Tag Archives: Cybersecurity

Are You Ready to Pay $1 Million Dollars to Recover Your Data?

1 Million of Dollars Paid In Ransomware Attack

1 Million of Dollars Paid In Ransomware Attack

Recently the South Korean web hosting company Nayana paid just over $1 Million U.S. worth of Bitcoin to settle a ransom demand and gain access to encrypted data. The original demand was for $4.4 Million worth of Bitcoin.

Interestingly, the variant that hit the South Korean hosting company known as Erebus was originally designed to infect Windows Operating Systems, but someone modified it to infect and work on Linux Servers.

While the servers of Nayana looked to be unpatched due to the exploit of a well-known vulnerability, this is defiantly a warning to any sizable business that ransomware will be a major threat. I also believe this successful windfall of a cash payment will increase the threat matrix exponentially.

While the threats against municipalities, hospitals, and schools will likely continue to climb due to their being easy targets. We will now see once again the threat increase among the financial, tech, and other major companies.

It’s time to take major steps to prevent becoming a victim to these attacks. Especially if you are in a sector mentioned above.

Here are some steps to take immediately:

  • Update and patch your systems.
  • Backup all CRITICAL data
  • Complete a Risk Assessment/Cyber Threat Analysis
  • Put Security Policies, Controls, and Protocols in place
  • Increase your cybersecurity posture
  • Educate employees on cybersecurity
  • Run an exercise on what you will do when breached or hit with ransomware

While the above is not meant to be a complete cybersecurity implementation, it is a good starting point. You may also want to initiate a scan to determine if you are already impacted and do not know it yet.

If you need additional help – feel free to contact me.

Don’t be the next company to pay $1 Million Dollars.

Tagged , , , ,

Will Medjacking Become the Next Wave in Healthcare Ransom Demands?

medjacking

Your healthcare facility is under attack. This time the threat isn’t to your network or even your internal systems. This time the attack is focused on Medical Devices and the threat to patient care and your reputation could be life-threatening. Will Medjacking become the next wave in healthcare ransom demands?

Medjacking is the hacking of medical devices with the intent to harm or even kill the patient. At least that was the old intent and definition. How long will it be before we see this become the new form of ransomware? Only time will tell.

In the past, the fear was that these types of hacks would be used to target specific and high profile individuals. In this current environment attacks on healthcare facilities and specific hospitals are up and the demands for ransom are as well. I fully believe that targeting of devices and holding your patients for ransom may well be next in line.

It is a dark thought, but I do believe this is where things are progressing. So, what are you doing to stop these and other cyber threats at your facility?

Here Are Some Tips:

  • Establish a Cybersecurity task force and attach it to your Board of Directors if you have not already done so.
  • Question and work with your medical device vendors about flaws, security concerns and what to do if a device is breached.
  • Set up an in-house lab where medical devices will be tested and scrutinized internally.
  • Establish protocols to prevent unnecessary  placement of devices onto the network, WiFi, or other unneeded communications.
  • Establish protocols to keep medical devices from communicating needlessly with other devices.
  • Turn off all needless wireless communications with implanted or other devices.

The above list is not meant to be exhaustive or to be the only steps put into place, but just a starting point. Have your internal cyber security task force look for and establish additional security flaws and protocols as needed.

Tagged , , , ,

Risks and Impacts of Rapid Technology Implementation

internet-of-ransomware-things

Over the last few months, I have pondered the risks and impacts of moving too fast to implement new and bleeding edge technologies. While much of these technologies make our lives better, make no mistake, I believe we are moving too fast.

Looking back to just over 27 years ago computers were not in nearly every household, there were no smartphones, there weren’t really even mass users of cellphones – also known as bricks back then, and for good reason. Most people did not carry a camera with them everywhere they went either.

Fast-forward to today. These technologies and more exist, and they are everywhere. We are also seeing the emergence of driverless vehicles (cars, trucks and even aircraft), robotic food servers, smart devices making up the Internet of Things (IoT), and much, much more.

What worries me is not the technology itself. It is the unchecked, ubiquitous, implementation and the level of security that is being implemented with the use of the devices. Or as I should say, the lack thereof.

According to Gartner 6.4 Billion connected “things” will be in use in 2016 and up to 50 Billion is forecast by 2020, though others cite that number will be closer to 30.7 Billion. Though many of those leave off things like smartphones, tablets, and computers. The numbers of connected and interconnected devices is staggering. In addition, anyone can purchase their own micro-controllers, set a device up through WiFi, Ethernet, or even through cellular networks, it is hard to maintain an accurate account of all the devices.

We’ve already seen small scale attacks and malware infections of these devices, and some have been used to launch DDoS attacks as well. Corporate cybersecurity initiatives are failing in a big way, and now there is just more to protect. Just imagine when your Fridge, TV, and Car fail to work until you either pay ransom or is used to launch devastating attacks against your own corporate network using your home network.

But it is not just the IoT’s to worry about. At a time when unemployment is a major issue for most countries around the globe and those who have jobs are demanding more for their employment, the trend is quickly moving to automation.

We see automated delivery trucks already in service. As I mentioned before, the driverless cars and cabs are expanding. Self-checkout at the grocery store, restaurant based kiosks, fast-food automation, drone-based deliveries. And it doesn’t end there. Artificial Intelligence is also making a huge surge.

My prediction is of increased unemployment and adoption of automated systems will grow at a rapid pace. What our future will hold is uncertain. Some will retrain to service these devices, while the future for others will remain uncertain.

I was recently at a marketing seminar and heard much the same there with the same worries. That can’t be good if others are seeing it too.

Tagged , , , , ,

Hacking the Election

voting-machine

Can an election be hacked? The short answer. Yes. I’d like to say it is more difficult than some suggest, but more and more reports point to it occurring.

Over the last several weeks we have watched security experts on both sides of this issue comment about the potential of electronic voting machines to be hacked. But the most interesting and telling thing in all of this is how the Department of Homeland Security wants to take control of the elections.

The most compelling arguments on both sides show how difficult it would be to pull off a successful hack. Why? Because each State utilizes its own systems and methods for one. Election machines are usually off-line, locked in a secured room, and have security cameras on them.

In another case, some security professionals have proven that elections and voting machines are vulnerable and can be hacked in just 7 minutes. With that said, it has been reported that hackers have already targeted election systems in 20 States.

My take on this is that yes, voting machines can be hacked, and new additional controls need to be implemented in securing both the machines and the electoral process. Though having DHS taking control over that process eliminates current controls and adds another scary factor.

As we have seen in the past it is possible to rig or even hack elections. In 1968 a major glitch or error occurred giving Dick Gregory millions of votes. While an investigation failed to find any issues the blame was placed on programming. There is or was no REAL explanation of what happened. In fact, that election was so close – it may have just been a successful hack of the election for all we really know. Though that is speculation on my part.

In recent years we have seen the voting of cartoon characters, the deceased, and now illegals. We have also seen more votes cast than exists in the precinct population.

As I mentioned before there are sudden calls to have the entire Election process to now be controlled by the DHS. So who is trying to control the election?

What if it is people within our own Government or other actors within our Country that want to hack the election? Putting All the machines and the entire election process under DHS makes it easier if you ask me. Perhaps it is already being done.

Tagged , , , , ,