One Article Review
| Source |  SecurityWeek |
|---|---|
| Identifiant | 516313 |
| Date de publication | 2018-03-15 13:44:05 (vue: 2018-03-15 13:44:05) |
| Titre | The Latest Strains of Attacks on the Pharmaceutical and Healthcare Sector (Recyclage) |
| Texte | Cyber Attacks Continue to Plague the Pharmaceutical and Healthcare Industries That Remain Lucrative Targets Schools were shut down due to high levels of absences and for sanitation purposes. Medical facilities were overflowing with patients. Visitor restrictions at hospitals and nursing facilities were in full force. Thankfully the flu season is starting to wind down, but this has been a particularly nasty episode. Several reasons have been cited, including the circulation of a particularly severe form of the flu virus that can cause more health complications, as well as local shortages and limited effectiveness of vaccines and antiviral medications against certain strains. But these aren't the only types of attacks that the pharmaceutical and healthcare sectors have had to contend with. Cyber attacks, campaigns and security incidents continue to plague these industries that remain lucrative targets primarily because of the type of information they hold, including personal health information (PHI) such as medical records and insurance information, personally identifiable information (PII), and financial information. The value of this data to financially-motivated threat actors is evident by continued extortion attempts against companies in this sector and data breaches. Let's look at a few recent examples. ● Extortion attacks, the now infamous ransomware attacks we read about daily, are affecting all sectors and healthcare and pharmaceutical companies are not immune. The personal and sensitive information they hold, offer lucrative opportunities for threat actors to conduct identity theft, fraud and sell data to other threat actors. Last October the threat actor, thedarkoverlord, appears to have been hard at work. A U.S.-based clinic was the target of an attempted extortion attack following a data breach that contained PII and some health-related information. The threat group mentioned the attack on Twitter but there has been no indication that the data has been publicly released. Around the same time, there was another report of a U.K.-based healthcare clinic that suffered a data breach and received an extortion demand from thedarkoverlord. An unspecified amount of data was reportedly stolen, which included PII, as well as pre- and post-operative photographs. As in the first case, there has been no indication that the data is widely available – yet. These are just two examples of the repeated attacks by thedarkoverlord against healthcare organizations. While details aren't clear as to how they are able to gain access to victims' networks, they have alluded to using zero-day exploits in remote desktop protocol (RDP) servers. ● Data breaches can have long-lasting impacts on organizations and individuals. Just consider the Yahoo breaches if you have any doubts. In the healthcare industry we see the same thing. Late last year the HaveIBeenPwned website added approximately four million records from Malaysian websites to its data repository. The data was obtain |
| Envoyé | Oui |
| Condensat | 2011 2018 |
| Tags | |
| Stories | Yahoo |
| Notes | |
| Move | 
|
Les reprises de l'article (1):
| Source | SecurityWeek |
|---|---|
| Identifiant | 510599 |
| Date de publication | 2018-03-13 14:27:03 (vue: 2018-03-13 14:27:03) |
| Titre | Woe is the Life of a Security Analyst in March |
| Texte | The IRS issued a warning last month about an updated version of the old wire transfer phishing scam, where fake emails are sent to accounting supposedly from a company executive, requesting a wire transfer to a provided account. In the updated version cautioned by the IRS, the request is to payroll or human resources requesting a list of employees and their W-2 forms. Many have been fooled by this and other phishing related scams, exposing their companies and now their employees. Divulging employee lists and W-2 information exposes employees' personal information that can be immediately used in identity theft and other social engineering activities. From a people and process perspective, which is always the place to start, reviewing business processes and training employees about being cautious when clicking on links and transferring sensitive data is a first step as part of a larger security training program. Ensuring that processes and procedures used by your organization promote secure practices is especially important. It not only reduces your exposure in general, but it will make those fake requests stand out even more, reducing the risk that somebody be fooled. Those that hire temporary personnel for the busy tax season should take extra care in training and making sure there is an easy way to do their job without exposing sensitive data. If it is difficult to do their job securely, the easy path to doing their job will win out every time over security. From a technology point of view, anti-phishing tools to identify and block fake emails, and data loss prevention technology are essential for combatting these phishing scams. However, analysts are getting buried in false positive alerts resulting from legitimate tax related activities or employees emailing their tax information back and forth (regardless of what your acceptable use policy says). In addition to being false positives, these events pollute the view of the analyst trying to catch these phishing scams as well as the bad guys trying to actually steal from the company. Ask any security analyst and they will tell you this is their least favorite time of year. The mission of security departments is to eliminate the noise of false positives, identify users intentionally or accidentally acting in a risky way, and identify business processes that may be exposing the organization. Behavioral analytics (“User and Entity Behavioral Analytics, or UEBA”) can help solve all three of these challenges. UEBA analyzes a user's activities and identifies unusual behavior relative to their own history and that of peer groups. Viewing activity through multiple lenses of individual and group behavior allows UEBA to help solve the issues that allow these phishing schemes to succeed. Combining behavioral analysis with various scenarios filters out false positives. Identifying users demonstrating repeated non-malicious violations helps identify candidates for training that can then be targeted to the types of activities and violations demonstrated by the user. Identifying those kinds of repeated non-malicious behaviors amongst |
| Envoyé | Oui |
| Condensat | 2018 analyst bay ciso forum half incident industry insights life links management march moon register response risk security sponsored tags: woe |
| Tags | |
| Stories | |
| Notes | |
| Move |
|
L'article ressemble à 1 autre(s) article(s):
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
|
2018-04-05 13:32:05 | (Déjà vu) Mitigating Digital Risk from the Android PC in Your Pocket (lien direct) | >Security Teams Must Prioritize Risk Mitigation Against Android Malware
Few of us could have imagined that a device that allows us to talk to anyone from anywhere at any time would morph, in just a few years, into many users' computing device of choice. The latest numbers from StatCounter reveal that mobile devices are outpacing desktops and are the preferred method for accessing the Internet. The most popular operating system worldwide? Android.
Threat actors watch these trends too. They're opportunistic and will focus their efforts where they believe their success rate will be the highest. So naturally, many are targeting Android devices and taking advantage of malware to launch attacks.
As an open-source tool, Android provides the benefits of collaborative applications (apps) and innovation; however, its accessibility inherently exposes it to exploitation by malicious actors. In the past year, while some users fell victim to targeted social engineering campaigns that infect their devices, most malware was embedded in malicious apps users inadvertently downloaded from official and unofficial sources. With the greatest number of users, Android's official app store Google Play has been the largest single source of infection. However, most of the sources of infection were other third-party stores.
 Users are duped by apps that pose as legitimate resources or services, or that are advertised fraudulently by displaying branding associated with credible organizations. Apps have been found that impersonate Uber, any number of financial institutions, gaming apps and perhaps most galling, security apps. Mobile malware is generally delivered and deployed via a multi-step process requiring some user interaction. This presents threat actors with many opportunities to infiltrate a device. For example, once installed, many malicious apps request users to approve unnecessary privileges, such as administration access, to execute processes. Overlays (superimposing phishing screens on a legitimate app) are also used to prompt users to provide sensitive information, such as credentials or financial data.
So, what's the ultimate endgame for cyber criminals? The most prevalent objective is espionage – gathering information through profiling device data or recording phone calls and messages. Mobile banking malware, such as Marcher and BankBot, uses sophisticated techniques to harvest user banking data, including overlays specific to target banks, and intercepts SMS messages to obtain multi-factor authentication codes. Recently, mobile devices have also been targeted for cryptocurrency mining. While less powerful than desktops and servers used for this purpose, more Android devices exist, and they are often less protected and, thus, more easily accessible. You can expect t |
Uber |