Thursday, April 30, 2015
Tuesday, March 31, 2015
When malware meets advertising, malvertising is the offspring. Yes folks. Black Hat hackers have learned how to push their malware using non-traditional means, advertisements on web sites. What's really scary about this attack vector is that a victim can be infected without even clicking on the link. Just by mousing over the ad can cause infection.
Ramsom ware such as CryptoWall versions 2 & 3 have adopted malvertising as an attack vector to go along with the traditional phishing email. Once CryptoWall infects a Windows-based computer, it encrypts the contents of folders such as 'My Documents' so that the computer will still function to provide the victim with a ransom note. The ransom note will describe what happen and how much the victim must pay (typically $500) to get their personal files back unencrypted.
To overcome ransom ware such as CryptoWall, it's critical to keep off-line backups of computer hard drives. Ransomware such as CryptoWall has the intelligence to detect attached external hard drives or network shared drives and encrypt those as well.
Anyone out there been hit with CryptoWall, share your experience.
Monday, February 23, 2015
I'll definitely welcome an early Spring in the South. I've had just about enough ice for the winter. While all the details of the recent cyber breach at Anthem still unfold, Wall Street Journal reported that the approximately 80 million records of patient data or patient health information (PHI) was not encrypted on company servers. While encrypting sensitive data on servers is not a firm requirement per HIPAA, it is a requirement to implement the an alternative to encryption if it's not feasible.
I've heard the excuses that it's complicated to maintain an encryption infrastructure for PHI contained on a server. Well, security usually isn't an easy fix and I'm sure Anthem (and all of their compromised patients) wish the extra mile was taken to secure PHI. A simple Google search shows numerous solutions to encrypt server data and the difficulty of the process can be outsourced to competent third party vendors.
From my experience as an Information Assurance Manager ensuring the security of various computer systems, if a security safeguard (i.e. data encryption) is not required but a good to have in many cases valid excuses are always found to not implement the safeguard. If we're going to be serious about securing patient data, at a minimum secure alternative safeguards to server data encryption must be required of covered health providers and insurance companies.
Friday, January 23, 2015
As far as the SOTU is concerned, I get goose bumps whenever the President mentions Cybersecurity in the SOTU. It reinforces to me the importance of learning about the topic and being an expert in the field. Recent attacks such as the hacking of the Twitter and YouTube accounts for US Central Command further validate the importance of Cybersecurity. From what I see in my career on a daily basis, it seems that private industry is taking Cybersecurity seriously and on a path to make the necessary investments to mitigate the risk of Cyber breaches. Jimmie Walker
Wednesday, December 24, 2014
Since my last post, so much has happen in the Cyber attack world. Sony has been in the news daily. Not for strong PS4 sales but for a serious Cyber breach that has exposed substantial proprietary information and PII. It's estimated that the financial losses from the Sony Pictures Cyber breach will easily reach into the multi-hundred millions.
Just this Monday, Internet access to and from North Korea (the country attributed to the Sony Cyber breach according to the FBI) was non-existent. Was this a proportionate response by the U.S. or North Korea simply cutting off Internet access to eliminate a Cyber attack response from the U.S., the general public is left to wonder but obviously someone in the U.S. or North Korean government knows the answer.
Well companies out there, enjoy the holidays but remember to keep your guard up for Cyber attacks. Hackers are not taking the holidays off. They'll definately exploit the opportunity to catch a company wrapped in holiday cheer and fleece the company of proprietary data or cause network infrastructure disruption. Also take note of my posts of the past that highlight steps to take to mitigate the impact of a Cyber breach.
Monday, November 24, 2014
After downloading a report just released by CyberArk regarding the dangers of not properly securing user accounts with elevated permissions (i.e. admin accounts), I reflected on how I was always taught that administrators should have both a user level account with the standard level of rights and admin level accounts with elevated rights. As well, administrators should only use their elevated accounts when additional permissions were needed to perform their work-related duties. While it's good to minimize the time in which an administrator has elevated permissions to minimize the attack window for a Cyber Actor to take control of an elevated account, it's also important that administrator accounts are appropriately fortified to minimize the risk of takeover. For example, make sure that default passwords to administrator accounts are disabled or changed to strong passwords. Minimize the amount of administrator accounts to reduce the attack surface. If an employee no longer requires administrator access or other elevated rights, remove them immediately.
In an April, 2013 post, I mentioned the practice of minimizing the usage of privileged accounts. Hopefully corporations will listen after CyberArk's recent report.