DOCSLIB.ORG

Healthcare Industry Cybersecurity Attack Trends

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Healthcare Industry Cybersecurity Attack Trends Healthcare Industry Cybersecurity Attack Trends Research eBook ▪ Healthcare Industry Realities ▪ Breach & Cyber Attack Realities ▪ Top Compliance Trends, Concerns ▪ Healthcare Needs, Requirements www.vertek.com 2 Healthcare Industry Realities Healthcare Industry Realities: A Large Target Significant Part of the U.S. Economy, Millions of Businesses, Massive Cyber & Compliance Drivers ▪ 26% of the U.S. economy ▪ 5,000,000 small and midsize businesses ▪ CE & Vendors (BA) ▪ 400% increase in enforcement ▪ 70%+ audit failure rate ▪ Healthcare #1 vertical for MSPs in 2018 Compliancy Group, MSPs & HIPAA Webcast 2018 Healthcare organizations are required to disclose ransomware attacks as though they were confirmed breaches due to U.S. regulatory requirements. This is the second straight year that ransomware incidents were over 70% of all malware outbreaks in this industry. https://healthitsecurity.com/news/health-sector-most-targeted-by-hackers-breach-costs-rise-to-17.76b www.vertek.com 4 Pandemic Driving Attacks The FBI’s IC3, or its Internet Crime Complaint Center, has reported a major increase in received cybersecurity complaints each day, according to The Hill — who goes on to explain that the number of cybersecurity complaints went up from 1,000 complaints every day, to over 3,000 to 4,000 per day since the beginning of the COVID-19 pandemic. www.vertek.com 5 Targeted Attacks Against Healthcare www.vertek.com 6 Pandemic Realities ▪ 100% of our clients instituted a work-from-home policy. ▪ 10-20% were fully prepared. Trusted sources that have posted home security tips for individuals and healthcare ▪ 1,700 malicious domains institutions: using “corona” or “covid” th as of April 14 . ▪ 1,200 domains are currently active. www.vertek.com 7 Healthcare Industry Realities Cont. Criminals capitalize on human and business weaknesses. ▪ Healthcare Staff: ▪ Mentally tired ▪ Emotionally tired ▪ Overworked ▪ IT, InfoSec, Operations: ▪ Legacy & unpatched systems ▪ Legacy and unpatched applications ▪ Understaffed IT departments ▪ Understaffed infosec departments ▪ Understaffed operations ▪ Unsecured 3rd party partners https://healthitsecurity.com/news/87-health-orgs-lack-security-personnel-for-effective-cyber-posture www.vertek.com 8 Cyber-Attack Realities Data Breach Realities 2019-2020 Education 6% Food/Bev 2% Mobile Telecom 0% Gaming 1% Cryptocurrency 0% Banking/Insurance Financial 12% Healthcare 43% Travel 1% Social Media 0% Government 5% Technology 4% Retail 5% Real Estate 1% Legal 1% Other 19% www.vertek.com 10 Healthcare Data: Under Attack Criminals look for specific data types. Personal Identifiable Information: Personal data, also known as personal information or personally identifiable information, is any information relating to an identifiable person. Electronic Health & Medical Records: Electronic Health Records are designed to follow a patient from one practice or specialist to the next throughout their lives. They provide a complete picture of the patient’s symptoms, vaccinations, treatments, and prescriptions. Electronic Medical Records (EMRs) live primarily at a single practice and show a clear picture of the symptoms and prescribed treatment for each visit. While they can be shared among medical facilities, EMRs are designed to remain in the office the patient visits. Protected Health Information: Protected health information under the U.S. law is any information about an individual’s health status, type of healthcare, or payment for healthcare that is collected by a covered entity. www.vertek.com 11 Healthcare Data: Under Attack & Valuable www.vertek.com 12 Inside the Mind of a Hacker Learn why hackers do what they do…and how they think. www.vertek.com 13 Healthcare Cyber Attack Realities: Growth Healthcare has been decimated by cyber-attacks. Healthcare Data Breaches of 500 Or More Records Number of Breaches in January 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2015 2016 2017 2018 2019 2020 https://www.hipaajournal.com/january-2020-healthcare-data-breach-report/ www.vertek.com 14 Healthcare Cyber Attack Realities: HTH Hacking the Human (HTH) is the most effective and common method of attack. 2019 Healthcare Data Breaches: Causes of 2019 Healthcare Breaches Location of Breached PHI Other Portable Electronic Device Improper Disposal Laptop Desktop Computer Loss Electronic Medical Record Theft Other Paper/Films Unauthorized Access/Disclosure Network Server Hacking/IT Incident Email https://www.hipaajournal.com/january-2020-healthcare-data-breach-report/ www.vertek.com 15 Healthcare Compliance Realities: Losses HIPAA settlements and civil and legal penalties are growing significantly. 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 https://www.hipaajournal.com/january-2020-healthcare-data-breach-report/ www.vertek.com 16 Healthcare Cyber Attack Realities: Jan 2020 Healthcare has been owned, and the attacks are not slowing down. January 2020 Healthcare Data Breaches Healthcare Data Breaches By Month Location of Breached PHI Desktop Electronic Network Other Paper/ Email Feb 19 Mar 19 Apr 19 May 19 Jun 19 Jul 19 Aug 19 Sep 19 Oct 19 Nov 19 Dec 19 Jan 20 Computer Medical Server Films Record https://www.hipaajournal.com/january-2020-healthcare-data-breach-report/ www.vertek.com 17 Healthcare Cyber Attack Realities: Jan 2020 Healthcare supply chain attacks and breaches continue to increase. January 2020 Healthcare Data Breaches January 2020 Healthcare Data Breaches Covered Entity Type Causes of Breaches Health Plan 5% Theft Business Improper Disposal Associate 2% Unauthorized Access/Disclosure Hacking/IT Incident Healthcare Provider 25% June 30, 2020 - Proofpoint researchers detected an increase in the number of email-based phishing campaigns used to deploy ransomware attacks as a first-stage payload over the last month. A stark contrast to the past year, where hackers primarily leveraged downloaders as the initial payload. According to the latest report, the small increase in the amount of ransomware sent via phishing emails may be a sign of what’s to come in the near future, as these attacks bear hallmarks to larger ransomware campaigns deployed in 2018. https://www.hipaajournal.com/january-2020-healthcare-data-breach-report/ www.vertek.com 18 Top 10 Corporate Attacks Phishing = 60% of fraud & malware attacks Ransomware = $8B to $11.5B in 36 Months Business Email Compromise = $4B to $8B in 36 Months Business Process Compromise = 50% of Market Unaware. Other Attacks Growing In Frequency AI-Malware-Exploit Kits Botnet-DDoS-PDos Brute Force, APT, Malwareless Attacks Harvesting, Snooping, Skimming System Process Compromise Embedded Code McAfee Labs 2018-2019 Embedded Code: Specter, Meltdown AI-Malware-Exploit Kits: GandCrab, Coinhive, Dorkbot Botnet-DDoS-PDos: Mirai, WireX, Reaper, Hajime, BrickerBot https://www.comparitech.com/blog/vpn-privacy/phishing-statistics-facts/ Telnet Brute Force, SSH, APT, Malwareless Attacks: Stuxnet, RDP. https://www.agari.com/email-security-blog/email-fraud-trends-report-q1-2020/ Harvesting, Snooping, Skimming: Traffic Spirit, MageCart, etc. https://www.darkreading.com/attacks-breaches/ransomware-damage-hit-$115b-in-201 9/d/d-id/1337103 www.vertek.com 19 You Are “Low Hanging Fruit” If You Are… Running devices and/or websites that have open ports and can be easily scanned and found via the internet Running older or have unpatched software and/or hardware Successful in the media, a CPA, Legal, a tech firm, healthcare firm, retailer, etc. holding private, sensitive data Serving high net worth, consumers, regulated businesses, or entities Sharing unencrypted data with 3rd parties via cloud, dropbox, or email A victim of or were part of a ransomware or malware attack or breach www.vertek.com 20 Growing Attack Surface (IoT) = Risk www.vertek.com 21 Healthcare Impact: TODAY www.vertek.com 22 Healthcare Impact: TODAY www.vertek.com 23 Compliance Trends, Concerns Compliance Trends: Growing Complexity, Costs ▪ State Level Regulation Complexity: NY (DFS), CA (CCPA), Others ▪ Federal-Gov Level Regulation Complexity: GDPR, EO13800, *137 Others ▪ Industry Regulation Complexity: Heavy Rate of Change Due to Cyber Threats, Legislation, Fed, Gov Actions ▪ Operational Complexity: Frameworks are heavily focused on technical controls & lack integrated view, critical program components: culture, capabilities, accountability, sustainability, resiliency, change California Consumer Privacy Act Enforcement, Fines Begin, HIPAA Fines Increasing, PCI Compliance Audit Methods Change to Address COVID-19 www.vertek.com 25 Data Privacy Compliance Concerns ▪ HIPAA: Any electronic health record or physical medical record, any patient related information or treatment information. ▪ PCI DSS: Any organization receiving payments via credit cards from patients will need to comply with the payment card industry data security standard. ▪ Personal Identifiable Information (PII): State regulations like NY DFS Regulation, California Consumer Privacy Act (CCPA), the General Data Protection Regulation (GDPR) 2016/679 (a EU law), and others are driving strict disclosure and protection regulations on consumer personal and private information such as name, address, telephone number, email. ▪ NIST: Any company, provider, insurer, or vendor that is exchanging information with state, local, higher education entities, or that is partnering with these entities, may be expected to adhere with the National Institute of Standards and Technology (NIST) framework. www.vertek.com 26 Regulatory Compliance Frameworks: Ongoing Complexity C NIST 800-53:
Load more

Recommended publications
  • Security Now! #664 - 05-22-18 Spectreng Revealed
    Security Now! #664 - 05-22-18 SpectreNG Revealed This week on Security Now! This week we examine the recent flaws discovered in the secure Signal messaging app for desktops, the rise in DNS router hijacking, another seriously flawed consumer router family, Microsoft Spectre patches for Win10's April 2018 feature update, the threat of voice assistant spoofing attacks, the evolving security of HTTP, still more new trouble with GPON routers, Facebook's Android app mistake, BMW's 14 security flaws and some fun miscellany. Then we examine the news of the next-generation of Spectre processor speculation flaws and what they mean for us. Our Picture of the Week Security News Update your Signal Desktop Apps for Windows & Linux A few weeks ago, Argentinian security researchers discovered a severe vulnerability in the Signal messaging app for Windows and Linux desktops that allows remote attackers to execute malicious code on recipient systems simply by sending a message—without requiring any user interaction. The vulnerability was accidentally discovered while researchers–amond them Juliano Rizzo–were chatting on Signal messenger and one of them shared a link of a vulnerable site with an XSS payload in its URL. However, the XSS payload unexpectedly got executed on the Signal desktop app!! (Juliano Rizzo was on the beach when the BEAST and CRIME attacks occurred to him.) After analyzing the scope of this issue by testing multiple XSS payloads, they found that the vulnerability resides in the function responsible for handling shared links, allowing attackers to inject user-defined HTML/JavaScript code via iFrame, image, video and audio tags.
    [Show full text]
  • Internet of Things Botnet Detection Approaches: Analysis and Recommendations for Future Research
    applied sciences Systematic Review Internet of Things Botnet Detection Approaches: Analysis and Recommendations for Future Research Majda Wazzan 1,*, Daniyal Algazzawi 2 , Omaima Bamasaq 1, Aiiad Albeshri 1 and Li Cheng 3 1 Computer Science Department, Faculty of Computing and Information Technology, King Abdulaziz University, Jeddah 21589, Saudi Arabia; [email protected] (O.B.); [email protected] (A.A.) 2 Information Systems Department, Faculty of Computing and Information Technology, King Abdulaziz University, Jeddah 21589, Saudi Arabia; [email protected] 3 Xinjiang Technical Institute of Physics & Chemistry Chinese Academy of Sciences, Urumqi 830011, China; [email protected] * Correspondence: [email protected] Abstract: Internet of Things (IoT) is promising technology that brings tremendous benefits if used optimally. At the same time, it has resulted in an increase in cybersecurity risks due to the lack of security for IoT devices. IoT botnets, for instance, have become a critical threat; however, systematic and comprehensive studies analyzing the importance of botnet detection methods are limited in the IoT environment. Thus, this study aimed to identify, assess and provide a thoroughly review of experimental works on the research relevant to the detection of IoT botnets. To accomplish this goal, a systematic literature review (SLR), an effective method, was applied for gathering and critically reviewing research papers. This work employed three research questions on the detection methods used to detect IoT botnets, the botnet phases and the different malicious activity scenarios. The authors analyzed the nominated research and the key methods related to them. The detection Citation: Wazzan, M.; Algazzawi, D.; methods have been classified based on the techniques used, and the authors investigated the botnet Bamasaq, O.; Albeshri, A.; Cheng, L.
    [Show full text]
  • Technical Brief P2P Iot Botnets Clean AC Font
    Uncleanable and Unkillable: The Evolution of IoT Botnets Through P2P Networking Technical Brief By Stephen Hilt, Robert McArdle, Fernando Merces, Mayra Rosario, and David Sancho Introduction Peer-to-peer (P2P) networking is a way for computers to connect to one another without the need for a central server. It was originally invented for file sharing, with BitTorrent being the most famous P2P implementation. Decentralized file-sharing systems built on P2P networking have stood the test of time. Even though they have been used to share illegal pirated content for over 20 years, authorities have not been able to put a stop to these systems. Of course, malicious actors have used it for malware for quite a long time as well. Being able to create and manage botnets without the need for a central server is a powerful capability, mostly because law enforcement and security companies typically take down criminal servers. And since a P2P botnet does not need a central command-and-control (C&C) server, it is much more difficult to take down. From the point of view of defenders, this is the scariest problem presented by P2P botnets: If they cannot be taken down centrally, the only option available would be to disinfect each of the bot clients separately. Since computers communicate only with their own peers, the good guys would need to clean all the members one by one for a botnet to disappear. Originally, P2P botnets were implemented in Windows, but developers of internet-of-things (IoT) botnets do have a tendency to start incorporating this feature into their creations.
    [Show full text]
  • Three Plead Guilty in US to Developing Mirai Botnet
    Source: https://internetofbusiness.com/three-plead-guilty-developing-mirai-botnet/ Three plead guilty in US to developing Mirai botnet By Rene Millman - December 18, 2017 Hackers go up before US federal court charged with creating Mirai botnet used in massive DDoS attacks. Three men have pleaded guilty to creating the Mirai IoT botnet, used in distributed denial of service (DDoS) attacks since 2016. A statement released last week by the US Department of Justice, it outlines plea deals and details of the three defendants: Paras Jha, 21, of Fanwood, New Jersey; Josiah White, 20, of Washington, Pennsylvania; and Dalton Norman, 21, of Metairie, Louisiana. The three admitted conspiracy to violate the Computer Fraud & Abuse Act. Jha and Norman also pleaded guilty to building an IoT botnet of 100,000 devices to carry out ‘clickfraud’, an Internet-based scheme that makes it appear that a real user has clicked’ on an advertisement for the purpose of articially generating revenue. In addition, Jha pleaded guilty to a third charge, related to a series of DDoS attacks on the networks of Rutgers University in New Jersey. Read more: Malwar! Hajime IoT botnet ghts back against Mirai Adopted by others The DoJ said the Mirai botnet was created during the summer and autumn of 2016, and went on to compromise 300,000 IoT devices, such as wireless cameras, routers, and digital video recorders. It added that the defendants’ involvement with the original Mirai variant ended in the fall of 2016, when Jha posted its source code on a criminal forum. Since then, other criminal actors have adopted Mirai and used variants in other attacks.
    [Show full text]
  • Comparing the Utility of User-Level and Kernel-Level Data for Dynamic Malware Analysis
    Comparing the utility of User-level and Kernel-level data for Dynamic Malware Analysis A thesis submitted in partial fulfilment of the requirement for the degree of Doctor of Philosophy Matthew Nunes October 2019 Cardiff University School of Computer Science & Informatics i Copyright c 2019 Nunes, Matthew. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the section entitled “GNU Free Documentation License”. A copy of this document in various transparent and opaque machine-readable formats and related software is available at http://orca.cf.ac.uk. Dedication ii To my family (blood or otherwise) for their love and support. iii Abstract Dynamic malware analysis is fast gaining popularity over static analysis since it is not easily defeated by evasion tactics such as obfuscation and polymorphism. During dynamic analysis, it is common practice to capture the system calls that are made to better understand the behaviour of malware. System calls are captured by hooking certain structures in the Operating System. There are several hooking techniques that broadly fall into two categories, those that run at user-level and those that run at kernel- level. User-level hooks are currently more popular despite there being no evidence that they are better suited to detecting malware. The focus in much of the literature surrounding dynamic malware analysis is on the data analysis method over the data capturing method.
    [Show full text]
  • Early Detection of Mirai-Like Iot Bots in Large-Scale Networks Through Sub-Sampled Packet Traffic Analysis
    Early Detection Of Mirai-Like IoT Bots In Large-Scale Networks Through Sub-Sampled Packet Traffic Analysis Ayush Kumar and Teng Joon Lim Department of Electrical and Computer Engineering, National University of Singapore, Singapore 119077 [email protected], [email protected] Abstract. The widespread adoption of Internet of Things has led to many secu- rity issues. Recently, there have been malware attacks on IoT devices, the most prominent one being that of Mirai. IoT devices such as IP cameras, DVRs and routers were compromised by the Mirai malware and later large-scale DDoS at- tacks were propagated using those infected devices (bots) in October 2016. In this research, we develop a network-based algorithm which can be used to detect IoT bots infected by Mirai or similar malware in large-scale networks (e.g. ISP network). The algorithm particularly targets bots scanning the network for vul- nerable devices since the typical scanning phase for botnets lasts for months and the bots can be detected much before they are involved in an actual attack. We analyze the unique signatures of the Mirai malware to identify its presence in an IoT device. The prospective deployment of our bot detection solution is discussed next along with the countermeasures which can be taken post detection. Further, to optimize the usage of computational resources, we use a two-dimensional (2D) packet sampling approach, wherein we sample the packets transmitted by IoT devices both across time and across the devices. Leveraging the Mirai signatures identified and the 2D packet sampling approach, a bot detection algorithm is pro- posed.
    [Show full text]
  • Why Choose Wisetrustboot?
    Connected devices require protection against the ever increasing threat of cyber-attacks. WISeTrustBoot will do just that. Embedding WISeTrustBoot in conjunction with WISeKey’s tamper resistant Secure Element VaultIC in a device will protect it against modification of its function, against botnets such as Mirai, Brickerbot or Hajime, ensures the data exchange with the device is not compromised and protects your business against device cloning. WISeTrustBoot does this by building a chain of trust, cryptographically validating every step of the chain, from boot until transmission of data. Additionally, it provides a mechanism to securely download and install updated versions of the firmware. WISeTrustBoot combines the strength of a tamper resistant chip, Chain of Trust state-of-the-art crypto libraries Why choose and strong digital signatures WISeTrustBoot? based on WISeKey’s recognized Authentic Integrity Trusted Authentic Authentic experience in Public Key Device Protected Boot Device Data Firmware Data Infrastructure Services and secure chip technology Examples of malware that can be avoided WISeTrustBoot provides Internet of Things: when using WISeTrustBoot full protection against Mirai Brickerbot Spectre and Meltdown malware on embedded Industry 4.0 Mirai was a malicious piece Brickerbot was a malware Discovered in early 2018, Utilities, smart grid connected devices: of software code, or Bot that that, once infecting a device, these two exploits use Building security, video targeted low cost consumer started to destroy it by vulnerabilities in widely Trusted Boot surveillance cameras… devices such as video deleting the data in storage implemented microprocessors and disconnecting it from the of for example personal Firmware signature validation cameras. A large number Smart Cities (street lighting, of these Bots where used network.
    [Show full text]
  • Digitalization of the Electricity System and Customer Participation
    DIGITALIZATION OF THE ELECTRICITY SYSTEM AND CUSTOMER PARTICIPATION Technical Position Paper WG4 DIGITALIZATION OF THE ELECTRICITY SYSTEM AND CUSTOMER PARTICIPATION Photo Alliander (Hans Peter van Velthoven) POSITION PAPER “Digitalization of the Electricity System and Customer Participation” description and recommendations of Technologies, Use Cases and Cybersecurity” ETIP SNET - WG4 September 2018 3 / 174 DIGITALIZATION OF THE ELECTRICITY SYSTEM AND CUSTOMER PARTICIPATION Authors: Working group 4 members from businesses, knowledge institutes, universities, governmental and public organisations. Authors are listed per chapter. Taskforce 1: Antonello Monti, George Huitema, Moamar Sayed-Mouchawe, Aitor Amezua, Liam Beard, Theo Borst, Miguel Carvalho, Angel Conde, Aris Dimeas, Guilaume Giraud, Hengxu Ha, Ludwig Karg, Georges Kariniotakis, Antonio Moreno- Munoz, Peter Nemcek, Eric Suignard, Arjan Wargers Taskforce 2: Elena Boskov-Kovacs, Esther Hardi, Norela Constantinescu, Daniel Mugnier, Asier Moltó, Miguel Carvalho, Sandra Riaño, Henric Larsson, Pierre Serkine, Gerhard Kleineidam, Marco-Robert Schulz, Jan Pedersen, Christian Lechner Taskforce 3: Marcus Meisel, Rolf Apel, Jeff Montagne, Miguel Angel Sanchez Fornie, Bruno Miguel Soares, Manolis Vavalis, Liliana Ribeiro, Arjan Wargers, Moamar-Sayed Mouchaweh, Antonello Monti, and Maher Chebbo Quality check: ETIP SNET EXCo Delivery date: September 2018 DIGITALIZATION OF THE ELECTRICITY SYSTEM AND CUSTOMER PARTICIPATION About ETIP-SNET Find out more at: https://www.etip-snet.eu. European Technology
    [Show full text]
  • Towards Developing Network Forensic Mechanism for Botnet Activities in the Iot Based on Machine Learning Techniques
    Towards Developing Network forensic mechanism for Botnet Activities in the IoT based on Machine Learning Techniques Nickilaos Koroniotis1, Nour Moustafa1, Elena Sitnikova1, Jill Slay1 1School of Engineering and Information Technology University of New South Wales Canberra, Australia [email protected] [email protected] [email protected] [email protected] Abstract. The IoT is a network of interconnected everyday objects called “things” that have been augmented with a small measure of computing capabilities. Lately, the IoT has been affected by a variety of different botnet activities. As botnets have been the cause of serious security risks and financial damage over the years, existing Network forensic techniques cannot identify and track current sophisticated methods of botnets. This is because commercial tools mainly depend on signature-based approaches that cannot discover new forms of botnet. In literature, several studies have conducted the use of Machine Learning (ML) techniques in order to train and validate a model for defining such attacks, but they still produce high false alarm rates with the challenge of investigating the tracks of botnets. This paper investigates the role of ML techniques for developing a Network forensic mechanism based on network flow identifiers that can track suspicious activities of botnets. The experimental results using the UNSW-NB15 dataset revealed that ML techniques with flow identifiers can effectively and efficiently detect botnets’ attacks and their tracks. Keywords: Botnets, Attack investigation, Machine learning, Internet of Thing (IoT) 1 Introduction An increasingly popular new term, is the Internet of Things (IoT). The concept of IoT dates back to the early 1980s, where a vending machine selling Coca-Cola beverages located at the Carnegie Mellon University was connected to the Internet, so that its inventory could be accessed online to determine if drinks were available [33].
    [Show full text]
  • Kindred Security Newsletter
    Security Newsletter 14 May 2018 Subscribe to this newsletter Vulnerabilities Affecting Over One Million Dasan GPON Routers Are Now Under Attack Two vulnerabilities affecting over one million routers, and disclosed earlier this week, are now under attack by botnet herders, who are trying to gather the vulnerable devices under their control. Exploitation of these two flaws started after on Monday, April 30, an anonymous researcher published details of the two vulnerabilities via the VPNMentor blog. His findings detail two flaws —an authentication bypass (CVE-2018-10561) and a remote code execution vulnerability (CVE-2018-10562). The most ludicrous of these two flaws is the first, which basically allows anyone to access the router's internal settings by appending the "? images" string to any URL, effectively giving anyone control over the router's configuration. By combining these two issues, the anonymous researcher said he was able to bypass authentication and execute code on vulnerable devices. A video by the VPNMentor crew summarizes the findings. Within just 10 days of the disclosure of two critical vulnerabilities in GPON router at least 5 botnet families have been found exploiting the flaws to build an army of million devices. Security researchers from Chinese-based cybersecurity firm Qihoo 360 Netlab have spotted 5 botnet families, including Mettle, Muhstik, Mirai, Hajime, and Satori, making use of the GPON exploit in the wild. Even if there is no official patch available, users can protect their devices by disabling remote administration and using a firewall to prevent outside access from the public Internet. Making these changes to your vulnerable router would restrict access to the local network only, within the range of your Wi-Fi network, effectively reducing the attack surface by eliminating remote attackers.
    [Show full text]
  • NTTDATA-CERT Global Security Quarterly Report: January - March 2018
    NTTDATA-CERT Global Security Quarterly Report: January - March 2018 May 23rd, 2018 NTT DATA Corporation © 2018 NTT DATA Corporation Table of Contents Executive Summary I. Hot Topic II. Forecast III.Timeline References © 2018 NTT DATA Corporation 2 Executive Summary In FY2017Q4 (January - March 2018), the attacks targeting cryptocurrency have continued from the previous quarter. We can know what the attackers are interested in, when we know the kind of attacks followed by the illegal access. Many cases of ransomware infection due to unauthorized login to the machines which could be remotely accessed from outside were reported earlier. However, recently the cases of cryptocurrency miner are being increasingly reported. In order to understand the trends in cyber crime, if we look back from the perspective of attacks where “damage amount per incident is huge” and attacks where “number of incidents are large”, the cases where illegal remittance takes place from cryptocurrency exchange Coincheck are considered as attacks where “damage amount per incident is huge” and cases where there is an increase in the botnet that mines cryptocurrency are considered as attacks where “number of incidents are large”. The cryptocurrency is being attacked by various means and continued vigilance is required against these attacks. Previously, ransomware was used in attacks such as spamming e-mails where “number of incidents are large". However, recently ransomware attacks are carried out by aiming at specific targets followed by illegal intrusions. Thus the trend of ransomware attacks (SamSam etc.) is shifting towards attacks where "damage amount per incident is huge" demanding a large ransom. Apart from cybercrime, the threat of WannaCry and its variants is increasing.
    [Show full text]
  • Iot Devices by Attackers, Has Been a Primary Area of Research for F5 Labs for Over a Year Now—And with Good Reason
    F5 LABS 2017 The Rise of Thingbots TABLE OF CONTENTS Executive Summary 04 Introduction 06 Rise of Thingbots 09 Mirai Thingbot 10 Global Maps of Mirai Thingbot Activity 11 Persirai Thingbot 16 Global Maps of Persirai Thingbot Activity 17 Telnet Brute Force Attacks 20 Top 20 Threat Actor Source Countries 22 Top 50 Attackers by IP Addresses and Their Networks 22 SoloGigabit: Standout Threat Actor Network 22 Attack Patterns Among the Top 10 Attacking IP Addresses 23 Countries of the Top 50 IP Addresses 23 Top 50 Attacking IP Addresses and ASNs 24 Top 50 Attacking IP Addresses by Industry 26 Most Commonly Attacked Admin Credentials 27 Conclusion 29 ABOUT F5 LABS 31 ABOUT LORYKA 31 F5 Networks | F5Labs.com Page 2 F5 LABS 2017 The Rise of Thingbots TABLE OF FIGURES Figure 1: Internet “things” connect the world around us and power our modern way of life 07 Figure 2: IoT attack plan—as easy as 1, 2, 3 08 Figure 3: Mirai scanners, worldwide, June 2017 11 Figure 4: Mirai loaders, worldwide, June 2017 12 Figure 5: Mirai malware binary hosts, worldwide, June 2017 12 Figure 6: Consolidated view: Mirai scanners, loaders, and malware, North America, June 2017 13 Figure 7: Consolidated view: Mirai scanners, loaders, and malware, South America, June 2017 13 Figure 8: Consolidated view: Mirai scanners, loaders, and malware, Europe, June 2017 14 Figure 9: Consolidated view: Mirai scanners, loaders, and malware, Asia, June 2017 15 Figure 10: Persirai-infected IP cameras, June 2017 17 Figure 11: Persirai C&C servers, June 2017 17 Figure 12: Persirai-Infected
    [Show full text]