A Californian hospital operator has made the move to take is network offline after it was hit by a major cyberattack.
Reports state that the Scripps Health computer network that operates across half a dozen hospitals and a number of outpatient facilities in the San Diego, California area was forced to move to offline procedures after hackers launched a major cyberattack.
The Californian hospital operator says it has contacted law enforcement and government agencies of the cyberattack, but failed to mention specifics of the departments it has informed of the potential data breach.Ā
Itās been rough sailing for organisations in the past year or so. In addition to the ongoing challenges of COVID-19, there are the effects of Brexit, increasing public awareness of privacy rights and regulatory pressure to improve data protection practices.
The specific costs will depend on the sophistication of the attack and how well executed it was.
For example, a DDoS (distributed denial-of-service) attack could knock systems offline for a few hours, creating a frustrated workforce and unhappy customers ā but otherwise the cost would be comparatively low.
By contrast, an attacker who infects an organisationās systems with ransomware could cripple them for days or even weeks. The cost of recovery, not to mention the ransom payment (if the organisation pays up) could result in losses of several million pounds.
For an estimate of how much cyber security incidents cost, a Ponemon Institute study found that organisations spend $3.86 million (about Ā£2.9 million) per incident.
However, it notes that organisations can cut this cost dramatically by addressing four key factors:
Incident detection
By implementing measures such as audit logs and forensics analysis, you will be able to spot breaches sooner and identify the full extent of the damage. The faster you do this, the less damage the attacker can cause.
Lost business
This relates to both the direct damage caused by the breach ā such as system downtime preventing you from completing processes ā as well as long-term damage, such as customer churn and reputational loss.
Organisations that are better equipped to continue operating while under attack will be able to reduce lost business.
Notification
This relates to the costs involved in disclosing incidents. For example, organisations may be required to contact affected data subjects, report the breach to their data protection authority and consult with outside experts.
Ex-post response
These are the costs associated with recompensing affected data subjects, as well as the legal ramifications of the incident. It includes credit monitoring services for victims, legal expenses, product discounts and regulatory fines.
Recognise, respond, recover
Navigating the cyber threat landscape has never been harder, but you will make life a lot easier by planning for disaster before it occurs.
TheĀ Cyber Security Breaches Survey 2021Ā found that directors and senior staff are placing a greater emphasis on data protection, but that doesnāt just mean preventing breaches. It also requires organizations to create processes to recognize, respond to and recover from incidents.
If the path to safety has been mapped out in advance, you can remain calm in the face of disaster and follow processes and policies that you have worked on and can trust.
If youāre looking for help creating that documentation, IT Governance can help steer you in the right direction. We offer a range of data protection and cyber security training, tools, software and consultancy services ā all of which can be delivered remotely.
You may be particularly interested in ourĀ Business Continuity Pandemic Response Service, which is tailored to help you address cyber attacks and other disruptions while operating with a dispersed workforce.
Whether your workforce is cautious about returning to the office as lockdown ends or youāre offering staff the opportunity to work remotely on a permanent basis, we have you covered.
The year 2020 broke all records when it came to data lost in breaches and sheer numbers of cyber-attacks on companies, government, and individuals. In addition, the sophistication of threats increased from the application of emerging technologies such as machine learning, artificial intelligence, and 5G, and especially from greater tactical cooperation among hacker groups and state actors. The recent Solar Winds attack, among others, highlighted both the threat and sophistication of those realities.
The following informational links are compiled from recent statistics pulled from a variety of articles and blogs. As we head deeper into 2021, it is worth exploring these statistics and their potential cybersecurity implications in our changing digital landscape.
To make the information more useable, I have broken down the cybersecurity statistics in several categories, including Top Resources for Cybersecurity Stats, The State of Cybersecurity Readiness, Types of Cyber-threats, The Economics of Cybersecurity, and Data at Risk.
There are many other categories of cybersecurity that do need a deeper dive, including perspectives on The Cloud, Internet of Things, Open Source, Deep Fakes, the lack of qualified Cyber workers, and stats on many other types of cyber-attacks. The resources below help cover those various categories.
Top Resources for Cybersecurity Stats:
If you are interested in seeing comprehensive and timely updates on cybersecurity statistics, I highly recommend you bookmark these aggregation sites:
The Best Cybersecurity Predictions For 2021 RoundupWhy Adam Grantās Newest Book Should Be Required Reading For Your Companyās Current And Future LeadersIonQ Takes Quantum Computing Public With A $2 Billion Deal
When selecting an attack detection solution, no single product will provide the adequate detection needed that is required to detect and defend against the current advanced threat landscape. The holistic aspect of defending against threat actors requires technology, expertise, and intelligence.
The technology should be a platform of integrated technologies providing detection at each point of entry that a threat actor may use such as email, endpoint, network, and public cloud. These should not be disparate technologies that donāt work together to holistically defend the organization.
We must use technologies that can scale against threat actors that have a very large number of resources. The technology should also be driven by intelligence cultivated from the frontlines where incident responders have an unmatched advantage. It is also important to remember that post-exploitation, threat actors masquerade as your own employeeās making it difficult to know legitimate from non-legitimate activity occurring on the network or your endpoints.
This is where intelligence and expertise is extremely valuable to determine when a threat actor is operating within the organization. Being able to identify the threat actors ācalling cardā and potential next moves, is paramount. While many solutions will claim they defend against advanced threats, it is important to understand the experience that a vendor has and how that is included into their product offering.
he Federal Communications Commissionās (FCC) Public Safety and Homeland Security Bureau on March 12 identified five Chinese companies they said posed a threat to U.S. national security. These companies are: Huawei Technologies Co., ZTE Corp., Hytera Communications Corp., Hangzhou Hikvision Digital Technology Co. and Dahua Technology Co.
The declaration, according to the FCC, is in accordance with the requirements of the Secure and Trusted Communications Networks Act of 2019, which requires the FCC to āpublish and maintain a list of communications equipment and services that pose an unacceptable risk to national security or the security and safety of U.S. persons.ā
In June 2020, the FCC designated both ZTE and Huawei as national security threats. āā¦ [B]ased on the overwhelming weight of evidence, the Bureau has designated Huawei and ZTE as national security risks to Americaās communications networksāand to our 5G future,ā said then-FCC chairman Ajit Pai. Pai continued, āBoth companies have close ties to the Chinese Communist Party and Chinaās military apparatus, and both companies are broadly subject to Chinese law obligating them to cooperate with the countryās intelligence services. The Bureau also took into account the findings and actions of congress, the executive branch, the intelligence community, our allies, and communications service providers in other countries. We cannot and will not allow the Chinese Communist Party to exploit network vulnerabilities and compromise our critical communications infrastructure. Todayās action will also protect the FCCās Universal Service Fundāmoney that comes from fees paid by American consumers and businesses on their phone billsāfrom being used to underwrite these suppliers, which threaten our national security.ā
ZTEās petition for reconsideration in November 2020 was immediately rejected. Huawai also petitioned for reconsideration, and their appeal was rejected in December 2020, after a few weeks of deliberation.
There are a number of reasons why synthetic fraud is on the rise, but there are also actions banks and other financial institutions can take to prevent this growing trend from doing damage.
Synthetic fraud on the rise
Banks around the world have faced difficulty in recognizing this type of complex fraud. Synthetic identity fraudsters are expert cybercriminals. They make use of the dark web to acquire legitimate personal information which they then blend with falsified information. They will then use this newly formed identity to establish a positive credit report and spend or borrow until theyāve maxed out their spending abilities.
They will often have multiple synthetic identities in play simultaneously to maximize the impact of their efforts. And it is hard to detect because these synthetic identities even have genuine profiles with the credit bureaus which the fraudsters creatively engineer.
An economic environment primed for fraud
Due to the economic toll the coronavirus pandemic has taken on the world,Ā global GDPĀ is expected to be negative this year. As a result, there has been and will continue to be an increase in the size of the banksā loan portfolios, as businesses that are struggling to manage working capital requirements in a challenging commercial climate seek new lines of credit. The same demand for additional credit is similarly anticipated for retail customers.
As such, it will be easier to hide fraud within an environment where there is more lending activity, a larger portfolio to monitor and more losses to recover. This environment allows criminals to hide inside the noise of economic turmoil, while financial institutions struggle to cope with the sheer volume of applications, overwhelmed with the amount of identity checking they have to undertake.
It will also become harder to differentiate between delinquencies and defaults from genuine customers in distress and deliberate attacks from fraudsters as these loans come due for repayment.
Further, more individuals may be tempted to turn to fraud to maintain their lifestyles in an environment where theyāve lost jobs, financial security and are dealing with other economic difficulties.
Microsoft announced the release of open-source CodeQL queries that it experts used during its investigation into the SolarWinds supply-chain attack
In early 2021, the US agencies FBI, CISA, ODNI, and the NSA released aĀ joint statementĀ that blames Russia for theĀ SolarWindsĀ supply chain attack.
The four agencies were part of the task force Cyber Unified Coordination Group (UCG) that was tasked for coordinating the investigation and remediation of the SolarWinds hack that had a significant impact on federal government networks.
The UCG said the attack was orchestrated by an Advanced Persistent Threat (APT) actor,Ā likely Russian in origin.
According to the security experts, Russia-linked threat actors hacked into the SolarWinds in 2019 used the Sundrop malware to insert theĀ Sunburst backdoorĀ into the supply chain of the SolarWinds Orion monitoring product.
Microsoft, which was hit by the attack, published continuous updates on its investigation, and now released theĀ source code of CodeQL queries, which were used by its experts to identify indicators of compromise (IoCs) associated withĀ Solorigate.
āIn this blog, weāll share our journey in reviewing our codebases, highlighting one specific technique: the use ofĀ CodeQLĀ queries to analyze our source code at scale and rule out the presence of the code-level indicators of compromise (IoCs) and coding patterns associated with Solorigate.ā reads theĀ blog postĀ published by Microsoft. āWe are open sourcing theĀ CodeQL queriesĀ that we used in this investigation so that other organizations may perform a similar analysis. Note that the queries we cover in this blog simply serve to home in on source code that shares similarities with the source in the Solorigate implant, either in the syntactic elements (names, literals, etc.) or in functionality.ā
The hack was caught before anyone was hurt by it, but KX wanted to know: how safe is our local water supply from cybersecurity threats? So, we went to the Bismarck Water Treatment Plant to find out.
āWeāre well aware of what happened in Florida, it definitely reached the news nationwide and it really is relevant for drinking water systems. Our drinking water system, it would not be possible to do the same type of activity.ā
Apple launched its M1 chip and cybercriminals developed a malware sample specifically for it, the latest generation of Macs are their next targets.
The popular security researcher Patrick Wardle discovered one of the first malware designed to target latest generation of Apple devices using the company M1 chip.
The discovery suggests threat actors are tailoring their malware to target the latest generation of Mac devices using the own processors.
Wardle discovered a Safari adware extension, tracked as GoSearch22, that was initially developed to run on Intel x86 chips, and now it was adapted to run on M1 chips.
āWhat we do know is as this binary was detected in the wild (and submitted by a user via an Objective-See tool) ā¦so whether it was notarized or not, macOS users were infected.ā reads the analysis published by Wardle. āLooking at the (current) detection results (via the anti-virus engines on VirusTotal), it appears the GoSearch22.app is an instance of the prevalent, yet rather insidious, āPirritā adware:ā
Bloomberg News has aĀ major storyĀ about the Chinese hacking computer motherboards made by Supermicro, Levono, and others. Itās been going on since at least 2008. The US government has known about it for almost as long, and has tried to keep the attack secret:
Chinaās exploitation of products made by Supermicro, as the U.S. company is known, has been under federal scrutiny for much of the past decade, according to 14 former law enforcement and intelligence officials familiar with the matter. That included an FBI counterintelligence investigation that began around 2012, when agents started monitoring the communications of a small group of Supermicro workers, using warrants obtained under theĀ Foreign Intelligence Surveillance Act, or FISA, according to five of the officials.
Googleās Project Zero has exposed a sophisticated watering-hole attack targeting both Windows and Android:
Some of the exploits were zero-days, meaning they targeted vulnerabilities that at the time were unknown to Google, Microsoft, and most outside researchers (both companies have since patched the security flaws). The hackers delivered the exploits through watering-hole attacks, which compromise sites frequented by the targets of interest and lace the sites with code that installs malware on visitorsā devices. The boobytrapped sites made use of two exploit servers, one for Windows users and the other for users of Android
The use of zero-days and complex infrastructure isnāt in itself a sign of sophistication, but it does show above-average skill by a professional team of hackers. Combined with the robustness of the attack code ā Āwhich chained together multiple exploits in an efficient manner ā the campaign demonstrates it was carried out by a āhighly sophisticated actor.ā
FBI officials say that threat actors have abused these misconfigurations to access SonarQube instances, pivot to the connected source code repositories, and then access and steal proprietary or private/sensitive applications.
Officials provided two examples of past incidents:
“In August 2020, unknown threat actors leaked internal data from two organizations through a public lifecycle repository tool. The stolen data was sourced from SonarQube instances that used default port settings and admin credentials running on the affected organizations’ networks.
“This activity is similar toa previous data leak in July 2020, in which an identified cyber actor exfiltrated proprietary source code from enterprises throughpoorly secured SonarQube instances and published the exfiltrated source codeon a self-hosted public repository.”
Could foreign cyber plots turn Americans against one another and cause a disastrous domestic conflict?
What would happen if the lights went out and the technology we rely upon to run American life is no longer available?
The present dangers are real. The US is more vulnerable to destructive foreign interference today than it has been in over a century. As Russia and China realize they canāt win shooting wars against the US, they have devised new and cunning ways to destabilize American politics and cripple the US economy. Cyber meddling in elections, disinformation campaigns, abuse of social media to widen racial and political divides, and the theft of military data are just some of the malicious acts threatening the Republic. Digital Downfall examines the potential effects of such attacks, with a look at:
The vulnerability of the US to cyber attack
American technological weaknesses that could be exploited by our enemies
How the US military could be affected by cyberwar
The possibility that the American Republic we know could be destroyed
Americaās relationship with racism
What the future may hold
And moreā¦The dangers posed by external sources can only be real when the internal politics of the United States is in a fragile state. The past four years bear testimony to this political decline as does every passing day of the Trump presidency.The perfect storm of external interference, a rampant and deadly pandemic, and a culture of racism that will no longer be tolerated is upon us.Who knows where it will lead to, or what will be left at the end.
Digital security – threats, risks and how to protect yourself
httpv://www.youtube.com/watch?v=QbyAVsbtGh0
How to protect your online privacy in 2020 | Tutorial
httpv://www.youtube.com/watch?v=jxeeKKfjb5o
The publication of āVault 7ā cyber tools by WikiLeaks marked the largest data loss in agency history, a task force concluded.
The theft of top-secret computer hacking tools from the CIA in 2016 was the result of a workplace culture in which the agencyās elite computer hackers āprioritized building cyber weapons at the expense of securing their own systems,ā according to an internal report prepared for then-director Mike Pompeo as well as his deputy, Gina Haspel, now the current director.