If you think he missed something or if you have any comments at all, let us know below.
Oh, and if you missed the #LifeatWebroot feature about Kelvin, be sure to check it out.
Apologies for the lack of updates but I was at Caro and then Infosec over the last two weeks with a couple of holidays thrown in.
Kelvin at Infosec
Pretty Data (Breaches)The folks over at Information is Beautiful have compiled an interactive graphic displaying all of the major breaches from the last ten years. Each breach includes a story and like all graphics from IiB it is easy on the eye. Scrolling down through the various years it’s sad to note that the huge record busting breaches of the past have been dwarfed by recent headlines such as the Twitter and Marriott breaches of last year. As I’ve mentioned before Information Theft is the current criminal trend and is being seen across-the-board on “non-headline” or SME companies too.
Ransomware Halts Production for Days at Major Airplane Parts Manufacturer ASCOA few weeks back I talked about the “soft” targets of cyberattack. Namely health, transport, government, education and SMB. There is another target that is seeing increasing prominence in cybersecurity news and that is big industry.
Big industrial targets might spend more than say, a school or SME on cybersecurity but downtime is absolutely catastrophic when huge industrial processes are a factor. Ransomware is particularly nasty when hitting targets with a lot of time sensitive and knock-on processes such as an airport or a large manufacturer.
ASCOASCO is one of the worlds largest suppliers of airplane parts and things got so bad on Monday that production was ceased in four of it’s international plants and over 1000 of its workers were sent home.
Other AttacksOther recent ransomware attacks against big similar targets recently included those on Japanese mega-manufacturer Hoya Corporation and also the manufacturing giant Aebi Schmidt as well as the colossal shutdown of aluminium company Norsk Hydro.
Healthcare Orgs Hit with Destructive AttacksHealthcare organizations are also the target of ruthless ransomware attacks. Some criminals are even willing to put cancer and palliative care at risk to try and elicit a ransom. Hospitals (especially in Ireland) are sprawling and messy places and keeping track of the users and devices must be a nightmare for an admin, never-mind securing them.
A recent report shows that it’s not just ransomware that healthcare has to worry about and data-theft and breaches are also a big risk too.
This particular report “Healthcare Cyber Heist in 2019” survived industry CISOs and painted a bleak (but unsurprising) picture.
- 83% of surveyed healthcare organizations said they’ve seen an increase in cyberattacks over the past year
- Two thirds (66%) of surveyed healthcare organizations said cyberattacks have become more sophisticated over the past year
- With increased adoption of medical and IoT devices, the surface area for healthcare attacks is becoming even larger. The problem has been further compounded by limited cybersecurity staffing and stagnant cybersecurity budgets in the industry.
Quest Diagnostics Customers Affected by Third-Party BreachThe medical testing organization Quest Diagnostics has fallen victim to a third-party data breach that could affect nearly 12 million of their patients. AMCA, a collections agency that works with Quest Diagnostics, noticed unauthorized access to their systems over an eight-month period from August of last year through March 2019. The majority of data targeted were Social Security Numbers and other financial documents, rather than patient’s health records. The market offers a premium for such data”
University of Chicago Medicine Server Found Online“Researchers have found a server belonging to University of Chicago Medicine with personal information belonging to more than 1.6 million current and past donors. The data includes names, addresses, and even marital and financial information for each donor. Fortunately, the researcher was quick to inform the university of the unsecured ElasticSearch server and it was taken down within 48 hours.”
Telegram says 'whopper' DDoS attack launched mostly from China“The company's CEO has confirmed the timing coincided with the Hong Kong extradition law protests organized on his platform.”
"IP addresses coming mostly from China. Historically, all state actor-sized DDoS (200-400 Gb/s of junk) we experienced coincided in time with protests in Hong Kong (coordinated on @telegram). This case was not an exception," [Telgram CEO and founder Pavel Durov]
FBI Issues Warning on ‘Secure’ Websites Used For PhishingIt wasn’t long ago when infosec insiders were lecturing users to “look for the padlock!” when visiting websites.
Said padlock seen when visiting the Webroot.com site from my Chrome browser
This padlock to the left of a site’s URL signifies that is has been verified by a third party certificate and is definitely a good sign that a site is secure when browsing or conducting business online. However a lot of users have taken our lectures as gospel and are now assuming that this is a guarantee that a site is genuine. Criminals are now exploiting this trust and certainty in the TLS certificate system and are getting better are spoofing their own certificates. This has gotten so bad the FBI have issued a warning recommending that honest web surfers also use common sense (such as checking domain spelling) when judging if a site is good or bad..