PCC-IT - Blog/Cyber Security Industry Commentary

Cyber Attack Update - “KillDisk” - December 29, 2016 Within the past 24 hours, Sandworm/Telebots gang activity has been reported regarding KillDisk ransomware. Formerly targeting SCADA systems in the U.S. in 2014, sharing of tools between cybercrime gangs brought the Russian Blackenergy cyber-espionage group into the picture, targeting mining and media companies in the Ukraine for espionage and sabotage, usually consisting of disk reformatting and data deletion. Currently, KillDisk is being deployed against Ukrainian banks as a backdoor trojan through phishing exploits as well as email attachments. However, with this attack the victims’ data is encrypted, only after substantial data collection ensues prior to the disruption of system files, file replacement, and revision of file extensions, offering the potential opportunity for detection and prevention of the ransomware attack utilizing PCC-IT International MSSP tools and services. The ransom is substantial for this attack, amounting to 222 Bitcoin, or approximately $215,000 USD. After responding via email to the demand appearing on your screen, and ransom payment, they will supply the decryption key to recover your files. Don’t let this happen to you....call us today for more information on our MSSP Cyber Security services.

Cyber Security Industry Updates and Commentary

HIPAA Compliance Breaches Can Be Costly HIPAA requires all covered healthcare facilities, hospitals, laboratories, and others to perform risk analysis on a regular basis in identifying data vulnerabilities. This year, numerous healthcare companies have been fined or had civil judgments as a result of single or multiple breaches of regulatory requirements. HIPAA guidelines can be found here. During 2016, the Office for Civil Rights has fined several organizations, including: - Care New England Health System (CNE) $400,000 for Woman & Infants Hospital of Rhode Island’s (WIH) loss of ultrasound results backup tapes on 14,004 patients along with insufficient written business associate agreements between the two organizations - Advocate Healthcare $5.55 million for three 2013 breaches affecting 4 million individuals, as well as lack of risk analysis and management, implementation of policies and procedures involving physical access to electronic information, lack of safeguard implementation by a business associate, and deficient employee security measures for mobile devices when offsite - Catholic Health Care Services of the Archdiocese of Philadelphia for 1 unsecured iPhone in the amount of $650,000 - Cancer Care Group, P.C. $750,000 for the theft of unencrypted backup media from an employee’s car - University of Mississippi Medical Center $2.75 million for multiple violations and lack of risk management measures initiation until after a breach involving 10,000 individuals’ ePHI (electronically protected health information) - Feinstein Institute for Medical Research (sponsored by Northwell Health, Inc., formerly known as North Shore Long Island Jewish Heath System) due to improper disclosure of research participants’ ePHI for $3.9 million - Lincare, Inc. civil monetary penalties from a summary judgment for $239,000 as a result of a single employee removing ePHI containing information on 278 patients and leaving it behind when they moved residences - New York Presbyterian Hospital $2.2 milion and 2 years of monitoring for impermissible disclosure of two patients’ protected health information to news media and the lack of appropriate ePHI safeguards HIPAA Compliance analysis services are a mandate for healthcare facilities on an ongoing basis in order to assure that all required measures are undertaken and maintained for all systems, data, and organizations. Contact us today to find out more about PCC-IT International’s HIPAA Compliance Services.

Cyber Attack Update Recent malware attacks have included WildFire masquerading as Hades Locker, leveraging of the Windows Troubleshooting platform to deliver malware, the Odinaff trojan active in the financial sector, Asruex shortcut infections, Flash Player threats from DealersChoice (Sofacy origin) and Android banking malware, EnRoute and DOWNDELPH from Sednit (aka Sofacy), Sarvdap spambot, the Bitter Pakistan attack, a new version of Hworm, Moonlight attacks against Middle East targets, phishing attacks from Operation Lotus Blossom, Veil-Framework, and those cloaked as “Brad Pitt Found Dead”, IRS, Tech Support Hard Drive delete, and Locky. Additional attacks from Sundown EK and Flying Dragon Eye have recently been reported.

Cyber Attack Update - 2016 Ransomware, Malware, and Non-Malware Attacks Accelerating At A Rapid Pace - January, 2017 2016 saw a marked increase in various types of attacks on businesses involving a broad cross-section of industries. According to Carbon Black, ransomware attacks increased by more than 50% over 2015, and were revealed as the fastest-growing malware across all industries with major victimization increases in the technology, energy/utility, and financial services industries. Although Locky deployment dominated the field, accounting for 25% of all ransomware-based attacks, CryptoWall, CrypXXX, Bitman, and Onion (CTB Locker) followed closely behind. Malware targeted virtually every industry with manufacturing as the leading target, along with non-profits, and utility/energy companies. Ransomware generated profits totaling $24 million in 2015 expanding to $875 million in 2016, evidencing the rapid growth of this industry of illegality. Non-malware attacks also grew substantially, with 1/3 of organizations surveyed suffering from at least one severe, non-malware attack. Non-malware attacks often leverage PowerShell and Windows Management Instrumentation (WMI), designed to maintain a low profile on the systems while wreaking havoc through data and credential theft, and/or IT environment surveillance. Exploitation of in-memory access and running applications, including web browser and Office applications is prevalent.. While antivirus programs are a necessary part of cyber defense, most cyber attacks rapidly subvert this protection, and proceed to cause sometimes irreversible damage. The message for SMB, as well as enterprise organizations: If you have not deployed 24 hour, 7 day a wekk, year round monitoring by trained, certified personnel, you are vulnerable to potentially costly intrusion, business disruption, and data theft. CALL US TODAY, TOLL-FREE AT 844-PCC-IT-INT (722-4846) to discuss your Cyber Security issues, and our state-of-the-art Managed Security Services Provider (MSSP) defense packages, each custom-designed to your orgnaization’s specific requirements.