Forrester Research Forecasters Predict Health Care Industry will be Most Heavily Targetted
We're getting close to the end of 2016 and people are already thinking about their New Year's Resolutions. Everyone at Sentar hopes you'll resolve to be a more secure cyber citizen. Change your passwords! Stop clicking on those links in email you receive from people or companies you don't know. Pick up the phone and talk more often.
2017 is expected to have severe issues caused by cyber attacks, including expectation that "hackers could hurt the American economy by, among other things, taking down huge parts of the national electricity grid."
Before you peer into the future, here's the facts on 2016 cyber attacks that we know of, to date, as reported in this article posted by 247WallSt.com:
"Identity Theft Resource Center reports that there have been 957 data breaches recorded this year through December 6, 2016, with more than 35 million records exposed. Since beginning to track data breaches in 2005, ITRC has counted 6,766 breaches, involving more than 886 million records."
Internet of Things P0wned! Major sites taken off Internet by Webcams, thermostats and DVRs
On Friday, October 21, 2016, millions of 'smart' home devices designed to connect to cloud services on the Internet began generating traffic intended to shut down many popular websites, such as eBay, Amazon and Twitter.
This attack is known as a Distributed Denial of Service (DDoS) and it targeted a company called Dyn, who provides major infrastructure for large, popular websites. This "Internet of Things" based attack use recently released hacker software, called Mirai, to find and take over these devices--converting them into a botnet. This Mirai malware targets "smart" devices connected to the Internet, like security cameras, baby monitors, DVR's, refrigerators...you get the idea. The main design point for these IoT Devices has been to make it easy for anyone to pull it out of the box, plug it in and be connected.
Because of their nature, IoT 'smart home' devices are often very insecure, and are rarely, if ever, updated with security patches.
Insulin Pump Users Warned of Possible Cyber Attack Vulnerability
We blogged about the dangers of medical devices being cyber hacked back in January. This week, Johnson and Johnson (Stock: JNJ) took the unusual move of sending out a letter to their clients about a cyber vulnerability within one of their Insulin Pumps. While they state the chance of an actual attack to be very low, they do provide multiple steps that a user can take, including turning off the radio that enables automatic recording of blood glucose levels.
The 3rd Offset: US Air Force is Rapidly Mobilizing For Cyber War
There are multiple articles published recently that provide insight into the challenges and direction of modern warfare as understood by many experts, such as those in Cyber Command, Navy/SPAWAR and Air Force Space Command/AF Cyber. In a single word, they're focused on convergence. Other services have also recognized this area's importance, as shown in other articles this year that are referenced and quoted in this full blog article. Internally, Sentar experts have also been recognizing the importance and inevitability of Cybersecurity and Electronic Warfare convergence for quite some time as they have worked with various DoD agencies. Click here for the detailed article.
HHS.Gov: Your Money or Your PHI
One of our cybersecurity analysts sent an article to me yesterday. We have been discussing Ransomware, Hospitals and IoT Medical Device vulnerability.
"One of the biggest current threats to health information privacy is the serious compromise of the integrity and availability of data caused by malicious cyber-attacks on electronic health information systems, such as through ransomware. The FBI has reported an increase in ransomware attacks and media have reported a number of ransomware attacks on hospitals."
A Cyber Attack on NATO Allies is an Attack on All
NATO has officially designated cyberspace as an operational warfare domain and confirmed that a cyberattack on any of its allies will be considered an Act of War.
A cyberattack on one of the NATO member states would activate Article 5 and call for a response of the alliance.
Over the course of the last few weeks, one major issue encryption presents to investigators and organizations has come to the forefront of not only security-minded professionals, but the general American public. Why? Encryption, while one of the main tenets of data security, has been the culprit behind several recent incidents...
Leaked personal data can used against you for Spear Phishing
Turns Out 90 Percent of the Internet’s Top Sites Leak Your Data to Third Parties
It's no secret that websites typically send user data to third parties (typically without their knowledge or consent), but now new peer-reviewed research published by University of Pennsylvania privacy researcher and doctoral student Tim Libert shows that the scale of this is enormous "nine out of ten sites are leaking user data to an average of nine external domains." That means that a single site you visit will send your data to nine outside websites.