Subscribe to RSS - Cybersecurity

Cybersecurity

Cybercriminals target remote workers during pandemic

Practical protocols businesses can do to prevent, respond to cyberattacks
 - 
04/01/2020

YARMOUTH, Maine—As the COVID-19 pandemic rages on, the current cybercrime landscape is focused on businesses of all sizes as more and more employees are working from home per government protocols to contain, control and remedy the virus.

New guide for cybersecurity standards ISA/IEC 62443 Series

 - 
03/24/2020

RESEARCH TRIANGLE PARK, N.C.—The International Society of Automation (ISA) and the ISA Global Cybersecurity Alliance have released a new guide for consensus-based automation cybersecurity standards. 

Defendify raises $2M in seed money

Funding to drive continued growth of company’s cybersecurity platform
 - 
01/29/2020

PORTLAND, Maine—Defendify, an all-in-one SaaS cybersecurity platform developer, announced it closed on $2 million in seed funding, bringing the total raised in the last 18 months to $3.6 million.

Putting the SHIELD Act and CCPA into perspective

Cybersecurity lawyer, industry association SVP offers tips for companies to become, stay in compliance
 - 
01/29/2020

YARMOUTH, Maine—On Jan. 1, two new statutes — the Stop Hacks and Improve Electronic Data Security Act (the SHIELD Act), a consumer privacy statute, and the California Consumer Privacy Act (CCPA), a cyber-breach notification statute — went into effect, changing the way some security professionals do business.

Weak passwords and ransomware infections go hand-in-hand

 - 
Wednesday, January 22, 2020

Did you know … the first ransomware attack happened in 1989 by Joseph L. Popp, a Harvard-trained evolutionary biologist? As history tells us, Popp created the AIDS Trojan, known as the PC Cyborg, and sent 22,000 infected diskettes, labeled “AIDS Information – Introductory Diskettes,” to an international AIDS conference. 

Unsuspiciously, the diskette did educate the user, but it also infected the user’s computer. After approximately 90 reboots, the virus would encrypt files on the hard drive, and to reverse it, the price was $189 made payable to a P.O. box in Panama. 

Although Popp’s virus was easily defeated, it started a snowball effect across the digital world. 

It’s been 31 years since the first ransomware infection and we’re still dealing with these on the daily. Research from precisesecurity.com, showed weak passwords caused 30 percent of ransomware infections in 2019. 

“Weak passwords.” How many times do we see or hear this phrase? Ad nauseam, if you ask me. And, yet, a quick Google search reveals some of the most popular passwords of 2019: 

  • 12345
  • 123456 (This one was used by 23.3 million victim accounts globally.)
  • 12345678 (This was chosen by 7.8 million data breach victims.)
  • 111111
  • test1
  • abc123
  • Password (More than 3.5 million people use this one to protect their sensitive information.)

It just doesn’t make sense. Yes, we have what seems like a bajillion passwords to remember for access to various locations, physically and digitally, but taking the easy way out hasn’t served us or the world well up to this point. It’s only produced one of the leading cyberattacks used by cyber criminals — ransomware.

So, now what? I suggest we take control over our password/phrase creation and usage. My proposal is simple: Set aside some time to create a list of strong passphrases and/or words once every quarter, adding each time to the previous list. Schedule “password/phrase creation” into your calendar so you set the intention ahead of time. The result will be a list of passwords/phrases that can be used anytime: when asked to update, creating a new account, etc. 

A Quick Tutorial

Creation: Think of a secret about yourself that only you or very few of your closest family/friends know. (To my knowledge, cyber criminals have yet to figure out how to hack brains to get information, so this seems like the safest, most secure information.) Then, create a passphrase, incorporating letters, numbers and symbols with your secret. 

Example (DO NOT USE): …Th3Qu1ckBr0wnF0xJump3d0v3rTheLazyD0g!?

Usage: Use a different, unique password or phrase for each account. Does this take time? Yes. Is it worth it to help prevent ransomware attacks? According to the statistics, yes, but this is something you have to decide for yourself by asking: “Is it worth my time to create strong passphrases and/or passwords to keep my sensitive information, such as access to my bank account or work life, safe?”

Lest we forget, Albert Einstein did define “insanity” as “doing the same thing over and over again and expecting different results.”

TSA’s quest to merge cybersecurity and information technology

 - 
Wednesday, January 15, 2020

We’re about two weeks into the new year, and suffice to say, gearing up for travel is top of mind for security professionals. The “big” industry shows always seem so far away at this point, but before we know it, ISC West will be here in March, followed by ESX in June; GSX in September; ISC East in partnership with ASIS NYC in November; and more. In addition to these, are the smaller, boutique-type events, such as our SecurityNext conference in February (It’s not too late to register, btw!), not to mention all the companies that host events throughout the year. This puts you and your personal data in quite a few airports’ computer systems, screening technologies, etc., which can be a hacker’s paradise. 

Fortunately, while you’re on your yearly security quests, TSA is on a “quest” of its own: “to merge cybersecurity and information technology,” according to a special notice issued on January 7, 2020. And, they aren’t going at it alone. The agency has the support of America’s airport facilities, working together to create a cybersecurity culture by adopting the requirement “cybersecurity by design” to ensure cybersecurity is at for forefront, as opposed to being an add-on or afterthought. 

In addition to merging cyber and information technology, there are other “requirements for the information security and security screening technologies industry to ensure everyone is working towards a common goal,” it said in the notice. Other requirements include: 

  • Implementation of adequate access control and account management practices by enabling multi-level access to equipment sources and the ability to restrict users;
  • The ability for airport operators to change system level passwords;
  • Use of unique identification of individuals, activity and access to security equipment; 
  • Protection of screening algorithms form compromise, modification and rendering equipment inoperable, and provide immediate alert when algorithms have been accessed;
  • Covering USB ports are covered and access to ports, cables and other peripherals are protected from unauthorized use;
  • Employing automated measures to maintain baseline configurations and ensure systems protections;
  • Proper management of internal and external interfaces and encryption of ingress and egress traffic;
  • Implementing methods to update security equipment affected by software flaws; 
  • Running security assessment tools on devices to ensure appropriate configuration and patch levels, and that no indicators of compromise are present; 
  • Full support to ensure security equipment hardware, software and operating system vulnerabilities are identified and remediated; 
  • Use of an approved encryption method to ensure integrity of all data at rest on security equipment; 
  • Providing comprehensive list of all software and hardware that compromise security equipment; 
  • Demonstrating the ability to update equipment design and capabilities to align with changing cyber intelligence and threat reporting; and 
  • Vetting all local or remote maintenance personnel with the inclusion of background checks. 

TSA hopes that these requirements will “increase security levels; raise the bar of cybersecurity across screening solutions; provide vendors an opportunity to demonstrate their cybersecurity credentials; and provide an aligned approach across the industry—making it easier for vendors to adapt to end user requirement.”

Sounds like a win for anyone involved in travel. 

 

The state of ransomware ...

 - 
Wednesday, January 8, 2020

The recent cyberattack on the city of New Orleans is another sobering example of how vulnerable we are as a nation to cyber criminals. Even for cities like New Orleans, which was prepared for such an attack, there is an incredible amount of time and effort and cost that goes into getting a city back up on its feet after such an incident.

Following the New Orleans attack, a report on the State of Ransomware in the U.S., created by cybersecurity research firm Emsisoft, was rushed to be released ahead of its original Jan. 1 2020 release date because, as researchers pointed out, the New Orleans incident “elevates the ransomware threat to crisis level. Governments must act immediately to improve their security and mitigate risks. If they do not, it is likely that similar incidents will also result in the extremely sensitive information which governments hold being stolen and leaked.”

By releasing the report early, the company hopes it will help “kickstart discussions and enable solutions to be found sooner rather than later. Those solutions are desperately needed.”

Looking at the numbers on ransomware, they are pretty mind numbing, as in 2019 the U.S. was hit by “an unprecedented and unrelenting barrage of ransomware attacks that impacted at least 966 government agencies, educational establishments and healthcare providers at a potential cost in excess of $7.5 billion,” according to Emsisoft.

The impacted organizations included:
•    113 state and municipal governments and agencies;
•    764 healthcare providers; and
•    89 universities, colleges and school districts, with operations at up to 1,233 individual schools potentially affected.

The incidents were not simply expensive inconveniences, according to the report, which noted that the disruption they caused put people’s health, safety and lives at risk. For example:
•    Emergency patients had to be redirected to other hospitals;
•    Medical records were inaccessible and, in some cases, permanently lost;
•    Surgical procedures were canceled, tests were postponed and admissions halted;
•    911 services were interrupted;
•    Dispatch centres had to rely on printed maps and paper logs to keep track of emergency responders in the field;
•    Police were locked out of background check systems and unable to access details about criminal histories or active warrants;
•    Surveillance systems went offline;
•    Badge scanners and building access systems ceased to work;
•    Jail doors could not be remotely opened; and
•    Schools could not access data about students’ medications or allergies.

“The fact that there were no confirmed ransomware-related deaths in 2019 is simply due to good luck, and that luck may not continue into 2020,” Emsisoft CTO Fabian Wosar said in the report. “Governments and the health and education sectors must do better. ”

Other effects of the incidents included:
•    Property transactions were halted;
•    Utility bills could not be issued;
•    Grants to nonprofits were delayed by months;
•    Websites went offline;
•    Online payment portals were inaccessible;
•    Email and phone systems ceased to work;
•    Driver’s licenses could not be issued or renewed;
•    Payments to vendors were delayed;
•    Schools closed;
•    Students’ grades were lost; and
•    Tax payment deadlines had to be extended.

In looking at how unprepared local governments are, a 2019 University of Maryland, Baltimore County research report based on data from a nationwide survey of cybersecurity in U.S. local governments, stated that, “Serious barriers to their practice of cybersecurity include a lack of cybersecurity preparedness within these governments and funding for it,” and that “Local governments as a whole do a poor job of managing their cybersecurity.”

The issues identified included:
•    Just over one-third did not know how frequently security incidents occurred, and nearly two-thirds did not know how often their systems were breached;
•    Only minorities of local governments reported having a very good or excellent ability to detect, prevent, and recover from events that could adversely affect their systems; and
•    Fewer than half of respondents said that they cataloged or counted attacks.

In some cases, governments failed to implement even the most basic of IT best practices, the report noted. For example, Baltimore experienced data loss because data resided only on end-user systems for which there was no backup mechanism in place.

According to the University of Maryland, Baltimore County's research, more than 50 percent of governments identified “lack of funding” as a barrier to cybersecurity and this is almost certainly an issue in the education and healthcare sectors, too. “Resolving the problem may simply require that organizations reallocate their existing budgets, or it may require that additional funding be provided either by federal or state government. In either case, it is an issue that must be addressed,” researchers concluded.
   
While 966 government agencies, educational establishments and healthcare providers were impacted by ransomware in 2019, the report noted that not a single bank disclosed a ransomware incident.

“This is not because banks are not targeted,” researchers noted. “It is because they have better security and so attacks against them are less likely to be successful. If government agencies were simply to adhere to industry-standard best practices — such as ensuring all data is backed up and using multi-factor authentication everywhere that it should be used — that alone would be sufficient to reduce the number of successful attacks, their severity and the disruption that they cause.”
 
As Wosar pointed out, “2020 need not be a repeat of 2019. Proper levels of investment in people, processes and IT would result in significantly fewer ransomware incidents and those incidents which did occur would be less severe, less disruptive and less costly.”
 

Hanwha’s top five video surveillance trends for 2020

 - 
12/20/2019

TEANECK, N.J.—Hanwha Techwin, a global supplier of IP and analog video surveillance solutions announced its top five key trend predictions for the security industry in 2020. 

Proactively going head-to-head with cyber threats

 - 
Wednesday, December 18, 2019

I recently read an article stating that the biggest cyberattack of 2020 has already happened. Needless to say, this sparked my attention, plunging my mind into thoughts of sophisticated cybercriminals who have already hatched a plan attack that’s just sitting in wait, ready to emerge when prompted. While I don’t promote, condone or encourage using scare tactics as a way to educate others and prompt them to take action, this does sound a bit scary; so, I reached out to some cybersecurity experts and members of SIA’s Cybersecurity Advisory Board to better understand and learn what you and I can do to protect ourselves going forward. 

“The most successful cybercriminals are the ones you don’t even know are there,” Tiffany Pressler, senior manager, HID Global, said. 

Min Kyriannis, head, Technology Business Development, Jaros, Baum & Bolles further explained: “Typically, hackers will remain dormant in someone’s network until a sequence or signal is sent to initiate the attack.”

To better understand a cyberattack, Pressler explained the Cyber Kill Chain, eight recognized phases that most cyberattacks go through. The phases are: 

  1. Reconnaissance
  2. Intrusion
  3. Exploitation
  4. Privilege escalation
  5. Lateral movement
  6. Obfuscation/anti-forensics
  7. Denial of service
  8. Exfiltration

“Each phase offers an opportunity to stop the attack, but most aren’t aware that a breach has happened at any of these phases until months or years after the breach has occurred,” Pressler explained. “Based upon that logic, any breach impending in 2020 is probably already significantly down the list of phase stages.” 

This doesn't mean doom and gloom, but rather, a sort of "heads up" to take action now to protect yourself for what you already know is coming.

One of the biggest complaints people talk about is identity theft, so Kyriannis advised to see what services are available. “Following the Equifax data breach, there are free services provided to lock your credit report, for example TrueIdentity,” she said. “Always ask questions about how companies your working with are security the information you’re providing them. I set alerts on my credit cards so that when I use them, a text message is sent to my cell phone.”

Pressler also offers some simple, proactive actions to take now: 

  • Turn on multi-factor authentication for any and all applications and devices. 
  • Use a password manager to help you remember and not reuse passwords. 
  • Always use complex passwords consisting of letters, upper- and lowercase, numbers and symbols. It’s best when your password does not equate to a readable word, sentence or name. 
  • Never click on links in emails or text messages. 
  • Hover over links to reveal the full URL to see if it goes to a legitimate domain, owned by a company.
  • Secure links with a link scanner, such as Norton SafeWeb or ScanURL.
  • Never give out information through webpages launched from a link. Always go to a company’s homepage and log in there.

“If you’re proactive about setting these measures, you’re making it harder for the cybercriminals, but you’re also giving yourself a chance to recover quickly,” Kyriannis encouraged.

How companies can fight against cyber threats

Cyber experts identify top cyber threats for 2020 and offer strategies of defense
 - 
12/16/2019

YARMOUTH, Maine—As 2019 closes, 2020 is full of new possibilities and opportunities. While it’s a time for growth, change and newness, cyber criminals are lurking in the background ready to strike.

Pages