Tag Archives: computer hacking

Immediate Vault Immediate Access

Along with Hurricanes Come Hackers

Posted on by

Cyber crime
With hurricane season in full swing, supermarkets and electronic stores aren’t the only businesses in danger of looting. When defenses are down and attention is elsewhere during a natural disaster, critical data and intellectual property is just as vulnerable to looting as the shopping center down the street.

Each year, the amount of personal information targeted from data breaches only continues to grow. There was a new record set near the end 2015 when 191 million U.S. voters’ identities were exposed, surpassing the previous record for the largest single data beach. Personally identifiable information, including voters name, date of birth, gender, and addresses were exposed for more than a week before the database was officially shut down. Just imagine the opportunity for hackers during natural disasters when systems are down for a similar time frame.

Take “Superstorm Sandy,” back in 2012. Cyber criminals used confusion in the aftermath of the hurricane as part of a social engineering scheme to steal information. One organization received a call requesting an emergency download of sensitive personnel information needed to assist staff that had been affected by flooding. Lost internet connectivity as a result of the storm meant the help desk could not make a reasonable verification of who was making the request and sent the highly sensitive information to the bogus caller’s “backup site,” which was, as it eventually transpired, a system controlled by hackers. During times of crisis we are more susceptible to cyber criminals willing to prey on our good nature and eagerness to help.

The semi-controlled chaos of an emergency response is rife with opportunities for exposure of sensitive data. Here are five steps enterprises can take to minimize cyber exposure before, during and after a natural disaster.

  1. Security Analytics: According to the 2016 Internet Security Threat Report, the overall total number of identities exposed has jumped 23%, to 429 million. Security analytics tools allow IT managers to have full visibility into all network traffic, they can also help enterprises determine if and when anything happened, what systems and data were affected and if the attack has been contained. Monitoring these tools can also be outsourced to security service providers.
  1. Be Secure in the Cloud: During a natural disaster, buildings may be flooded or damaged and roads may be closed, ‘dedicated’ servers can lack the flexibility and access provided in a cloud environment. Access for continuing operations and first-responders operating from mobile devices can be critical in a disaster. But, it is important that your cloud is protected and monitored; access management is top priority. IT managers can use cloud access security brokerage technologies to restrict workers from creating accounts on services such as Box or DropBox and transferring restricted data. More importantly, the information residing in cloud applications can be encrypted and tokenized.
  1. Plan for Emergency Web Access & Bandwidth Management: Prioritizing access to the network becomes critical during natural disasters. With bandwidth tight, restrict and prioritize web access to only the most critical sites and resources. Set up a more restrictive web access policy prior to an emergency and be ready to deploy it when needed. Do the same for bandwidth management. Be ready to prioritize applications such as VoIP and cache critical information like official communications for viewing from a local cache.
  1. Protect social media and public websites: Customers will be looking for updates via social media and websites during and after emergencies. During these times, it is critical to protect public information resources. Web application firewalls can protect the website from common attacks, control input/output and access as well as detect unfamiliar traffic patterns. Twitter is a critical communication resource, but this can also be used to promote malicious information. Deploy security features such as two-factor authentication and verification codes for social media accounts.
  1. Practice, Practice, Practice. Table top exercises, readiness assessments and “live fire” exercises are essential to good preparation. I’m fond of the quote, usually attributed to the boxer, Mike Tyson: “Everyone has a plan until they get punched in the mouth.” Having led a significant number of crisis teams, every disaster presents unique challenges but successfully surviving a determined cyber criminal’s attempts demands on both preparation and practice.

While we can’t always predict the weather, with the right protocols for security in place, enterprises can ensure that their IT infrastructure is protected 24/7.

New Studies Highlight Sources, Patterns of Data Breach—And How to Do Better

Posted on by

Three recent studies provide a great reminder of the threats of data breach—and the role workers and IT departments play in either maintaining a company’s defense or letting malware storm the gates.

In its 2014 Data Breach Investigations Report, Verizon identified nine patterns that were responsible for 92% of the confirmed data breaches in 2013. These include: point of sale intrusions, web application attacks, insider misuse, physical theft/loss, miscellaneous errors, crimeware, card skimmers, denial of service attacks, and cyber-espionage. They have also identified the breakdown of these patterns in various industries, highlighting some of the greatest sources of cyber risk for your business:

Verizon Data Breach Investigations Report

Verizon’s report also offers specific information about the patterns and advice on how to respond to them.

Many sources of vulnerability come from within, and there is less variation than you might expect in terms of who the riskiest workers may be.

buy atarax online www.handrehab.us/images/patterns/jpg/atarax.html no prescription pharmacy

A survey by the Pew Research Center found that 18% of adults have had important personal information stolen online, including Social Security number, credit card, or bank account information—an 8% increase from just six months ago. Further, 21% of adults who use the internet have had an email or social networking account compromised. Two groups that make up a large part of the workforce were hit particularly hard during this period: young adults and baby boomers. The percentage of individuals in these groups who had personal information stolen online doubled between July 2013 and January 2014.

buy symbicort online www.handrehab.us/images/patterns/jpg/symbicort.html no prescription pharmacy

stolen personal data by age

But as this chart shows, all age ranges have experienced a significant amount of data theft as of the beginning of the year.

Indeed, according to meetings-software company TeamViewer, 92% of IT administrators have seen troublesome habits among office workers using company computers. These risky behaviors are frequently known to open the work system to viruses or other malware, including:

  • Browsing social media websites (reported by 82% of IT admins)
  • Opening inappropriate email attachments (57%)
  • Downloading games (52%)
  • Plugging in unauthorized USB devices (51%)
  • Plugging in unauthorized personal devices (50%)
  • Illegal downloads, such as pirated movies, music or software (45%)
  • Looking for other jobs (39%)

Further, nine out of 10 IT administrators reported witnessing problems to company equipment because of these actions, including viruses (77%), slow computers (74%), crashed computers (55%), mass popups (48%) and inability to open email (33%). Not only do these behaviors leave corporate infrastructure at risk, but they may endanger the overall HR program, as a vast proportion of IT workers report feeling frustrated, angry and discouraged.

buy xenical online www.handrehab.us/images/patterns/jpg/xenical.html no prescription pharmacy

Up to 12% even said that they were considering quitting over these bad behaviors and increased strain on the IT department.

So what can you do? Administrators agreed that better security software, using remote access to fix problems, installing disk cleanup software, integrating automatic backup solutions, and offering the ability to telecommute would all help mitigate these issues and make their jobs easier.

Target Sees Massive Customer Data Hack

Posted on by

It couldn’t have happened at a worse time for a retailer. Target informed shoppers that if they charged an item at Target stores between Nov. 27 and Dec. 15, their credit and debit card accounts may have been compromised—as much as 40 million cards in all.

While online shoppers typically have been the victims, this time hackers went through the physical checkout systems inside every Target store—about 2,000 stores, 1,797 in the United States and 124 in Canada. It’s possible that every shopper who swiped a credit card or entered a pin number at the point of sale had their information stolen.

Barbara Endicott-Popovsky, director of the Center for Information Assurance and Cybersecurity at the University of Washington told TIME Magazine that hacking “is a business. The general public would be shocked and amazed by the size of the problem.”

She added, “People who run companies are not aware that they’ve actually become software companies. We’re headed toward the internet of things, where we have embedded software in every product. What we’ve done is open up a whole host of vulnerabilities.”

In the past, criminals wishing to steal credit card numbers and PIN codes had to do so by placing a thin pad over an ATM key pad. Through this they had to capture both the credit card number as it was swiped as well as the PIN typed into the keypad, according to Business Insider. With this information they could create fake cards from blank cards with magnetic strips that can be used in ATMs. These hackers also must have a presence at the ATM to install the pad and later to remove it to retrieve the numbers Business Insider said. Because they could only get information from a few hundred cards a day, one machine at a time, hackers using this method have been limited.

Time reported that in a case such as this, strategies used to infiltrate a point-of-sale system can be similar to those used on other pieces of software. A piece of malware called Dexter, used to infiltrate point-of-sale programs, may have infected Target’s network. It is also thought to have been responsible for widespread credit card theft at fast food restaurants in South Africa this year.

To introduce Dexter to Target’s system, an employee could have purposefully left a backdoor open for hackers, Time said, or could have clicked a link unknowingly, allowing an entry point for the malware or other malicious code. It’s also possible the company’s wireless network was compromised.

Information reported stolen from Target customers includes names, credit or debit card numbers, card expiration dates and the three-digit security code, known as the CVV on the back of cards, USA Today reported. Target spokesman Eric Hausman, however, confirmed there is “no indication that debit card PINs were impacted.” Access to PIN numbers would allow the thieves to use stolen account data to withdraw cash from ATMs.

Time surmised that because of the scope and the timing of the Target theft—during the busiest shopping season—the hack was most likely done by organized cybercriminals. They would have had to plan for it well in advance and probably will sell the data for a few dollars per card. CNN said today that there is evidence the stolen information is already being sold and that the hackers most likely came from abroad where there is almost no penalty or access to the criminals by the FBI.

Andy Obuchowski, a director for security and privacy at consulting company McGladrey told USA Today that Target’s breach is the latest in a growing problem for retailers. The issue has increased as more companies outsource writing and maintaining software, he said.

In 2007, hackers accessed TJ Maxx’s central database and stole account information for more than 45 million credit cards by intercepting data as it traveled between hand-held price scanners and cash registers. Data breaches in recent years have also included Michael’s, Stop & Shop, Barnes and Noble, Aldi and Subway.

“This sort of hacking is absolutely on the rise, as the tools are more readily available for even novice hackers to utilize in their efforts to crack open companies’ computer systems,” Adam Levin, chairman of Identity Theft 911 and Credit.com told USA Today. “With a data breach of this type, the rewards — your money — are so great that it can only continue to increase.”

Target said in a statement that it alerted authorities and financial institutions immediately after it was made aware of the unauthorized access. As well as putting the appropriate resources behind these efforts, the retailer said it is partnering with a leading third-party forensics firm to conduct a thorough investigation.