Have you created a ShazzleMail account on your smartphone? This is a required first step.

Yes No

Free Encrypted Email

Posts Tagged ‘#cybersecurity’

Main Entrance Of Modern Hospital Building With Signs

Hackers Split On ‘Ethics’ Of Ransomware Attacks On Hospitals

September 14, 2016

Ransomware might be lucrative for some cybercriminals, but there are those who condemn holding hospitals to ransom.

Ransomware attacks against hospitals represent a growing threat which is becoming increasingly lucrative for some cybercriminals — even while other hackers are openly condemning extortion attempts against healthcare providers.
A combination of hospitals’ reliance on equipment powered by older operating systems and their often very urgent need to access medical data means that some hackers have looked at the institutions as a potentially rich target.
That was demonstrated when a Los Angeles hospital paid a $17,000 Bitcoin ransom after a Locky infection took down its network. But that wasn’t a one-off attack: there’s been a surge in ransomware-based cyberattacks against hospital networks across the globe, but particularly in the US.
Cybersecurity researchers from Intel Security analysed ransomware code from attacks against hospitals made during the first quarter of the year and discovered numerous Bitcoin wallets used to transfer ransom payments — Bitcoin having become the preferred currency of the cybercriminal — which showed that the hackers behind these hospitals attacks had amassed $100,000 from ransoms alone.
Researchers have described the ransomware attack methods used by such attackers as “effective but not very sophisticated”. While they don’t specify which variants of ransomware are being used, the description could point to the culprits using something like Cerber, which has been seen being made available as a ransomware-as-a-service scheme for use by even the most technically-illiterate wannabe cybercriminal.
Researchers also suggest the hospital attacks weren’t carried out by the sort of “malicious actors we normally face in ransomware attacks or breaches”.
Indeed, they found evidence that suggests that cyberattacks against hospitals are being carried out by those viewed as renegades even within the cybercriminal fraternity, judged negatively for their decision to carry out attacks against those which provision healthcare. In the Russian underground in particular, there’s an ‘ethical’ code of conduct which places hospitals off-limits — even in countries usually targeted by Russian-speaking hackers.
In one forum, criminals discussed the ethics of attacking hospitals at length: “Yes, this is pretty sad and a new low. These ransom attacks are bad enough, but if someone were to die or be injured because of this it is just plain wrong,” one user said, while another labelled hospital attackers as “dumbest hackers ever”.
While hospitals currently only account for a small percentage of ransomware victims, it’s feared that as ransomware becomes an increasingly appealing method of attack for hackers, more and more of them will attack the healthcare sector.
“With cybersecurity threats including ransomware rising at such a rapid rate, organisations are having to come to terms with the fact that it’s fast becoming a question of ‘when’, not ‘if’, they suffer a breach,” says Raj Samani, CTO at EMEA Intel Security. “It’s crucial that the likes of healthcare pick up the pace with cybersecurity. Vulnerabilities in these sectors provide hackers with access to extremely personal, valuable and often irreplaceable data and IP.”
Despite a few high profile cases, Intel Security researchers found that, in most instances, hospitals that became victims of ransomware didn’t pay hackers a ransom. In these cases, it’s likely that organisations found another way to decrypt the files — or they simply deemed the encrypted files to not be important enough to pay to get back.
Cybersecurity researchers and the authorities have both warned about the increasing threat of ransomware to corporate and public sector networks.

Tags: , , , , , , , ,

photolibrary_rf_photo_of_medication_in_hand

NHS Hospitals Told To Swallow Stronger Anti-Ransomware Medication

September 13, 2016

NHS Digital is set to start expanding the range of cybersecurity services available to UK hospitals and clinics.
CareCERT (Care Computer Emergency Response Team) launched in November 2015, offering a national service that helps health and care organisations to improve their cybersecurity defences by providing proactive advice and guidance about the latest threats and security best practices.
A service that initially focused on pushing out alerts about threats will be expanded to include three new services, each of which begins testing this month:
• CareCERT Knowledge – a new e-learning portal to help all health and care organisations train their staff in cybersecurity basics.
• CareCERT Assure – a service to help organisations assess their local cybersecurity measures against industry standards, including recommendations on how to reduce vulnerabilities.
• CareCERT React – advice on reducing the impact of a data security incident.
Public health and innovation minister Nicola Blackwood announced the expansion at the Health and Care Innovation Expo on Thursday. The rollouts come at a time of increasing security threats to UK hospitals and clinics, particularly from file-encrypting ransomware.
Almost half (47 per cent) of NHS trusts have been subject to a ransomware attack in the past year, according to figures from a freedom of information (FOI) request published last month. NCC Group’s FOI is based on requests to 60 trusts, 28 of which confirmed they had been victims of ransomware.
Independent infosec consultant Brian Honan, the founder and head of Ireland’s CERT, told El Reg that the increase in security services ought to be considered as a move to drive security improvements in UK hospitals in general, rather than a specific response to the ransomware threat.
“I do not see this as a reaction to ransomware as a recent FOI request submitted by Channel 4 showed that out of 152 NHS Trusts 39 were affected by ransomware,” Honan explained. “However, with the rising number of threats against computer systems this is a welcome and prudent move to enhance the security of the data, computers, systems, and networks the NHS increasingly relies on to provide its services.”

Tags: , , , , , , , ,

1453918268738309

Google Chrome Will Start Shaming Unencrypted Websites in January

September 9, 2016

Starting in January of 2017, Google’s Chrome browser will start flagging some websites that don’t use web encryption as “Not Secure”—the first step in Google’s eventual plan to shame all sites that don’t use encryption.
In the last couple of years, the web has seen a tremendous rise in the number of websites that use encryption, which is displayed by that little green lock next to the site’s address and an extra “s” at the end of HTTP. The increase in the use of HTTPS web encryption has been part of a collective effort to improve security and privacy on the web, often under the banner of the campaign “Encrypt All The Things.”
At the beginning of this year, Google hinted—without announcing it officially—that it was going to flag all unencrypted websites as insecure, as Motherboard reported. At the time, Parisa Tabriz, who manages Google’s security engineering team, said that Google’s intention was to “call out” websites that still were on HTTP as “unsafe.”
On Thursday, Google officially announced its anti-HTTP plan. The company isn’t going to shame all unencrypted websites all at once, but start only with HTTP sites that ask users to input passwords or credit cards. These sites will be flagged as “Not secure” in the Chrome address bar.
Then, in the future—Google is not saying exactly when yet—Chrome will flag all sites that don’t use TLS encryption as “Not secure” and also display a red triangle indicator, which Chrome already uses when users go to a dangerous website.
“We definitely do plan to label all HTTP pages as non-secure eventually,” Emily Schechter, the Chrome Security product manager, told Motherboard, explaining that the company didn’t want to all of a sudden flood users with warnings. “We really wanted to be careful about it and we wanted to get it right.”
Schechter explained that Google’s main worry is that displaying alerts for all HTTP sites right away would lead users to see too many warnings and, eventually, ignore them. In other words, Google wants to educate users about the risks of unencrypted websites striking the right balance and without leading them to what’s called as “warning fatigue,” a term that indicates when users get so used to warnings that they stop paying attention.
Google also wanted to announce the change before it was implemented to give webmasters time to migrate to HTTPS and not get caught by surprise, Schechter said.
While it seems like a small change, HTTPS provides multiple protections for users. Not only does it ensure that hackers and spies can’t easily intercept passwords and other sensitive data travelling on the internet, it also ensures that the site you’re looking at really is the site you want, and not an imposter. Without HTTPS, it’s trivial for a hacker sitting in the same public WiFi you’re using, or government spies, to spy on you and interfere with the sites you go to trick you into giving up sensitive information.
With this move, Google is pushing for even more HTTPS adoption. And at this point, an HTTPS-only future seems inevitable. Google reported that nowadays, more than half of the sites visited by Chrome users are encrypted already.

Tags: , , , , , , ,

hacking-edited

Global Cost of Cybercrime Predicted to Hit $6 Trillion Annually By 2021, Study Says

September 7, 2016

Start saving now. The global cost of cybercrime could reach $6 trillion by 2021, according to a Cybersecurity Ventures report.
A report out by Cybersecurity Ventures predicts global annual cybercrime costs will grow to $6 trillion by 2021.
While a $6 trillion estimate might be a little high, “a trillion dollars plus is a real possibility,” says Larry Ponemon, chairman and founder of the Ponemon Institute. Though this isn’t a number he saw coming down the pipeline. “If you asked me five or six years ago, I’d fall over,” he says.
The predicted cybercrime cost takes into account all damages associated with cybercrime including: damage and destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, embezzlement, fraud, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data and systems, and reputational harm. It does not include the cost incurred for unreported crimes.
Other research has shown that the cost of cybercrime increases the longer it takes to detect it, if it’s detected at all. According to the Ponemon Cost of Data Breach report, the longer it takes to find and resolve a breach, the more costly it will be for an organization. Breaches identified in fewer than 100 days cost companies an average of about $1 million less than those that take more than 100 days to be discovered, according to Ponemon. And in the 2016 Dark Reading Security Salary Survey, 9% of IT and infosec pros don’t even know if they’ve been breached. A study by The Office of National Statistics for England and Wales found that most cybercrimes go unreported.
The Cybersecurty Ventures report, which is a compilation of cybercrime statistics from the last year, also predicts that the world’s cyberattack surface will grow an order of magnitude larger between now and 2021

Tags: , , , , , , , , ,

A dealer reacts on the trading floor of IG Index in the City of London August 11, 2011. Firmer U.S. stocks pulled world shares higher on Thursday as strong U.S. jobs data took some of the focus away from renewed fears about the health of the euro zone banking system.  REUTERS/Toby Melville    (BRITAIN - Tags: BUSINESS EMPLOYMENT) - RTR2PTUZ

How Ransomware Became a Billion-Dollar Nightmare for Businesses

September 4, 2016

One cybersecurity firm estimates that extortive attacks now cost small and medium companies at least $75 billion in expenses and lost productivity each year.
In recent months, a proliferation of ransomware attacks has affected everyone from personal-computer and smart-phone owners to hospitals and police departments. An attack works like this: A virus arrives and encrypts a company’s data; then a message appears demanding a fee of hundreds or thousands of dollars. If the ransom is paid in time, the information is restored. At the heart of this new business model for cybercrime is the fact that individuals and businesses, not retailers and banks, are the ones footing the bill for data breaches.
According to an FBI tally, ransomware attacks cost their victims a total of $209 million in the first three months of 2016, a stunning surge upward from $24 million in all of 2015. However, that figure was based only on the complaints that victims reported to the bureau. In a new report, Datto, a Connecticut-based cybersecurity company, offers an alarmingly higher estimate that accounts for unreported incidents and lost productivity, which costs businesses far more than paying ransoms does.
The company’s survey of 1,100 IT professionals found that nearly 92 percent had clients that suffered ransomware attacks in the last year, including 40 percent whose clients had sustained at least six attacks. The report found that “less than 1 in 4 ransomware incidents are reported to the authorities.” Factoring in the cost and average amount of time lost to infections—an overwhelming majority of small businesses hit by ransomware face at least two days of downtime—as well as the number of businesses affected by them, Datto suggests that the financial impact of this brand of cybercrime starts in the range of $75 billion each year.
The company arrived at this figure based on an estimate from the Aberdeen Group, a consultancy, that an hour of inactivity costs small companies an average of $8,581 per hour. By comparison, Datto’s survey indicated that about three-quarters of the IT professionals said the ransoms paid were somewhere between $100 and $2,000. Overall, Datto estimates that $375 million has been paid out in ransoms in the past year, making lost productivity the much bigger concern.
Joe Gleinser, the president of GCS Technologies, an Austin-based IT support and services company, walked me through just how time-consuming it is for companies to deal with ransomware attacks, which generally starts with the appearance of “unusually named files” or files that suddenly can’t be accessed. “Locking the network down”—freezing some or all of a company’s systems—is typically the first step after the attack is recognized, in an effort to stop the damage and look for fixes.
“So that’s productivity hit number one,” he said. For a small business, that can mean an entire operation; for a larger one, it could mean a section or a division. “Obviously in certain industries that’s a lot more painful,” Gleinser added. “In health care, that can mean patients going untreated. If you don’t have that information, you don’t know what drugs were prescribed and sometimes it’s tough to make decisions.” Earlier this year, operations at a Los Angeles hospital came to a near halt, leaving staff to use faxes and paper notes to communicate before a $17,000 ransom was paid.
If a business has a well-maintained back-up system in place, data may be restored with only some small delays and limited expense. Should a sufficient back-up not be possible and should the inaccessible files be deemed important enough, the second step is paying the ransom, a practice that the FBI discourages, but says is not illegal under most circumstances.
“Paying the ransom is tricky business,” said Gleinser. “You’re dealing with criminals.” While many ransomers operate quickly, even attentively, that is not always the case. Datto’s survey found that 7 percent of IT professionals reported incidents where data was not restored even after a ransom was paid.
But even paying the ransom can be tricky. “If you don’t have Bitcoin right now, you’re probably not going to get it before the timer expires on the infection,” Gleinser said. “Many of these infections, as soon as you start the process to engage with the ransomer … you have about 48 hours before the data is non-recoverable to encourage you to move quickly.”
As one cybersecurity company executive told Business Insider last month, banks have started to keep tens of thousands of dollars in Bitcoin ready in case of an attack. “Buying bitcoin on any one of the U.S. exchanges is a three-to-five day wait time, so we’ve been forced into the position of having to stock bitcoin as if it were computer equipment and have it ready for our use,” Gleinser added. And even if a company is prepared to pay, when the deadline arrives, the price can jump, sometime double, triple, or even quadruple, or the data can be rendered permanently unrecoverable. “We’ve seen some clients who had paid the ransom and then immediately get attacked again,” he added.
So who is doing this? Ransomware attacks originate largely in Russian or Eastern European outfits, but in recent years, they’ve come from all over the world. Quoting FBI statistics, Gleinser says an average of 4,000 ransomware episodes now take place each day, mostly with no ideological rhyme or reason. These heavily-automated attacks have changed a basic business calculus whereby employers and management have started looking outward for threats instead of inward. “We’ve told clients the last 15 years, the number one threat is not the boogeyman, it’s … the third party you’ve already given access to your network. Disgruntled staff has by far been the largest security risk our clients have dealt with historically,” Gleinser said. “It’s not definitely true in this day and age. There definitely is a boogeyman out to get these guys.” With Bitcoin enabling easier and less traceable methods of cybercrime, ransomware attacks will almost certainly not be the boogeyman’s final evolution.

Tags: , , , , , , , ,

Introducing ShazzleMail Email and How it Works

Privacy is your Fundamental Human Right.

Our Daily Blog
main-snowden
Edward Snowden’s Autobiography Makes a Plea for the Fourth Amendment, the Right to Privacy, and Encryption
September 24, 2019

America's most famous whistleblower calls for restricting the power of government. Article by SCO...

Read more
ph
Chinese deepfake app Zao sparks privacy row after going viral
September 3, 2019

Critics say face-swap app could spread misinformation on a massive scale A Chinese app that lets ...

Read more
1463600977631262
Google tightens grip on some Android data over privacy fears, report says
August 19, 2019

The search giant ends a program that provided network coverage data to wireless carriers. BY CARR...

Read more
4000
Wikipedia co-founder slams Mark Zuckerberg, Twitter and the ‘appalling’ internet
July 8, 2019

Elizabeth Schulze Wikpedia Co-Founder Larry Sanger said in an interview social media companies ...

Read more
venmo_pub_priv
Why America Needs a Thoughtful Federal Privacy Law
June 26, 2019

More than a dozen privacy bills have been introduced in this Congress. Here’s what it needs to do....

Read more