Cyber Attacks in 2017: Who is the Next Target?

Forrester Research Forecasters Predict Health Care Industry will be Most Heavily Targetted

Cyber Attacks in 2017: Who is the Next Target?

We're getting close to the end of 2016 and people are already thinking about their New Year's Resolutions. Everyone at Sentar hopes you'll resolve to be a more secure cyber citizen. Change your passwords! Stop clicking on those links in email you receive from people or companies you don't know. Pick up the phone and talk more often. 

2017 is expected to have severe issues caused by cyber attacks, including expectation that "hackers could hurt the American economy by, among other things, taking down huge parts of the national electricity grid."

Before you peer into the future, here's the facts on 2016 cyber attacks that we know of, to date, as reported in this article posted by 247WallSt.com:

"Identity Theft Resource Center reports that there have been 957 data breaches recorded this year through December 6, 2016, with more than 35 million records exposed. Since beginning to track data breaches in 2005, ITRC has counted 6,766 breaches, involving more than 886 million records."

The Rise of the Bot Machines

Internet of Things P0wned! Major sites taken off Internet by Webcams, thermostats and DVRs

The Rise of the Bot Machines

On Friday, October 21, 2016, millions of 'smart' home devices designed to connect to cloud services on the Internet began generating traffic intended to shut down many popular websites, such as eBay, Amazon and Twitter.

This attack is known as a Distributed Denial of Service (DDoS) and it targeted a company called Dyn, who provides major infrastructure for large, popular websites. This "Internet of Things" based attack use recently released hacker software, called Mirai, to find and take over these devices--converting them into a botnet. This Mirai malware targets "smart" devices connected to the Internet, like security cameras, baby monitors, DVR's, refrigerators...you get the idea. The main design point for these IoT Devices has been to make it easy for anyone to pull it out of the box, plug it in and be connected.

Because of their nature, IoT 'smart home' devices are often very insecure, and are rarely, if ever, updated with security patches.

Johnson & Johnson Sends Cyber Warning Letter to Insulin Pump Owners

Insulin Pump Users Warned of Possible Cyber Attack Vulnerability

Johnson & Johnson Sends Cyber Warning Letter to Insulin Pump Owners

We blogged about the dangers of medical devices being cyber hacked back in January. This week, Johnson and Johnson (Stock: JNJ) took the unusual move of sending out a letter to their clients about a cyber vulnerability within one of their Insulin Pumps. While they state the chance of an actual attack to be very low, they do provide multiple steps that a user can take, including turning off the radio that enables automatic recording of blood glucose levels.

Air Force Cyber Command drives AI, CS & EW Convergence

The 3rd Offset: US Air Force is Rapidly Mobilizing For Cyber War

Air Force Cyber Command drives AI, CS & EW Convergence

There are multiple articles published recently that provide insight into the challenges and direction of modern warfare as understood by many experts, such as those in Cyber Command, Navy/SPAWAR and Air Force Space Command/AF Cyber. In a single word, they're focused on convergence. Other services have also recognized this area's importance, as shown in other articles this year that are referenced and quoted in this full blog article. Internally, Sentar experts have also been recognizing the importance and inevitability of Cybersecurity and Electronic Warfare convergence for quite some time as they have worked with various DoD agencies. Click here for the detailed article.

Aches and Pain? Do you need a HIPAA Check?

HHS.Gov: Your Money or Your PHI

Aches and Pain? Do you need a HIPAA Check?

One of our cybersecurity analysts sent an article to me yesterday. We have been discussing Ransomware, Hospitals and IoT Medical Device vulnerability.

From HHS.Gov:

"One of the biggest current threats to health information privacy is the serious compromise of the integrity and availability of data caused by malicious cyber-attacks on electronic health information systems, such as through ransomware. The FBI has reported an increase in ransomware attacks and media have reported a number of ransomware attacks on hospitals."

Encryption & Privacy: Apple and Ransomware Take Center Stage

Over the course of the last few weeks, one major issue encryption presents to investigators and organizations has come to the forefront of not only security-minded professionals, but the general American public. Why? Encryption, while one of the main tenets of data security, has been the culprit behind several recent incidents...

 Apple vs British Government

The Dangers of Surfing (and it's not sharks)

Leaked personal data can used against you for Spear Phishing

Turns Out 90 Percent of the Internet’s Top Sites Leak Your Data to Third Parties

Spear phishing image

It's no secret that websites typically send user data to third parties (typically without their knowledge or consent), but now new peer-reviewed research published by University of Pennsylvania privacy researcher and doctoral student Tim Libert shows that the scale of this is enormous "nine out of ten sites are leaking user data to an average of nine external domains." That means that a single site you visit will send your data to nine outside websites.  

 

UK Hospital System Crippled by Computer Virus - Cancels Surgeries!

Trauma Patients diverted to other Hospitals; Surgeries cancelled.

UK Hospital System Crippled by Computer Virus - Cancels Surgeries!

Brian Krebs of KrebsonSecurity.com posted an in-depth article about a UK Hospital System that has been crippled by a computer virus. This cybersecurity breach has forced multiple hospitals to cancel surgeries and divert trauma patients and "at risk" women in labor. Although no information was released about what kind of computer virus infected the Hospital systems, it is likely an infestation of ransomware — a malware scourge whose purveyors have taken to targeting hospitals and healthcare facilities.

Ransomware scours an infected computer for documents, audio files, pictures and other things likely to be of value to the system’s owner, and then encrypts that data with very powerful encryption software. Most ransomware variants also scour the local network for other systems or network shares to infect. Victims usually can only get their files back after paying a specified ransom demand using a virtual currency, such as Bitcoin.

Our Work Here ISN'T Done: 2016 Cyber Breaches Up 15% over 2015

Data Breaches Expose 169 Million Records So Far in 2016

Our Work Here ISN'T Done: 2016 Cyber Breaches Up 15% over 2015

The latest data breach count from the Identity Theft Resource Center (ITRC) reports that there have been 725 data breaches recorded this year through October 4, 2016, and that more than 29 million records have been exposed since the beginning of the year. The total number of reported breaches increased by 13 since ITRC’s last report on September 27. The number of breaches in 2015 totaled 781, just two shy of the record 783 breaches that ITRC tracked in 2014. The 725 data breaches reported so far for 2016 are more than 16% above the number reported (623) for the same period last year. A total of more than 169 million records were exposed in 2015.

New Cybersecurity Open Source Machine Learning Project Now Available

Apache Spot uses big data analytics and machine learning for advanced threat detection

New Cybersecurity Open Source Machine Learning Project Now Available

Sentar has been using Artificial Intelligence and Machine Learning technology for years to provide advanced malware detection and classification. Our technology was derived from concepts in the Human Genome Bioinformatics efforts and it was the genesis of DARPA's Cyber Genome project. Now, there is an open source project, Apache Spot that provides access to similar technology that you can explore yourself. Apache Spot uses Big Data Analytics and Machine Learning that can be applied to improve or create new cybersecurity applications.

Hey, We Hacked The Pentagon!

(Ok, not "we". One of our Experts.)

Hey, We Hacked The Pentagon!

We recently hired a new cybersecurity expert in our Research & Development group. We were chatting, just kind of getting to know each other, and he mentioned he had successfully hacked one of the Pentagon's websites. 

Instead of hauling him off to jail, they paid him. It's a smart move that many corporations should consider. Of course, he was participating in the Department of Defense-sponsored, first-ever, Hack The Pentagon exercise. And he found several vulnerabilities.

And, yesterday it was announced that the DoD had finished closing all 138 verified security vulnerabilities uncovered by that 'exercise'. They estimate it could have cost $1M if they paid a professional firm to do so, instead they shelled out ~$150K. Hey, 85% off! Get your discounted vulnerabilities right here!

(More details of the past event, which has future ones coming, is available by clicking "Continue Reading" under this teaser block.)

Should "Safety First" include Cybersecurity?

What is the role of Cybersecurity in Manufacturing Plants?

Should

Tiaan van Schalkwyk at Deloitte South Africa has sage advice for those that work in the Manufacturing Industry. He suggests the fear we face isn't "The Rise of the Thinking Machines", but rather those who might take them over by cybersecurity attacks. 

“Manufacturers need to have the peace of mind that the safety, availability, and reliability of all aspects of their systems are nigh on guaranteed. Furthermore, the temptation exists to compromise on the security of some part of the chain in favour of usability. This does place the entire system at risk. But even if this is not the case, it is only a matter of when and not if a manufacturer will be compromised.”

U.S. Government Cyber Security Report Card Isn't Good

US Government is the Worse of all 18 Major Industries

The 2016 U.S. Government Cybersecurity Report, as researched and published by SecurityScorecard, places the U.S. Government's Cybersecurity posture in last place compared to all other major industries, as reported by Reuters.

SecurityScorecard analyzed and graded the current security postures of 600 local, state, and federal government organizations, each with more than 1000 public-facing IP addresses, to determine the best and worst performers across all levels of U.S. Government. Read on...