The Hollywood Presbyterian Medical Center ended up deciding to pay $17,000 in ransom after network computers with their Electronic Medical Records were hit by a ransomware attack. It's a little unnerving that the hospital did not seem to have any backups, and that 10 days elapsed from the time the data was locked up.
If you're wondering why malware is still such a problem for security software companies to detect, it seems to be because attackers literally change the signature for almost every organization they target with malicious code. It doesn't mean they have to build it from scratch, though. They only have to change it enough to make it look different to the scanning software. Here are a couple of other interesting things about the state of enterprise data breaches that I learned from the 2015 Verizon Data Breach Investigations Report.
If you have a feeling you should one day do some kind of check to see if you have anything from your network exposed on the Internet, you’re probably right. In fact, nobody else – including the security fairy – is going to do it for you. This goes for both home networks and businesses, although it’s probably a little more likely that employees of businesses may have installed things with severe vulnerabilities that management or the IT group doesn’t know about than people at home. But it does happen everywhere. In a recently documented case, the simple exposure of printer ports to the Internet led to a white supremacist being able to send racist messages to be printed on thousands of exposed printers over the Internet.
If you or your employer receives a threatening email saying that your website will be targeted with a Denial of Service Attack, don't be too quick to pay them to preempt the attack. A recent report by security firm CloudFlare disclosed that targeted victims appear to have paid as much as $100,000 USD based only on an email threat that was not credible, upon close analysis. It can be scary to receive such an email, but there are some clues that could help you determine if the threat is real or not.
While many people just think of WhatsApp as a convenient way to send messages from mobile devices, the company has taken serious steps to respond to recent concerns over global tracking and surveillance of mobile messages. In fact, WhatsApp now supports something called repudiation, which means that you could deny being the person who sent a particular message. Why would you want to do deny sending a message, and why would WhatsApp want to let you do that?
It seems unbelievable, but we are starting to see real incidents of connected products that are being abandoned by their manufacturers well before their end of life, leaving buyers with unusable hardware. The case of the Revolv hub sets an ominous precedent that should give us all pause for thought when buying any new hardware devices in the future. Essentially, they've decided to turn the products that people bought from them into bricks. Anything we might buy in the future, from light bulbs to cars, can (and probably will be) connected to the Internet. This fact, in itself, presents some risks that many security experts are trying to understand and communicate to people. But a more fundamental risk we all need to start considering is what happens if the manufacturer or vendor goes out of business, gets purchased by another company, or just decides to stop supporting the devices? You could be stuck with a brick, or at least a less useful version of what you thought you were buying. It might even cause more serious impacts.
I haven’t been able to find a reliable source for this story, other than that it was recounted by Leo Laporte on the Security Now podcast episode #561. However, the scenario illustrates a couple of interesting risks from using Smart devices, where the devices may have been returned by an original purchaser, and then purchased by somebody else.
If this sounds like old news, it actually is, but with a slight twist that you should think about. In 2012, LinkedIn was hacked, and password data for millions of the social network’s users was exposed. At the time, LinkedIn assessed the situation and made a public disclosure, as well as forcing millions of affected users to reset their passwords. However, they seem to have made an error in determining which accounts were actually at risk.