include:

  • Managing the development and executive acceptance of an enterprise security charter.
  • Assessing and accepting corporate-wide security policy (e.g., the corporate policy on security incident response, general behavioral policy). A major objective of this function is ensuring that business requirements are reflected in the security policy, thus ensuring that the policy enables rather than restricts business operations.
  • Assessing any requests for policy exceptions from individual business units.
  • Assessing, accepting, and sponsoring corporate-wide security investment (e.g., identity infrastructure deployment, remote access infrastructure), as well as requests to be excluded from common investment.
  • Providing a forum for discussion and arbitration of any disputes or disagreements regarding common policy or investment issues.
  • Acting as custodian and governance body of the enterprise security program by ensuring visible executive support, as well as monitoring progress and achievements. The role of a permanent governance structure reinforces the message that enterprise security becomes an ongoing, long-term initiative.
  • Assessing and approving the outsourcing of common security services, as well as coordinating investment in appropriate relationship management resources. As the lack of skilled resources increases the need to outsource operational services, executive due diligence, risk assessment, and ongoing effectiveness assessment must be coordinated through the steering committee.
  • Initiating ad hoc projects to investigate the advantages, disadvantages, risks, and cost of common security initiatives, and advising the committee with appropriate recommendations.
  • Representing the executive (board of directors) or its nominated information governance body (e.g., an information executive board) in all corporate security matters. Reporting back to these forums on the activities and effectiveness of corporate security programs and investments.
  • Acting as custodian of corporate-wide strategic security processes (e.g., role analysis, data classification) by validating process ownership, responsibilities, and stakeholders.
  • Acting as respondent to enterprise-level audit exceptions (i.e., those audit exceptions where a specific individual cannot be found to be responsible).
  • Coordinating and validating any external, security-related corporate communications plans and activities (e.g., in the event of a high-profile, publicized security breach).
  • Tracking major line-of-business IT initiatives to identify opportunities for synergy or to leverage security investment.
  • Governing trust relationships with major e-business partners.

It is very important that steering committee members can make decisions at meetings. This requires the active participation of senior executive business managers or it must be a permanent subcommittee of an executive information board. To prevent the committee becoming an ineffective 'debating society' or forum for driving political agendas, the scope, powers and objectives of the committee should be clearly documented and measured.

Typical members of an information security steering committee include: line of business managers, application owners, regional managers, IT managers, the IT director, the chief security officer, the corporate risk manager and the chief internal auditor. A clear distinction must be made between the role of the CISSC (i.e., executive custody and governance) and the leadership role (i.e., day-to-day management of the security team) of the chief information security officer.

By developing the emerging role of the chief security officer (CSO) and the security team, enterprises can foster a holistic approach to information security - one that recognizes that policy, process, and communication are as important as technology.

Cloud to Streamline Security for Strategic Growth

As the technology director at Inspira Health Network, François Bodhuin and his staff have their work cut out for them, as they strive to support the organization’s strategic growth, stay on top of technology needs and keep patient data secure.

The New Jersey-based organization, in fact, is constantly looking to expand. “We are a medium-sized system, but we are very active in our expansion plans,” Bodhuin said, noting that the system now has more than 150 service locations in five counties. The health network is currently building a new hospital, adding a two- story patient tower to one of its existing hospitals, expanding its behavioral health program, renovating a satellite ER, recently opened a senior emergency department and purchased a regional medical transport company.

In addition, the Inspira technology department has developed an app to better serve all the patients that will flow into this continually growing health system. The app enables patients to request appointments, get directions to facilities, access a list of providers, view emergency department and urgent care wait times, pay bills and even participate in virtual visits.

So, it made perfect sense for Inspira to move its compliance management software to the cloud when FairWarning introduced a cloud-based managed shared services solution that works to ensure all data is secure by continually monitoring user activity and sending out alerts for any suspicious actions. After all, the health system had already moved a variety of systems to the cloud including its electronic health records, security information and event management (SIEM) and wound care solutions, and has experienced myriad benefits by doing so.

“The cloud saves costs; because you are getting a virtual server, the hardware itself costs less,” he said. In addition, when a managed services provider hosts a solution in the cloud, the healthcare organization does not incur on-boarding or ongoing training costs.

By hosting the compliance solution in the cloud under a managed services arrangement, Inspira will be positioned to:

Take advantage of a team of privacy and security experts. “The team concept to me is a key with managed services. We’re always being asked to work more efficiently. In this case, we will be able to really do that because we will have a team of experts that is performing the function,” Bodhuin said. “Because they’re experts, they know when a complaint is significant. They know when an alert is significant. They know when to ask for an investigation.” In addition, because these experts are well versed in the compliance solution, the learning curve that is typically associated with implementing a new solution is eliminated.

Reduce the need to search for IT staff. Hiring experienced, qualified IT staff is a challenge for all healthcare organizations. “In South Jersey, it is especially difficult to attract people to work in security and privacy. [With managed services], we don’t have to search for IT staff and we won’t have any onboarding costs. All that is built-in to our fees,” he said.

Maintain flexibility. With a managed solution in the cloud, it will be easy for Inspira to grow – as the organization does not need to add staff but can instead simply adjust the services agreement to meet evolving needs.

More readily deal with infrastructure challenges. With managed services, Inspira staff do not need to “worry about patching or managing the server,” he said. In addition, staff don’t need to be concerned with “upgrading the hardware, or the software . . . or worry about disaster recovery,” something that traditionally generates significant downtime, according to Bodhuin.

Leverage the experiences of many. Managed services providers work with a variety of organizations making it possible to “bring many best practices to the table,” which is difficult to do when hosting and maintaining systems internally, Bodhuin noted.

Save considerable time. “There's a lot of daily work that, all of a sudden, you don't have to do because it’s being done by the managed service. In privacy and security, we expect to regain about one to two hours a day for each analyst,” he said. “Now, they can focus their time on responding to issues that are reported to them. All that saved time can be allocated to another function.”

Doing managed services right

While Bodhuin expects to realize these benefits when moving the compliance software to the cloud, his past experience with managed services has provided a litany of lessons learned. More specifically, he knows that to successfully work with a managed services provider requires:

  • Defining expectations explicitly. “You have to define what you trust them to do. You could let the managed service provider run the whole show if you wanted to, in certain functions,” or limit their scope to a defined set of functions, according to Bodhuin.
  • Proactively managing the working relationship. “You really have to keep them on their toes. Make sure they deliver what they say they will deliver,” he advised. “So you really have to pay attention to your statement of work to ensure that you will get what you expect.”
  • Treating the managed service provider as one of our own. “It’s really important that you make these people a part of your team. And if you do that, then you’ll get success. If you don’t do that, then there will be a lot instances where there are conflicts in your priorities,” Bodhuin said.

In the final analysis, with the expertise gained via a managed services arrangement, Bodhuin expects Inspira to save time, reduce costs while minimizing the organization’s overall risk profile. As such, Bodhuin can help the health system support its strategic growth goals. “The technology/security must be ‘a department of yes’, not a ‘department of no’. When you start saying no to people, you're going against the business itself and that can be a real problem,” he concluded.

 

Bypass Two-factor authentication - 2FA Bypass

A majority of users and companies are moving to Two-factor authentication (2FA) for enhancing the security of its data and systems. But contrary to popular belief, it cannot provide a fool-proof layer of security to online accounts since Kevin Mitnick at KnowBe4 has demonstrated that it is very easy to deceive this defensive measure.

KnowBe4 is the world’s leading security awareness training provider and simulated phishing firm with a massive customer base of 17,000 organizations across the world. Mitnick is the company’s chief hacking officer.

In his new exploit, he proved that 2FA is exploitable because hackers can spoof the 2FA requests by sending a fake login page to the user. This may lead to stealing of sensitive user data including username, password and session cookie.

The hacking technique can be seen in the video uploaded here:

The purpose of using 2FA is to add an extra layer of security by combining what an employee already has and what they know. This combination could be between username and password or a code that is sent to the user on the phone or an app.

To exploit the 2FA method of security, the victim is lured into visiting a typo-squatting domain such as LunkedIn.com in order to steal the required user data. Once the information is obtained, the hacker can easily access the actual website and capture session cookie. Once this is achieved, the hacker can remain logged in indefinitely. But this is reliant on accessing the 2FA authentication code once.

As per the CEO of KnowBe4Stu Sjouwerman, Kuba Gretzy, a white hat hacker, and friend of Mitnick, developed a tool for bypassing the 2FA authentication via social engineering techniques and this tool can be “weaponized” for just about any website.

“Two-factor authentication is intended to be an extra layer of security, but in this instance, we clearly see that you can’t rely on it alone to protect your organization,” added Sjouwerman.

The tool is called evilginx. The attack method is based upon proxying the user via the hacker’s system through a credentials phishing technique, which requires the use of a typo-squatting domain. The idea is to let the user give away his/her credentials so that the hacker could steal session cookie.

The phishing email is the core of the attack method. In this particular case, the phishing email is supposedly sent by LinkedIn to a member of the site indicating that somebody is trying to contact through the social network. The email looks authentic initially but if looked closely, it becomes evident that it is a fake email since the return address is incorrect. But, if the user falls for it and clicks on the “interested” button, the malware will soon be downloaded onto the device.

This is the stage when the victim is taken to the authentic LinkedIn website so as to enter login information, which the hacker required. The login information is recorded by the malware as well as the session cookie using the cookie, the attacker acquires direct access to the account and manages to avoid the 2FA phase of the signing-in process.

Watch The Demonstration Here

Ransomware campaign up around the world

A new email ransomware campaign is spreading around the world. Researchers at Fortinet say it’s a spam effort, meaning the messages are not targeted. Instead they are addressed generally, like “Dear customer.” The subject line in the email would be something like “Document number…”, “Your order number” or “Ticket number.” With the email is a malicious attachment that leads to the installation of malware. The initial targets are corporate mail servers used to forward this email. These have been found in Canada, the U.S. the United Kingdom and other countries. 

ransomware-cbyersecurity-consulting.jpg

The best defense against ransomware – or any email-delivered malware – is to watch out for it. Be cautious about unsolicited emails, especially those with attachments. And it’s vital you always have a separate backup of your data made it a way that can’t be infected, just in case you make a mistake.

Meanwhile McAfee reports some Canadian organizations have been victimized by a separate operation. A group security that researchers call Hidden Cobra, believed to be backed by North Korea, has been putting surveillance software on the systems of companies. The suspicion is the Canadian victims have been used as listening or data relay points. The malware that this campaign has installed has not stolen financial or sensitive data but appears to be there find out what’s on a computer, and be ready to launch further attacks.

Companies have to make sure their systems have the latest security patches. In addition, because the malware appears to be distributed through email, employees have to be reminded to be careful on what they click on.

For more on this see my story today on ITWorldCanada.com.

The U.S. National Security Agency has just suffered a black eye from an international standards body. According to a blog on Bitdefender, the International Organization of Standardization – known more commonly as ISO – rejected two new encryption algorithms suggested by the NSA to secure Internet of Things devices. The algorithms would scramble information on Internet-connected devices like home surveillance cameras and toys. But the NSA’s reputation for creating tools to hack into applications apparently give it a bad name at the ISO. One ISO delegate accused the NSA of telling half-truths and lies in its presentation.

If that allegation is accurate, it isn’t good. Internet of Things devices badly need better security. People and companies around the world buy tens of thousands of them a year. Insecure devices don’t improve security.

That’s it for Cyber Security Today. Subscribe on Apple Podcasts, Google Play, or add us to your Alexa Flash Briefing. Thanks for listening.