Symantec Security Summary #2

So much for ransomware being relegated to the status of a nuisance threat. Big corporate and government targets are still under attack from ransomware attackers - and the threats are mounting.

The latest: A large foreign currency exchange was forced to suspend service for a couple of weeks following a malware infection on December 31. More recently, an aerospace manufacturing company got hit in a data exfiltrating ransomware attack where some stolen files were published by the group behind the attack. And a Canadian government entity was attacked, leading to the posting of internal documents.

Why it matters: The newest round of attacks should dispel any notion the danger has passed. Ransomware grabbed big headlines in 2016 and 2017 but then the pace of attacks fell off in what turned out to be a false lull. The FBI’s warning last fall turned out to be prescient; at the time, the agency said it expected an uptick in ransomware attacks against "health care organizations, industrial companies, and the transportation sector as criminals look to pull off bigger heists by targeting larger corporate targets.

A new NIST ransomware draft framework is ready for review. Companies in need of guidance can take a look at the latest recommendations issued by the National Institute of Standards and Technology - NIST’s Special Publication 1800-25 and Special Publication 1800-26, which address how organizations can protect their assets and respond in case of a ransomware attack. The final framework is expected to be issued later in the year.

***

If you ever wanted to come up with a fitting name for the “bad guy” in a James Bond film, you'd be hard-pressed to do better than “Evil Corp.” That’s the moniker for the infamous Russian hacker group, which is believed to have ripped off online banking victims to the tune of $100 million plus over the last decade. Their preferred MO is to use email phishing campaigns to inject the Dridex malware that can use a variety of techniques to steal passwords, or create phony banking pages to fool a target into entering their credentials.

Evil Corp. has since been sanctioned by the U.S. Treasury Department.

But Evil Corp. isn’t the only worry for the financial sector. Banks and financial services companies are also being targeted by a group known as TA505, which has reportedly been targeting multiple banks and insurance organizations around the globe. Over the years, TA505 has carried out malicious spam campaigns distributing instances of the Dridex banking Trojan, Locky ransomware, Jaff ransomware, The Trick banking Trojan, and several others. In its latest burst of activity, TA505 has been identified as using HTML redirectors to deliver malicious Excel documents. Further, the group has demonstrated its adaptability, shifting tactics to carry out its felonious activities. One best practice to follow that can help mitigate your risk: Be extra-careful about clicking on Excel spreadsheets you didn’t ask for and don’t enable content on any document that’s not trusted.

***

New questions remain around election security. Super Tuesday came and went and foreign actors didn’t hack the elections. That’s the good news. But if this was a warmup for November, celebrations are not in order.

Voting glitches in Los Angeles resulted in frustrated voters left to complain that their voting machines weren’t working.  In Minnesota, voters searching online to find their polling locations were temporarily redirected to a partisan website. And in Texas, technology problems with voting machines contributed to longer-than-usual lines. (What’s more, robocalls targeted Texas voters, instructing Republicans and independents to show up at the polls while telling Democrats to vote the next day.) As complaints around the nation mounted, the Department of Homeland Security felt compelled to hold a conference call with reporters and dispel concerns that malign foreign interference factored into the problems. 

The takeaway: Yet again, technology turned out to be the culprit. In the aftermath of the voting debacle in Iowa, where a myriad number of technical problems delayed the release of the results by hours, the latest glitches now raise concerns that 2020 may be remembered as a year of electoral malfunctions.

***

The HIPPA Journal has pulled together data breach statistics from 2009 when the Department of Health and Human Services’ Office for Civil Rights first began publishing summaries of healthcare data breaches.   Needless to say, this revealing look at the state of cyber security in the healthcare industry doesn’t make for a pretty picture.

Key stats: More than 3,054 healthcare data breaches between 2009 and 2019 involving more than 500 records resulted in the loss, theft, exposure, or impermissible disclosure of 230,954,151 healthcare records. Also, the report notes an overall upward increase in the number of records exposed each year, with 2015 being the worst year on record for breached healthcare records with more than 113.27 million records compromised

No easy fixes in sight: The report underscores the fact that when it comes to healthcare, cyber security remains a proverbial work in progress. Despite increases in budgets and staffing, breaches and security incidents continue to climb with 2019 seeing more reported data breaches than any other year since records first started being published, with healthcare data breaches reported at a rate of 1.4 per day. Separately, a recent Ponemon study flagged healthcare as having highest the costs associated with data breaches at $6.45 million – over 60 percent more than the global average of all industries. And that’s for the 9th consecutive year.