Survey Reveals Size Matters When Planning Security Spend

In mid-August 2018 Gartner published its prediction for an 8.7% increase in IT security spending in 2019. This week eSecurityPlanet.com released its State of IT Security Survey and revealed that when it comes to security spending in 2019, size matters.

Survey Says

Based on their survey, it will be the larger companies that will be primarily driving the 2019 increase in spend while smaller organizations will lag behind.

The vast majority of big spenders in the survey (69 percent) were mid-sized through very large organizations, and their spending lists are long.

By contrast, of the 46 percent of respondents who said their cybersecurity spending will remain flat or down slightly, 62 percent were from companies with fewer than 100 employees, and only a few were from very large companies.

Image Source: eSecurityPlanet.com

Where Will the Spend be Focused?

According to the survey respondents the majority of the spending will be on proven core security technologies -specifically NAC, web gateways and DLP. This is consistent with what we’re seeing at Konsultek and represents the bedrock of our expertise. Our holistic approach to security solutions is built upon weaving together offerings from leaders in each of these fields such as ForeScout, F5, Forcepoint and Checkpoint.

Are You Prepared?

About 64 percent of respondents said they conduct penetration testing at least annually, and 60 percent conduct threat hunting exercises at the same rate. Do you? Our team of engineers and account executives has the skills and resources to quickly and efficiently determine the vulnerability of your network and offer solutions for any weaknesses found.

If you are interested in getting an outside, independent and unbiased analysis of your network’s security, simply give us a call or click here: https://konsultek.com/executive-risk-assessment/.

The first 20 respondents will receive a complimentary Executive Risk Assessment. This assessment will not only show you the risk and impact to your most critical digital assets but demonstrate the likelihood of a breach happening.

Easton PA Hospital Getting Close to Settling Breach Lawsuit

Easton, PA is a small town in Pennsylvania’s beautiful Lehigh Valley with a population of just under 30,000. It is probably best known as the home of America’s beloved Crayola crayons.

Image Source: Google Maps

Targeted by Chinese Hackers

It wasn’t Crayola however that Chinese hackers were interested in back in August, 2014 when they executed a cyberattack on another Easton landmark, it was the local hospital. At the time, Easton Hospital was owned by CHS (Community Health Systems) of Franklin, TN. According to Easton Hospital and CHS thieves stole the personal data of some 4.5 million patients including names, birthdates, phone numbers and Social Security numbers.

Lawsuit Pending Approval

Today, nearly 5 years later a host of lawsuits have been consolidated into one larger suit that is about to be settled by a judge in Atlanta. If approved by the judge this August, qualifying victims would be eligible for two types of payments:

  1. Up to $250 for out-of-pocket expenses and documented time lost from the breach.
  2. Up to $5,000 for losses due to identify fraud or identity theft from the cyberattack.

Joining an Ever Growing List

ClassAction.com maintains a list of notable data breaches to which the Easton breach could potentially be added based upon its scope. Here is the list:

  • Anthem: $115 million
  • Target: $28.5 million ($18.5M for states, $10M for consumers)
  • Home Depot (affected 50 million cardholders): $19.5 million settlement
  • Sony (PlayStation network breach): $15 million
  • Ashley Madison: $12.8 million ($11.6M for consumers, $1.2M for states and the FTC)
  • Sony (employee information breach): $8 million
  • Stanford University Hospital and Clinics: $4.1 million
  • AvMed Inc.: $3.1 million
  • Vendini: $3 million
  • Schnuck Markets: $2.1 million

A Wakeup Call for All Healthcare Providers

This settlement should serve as a wakeup call for all healthcare providers. If only a quarter of the 4.5 million patients receive just the $250 payout the cost to the affected parties would be over $281 million dollars!

Healthcare providers by nature have access to the most sensitive personal data on the planet. You know that, I know that and the cybercriminal element knows that. Because of this we foresee a continued targeting of healthcare providers going forward. From simple information stealing to more elaborate ransomware attacks, healthcare providers need to make certain that their network security is as robust as possible.

How Konsultek Can Help

At Konsultek we eat, sleep and breathe security.

Our team of engineers and account executives has the skills and resources to quickly and efficiently determine the vulnerability of your network and offer solutions for any weaknesses found.

If you are interested in getting an outside, independent and unbiased analysis of your network’s security, simply give us a call or click here: https://konsultek.com/executive-risk-assessment/.

The first 20 respondents will receive a complimentary Executive Risk Assessment. This assessment will not only show you the risk and impact to your most critical digital assets but demonstrate the likelihood of a breach happening.

 

Mortgage and Loan Data Leaked Twice

7 days ago Techcrunch revealed that independent security researcher Bob Diachenko had found 24 million financial and banking documents exposed to the world as a result of a server security flaw. Considering the type of data exposed – loan documents, sensitive financial and tax documents – this was a significant and very serious breach.

“These documents contained highly sensitive data, such as Social Security numbers, names, phones, addresses, credit history and other details which are usually part of a mortgage or credit report,” Diachenko told TechCrunch. “This information would be a gold mine for cyber criminals who would have everything they need to steal identities, file false tax returns, get loans or credit cards.”

The leaked documents were OCR (Optical Character Recognition) files and while the compromised server was immediately shut down once the security flaw was identified there is no telling how many cybercriminals might have already accessed the files.

Who’s at Fault?

After working through the various parties involved it appears that the source of the breach was the machine learning firm OpticsML. Which according to their website (now offline) “will automate the page indexing and data extraction process entirely. Different from traditional OCR companies, Optics Machine Learning trains computers to read and understand documents like a human, enabling an 80% reduction in labor needs alongside higher levels of accuracy so your analysts can focus on higher level tasks.”

Same Documents Released AGAIN!

In a surprising “you can’t make this stuff up” twist on this already monumental breach, the following day Dianchenko found the original loan documents on an “easy to guess” web address on an Amazon AWS server without so much as simple password protection! Considering that Amazon AWS storage servers have a default privacy setting of “private” it seems that someone either accidentally or consciously set the permissions to public.

While this may not end up being the largest data breach of 2019, with more than 11 months left in the year it surely has secured its place in the top 10 most significant breaches by virtue of the fact that the same information was exposed twice in two different formats on completely different storage networks.

Security On Your Mind?

At Konsultek we eat, sleep and breathe security. If you are interested in getting an outside, independent and unbiased analysis of your network’s security simply give us a call or click here https://konsultek.com/executive-risk-assessment/  First 20 that click thru get a complimentary Executive Risk Assessment. This assessment will not only show you risk and impact to your most critical digital assets but demonstrate the likelihood of a breach happening.  Our team of engineers and account executives has the skills and resources to quickly and efficiently determine the vulnerability of your network and offer solutions for any weaknesses found.

2018 HIMSS Cybersecurity Survey Findings

The 2018 HIMSS Cyber Security Survey has been released and it’s a “must read” for anyone in the healthcare security space.

Most Respondents Have Had a Significant Security Incident

An overwhelming 75% of survey respondents indicated that their organization had experienced a significant security incident in the past 12 months. It is unfortunate that the 2017 survey did not include this question for comparison purposes so it is impossible to tell whether the respondents would have indicated this is an increase or decrease over 2017.

Image Source: 2018 HIMSS Cybersecurity Survey

Phishing and Negligence are Top Threat Actors

37.6% of respondents identified “online scam artists” such as though behind phishing and spear phishing campaigns as the #1 threat actor in 2018. Next in line? “Negligent insiders” at 20.8%.  Negligent Insiders are defined as well-meaning but negligent individuals with trusted access that inadvertently may facilitate a breach.

E-mail Dominates as the Initial Point of Compromise

While this is no surprise given the #1 position of “online scam artists” cited above, the attribution of phishing emails as the starting point for 61.9% of all significant security events was higher than expected. This strongly suggests that in addition to robust network security detection and containment solutions healthcare providers should also be investing to create a culture of security through employee training.

More Resources Being Allocated to Cybersecurity

If there is a bright spot in the survey it is certainly that healthcare organizations as a whole (83.4%) are allocating more resources to cybersecurity. This is good news since 2018 saw cybercriminals increasing their focus on healthcare and other high profile industries that have deep pockets and a low threshold of pain.

The Cure for Your Cyber Security Pain

Konsultek knows healthcare security. Organizations both small and large trust their network security to our customized solutions and holistic approach. If you are experiencing the symptoms of a cybersecurity illness it may be time to schedule an appointment with one of our specialists.  From executive assessments to penetration testing we have the knowhow and experience to identify and cure what ails you.

Navy Responds to Cyber Breaches with Research Solicitation

Navy Responds to Cyber Breaches with Research Solicitation

Back in December we covered the Navy’s alarming revelation that significant cyber breaches had occurred over the prior 18 months.

 

Corrective Actions Already Underway

Last week NAVAIR updated their Resilient Cyber Warfare Capabilities for NAVAIR Weapon Systems solicitation. This solicitation, originally issued July 6, 2018 seeks research support technologies that are applicable to making the NAVAIR Weapon Systems more resilient to cyber-attack. It’s good to know that NAVAIR has already been making efforts to take corrective actions after the October 2018 GAO Study found that some of the most sophisticated weapons systems were vulnerable to relatively simplistic attacks.

3 Pillars of Interest

According to an article on fithdomain.com NAVAIR is planning to better protect its systems moving forward by improving its capabilities in 3 areas.

  1. Dynamic Reconfiguration – when a network makes “changes to router rules, access control lists, intrusion detection/prevention system parameters, and filter rules for firewalls and gateways.” – as defined by NIST.
  2. Deception Tactics – “Leveraging classical denial and deception techniques to understand the specifics of adversary attacks enables an organization to build an active, threat-based cyber defense,” – according to researchers at MITRE.
  3. Artificial Intelligence – “We see that the more we automate our networks and the more we use machines to do the heavy lifting, the better. Our brains do not have the intellectual capacity to process all of that information,” – Rear Adm. Danelle Barrett, Navy Cyber Security Division Director.

Mirrors Konsultek’s Approach

What does protecting NAVAIR weapons systems and protecting your network have in common? In both cases a dynamic, holistic approach to security is needed. At Konsultek our custom security solutions defend, detect and secure networks against attacks from all manner of threat vectors. When you’re ready to take the next step in advanced network protection, give us a call to learn more.

Malware Bytes Identifies New Malvertising Threat

The allure of watching a new release for free or streaming a season of your favorite show that is unavailable on any of the major streaming platforms might lead you to one of the many sketchy Torrent or streaming video sites out there on the web.

And, you wouldn’t be alone. These sites attract visitors like moths to a flame. And, just like those moths, some of these visitors are going to get burned according to a recent analysis by Konsultek partner Malwarebytes.

Malvertising Flow

The flow, as shown below begins with aggressive advertising on video sharing and torrent sites and then proceeds with the Fallout exploit kit and a new innovative piece of malware now known as Vidar.

 

Vidar – Silent but Slick

Vidar, now for sale for just $700, is named after the Norse son of Odin who is referred to as the “The Silent One”.

According to Malwarebytes  this moniker “seems to be fitting for this stealer that can loot from browser histories (including Tor Browser) and cryptocurrency wallets, capture instant messages, and much more.”

Malvertising Packs 1-2 Punch

In this latest Malvertising scheme the end-user victim ultimately not only has their vital information stolen, but also has their files held ransom after the fact. A combination punch that Floyd Mayweather himself would appreciate.

Konsultek Has You Covered

While common sense and good Internet hygiene will go a long way to keeping your files and information safe, Konsultek and their partners like Malwarebytes are constantly researching, analyzing and defending so that our clients are safe and secure.

In the case of this latest Malvertising campaign Malwarebytes users are protected against this threat at multiple levels. Malwarebytes signatureless anti-exploit engine mitigates the Internet Explorer and Flash Player exploits delivered by the Fallout exploit kit. The Vidar stealer is detected as Spyware. And GandCrab is thwarted via their anti-ransomware module.

So while you should avoid bad neighborhoods as a matter of practice, it’s good to know that Konsultek has your back if you should happen to stray into one.

 

 

 

Chinese Hackers Breach Naval Contractors

As the investigation into Marriott’s massive breach continues one front runner in the blame game is rapidly emerging – China.
Now information is coming to light that over a period of 18 months China has stolen everything from maintenance records to missile plans by infiltrating Navy contractors according to a story in the Wall Street Journal.

The Easy Approach to R&D

The US Navy develops and employs some of the most advanced technologies in the world. China has an unabashed culture of intellectual property theft as a short cut to research and development. Combine the two and you have a high priority state sponsored hacking target and some rough seas for the US Navy and its supply chain.

Difficult to Secure

The US Navy employs tens of thousands of civilian contractors and subcontractors. These companies, both large and small have network vulnerabilities and social engineering vulnerabilities just like every other organization in the world. Universities with research labs present another point of vulnerability as the Navy utilizes these hi-tech facilities to stay at the cutting edge. This makes it exceedingly difficult to secure files that must be shared, whether they are top-secret plans or mundane maintenance schedules.

According to the Wall Street Journal:

“Navy officials declined to say how many attacks had taken place during the 18-month period except to say that there were “more than a handful,” calling the breaches troubling and unacceptable.”

Up Periscope

Private sector researchers have linked the contractor breaches to a suspected Chinese government hacking team known as Temp.Periscope or Leviathan. This team often uses email phishing schemes to gain access to targeted computer networks.- Just one more example of how well social engineering works, even against organizations working at the highest levels of security.

Maintaining a Competitive Advantage

It is imperative that our military maintain a competitive advantage in its ability to wage war and defend against threats. Losing next generation technologies to China and other potential enemies makes this task even more difficult. But there could be more at stake than just the siphoning of secrets. If unfriendly nation states can infiltrate the networks of our military (and critical  infrastructure!) can the battlefield be switched to a more virtual one that does not rely on traditional military actions for success?

Keep Safe, Keep Secure

If social engineering, phishing, endpoint control and watering holes have you wondering how you’ll stay safe and secure it’s time to pick up the phone and call Konsultek. Our custom security solutions can keep your information safe in an increasingly perilous cyber world.

Secret Sister Returns to Facebook Just in Time for the Holidays

If successful, the end result is the same. A few people at the top of the pyramid will receive hundreds of gifts that they can either keep or resell for cash while most participants end up with nothing.

Chain letter, pyramid scheme or gateway to identity theft, this is one holiday tradition you would be wise to avoid according to the Better Business Bureau and the Police.

From Post Office Plague to Social Media Manipulation

Back in the good old days chain letters such as the Secret Sister relied on the hopes and dreams of unwitting participants and the US Postal service. Today, the hopes and dreams are still required but the Post Office has been replaced by Facebook.

 

More Than Disappointing, It’s Illegal

Ok, so perhaps the prospect of spending $10 on a gift on the off-chance that the Secret Sister post you received from a relative or friend is “legit” holds some appeal and not a lot of downside. Well, that’s where you could be wrong. According to the US Postal Service:

There’s at least one problem with chain letters. They’re illegal if they request money or other items of value and promise a substantial return to the participants. Chain letters are a form of gambling, and sending them through the mail (or delivering them in person or by computer, but mailing money to participate) violates Title 18, United States Code, Section 1302, the Postal Lottery Statute. (Chain letters that ask for items of minor value, like picture postcards or recipes, may be mailed, since such items are not things of value within the meaning of the law.)

While the chance that your participation in a Secret Sister chain letter or chain post as it were will lead to any serious run ins with the law is pretty slim, perhaps even less likely than your actually receiving a gift, it’s noteworthy that the US Postal Inspection Service dedicates an entire page to chain letters!

Tis Better to Give Than Receive

Perhaps the real lesson here is that giving and sharing with others is what makes the Holiday Season so special. So go ahead and find ways to give to others that don’t involve a Secret Sister or similar chain concept and share and enrich the lives of friends, family and even complete strangers.

SaMSaM Held Atlanta Ransom. Who’s Next?

Image Source: SOPHOSLABS 2019 THREAT REPORT

Image Source: SOPHOSLABS 2019 THREAT REPORT

We’ve written quite a bit about municipalities large and small (think Atlanta, GA and Batavia, IL) becoming the focus of hackers and cybercriminals. Today we’ll shed a little more light on the malware that brought Atlanta to its knees in March.
SaMSaM for Ransom
Dubbed SaMSaM, researchers at Sophos have dedicated a portion of their SOPHOSLABS 2019 THREAT REPORT to this highly profitable group of malware maestros. Sophos describes SamSam’s highly personalized, hi-touch ransomware attacks as being akin to a “cat burglar” as opposed to the more “smash and grab” approach of automated ransomware attacks that utilize commodity ransomware such as GandCrab.

The Advantages of Being Hands-On
Rather than relying on automation to rapidly attack hundreds of systems at once and hoping that some sort of exploitable vulnerability surfaces, for nearly 3 years SamSam has applied an old school hands-on approach to infiltration and infection. It typically begins by brute-forcing RDP passwords, which ultimately leads to harvesting domain admin credentials. With these credentials in hand SamSam then waits for just the right moment, say Friday evening on a holiday weekend to strike – pushing out the malware to as many machines as possible simultaneously
This hi-touch, cat burglar approach has allowed SamSam to focus on vulnerable targets with deep pockets and has yielded known ransom payments totaling $6.5 Million USD in a little under 3 years.
Imitation is the Sincerest Form of Flattery
Even though the mysterious folks behind SamSam do not appear to collaborate, or even brag in forums, their high value exploits have not gone unnoticed and several impersonators have spawned such as the ultra-high ransom group BitPaymer which reportedly charges ransoms in the $50,000 to $1MM dollar range.
Konsultek’s Recommendation – Rein in RDP and Get the Fundamentals Locked Down
Since many of the worst manual ransomware attacks have relied upon Windows Remote Desktop as a point of entry it stands to reason making sure you have this potential avenue of ingress secured should be a top priority. Once this basic vulnerability is secured you should also make sure that your team is practicing good password management and keeping systems up to date and patched. Even the most sophisticated security solutions will be hamstrung if sloppy network hygiene virtually invites hackers in!
If you’d like a free visibility report to potential problems mentioned in this blog, please contact us immediately.

Is Automation the Key to Lower Incident Response Times?

This year’s SANS Endpoint Security Survey report is loaded with interesting statistics such as:

  • 42% of IT professionals acknowledged they had suffered a breach on their endpoints.
  • 20% said they did not know if they had been breached.
  • 82% of those that knew of a breach said it had involved a desktop.
  • 69% cited corporate laptops.
  • 42% cited employee-owned laptops.
  • 47% of antivirus capabilities detected threats.
  • 26% of breaches were detected by endpoint detection and response (EDR) capabilities.

It was this last response that was of particular interest, so we took a deeper dive.

Endpoints Up Response Times Down

One of the challenges facing security professionals is the seemingly ever expanding number of endpoints that need to be monitored. It’s akin to having an ever expanding fence line that needs to be patrolled and maintained by a rancher to prevent loss of livestock to predators.

 

Interestingly enough, despite the growth in endpoints this year’s report showed that incident response times are actually decreasing. One of the primary reasons for this is automated endpoint detections and response capabilities (EDR).

Are you Automated?

 

If you have purchased and fully implanted a next-gen EDR solution you can consider yourself and your organization firmly ahead of the curve.  As SANS Analyst and survey author Lee Neely states in the report:

 

“The diversity and quantity of endpoints in the modern enterprise are driving the need for more automation and predictive capabilities. While [organizations] are purchasing solutions to keep ahead of the emerging cyber threats, they appear to fall short on implementing the key purchased capabilities needed to protect and monitor the endpoint.”

In fact, to be more specific:

“Of the IT professionals that had acquired next-gen endpoint security solutions, 37% haven’t implemented their full capabilities”.

Let Konsultek Help You Automate

The SANS Incident Response Survey shows that the largest number of respondents had a “time to detect” between 6-24 hours, “time to contain” of 2-7 days and  finally a “time to remediate” of 2-7 days.  As security professionals looking to secure an ever more complex end-point “fence line” how do we accelerate the incident response time? The obvious answer is to use machine based automation.

Curious as to how that might work in your organization’s network? We’d be happy to explain! Just give us a call to discuss how a Konsultek custom security solution can take your organization to a whole new level of security.

 

© Copyright 2018 Konsultek