U.S. Power Grid Documents First Ever Cyber Disruption

We’ve talked critical infrastructure vulnerabilities quite a bit on this blog through the years but until today, our conversations have been confined to hypotheticals.

First Ever Cyber Disruption

According to an interview conducted May 4, 2019 on NPR the United States first cyber power grid disruption has been reported to the Department of Energy.

The disruption took place in March of this year in a geographic area reported broadly as “Utah, Wyoming and California – Southern California”.

No loss of power or service interruptions were reported in association with the “disruption” and the event was categorized as a “loss of visibility”. Essentially, operators were unable to see what was going on on the grid during the event.

Targeted DDOS

While specifics are short at this time, the root cause of the event has been attributed to a targeted DDOS attack directed at the network.

While in general DDOS attacks are fairly rudimentary tools in the hacking toolbox this particular DDOS showed signs that the hackers were familiar with the network and were able to exploit a flaw particular to it.

“In this case, the denial of service exploited a particular vulnerability, so it was a little bit more targeted than that. The hacker or hackers knew what they were doing and were able to actually find a particular flaw in this network equipment and send a certain type of packet or string of data to really make it stop working.”

How Vulnerable is the Grid?

That is the million dollar question. The U.S. power grid is a massively complicated and interconnected beast with connections to utilities large and small, sophisticated and philistine. The potential for infiltration and disruption has been documented and now proven, albeit in a rather minor way.

How Vulnerable is your network?

In a recent poll by eSecurityPlanet.com about 64 percent of respondents said they conduct penetration testing at least annually, and 60 percent conduct threat hunting exercises at the same rate. Do you? Our team of engineers and account executives has the skills and resources to quickly and efficiently determine the vulnerability of your network and offer solutions for any weaknesses found.

If you are interested in getting an outside, independent and unbiased analysis of your network’s security, simply give us a call or click here: https://konsultek.com/executive-risk-assessment/.

The first 20 respondents will receive a complimentary Executive Risk Assessment. This assessment will not only show you the risk and impact to your most critical digital assets but demonstrate the likelihood of a breach happening.

Hacker Discovers Vulnerability that Allows Him to Kill Car Engines

Interconnectivity and the Internet of Things hold the promise of a simpler, higher quality life. At least that’s the narrative that’s spun about smart appliances, medical devices and of course smart cars.

While there is undoubtedly some truth to the virtues of this interconnectedness there are also going to be pitfalls, mainly an increase in the number of vulnerabilities.

Cracking Tracking

In a story on motherboard.vice.com a hacker who goes by the name L&M shared his story of how he was able to hack into thousands of GPS tracker accounts on not one, but two different platforms. It turns out it wasn’t all that difficult thanks to some lazy coding that gave every new user account the same breathtakingly obvious default password 123456!

Armed with this knowledge L&M was able to scrape a “treasure trove” of customer data:

According to a sample of user data L&M shared with Motherboard, the hacker has scraped a treasure trove of information from ProTrack and iTrack customers, including: name and model of the GPS tracking devices they use, the devices’ unique ID numbers (technically known as an IMEI number); usernames, real names, phone numbers, email addresses, and physical addresses. (According to L&M, he was not able to get all of this information for all users; for some users he was only able to get some of the above information.)

Killing Engines

Cracking GPS apps and stealing thousands of customer’s information, geez, no big deal when one compares it to some of the shockingly large hospital and healthcare provider breaches of late, right? But here is where it gets far more interesting. These apps have features that allow the customers to remotely turn off their engines if the car is traveling at less than 12mph. Guess what? L&M claims that while he never did it, he certainly could if he wanted to. Traffic jams and gridlock on demand anyone?!

Securing Your network and the IoT

At Konsultek we build better security solutions from the ground up using the most advanced technologies available.

How secure is your network?

If you are interested in getting an outside, independent and unbiased analysis of your network’s security, simply give us a call or click here: https://konsultek.com/executive-risk-assessment/.

The first 20 respondents will receive a complimentary Executive Risk Assessment. This assessment will not only show you the risk and impact to your most critical digital assets but demonstrate the likelihood of a breach happening.

 

Coping with the Cybersecurity Talent Shortage

Image Source: foxbusiness.com

According to Fox Business the start of 2019 the cybersecurity worker shortage hit 3 million and there are no signs of this shortage going away anytime soon.

What’s a Company to Do?

With talent in such short supply many companies are faced with what seems like an unresolvable dilemma. On one hand they realize that without knowledgeable, experienced security staff they are leaving themselves more vulnerable. On the other hand, talent if it can even be found will come at a hefty price tag and is unlikely to stick around if a better offer presents itself as it surely will.

Managed Services is the Answer

What if you could outsource the problem altogether and get access to world-class security talent without the headaches of hiring and retention? Well you can and at Konsultek we’ve developed an entire suite of managed services that help you secure your network without having to secure talent.

A Sweet Suite of Services

Our off-the-shelf managed services include:

  • Cyber Threat Intelligence
  • Device Management
  • Infrastructure and Life Cycle Management
  • Managed Help Desk
  • Managed Messaging Service
  • Network Access Control
  • Network Visibility and Monitoring
  • Siem & Log Management
  • Vulnerability Management.

Have a security need you don’t see covered? No problem. Give us a call to discuss your particular needs. Relax! Chances are we’ll be able to develop a customized managed security suite just for you.

Critical Infrastructure Attacks Become More Ominous

Critical infrastructure attacks are a concern for every nation and every citizen alike. A disruption to any of our major utilities such as Power, gas and water could cripple entire metro-areas here in the United States.

We’ve written about the vulnerability of critical infrastructure many times. In 2017 we discussed a hack of a Texas tornado warning system and last year we discussed sub-station vulnerabilities.

From IT to OT

The typical infrastructure attack unfolds as follow. The IT network gets hacked from any of the usual attack vectors (phishing, spearphishing, unpatched vulnerability etc.). Once the hacker has control he makes his way over to the OT network and begins working to achieve some level of operational control capability.

From OT to SIS

In the latest twist on critical infrastructure vulnerability, FireEye is now reporting that hacking groups are using a sophisticated piece of malware known as Triton to move beyond the OT systems and into the SIS (Safety Instrumented System). This is a serious concern since the hacker’s might be able to override or disable safety warnings and protocols that would otherwise prevent potentially dangerous situations.

FireEye first reported on Triton in late 2017 after uncovering it as part of a sophisticated critical infrastructure attack. Triton has now been found again. Here is what FireEye reports:

“After establishing an initial foothold on the corporate network, the TRITON actor focused most of their effort on gaining access to the OT network. They did not exhibit activities commonly associated with espionage, such as using key loggers and screenshot grabbers, browsing files, and/or exfiltrating large amounts of information. Most of the attack tools they used were focused on network reconnaissance, lateral movement, and maintaining presence in the target environment.

The actor was present in the target networks for almost a year before gaining access to the Safety Instrumented System (SIS) engineering workstation. Throughout that period, they appeared to prioritize operational security.”

Industrial Control Systems are Vulnerable

FireEye’s research indicates that the malicious actor deploying Triton and related tools has been operational since 2014 which leads to speculation that the number of affected (infected?) critical infrastructure networks could by this time be quite large. FireEye’s advice is that ICS asset owners should implement security solutions that focus on both detection and defense across their IT and OT Windows based systems.

Konsultek Holistic Security Solutions

Konsultek specializes in holistic security solutions that detect, defend and neutralize threat actors using cutting edge technologies from the world’s leading security companies.

If you are interested in getting an outside, independent and unbiased analysis of your network’s security, simply give us a call or click here: https://konsultek.com/executive-risk-assessment/.

The first 20 respondents will receive a complimentary Executive Risk Assessment. This assessment will not only show you the risk and impact to your most critical digital assets but demonstrate the likelihood of a breach happening.

 

Rush Joins List of Healthcare Providers with Significant Breach

Image Source: https://www.rushu.rush.edu/rush-experience/our-location

A few weeks back we wrote about Easton Hospital and the lawsuit surrounding their 2014 loss of 4.5 million patients’ personal data.

Monday it was reported that a breach of similar data has occurred at Rush University Medical Center. At an estimated 45,000 records the breach is 100 times smaller than that which occurred at Easton Hospital and that is not the only dramatic difference between the two.

Chinese Hacking vs. Improper Disclosure

In the case of the Easton Hospital breach forensics traced the breach to the malicious efforts of a Chinese hacking group. In the case of Rush, no “hacking” took place. Instead, according to an article on the Chicago Tribune  website, “At Rush, an employee of one of the hospital system’s billing processing vendors improperly disclosed a file to “an unauthorized party,” likely in May 2018, according to a letter sent to affected patients.”

Wall of Shame

The U.S. Department of Health and Human Services Office for Civil Rights breach portal euphemistically referred to as the “wall of shame” points out several interesting things about the state of data security in the healthcare industry.

  • Breaches on the Rise – As compared to the same period during 2018, 2019 is so far on a pace that is more than DOUBLE! (24 vs. 59)
  • Averaging About 1 Medical Related Breach a Day – In the 65 days of 2019 we’ve flipped past on the calendar so far this year there have already been 59 data breaches reported on the wall of shame.
  • Big Breach Small Breach – The number of records disclosed range from as few as 576 (Managed Health Services) to as many as 400,000 (Columbia Surgical Specialist of Spokane)
  • Mainly Attributed to Hacking – 36 of the 59 breaches are attributed to Hacking/IT Incidents with Unauthorized Disclosure (14) and Theft (9) accounting for the majority of the remaining breaches.

Even the Best Security Can be Compromised

At Konsultek we develop world class security solutions that prevent, detect and respond to attempts to breach networks. However, as the Rush breach and the 13 other cases of Unauthorized Disclosure highlight, even world class security solutions can be compromised by inadvertent/malicious activities of employees and sub-contractors.  Ultimately, Network Access Control has to be more than a digital solution. Training, procedures and other management controls must work in concert with IT’s security efforts in order to prevent human powered security incidents.

Forescout® Sets a New Standard for Endpoint Visibility

According to Gartner, by 2023, the average CIO will be responsible for more than three times the endpoints they manage in 2018.
IT say Hello to OT
One of the primary drivers behind this endpoint increase will be the expansion in the number of IoT and OT endpoints. The role of IT is evolving and the IT department, CIOs and CISOs are going to have to become more operational focused in order to effectively manage security in the ever more connected world of business.
Forescout Leading the Way
“We see that the vast majority of this growth is coming from IoT and OT, as well as public and private cloud instances, over traditional IT and corporate managed devices,” said Michael DeCesare, CEO and president, Forescout. “With our latest platform release, Forescout is the only vendor that can offer true device visibility and control across the extended enterprise from IT to OT and scale to two million devices regardless of physical, virtual, cloud or hybrid environments.”
Introducing Forescout 8.1

Forescout 8.1 is the first unified device visibility and control platform for IT and OT networks. Finally, you can have complete situational awareness of all devices on your network and more effectively orchestrate actions to mitigate cyber and operational risk.


Konsultek Knows Forescout
As one of Forescout’s premier partners Konsultek has been helping customers across all industries gain visibility into their endpoints and more effectively control network access for years. So, whether you are looking for a self-managed implementation or a complete hands-off managed security service, Konsultek has the engineering expertise and direct access to Forescout’s top experts to make your endpoint security goals a reality.

Make 2019 the Year to Fight Phishing

We frequently write about the need for organizations to develop a culture of security. Last week, Konsultek partner Malwarebytes published a great post on this very subject emphasizing the need for every organization to have a formal anti-phishing plan.
Phishing – On the Rise Because it Works!

Source: Proofpoint Autumn 2018 Threat Report
According to Konsultek partner ProofPoint’s Autumn 2018 Threat Report corporate credential phishing attacks soared in the 3rd quarter of 2018.
Credential phishing skyrockets Credential phishing soared 300% vs. the previous quarter, though it’s too early to say whether the spike represents a seasonal blip or lasting trend. By stealing users’ credentials, attackers get access to all the sensitive data those users have access to and can impersonate them for future attacks.
While there are a myriad number of ways for phishing campaigns to ensnare your employees the most popular remains email. Here, the scammers continue to emphasize subject line urgency and display-name spoofing since they are the easiest to manipulate.
Fight Back Against Phishing!
1. Train your organization to be wary, question and verify. When someone gets a request from your CFO to wire money to an account that they don’t recognize or in an amount that seems unusual they need to feel empowered to question the request. If your C-team is doing its job in creating a security minded corporate culture your CFO will welcome their phone call double checking the request.
2. Be especially cognizant of the risk from mobile devices. From smishing (SMS phishing), to apps, to lengthy URLs that are difficult to view on mobile devices your employees are at a higher level of risk when they go mobile. That goes for organizations that issue devices and BYOD organizations.
3. Look outside to protect your brand. Phishers often attack brand customers directly through social media, email and the web. Follow the lead of big brands such as ebay and proactively educate your customers about phishing and scammers.
4. Assume phishing will be successful and build a robust email defense system that will prevent phishing as much as possible but also manage and quarantine risks when identified.
Konsultek Knows Phishing
At Konsultek we know phishing and security. How secure is your system? Do your employees know how to avoid phishing scams? If you are at all unsure let us help.
Our team of engineers and account executives has the skills and resources to quickly and efficiently determine the vulnerability of your network and offer solutions for any weaknesses found.
If you are interested in getting an outside, independent and unbiased analysis of your network’s security, simply give us a call or click here: https://konsultek.com/executive-risk-assessment/.
The first 20 respondents will receive a complimentary Executive Risk Assessment. This assessment will not only show you the risk and impact to your most critical digital assets but demonstrate the likelihood of a breach happening.

Survey Reveals Size Matters When Planning Security Spend

In mid-August 2018 Gartner published its prediction for an 8.7% increase in IT security spending in 2019. This week eSecurityPlanet.com released its State of IT Security Survey and revealed that when it comes to security spending in 2019, size matters.

Survey Says

Based on their survey, it will be the larger companies that will be primarily driving the 2019 increase in spend while smaller organizations will lag behind.

The vast majority of big spenders in the survey (69 percent) were mid-sized through very large organizations, and their spending lists are long.

By contrast, of the 46 percent of respondents who said their cybersecurity spending will remain flat or down slightly, 62 percent were from companies with fewer than 100 employees, and only a few were from very large companies.

Image Source: eSecurityPlanet.com

Where Will the Spend be Focused?

According to the survey respondents the majority of the spending will be on proven core security technologies -specifically NAC, web gateways and DLP. This is consistent with what we’re seeing at Konsultek and represents the bedrock of our expertise. Our holistic approach to security solutions is built upon weaving together offerings from leaders in each of these fields such as ForeScout, F5, Forcepoint and Checkpoint.

Are You Prepared?

About 64 percent of respondents said they conduct penetration testing at least annually, and 60 percent conduct threat hunting exercises at the same rate. Do you? Our team of engineers and account executives has the skills and resources to quickly and efficiently determine the vulnerability of your network and offer solutions for any weaknesses found.

If you are interested in getting an outside, independent and unbiased analysis of your network’s security, simply give us a call or click here: https://konsultek.com/executive-risk-assessment/.

The first 20 respondents will receive a complimentary Executive Risk Assessment. This assessment will not only show you the risk and impact to your most critical digital assets but demonstrate the likelihood of a breach happening.

Easton PA Hospital Getting Close to Settling Breach Lawsuit

Easton, PA is a small town in Pennsylvania’s beautiful Lehigh Valley with a population of just under 30,000. It is probably best known as the home of America’s beloved Crayola crayons.

Image Source: Google Maps

Targeted by Chinese Hackers

It wasn’t Crayola however that Chinese hackers were interested in back in August, 2014 when they executed a cyberattack on another Easton landmark, it was the local hospital. At the time, Easton Hospital was owned by CHS (Community Health Systems) of Franklin, TN. According to Easton Hospital and CHS thieves stole the personal data of some 4.5 million patients including names, birthdates, phone numbers and Social Security numbers.

Lawsuit Pending Approval

Today, nearly 5 years later a host of lawsuits have been consolidated into one larger suit that is about to be settled by a judge in Atlanta. If approved by the judge this August, qualifying victims would be eligible for two types of payments:

  1. Up to $250 for out-of-pocket expenses and documented time lost from the breach.
  2. Up to $5,000 for losses due to identify fraud or identity theft from the cyberattack.

Joining an Ever Growing List

ClassAction.com maintains a list of notable data breaches to which the Easton breach could potentially be added based upon its scope. Here is the list:

  • Anthem: $115 million
  • Target: $28.5 million ($18.5M for states, $10M for consumers)
  • Home Depot (affected 50 million cardholders): $19.5 million settlement
  • Sony (PlayStation network breach): $15 million
  • Ashley Madison: $12.8 million ($11.6M for consumers, $1.2M for states and the FTC)
  • Sony (employee information breach): $8 million
  • Stanford University Hospital and Clinics: $4.1 million
  • AvMed Inc.: $3.1 million
  • Vendini: $3 million
  • Schnuck Markets: $2.1 million

A Wakeup Call for All Healthcare Providers

This settlement should serve as a wakeup call for all healthcare providers. If only a quarter of the 4.5 million patients receive just the $250 payout the cost to the affected parties would be over $281 million dollars!

Healthcare providers by nature have access to the most sensitive personal data on the planet. You know that, I know that and the cybercriminal element knows that. Because of this we foresee a continued targeting of healthcare providers going forward. From simple information stealing to more elaborate ransomware attacks, healthcare providers need to make certain that their network security is as robust as possible.

How Konsultek Can Help

At Konsultek we eat, sleep and breathe security.

Our team of engineers and account executives has the skills and resources to quickly and efficiently determine the vulnerability of your network and offer solutions for any weaknesses found.

If you are interested in getting an outside, independent and unbiased analysis of your network’s security, simply give us a call or click here: https://konsultek.com/executive-risk-assessment/.

The first 20 respondents will receive a complimentary Executive Risk Assessment. This assessment will not only show you the risk and impact to your most critical digital assets but demonstrate the likelihood of a breach happening.

 

Mortgage and Loan Data Leaked Twice

7 days ago Techcrunch revealed that independent security researcher Bob Diachenko had found 24 million financial and banking documents exposed to the world as a result of a server security flaw. Considering the type of data exposed – loan documents, sensitive financial and tax documents – this was a significant and very serious breach.

“These documents contained highly sensitive data, such as Social Security numbers, names, phones, addresses, credit history and other details which are usually part of a mortgage or credit report,” Diachenko told TechCrunch. “This information would be a gold mine for cyber criminals who would have everything they need to steal identities, file false tax returns, get loans or credit cards.”

The leaked documents were OCR (Optical Character Recognition) files and while the compromised server was immediately shut down once the security flaw was identified there is no telling how many cybercriminals might have already accessed the files.

Who’s at Fault?

After working through the various parties involved it appears that the source of the breach was the machine learning firm OpticsML. Which according to their website (now offline) “will automate the page indexing and data extraction process entirely. Different from traditional OCR companies, Optics Machine Learning trains computers to read and understand documents like a human, enabling an 80% reduction in labor needs alongside higher levels of accuracy so your analysts can focus on higher level tasks.”

Same Documents Released AGAIN!

In a surprising “you can’t make this stuff up” twist on this already monumental breach, the following day Dianchenko found the original loan documents on an “easy to guess” web address on an Amazon AWS server without so much as simple password protection! Considering that Amazon AWS storage servers have a default privacy setting of “private” it seems that someone either accidentally or consciously set the permissions to public.

While this may not end up being the largest data breach of 2019, with more than 11 months left in the year it surely has secured its place in the top 10 most significant breaches by virtue of the fact that the same information was exposed twice in two different formats on completely different storage networks.

Security On Your Mind?

At Konsultek we eat, sleep and breathe security. If you are interested in getting an outside, independent and unbiased analysis of your network’s security simply give us a call or click here https://konsultek.com/executive-risk-assessment/  First 20 that click thru get a complimentary Executive Risk Assessment. This assessment will not only show you risk and impact to your most critical digital assets but demonstrate the likelihood of a breach happening.  Our team of engineers and account executives has the skills and resources to quickly and efficiently determine the vulnerability of your network and offer solutions for any weaknesses found.

© Copyright 2018 Konsultek