|
Third Party Risk Management for Healthcare Cybersecurity
Third party-related breaches are increasingly impacting healthcare environments, and it’s an expensive way to learn that third party risks need to be proactively managed. A survey of healthcare IT leaders conducted in 2019 revealed 56% had experienced one or more third party data breaches in the last two years, causing on average a total of $2.9 million to remediate. CI Security’s Steve Torino explains why third-party risks in healthcare are increasing now more than ever, and how to develop a Third Party Vendor Risk Management Program to manage the supply chain risks to patient care, ePHI, and critical systems.
https://ci.security/resources/news/article/third-party-risk-management-for-healthcare-cybersecurity
The Iran Cyber Warfare Threat: Everything You Need To Know
However, he thinks it is unlikely the main revenge effort will be in the cyber domain because it “is not a strong enough revenge message for the Iranian people.” Even so, Ingram thinks Iran will increase its cyber activities significantly. This could include the country using proxies such as North Korea in exchange for missile technologies. “It will range from the types of attacks we have seen already to possibly GPS spoofing to try and get shipping to stray into Iranian waters. Saudi Arabia and other U.S. leaning gulf states will probably bear the brunt of Iranian Cyber activity.”
https://www.forbes.com/sites/kateoflahertyuk/2020/01/06/the-iran-cyber-warfare-threat-everything-you-need-to-know/#5cf9993f15aa
The Hidden Cost of Ransomware: Wholesale Password Theft
[All] too often, ransomware victims fail to grasp that the crooks behind these attacks can and frequently do siphon every single password stored on each infected endpoint. The result of this oversight may offer attackers a way back into the affected organization, access to financial and healthcare accounts, or — worse yet — key tools for attacking the victim’s various business partners and clients.
https://krebsonsecurity.com/2020/01/the-hidden-cost-of-ransomware-wholesale-password-theft/
What the Iran situation means for health data
The Health Information Sharing and Analysis Center is warning of "significant risk that Iran will target critical infrastructure though cyberspace" as tensions with Iran escalate following the death of Qassem Soleimani in a drone strike[.] H-ISAC is a nonprofit organization that shares cybersecurity threat intelligence with its members. "Historically, Iran has not deliberately targeted the healthcare sector," the bulletin reads. "However, we must be vigilant facing" attacks in which data could be deleted, it continues.
https://www.politico.com/newsletters/morning-ehealth/2020/01/06/what-the-iran-situation-means-for-health-data-784058
HSCC Tells HHS: Include Patching in Stark Law Cybersecurity Donations
Notably, the proposed changes to Stark Law and the Anti-Kickback Statute were recommended in the 2017 Healthcare Industry Cybersecurity Task Force Report. To accomplish its goals, HHS should focus on four key areas, including improving the patching language outlined in the proposal. As noted repeatedly in recent years, patching challenges plague the healthcare sector and cause significant risks to provider networks and patient data. As many providers continue to use outdated, legacy platforms, those cyber risks are rapidly increasing.
https://healthitsecurity.com/news/hscc-tells-hhs-include-patching-in-stark-law-cybersecurity-donations
Digital transformations hindered by cyber risks
Interestingly, there is also an apparent mismatch between the level of concern and preparedness for different problems; while the problem of data exfiltration was seen as the most worrying, it scored the lowest priority in terms of preparedness. [...] “Security leaders need to look beyond perimeter security, leverage automation, and have a better grasp of the psychology of both cybercriminals and their business users,” he said.
https://dynamicbusiness.com.au/featured/digital-transformations-hindered-by-cyber-risks.html
Cyber gangsters demand payment from Travelex after 'Sodinokibi’ attack
Travelex, owned by the Abu Dhabi financial services group, Finabir, has fallen victim to one of the most sophisticated cyber extortion rackets. Sodinokibi, also known as REvil, appeared in April 2019, offering criminal gangs the opportunity to rent the ransomware and customise it to target their own victims in return for a cut of the profits. Some criminal groups have links to Syria and Iran, according to research by McAfee.
https://www.computerweekly.com/news/252476283/Cyber-gangsters-demand-payment-from-Travelex-after-Sodinokibi-attack
Ask the Experts: What will be the biggest cyber security story in 2020?
- Changing role of the CISO
- Election security
- Broader IT landscape, wider security gaps
- Ransomware on smartphones?
- Year of encryption: Compliance, governments, and personal protection
- Internet of Things (boosted by 5G)
- More regulation, more fines
https://securityboulevard.com/2020/01/ask-the-experts-what-will-be-the-biggest-cyber-security-story-in-2020/
2020 outlook for cybersecurity legislation
Of the nearly 300 pieces of legislation that touch on some aspect of cybersecurity, or more urgently, election security, introduced since the current Congress began last year, only nine have become law. Most were budget-related measures that appropriated or increased funds for federal agencies to spend on cybersecurity or election security as part of the fiscal 2020 spending deal passed in December. Now, roughly halfway through the current Congress, it’s time to take stock and review where things stand in the legislative arena.
https://www.csoonline.com/article/3512043/2020-outlook-for-cybersecurity-legislation.html
A Chinese cyber rumble in Kathmandu
Beijing has been trying to crack down on groups who commit cyber fraud and are carrying out online gambling activities in China while living in other southeast Asian countries like Philippines, Malaysia, Cambodia, Vietnam and Laos. On December 20, the Filipino authorities arrested 342 Chinese nationals from a gambling operation. Likewise, in August, Cambodia banned online gambling under pressure from the Chinese government. With mounting pressure from China on many Southeast Asian nations, these groups have migrated to Nepal.
https://www.asiatimes.com/2020/01/article/a-chinese-cyber-rumble-in-kathmandu/
Russia Takes a Big Step Toward Internet Isolation
But analysts say that last week's test may actually reflect a gradual approach rather than a rush to separate. "There is not that much data available, but presenting the drills that happened in late December as a real-world exercise about disconnecting Russia from the global internet is probably exaggeration. There were no user reports confirming that[.]" "But the internet censorship and overall situation in Russia clearly has a chilling effect.
https://www.wired.com/story/russia-internet-control-disconnect-censorship/
HOW NORTH KOREA HACKERS ATTACK MAJOR CYBERSECURITY WEAKNESSES ACROSS THE GLOBE
But, this is not the first time when North Korea has been involved in malicious cyber tactics. In fact, North Korea has been so active that attacks have exposed multiple vulnerabilities in global software systems and networks. [...] The majority of targets identified were in the US, Japan or South Korea. [...] But, this is not the first time when North Korea has been involved in malicious cyber tactics. In fact, North Korea has been so active that attacks have exposed multiple vulnerabilities in global software systems and networks.
https://analyticsindiamag.com/how-north-korea-hackers-attack-major-cybersecurity-weaknesses-across-the-globe/
Cyberwar with Iran: How vulnerable is America?
Private-sector corporations, which include banking, health care and energy services, would be the primary targets, according to Paul Martini, co-founder of the network security platform iBoss. In the worst-case scenario, Iranian hackers "could instantaneously shut down an entire power grid," Martini said. "It’s not just the lights, it’s also the internet which shuts down communication systems. Without shooting a single bullet or missile, you can shut down an entire county or nation."
https://www.usatoday.com/story/tech/2020/01/03/how-much-damage-could-iran-cyber-attacks-do/2803599001/
The FTC’s 2020 COPPA rules have YouTube creators scared
Prior to YouTube's settlement with the FTC, its position was that YouTube's TOS excludes children, and its content is all "family friendly, but general audience" rather than being explicitly child-directed. It therefore it did not need to comply with COPPA regulations. The settlement includes an acknowledgement that some YouTube content is directed toward children and therefore does fall under the regulatory scope of COPPA; Google will henceforth make an effort to identify and label such content.
https://arstechnica.com/gaming/2020/01/the-ftcs-2020-coppa-rules-have-youtube-creators-scared/
Judge dismisses Monitor, ACLU suit for details of secret police equipment
A Merrimack County Superior Court judge has dismissed a suit filed by the American Civil Liberties Union of New Hampshire and the Concord Monitor arguing that the Concord Police Department must reveal more information about secret police technology listed in the city’s budget. A $5,100 line item in last year’s police department budget was set aside for “covert communications equipment.” City officials argued that they can’t say what the equipment is and what it does – or even which company offers it – because of a nondisclosure agreement with the vendor.
https://www.concordmonitor.com/City-of-Concord-ACLU-going-to-court-over-police-equipment-27688396
BusKill Cable Starts a Self-Destruct Routine on Stolen Laptops
In essence, BusKill is a cable with a USB drive at one end that attaches to your body and your laptop at the other. When the drive disconnects, it acts on a predefined 'udev' event, which can be anything from locking the computer, shutting it down, or wipe data on it. Altfield spent about $20 to build BusKill but this depends on the quality of the items you choose. A USB drive, a magnetic adapter, a carabiner, and a USB extension cable are the hardware essentials.
https://www.bleepingcomputer.com/news/security/buskill-cable-starts-a-self-destruct-routine-on-stolen-laptops/
Microsoft: RDP brute-force attacks last 2-3 days on average
Around 0.08% of RDP brute-force attacks are successful, and RDP brute-force attacks last 2-3 days on average, Microsoft said last month while presenting the results of a months-long study into the impact of RDP brute-force attacks on the enterprise sector. For the study, Microsoft said it collected data on RDP login-related events from more than 45,000 workstations running Microsoft Defender Advanced Threat Protection, the commercial version of its free Defender antivirus app.
https://www.zdnet.com/article/microsoft-rdp-brute-force-attacks-last-2-3-days-on-average/
Clop Ransomware Now Terminates 663 Processes Before Encrypting Your Files
Clop terminates processes to prevent a target system from accessing certain files. Disabling more processes means the ransomware can encrypt more files, which should make people even more desperate to pay up so they can regain access to their systems. (Assuming the ransomware operators actually unlock those files.) Some of the affected processes include Microsoft Office applications, WinRAR, notepad and notepad++, calculator, Adobe Acrobat and far more.
https://www.tomshardware.com/news/clop-ransomware-terminates-663-processes
Researchers unearth malicious Google Play apps linked to active exploit hackers
Camero exploits CVE-2019-2215, a potent vulnerability discovered in October by Google’s Project Zero vulnerability research group, researchers from Trend Micro reported on Monday. The use-after-free flaw makes it easy for attackers to gain full root privileges on Pixel 1 and Pixel 2 phones and a host of other Android models. Google patched the vulnerability in October, a few days after Project Zero researcher Maddie Stone reported it was likely under active attack by either exploit developer NSO Group or one of its customers.
https://arstechnica.com/information-technology/2020/01/researchers-unearth-malicious-google-play-apps-linked-to-active-exploit-hackers/
John McAfee No Longer Willing to Eat His Dick on TV
Asked if a single Bitcoin would be worth $500,000 within three years, McAfee responded: "if not, I will eat my dick on national television." […] The Dickening, a site that tracks the progress of McAfee's bet, estimates that the cryptocurrency would need to grow an average of $2,756 per day for the next 360 days in order to reach $1 million. Unless something extraordinary happens to the world economy in the next 12 months, it is basically guaranteed that McAfee will lose the bet. On Saturday, however, McAfee tweeted that he will not eat his own dick on TV, despite his promises, and that the bet was, in fact, a "ruse" to boost Bitcoin's value.
https://www.vice.com/en_us/article/m7qawy/john-mcafee-no-longer-willing-to-eat-his-dick-on-tv
|
