Survey Reveals Size Matters When Planning Security Spend

In mid-August 2018 Gartner published its prediction for an 8.7% increase in IT security spending in 2019. This week eSecurityPlanet.com released its State of IT Security Survey and revealed that when it comes to security spending in 2019, size matters.

Survey Says

Based on their survey, it will be the larger companies that will be primarily driving the 2019 increase in spend while smaller organizations will lag behind.

The vast majority of big spenders in the survey (69 percent) were mid-sized through very large organizations, and their spending lists are long.

By contrast, of the 46 percent of respondents who said their cybersecurity spending will remain flat or down slightly, 62 percent were from companies with fewer than 100 employees, and only a few were from very large companies.

Image Source: eSecurityPlanet.com

Where Will the Spend be Focused?

According to the survey respondents the majority of the spending will be on proven core security technologies -specifically NAC, web gateways and DLP. This is consistent with what we’re seeing at Konsultek and represents the bedrock of our expertise. Our holistic approach to security solutions is built upon weaving together offerings from leaders in each of these fields such as ForeScout, F5, Forcepoint and Checkpoint.

Are You Prepared?

About 64 percent of respondents said they conduct penetration testing at least annually, and 60 percent conduct threat hunting exercises at the same rate. Do you? Our team of engineers and account executives has the skills and resources to quickly and efficiently determine the vulnerability of your network and offer solutions for any weaknesses found.

If you are interested in getting an outside, independent and unbiased analysis of your network’s security, simply give us a call or click here: https://konsultek.com/executive-risk-assessment/.

The first 20 respondents will receive a complimentary Executive Risk Assessment. This assessment will not only show you the risk and impact to your most critical digital assets but demonstrate the likelihood of a breach happening.

Easton PA Hospital Getting Close to Settling Breach Lawsuit

Easton, PA is a small town in Pennsylvania’s beautiful Lehigh Valley with a population of just under 30,000. It is probably best known as the home of America’s beloved Crayola crayons.

Image Source: Google Maps

Targeted by Chinese Hackers

It wasn’t Crayola however that Chinese hackers were interested in back in August, 2014 when they executed a cyberattack on another Easton landmark, it was the local hospital. At the time, Easton Hospital was owned by CHS (Community Health Systems) of Franklin, TN. According to Easton Hospital and CHS thieves stole the personal data of some 4.5 million patients including names, birthdates, phone numbers and Social Security numbers.

Lawsuit Pending Approval

Today, nearly 5 years later a host of lawsuits have been consolidated into one larger suit that is about to be settled by a judge in Atlanta. If approved by the judge this August, qualifying victims would be eligible for two types of payments:

  1. Up to $250 for out-of-pocket expenses and documented time lost from the breach.
  2. Up to $5,000 for losses due to identify fraud or identity theft from the cyberattack.

Joining an Ever Growing List

ClassAction.com maintains a list of notable data breaches to which the Easton breach could potentially be added based upon its scope. Here is the list:

  • Anthem: $115 million
  • Target: $28.5 million ($18.5M for states, $10M for consumers)
  • Home Depot (affected 50 million cardholders): $19.5 million settlement
  • Sony (PlayStation network breach): $15 million
  • Ashley Madison: $12.8 million ($11.6M for consumers, $1.2M for states and the FTC)
  • Sony (employee information breach): $8 million
  • Stanford University Hospital and Clinics: $4.1 million
  • AvMed Inc.: $3.1 million
  • Vendini: $3 million
  • Schnuck Markets: $2.1 million

A Wakeup Call for All Healthcare Providers

This settlement should serve as a wakeup call for all healthcare providers. If only a quarter of the 4.5 million patients receive just the $250 payout the cost to the affected parties would be over $281 million dollars!

Healthcare providers by nature have access to the most sensitive personal data on the planet. You know that, I know that and the cybercriminal element knows that. Because of this we foresee a continued targeting of healthcare providers going forward. From simple information stealing to more elaborate ransomware attacks, healthcare providers need to make certain that their network security is as robust as possible.

How Konsultek Can Help

At Konsultek we eat, sleep and breathe security.

Our team of engineers and account executives has the skills and resources to quickly and efficiently determine the vulnerability of your network and offer solutions for any weaknesses found.

If you are interested in getting an outside, independent and unbiased analysis of your network’s security, simply give us a call or click here: https://konsultek.com/executive-risk-assessment/.

The first 20 respondents will receive a complimentary Executive Risk Assessment. This assessment will not only show you the risk and impact to your most critical digital assets but demonstrate the likelihood of a breach happening.

 

Mortgage and Loan Data Leaked Twice

7 days ago Techcrunch revealed that independent security researcher Bob Diachenko had found 24 million financial and banking documents exposed to the world as a result of a server security flaw. Considering the type of data exposed – loan documents, sensitive financial and tax documents – this was a significant and very serious breach.

“These documents contained highly sensitive data, such as Social Security numbers, names, phones, addresses, credit history and other details which are usually part of a mortgage or credit report,” Diachenko told TechCrunch. “This information would be a gold mine for cyber criminals who would have everything they need to steal identities, file false tax returns, get loans or credit cards.”

The leaked documents were OCR (Optical Character Recognition) files and while the compromised server was immediately shut down once the security flaw was identified there is no telling how many cybercriminals might have already accessed the files.

Who’s at Fault?

After working through the various parties involved it appears that the source of the breach was the machine learning firm OpticsML. Which according to their website (now offline) “will automate the page indexing and data extraction process entirely. Different from traditional OCR companies, Optics Machine Learning trains computers to read and understand documents like a human, enabling an 80% reduction in labor needs alongside higher levels of accuracy so your analysts can focus on higher level tasks.”

Same Documents Released AGAIN!

In a surprising “you can’t make this stuff up” twist on this already monumental breach, the following day Dianchenko found the original loan documents on an “easy to guess” web address on an Amazon AWS server without so much as simple password protection! Considering that Amazon AWS storage servers have a default privacy setting of “private” it seems that someone either accidentally or consciously set the permissions to public.

While this may not end up being the largest data breach of 2019, with more than 11 months left in the year it surely has secured its place in the top 10 most significant breaches by virtue of the fact that the same information was exposed twice in two different formats on completely different storage networks.

Security On Your Mind?

At Konsultek we eat, sleep and breathe security. If you are interested in getting an outside, independent and unbiased analysis of your network’s security simply give us a call or click here https://konsultek.com/executive-risk-assessment/  First 20 that click thru get a complimentary Executive Risk Assessment. This assessment will not only show you risk and impact to your most critical digital assets but demonstrate the likelihood of a breach happening.  Our team of engineers and account executives has the skills and resources to quickly and efficiently determine the vulnerability of your network and offer solutions for any weaknesses found.

2018 HIMSS Cybersecurity Survey Findings

The 2018 HIMSS Cyber Security Survey has been released and it’s a “must read” for anyone in the healthcare security space.

Most Respondents Have Had a Significant Security Incident

An overwhelming 75% of survey respondents indicated that their organization had experienced a significant security incident in the past 12 months. It is unfortunate that the 2017 survey did not include this question for comparison purposes so it is impossible to tell whether the respondents would have indicated this is an increase or decrease over 2017.

Image Source: 2018 HIMSS Cybersecurity Survey

Phishing and Negligence are Top Threat Actors

37.6% of respondents identified “online scam artists” such as though behind phishing and spear phishing campaigns as the #1 threat actor in 2018. Next in line? “Negligent insiders” at 20.8%.  Negligent Insiders are defined as well-meaning but negligent individuals with trusted access that inadvertently may facilitate a breach.

E-mail Dominates as the Initial Point of Compromise

While this is no surprise given the #1 position of “online scam artists” cited above, the attribution of phishing emails as the starting point for 61.9% of all significant security events was higher than expected. This strongly suggests that in addition to robust network security detection and containment solutions healthcare providers should also be investing to create a culture of security through employee training.

More Resources Being Allocated to Cybersecurity

If there is a bright spot in the survey it is certainly that healthcare organizations as a whole (83.4%) are allocating more resources to cybersecurity. This is good news since 2018 saw cybercriminals increasing their focus on healthcare and other high profile industries that have deep pockets and a low threshold of pain.

The Cure for Your Cyber Security Pain

Konsultek knows healthcare security. Organizations both small and large trust their network security to our customized solutions and holistic approach. If you are experiencing the symptoms of a cybersecurity illness it may be time to schedule an appointment with one of our specialists.  From executive assessments to penetration testing we have the knowhow and experience to identify and cure what ails you.

Navy Responds to Cyber Breaches with Research Solicitation

Navy Responds to Cyber Breaches with Research Solicitation

Back in December we covered the Navy’s alarming revelation that significant cyber breaches had occurred over the prior 18 months.

 

Corrective Actions Already Underway

Last week NAVAIR updated their Resilient Cyber Warfare Capabilities for NAVAIR Weapon Systems solicitation. This solicitation, originally issued July 6, 2018 seeks research support technologies that are applicable to making the NAVAIR Weapon Systems more resilient to cyber-attack. It’s good to know that NAVAIR has already been making efforts to take corrective actions after the October 2018 GAO Study found that some of the most sophisticated weapons systems were vulnerable to relatively simplistic attacks.

3 Pillars of Interest

According to an article on fithdomain.com NAVAIR is planning to better protect its systems moving forward by improving its capabilities in 3 areas.

  1. Dynamic Reconfiguration – when a network makes “changes to router rules, access control lists, intrusion detection/prevention system parameters, and filter rules for firewalls and gateways.” – as defined by NIST.
  2. Deception Tactics – “Leveraging classical denial and deception techniques to understand the specifics of adversary attacks enables an organization to build an active, threat-based cyber defense,” – according to researchers at MITRE.
  3. Artificial Intelligence – “We see that the more we automate our networks and the more we use machines to do the heavy lifting, the better. Our brains do not have the intellectual capacity to process all of that information,” – Rear Adm. Danelle Barrett, Navy Cyber Security Division Director.

Mirrors Konsultek’s Approach

What does protecting NAVAIR weapons systems and protecting your network have in common? In both cases a dynamic, holistic approach to security is needed. At Konsultek our custom security solutions defend, detect and secure networks against attacks from all manner of threat vectors. When you’re ready to take the next step in advanced network protection, give us a call to learn more.

Is Automation the Key to Lower Incident Response Times?

This year’s SANS Endpoint Security Survey report is loaded with interesting statistics such as:

  • 42% of IT professionals acknowledged they had suffered a breach on their endpoints.
  • 20% said they did not know if they had been breached.
  • 82% of those that knew of a breach said it had involved a desktop.
  • 69% cited corporate laptops.
  • 42% cited employee-owned laptops.
  • 47% of antivirus capabilities detected threats.
  • 26% of breaches were detected by endpoint detection and response (EDR) capabilities.

It was this last response that was of particular interest, so we took a deeper dive.

Endpoints Up Response Times Down

One of the challenges facing security professionals is the seemingly ever expanding number of endpoints that need to be monitored. It’s akin to having an ever expanding fence line that needs to be patrolled and maintained by a rancher to prevent loss of livestock to predators.

 

Interestingly enough, despite the growth in endpoints this year’s report showed that incident response times are actually decreasing. One of the primary reasons for this is automated endpoint detections and response capabilities (EDR).

Are you Automated?

 

If you have purchased and fully implanted a next-gen EDR solution you can consider yourself and your organization firmly ahead of the curve.  As SANS Analyst and survey author Lee Neely states in the report:

 

“The diversity and quantity of endpoints in the modern enterprise are driving the need for more automation and predictive capabilities. While [organizations] are purchasing solutions to keep ahead of the emerging cyber threats, they appear to fall short on implementing the key purchased capabilities needed to protect and monitor the endpoint.”

In fact, to be more specific:

“Of the IT professionals that had acquired next-gen endpoint security solutions, 37% haven’t implemented their full capabilities”.

Let Konsultek Help You Automate

The SANS Incident Response Survey shows that the largest number of respondents had a “time to detect” between 6-24 hours, “time to contain” of 2-7 days and  finally a “time to remediate” of 2-7 days.  As security professionals looking to secure an ever more complex end-point “fence line” how do we accelerate the incident response time? The obvious answer is to use machine based automation.

Curious as to how that might work in your organization’s network? We’d be happy to explain! Just give us a call to discuss how a Konsultek custom security solution can take your organization to a whole new level of security.

 

22Line Code “Scalpel” to Removes British Airways Customer Data

A couple weeks ago British Airways confirmed that the personal data of 380,000 customers had been stolen.

Magecart Again. Still?

On September 11th the simplicity of this surgical strike was revealed by RiskIQ and the details are pretty amazing. According to RiskIQ the incident, which lasted 15 days, was very similar to the breach of Ticket Master UK earlier in the year. That similarity combined with crawl data allowed them to quickly confirm that the threat actors were one in the same, Magecart.

Magecart is a group of criminals that specialize in web based credit card skimmers. RiskIQ actively monitors 2 billion pages of the world wide web for Magecart activity and Magecart is so active that RiskIQ gets hourly notifications of sites being hacked!

The 22 Line Scalpel

In the case of the British Airways hack, Magecart slightly modified their code so it went unnoticed by the RiskIQ automated crawlers and only after the fact could RiskIQ manually identify their handiwork. It turned out that the 22 lines of javascript shown below is what excised the personal data of 380,000 customers.

The same code also appears to have affected the British Airways mobile app for the same period of time. This is because the app was developed as an empty shell that simply pulled in functionality from the desktop site. While past Magecart attacks grabbed form data indiscriminately, these 22 lines were highly targeted, extracting payment information and sending it off to their own servers.

Konsultek Knows Security

Threat prevention, detection and quarantine are the hallmarks of a robust security solution. If your current approach to network security is a patchwork quilt of boxes and software that has been cobbled together over time it’s probably time to have us perform a comprehensive review. Simply give us a call and we’ll schedule a time to chat. It’s really that easy to get started.

While WannaCry is Making Headlines Docusign Breach Quietly Endangers Users

Rather than write the 1000th post about WannaCry (although our Partners at Proofpoint, their Engineer Darien Huss and a fellow called MalwareTech deserve a serious shout-out from the world for stopping WannaCry) I decided to cover something with potentially huge financial implications that has virtually gone under the radar by comparison.

While WannaCry was grabbing the cybersecurity headlines for the week, it turns out that online signature giant DocuSign was more quietly and in a rather methodical fashion, publicly disclosing the details of a significant and serious cyberbreach themselves.

Here’s an abbreviated timeline of what we know so far from DocuSign themselves.

Update 5/9/2017 – Malicious Email Campaign

DocuSign is tracking a malicious email campaign where the subject reads: “Completed: docusign.com – Wire Transfer Instructions for recipient-name Document Ready for Signature”.

The email contains a link to a downloadable Word Document which is designed to trick the recipient into running what’s known as macro-enabled-malware.

Update 5/15/2017 – Malicious Email Campaign

DocuSign is tracking a malicious email campaign where the subject reads: Completed *company name* – Accounting Invoice *number* Document Ready for Signature;The email contains a link to a downloadable Word Document which is designed to trick the recipient into running what’s known as macro-enabled-malware.

These emails are not associated with DocuSign. They originate from a malicious third-party using DocuSign branding in the headers and body of the email. The emails are sent from non-DocuSign-related domains including dse@docus.com. Legitimate DocuSign signing emails come from @docusign.com or @docusign.net email addresses.

Update 5/15/2017 – Latest update on malicious email campaign

Last week and again this morning, DocuSign detected an increase in phishing emails sent to some of our customers and users – and we posted alerts here on the DocuSign Trust Site and in social media. The emails “spoofed” the DocuSign brand in an attempt to trick recipients into opening an attached Word document that, when clicked, installs malicious software. As part of our process in response to phishing incidents, we confirmed that DocuSign’s core eSignature service, envelopes and customer documents remain secure.

However, as part of our ongoing investigation, today we confirmed that a malicious third party had gained temporary access to a separate, non-core communication system used for service-related announcements that contained a list of email addresses. A complete forensic analysis has confirmed that only email addresses were accessed; no names, physical addresses, passwords, social security numbers, credit card data or other information was accessed. No content or any customer documents sent through DocuSign’s eSignature system was accessed; and DocuSign’s core eSignature service, envelopes and customer documents and data remain secure.

Update 5/16/2017 @ 8:55 Pacific Time – Key Update on Malicious Campaign

Q: Have the email addresses of my employees, customers or customers’ customers been exposed as part of this incident?
A: As part of our ongoing investigation, we can now confirm that no signers were on the list of email addresses that was accessed maliciously unless they had signed up for a DocuSign account. That could include direct DocuSign customers; someone who signed a document and elected to open a DocuSign account; or someone who signed up for a DocuSign freemium account – via docusign.com, through a partner integration, or via the DocuSign mobile client.

Update 5/17/2017 @ 1:02 PM Pacific Time – New Phishing Campaign Discovered Today

DocuSign has observed a new phishing campaign that began the morning of May 16 (Pacific Time). The email comes from “dse@dousign.com” with the subject “Legal acknowledgement for <person> Document is Ready for Signature” and it contains a link to a malicious, macro-enabled Word document. We suggest you do not open this email, but rather delete it immediately.

The Ultimate Phishing Scam?

This may very well be the ultimate spear phishing campaign. While the number of email addresses compromised has not been disclosed, we can assume it is A LOT and a considerable portion of those affected routinely use DocuSign multiple times a month, if not weekly or daily. Since DocuSign emails are both expected and “trusted” we can only further assume that these phishing campaigns are being effective. No official report on just how effective, so far, but perhaps we’ll get an update further details emerge.

It seems likely that this scam will continue for a very long time given that DocuSign reportedly has 100 million users.

The Lesson You Can Learn

“However, as part of our ongoing investigation, today we confirmed that a malicious third party had gained temporary access to a separate, non-core communication system used for service-related announcements that contained a list of email addresses.” (Emphasis added)

The lesson to be learned here is that in today’s world no part of your network can be considered “non-core” when it comes to security. If the data is worth saving within your network, it is worth protecting!

Konsultek and Its Partners

Konsultek and its partners like Proofpoint, CheckPoint, ForeScout, CarbonBlack and many others work together to build custom security solutions for businesses of all sizes in all markets. When you’re ready to learn about your network vulnerabilities and how to correct them please give us a call.

 

2017 Cisco Annual Cybersecurity Report Insights

The 2017 Cisco Annual Cybersecurity report was just published. Weighing in at 110 pages and filled with detailed analysis, this is a report that should be downloaded and reviewed by anyone with an interest in the ever changing cybersecurity landscape.

Here are some of the major findings outlined in the report:

● The top constraints to adopting advanced security products and solutions, according to the benchmark study, are budget (cited by 35 percent of the respondents), product compatibility (28 percent), certification (25 percent), and talent (25 percent).

● The Cisco 2017 Security Capabilities Benchmark Study found that, due to various constraints, organizations can investigate only 56 percent of the security alerts they receive on a given day. Half of the investigated alerts (28 percent) are deemed legitimate; less than half (46 percent) of legitimate alerts are remediated. In addition, 44 percent of security operations managers see more than 5000 security alerts per day.

● Twenty-seven percent of connected third-party cloud applications introduced by employees into enterprise environments in 2016 posed a high security risk. Open authentication (OAuth) connections touch the corporate infrastructure and can communicate freely with corporate cloud and software-as-a-service (SaaS) platforms after users grant access.  See our previous post on private vs. public cloud

● According to the Security Capabilities Benchmark Study, organizations that have not yet suffered a security breach may believe their networks are safe. This confidence is probably misplaced, considering that 49 percent of the security professionals surveyed said their organizations have had to manage public scrutiny following a security breach. 6 Executive Summary and Major Findings Cisco 2017 Annual Cybersecurity Report

● The Cisco 2017 Security Capabilities Benchmark Study also found that nearly a quarter of the organizations that have suffered an attack lost business opportunities. Four in 10 said those losses are substantial. One in five organizations lost customers due to an attack, and nearly 30 percent lost revenue.

● When breaches occur, operations and finance were the functions most likely to be affected (36 percent and 30 percent, respectively), followed by brand reputation and customer retention (both at 26 percent), according to respondents to the benchmark study.

● Network outages that are caused by security breaches can often have a long-lasting impact. According to the benchmark study, 45 percent of the outages lasted from 1 to 8 hours; 15 percent lasted 9 to 16 hours, and 11 percent lasted 17 to 24 hours. Fortyone percent (see page 55) of these outages affected between 11 percent and 30 percent of systems. See our recent post on Business Continuity

● The 2017 Security Capabilities Benchmark Study found that most organizations rely on third-party vendors for at least 20 percent of their security, and those who rely most heavily on these resources are most likely to expand their use in the future. Review Konsultek’s Managed Security Services

Konsultek Knows Security

When it comes to protecting organizational assets within your network, Konsultek shines. Our engineers’ consultative approach to security means that every organization gets the custom security solution that is right for them, not some off the shelf bundle of products. If you are ready to learn how you can take your organization’s network security to the next level, give us a call.

 

© Copyright 2018 Konsultek