Tag Archives: ransomware attack

Immediate Vault Immediate Access

3 Tips for CCPA Enforcement During COVID-19

Posted on by

As we move into the second half of 2020 and the California Consumer Privacy Act (CCPA) is officially enforced, we are also in the midst of a global crisis that was not properly on the radar when the regulation was enacted in January. Organizations are now being tasked with CCPA compliance in an unexpected remote work environment, with more personal data available online than ever before. And some organizations have the added privacy challenge of contact tracing practices or applications being used internally to monitor employee health.

Even in the remote work environment, relevant companies must ensure that they are informing customers and staff about what data they are collecting, options for which personal details are being gathered, the right to say no and opt out of data collection, the right to request deletion of their information, and equal pricing despite their privacy selections.

Many businesses are still struggling to implement these guidelines and are attempting to avoid significant penalties, all while meeting uptime demands. Below are some tips from security and technology industry experts for the best ways to implement CCPA compliance:

Rely on Data Privacy Regulation Experts 

There is increasing uncertainty around many businesses’ futures, and therefore, it is critical to turn to data privacy regulation experts for advice, guidance and technological support. 

“With exponential amounts of enterprise data only increasing, ensuring data privacy involves layered, complex challenges for any business. From a cloud hosting perspective, meeting evolving compliance and privacy regulations, such as the CCPA law which is just beginning to be enforced, is one of those layers. One of the most important steps organizations can take to guarantee they are on the right path towards compliance is to rely on hosting providers that have teams experienced with privacy law regulations,” said Lex Boost, CEO of Leaseweb USA.  

While it may be tempting to rely on internal teams during the economic downturn, employee burnout in already resource-strapped IT and security teams could cost the companies more in talent loss and potential breaches/fines. Thus, companies should evaluate external providers.

Boost also said, “These providers can guide the process needed to guarantee data is managed within current and upcoming privacy regulations, allowing organizations to focus on maximizing data usage and the experience for their customers.”

Have the Right Cybersecurity Measures in Place 

Proper cybersecurity measures are often major components for achieving compliance with a variety of regulations, but especially the CCPA, which is focused on protecting sensitive data and users’ privacy rights. With major hacks making recent headlines at companies like Twitter, and ransomware attacks that threaten to exfiltrate and leak private data on the rise, companies should be on high alert.

“Nobody is safe from an attack leaking personal information, and it’s absolutely essential that correct cyber measures are in place to secure privileged accounts, in particular, as thoroughly as possible. With more information online and spread out than ever before, hackers not only have the ability to scam people, but also undoubtedly have access to private messages, security information, and other personal data,” said Torsten George, cybersecurity evangelist at Centrify.  

On top of increasing breach risks, many companies’ distributed workforces are making security preparedness even more complex. But there are solutions, according to George: “To protect organizations during this transitional remote working phase and the implementation of CCPA, it’s imperative to provide your IT administration teams, outsourced IT, and third-party vendors with secure, granular access to critical infrastructure resources regardless of location and without the hassles of a virtual private network (VPN). Privileged access management solutions can both maintain compliance and enable secure remote access to on-premises and cloud-based infrastructures, securing all administrative access with risk-aware, multi-factor authentication (MFA), and maintaining the level of compliance CCPA requires.”

Look Toward the Future 

The CCPA currently protects Californian’s privacy rights, but many legal and security experts think this could inspire a similar regulation at the federal level if it is successful.

“The CCPA is the first law of its kind in the United States, and it could set a precedent for other states. And because it applies to most companies who do business with individuals residing in California, the sweeping new law promises to have a major impact on the privacy landscape not only in California, but the entire country. The passage of a cohesive U.S. federal privacy law, one that will preempt state laws, is gaining momentum. It has strong bipartisan congressional support, and several large companies from a variety of industry sectors have come out in favor of it, some even releasing their own proposals. There are draft bills in circulation,” said Wendy Foote, senior contracts manager at WhiteHat Security.

Foote also advised, “With a new class of representatives sworn into Congress in 2019 and the CCPA effectively putting a deadline on the debate and officially being enforced in July, there may finally be a national resolution to the U.S. consumer data privacy problem. However, the likelihood of it passing in the very near future is slim. A single privacy framework must include flexibility and scalability to accommodate differences in size, complexity, and data needs of companies that will be subject to the law.”

It will take several months of negotiation for lawmakers to agree upon how the federal law would be implemented. While companies wait for the passage of a national privacy law and for it to take effect, they must continue to monitor developments in both state and federal privacy law and adapt as necessary.

Consumer privacy will continue to evolve, particularly in the time of COVID-19. Because of this, newer laws and regulations, like the European Union’s GDPR and the CCPA, must be flexible and evolve over time too.

Ransomware Down, Extortion and Email Fraud Up in 2018, Proofpoint Finds

Posted on by

Ransomware may have waned at the end of last year, but that gave way to straight-up extortion, according to Proofpoint’s newest Quarterly Threat Report, Q4 2018.

Despite a slight resurgence in the middle of last year, ransomware strains appeared in “relatively small, sporadic email campaigns” that by Dec.

buy tobradex online healthdirectionsinc.com/flash/swf/tobradex.html no prescription pharmacy

31, 2018, comprised one-tenth of 1% of overall malicious message volume.

buy cymbalta online healthdirectionsinc.com/flash/swf/cymbalta.html no prescription pharmacy

buy elavil online https://royalcitydrugs.com/elavil.html no prescription

The consequence of this seemingly-good news was that direct extortion once again came en vogue, albeit in cyber form. The newest threats often took the form of “sextortion,” in which actors threaten to reveal compromising information (like revealing photos or video) or take destructive action if the victim does not pay a fee.

buy zofran online healthdirectionsinc.com/flash/swf/zofran.html no prescription pharmacy

Proofpoint theorized that actors have reverted to extortion simply because it is more cost efficient.

The report recommended tips to spot a sextortionist and call their bluff:

With rare exceptions, these emails do not contain malware or malicious links and rely on the human factor to trick recipients. Often, the threatening emails include “evidence” of compromise, such as an old password that the actor may have obtained from a data breach or simply guessed.

Additional findings and highlights from the report included:

  • 60% of companies’ domains were spoofed by email fraudsters, a nearly 10% increase from Q3.
  • Email fraud attacks against targeted companies increased by 226% quarter-over-quarter, and 476% vs. Q4 2017. Telecommunications, education and transportation were the industries experiencing this activity most.
  • Incidents of social media support fraud, or “angler phishing” – a type of phishing in which attackers attempt to insert themselves in legitimate conversations between consumers and brand-owned social media accounts – increased by nearly 40% from the prior quarter and saw an overall increase of 500% in 2018.
  • Emails leveraging malicious URLs outnumbered malicious attachments by roughly two-to-one for Q4 and three-to-one for the entire year.

Visit here for Proofpoint’s full quarterly report.

Prepare Now for Ransomware

Posted on by

In 2017, a company was hit with ransomware every 40 seconds. Organizations in all industry sectors were subject to ransomware attacks, as these attacks often opportunistically take advantage of security shortcomings. The average ransom demand was more than $1,000.00—greater than three times the average in 2015. What’s more, one in five business that paid ransom never got its data back.

So, how do you protect your business? First, make sure you are insured. While traditional policies provide little, if any, coverage for damage to electronic data—and none for other costs associated with cyber extortion—they are covered by cyber extortion insurance. This is available under many cyber liability policies. Cyber extortion provisions typically cover ransom payments and extortion-related expenses such as costs incurred in negotiating the ransom and restoring or replacing data or software.

But insurance is just one aspect of the protection your business should have. Companies also need to prepare an Incident Response Plan (IRP), that establishes responses to ransomware attacks. An IRP should be a “living, breathing” document that is consistently updated to ensure that its information and procedures are accurate and up-to-date. Typical topics addressed by an IRP are:

  • The Incident Response Team. The IRP must identify the team in charge of responding to ransomware attacks. This team should include an executive and inside counsel, and should provide back-ups in case first-line members cannot be reached. The IRP should contain 24-7 contact information for all team members, including means of contact that do not rely on the business-provided phones or email that may be affected by the attack.

Additionally, the IRP should identify team members’ specific responsibilities, such as implementing security measures, investigating the attack, communicating with the extortionists, communicating with customers or the public, and notifying insurance carriers and law enforcement.

  • Detecting an Incident. The IRP should identify steps for employees to take if they suspect or detect a ransomware attack.
    buy robaxin online dentalhacks.com/wp-content/uploads/2023/10/jpg/robaxin.html no prescription pharmacy

  • Approved Vendors. As you will likely need outside assistance to respond to an attack, your IRP should identify approved vendors such as outside coverage counsel, investigative and cybersecurity firms, and a PR firm to assist with external communications.
  • Reporting to Law Enforcement. The IRP should define when and how ransomware attacks must be reported to which law enforcement agencies. It should also address what evidence should be collected and preserved, and how.  Ideally, these issues should be discussed with the relevant agencies ahead of time, which also helps build a cooperative relationship with them.
    buy lexapro online familyvoicesal.org/resources/images/jpg/lexapro.html no prescription pharmacy

  • Notifying Insurance Carriers. The IRP should identify all insurance policies that could provide coverage for a ransomware attack and detail steps to comply with each policy’s notification requirements.
    buy celexa online familyvoicesal.org/resources/images/jpg/celexa.html no prescription pharmacy

    Outside coverage counsel can assist with both identifying relevant policies and provisions, and following notification requirements.

  • Responding to Extortionists. The IRP must identify who communicates with the extortionists and who decides whether and how to respond to their demands. This should include steps for how to make potentially required electronic currency payments.
  • Investigating the Incident. The IRP should define who is responsible for investigating a ransomware attack and include a checklist detailing specific response steps. It should also establish procedures to increase the chances of identifying the extortionists, and to detect and address security vulnerabilities.
  • Documenting the Response. The IRP should set forth steps to document both your response to and your investigation of the attack, including contacts with the extortionists, the decision-making process resulting in a response, and the technical response and investigation, including the preservation of evidence. Such documentation may be required by regulatory agencies or insurers.
  • Public Relations. To facilitate communications about the attack with customers or the public, the IRP should assign responsibility for doing so and define steps for preparing and releasing such communications.
  • User Training. End-user training of all employees, including management, is key to preventing ransomware attacks. The IRP needs to contain procedures to ensure that all employees receive such training periodically, as common threats change over time.

Appropriate insurance coverage; an IRP that is consistently updated, including through “post mortem” evaluations following attacks; and up-to-date systems security are critical to prepare your business for—and to the extent possible, protect it from—potential ransomware attacks.

North Korea Now Suspected in Ransomware Attack

Posted on by

The massive cyberattack that has struck businesses, government agencies and citizens in more than 150 countries may be tied to hackers affiliated with North Korea. Called WannaCry, the ransomware encrypts the victim’s hard drive and demands a ransom of about $300 in the virtual currency bitcoin.

According to the Washington Post:

Several security researchers studying “WannaCry” on Monday found evidence of possible connections to, for instance, the crippling hack on Sony Pictures Entertainment in 2014 attributed by the U.S. government to North Korea. That hack occurred in the weeks before Sony released a satiric movie about a plot to kill North Korean leader Kim Jong Un.

The New York Times reported that the malicious software, based on a vulnerability included in the National Security Agency tools published by the Shadow Brokers hacker group, was distributed via email. The ransomware takes advantage of vulnerabilities in Microsoft Windows systems, generating the largest ransomware attack to date. Although the flaw was patched by the company months ago, the wide spread of the attack illustrates how many users fail to update their software. Institutions and government agencies affected included the Russian Interior Ministry, FedEx in the United States and Britain’s National Health Service.

Organizations are advised to save their data and take other measures to avoid being hacked. Kroll said that while the particular ransomware variation involved in hundreds of thousands of incidents has now been rendered largely harmless, its cyber security and investigations team “strongly recommends that organizations recognize that a small change in the malware code could reactivate it. So action should be taken in conjunction with your technology unit to reduce your risk and prepare for inevitable future similar attacks. If the malware has entered your network, it has the ability to spread—and spread rapidly.”

According to Kroll:

  • Obsolete versions of Microsoft Windows are particularly vulnerable. We understand that there may be very specific circumstances that require you to use versions that are no longer supported, but now is the time to revisit the topic. See if there is any way you could use a supported operating system running a virtual version of the operating system you need.
  • Microsoft has been working to roll out updates that can fix the underlying security weakness that this malware exploits. You should make sure that both your personal and business machines running Windows are updated. We know that many people don’t want to take the time to close out all their files and restart their computers to allow updates to occur, but this is an important defense against the WannaCry ransomware. As an indicator of how serious the threat is, note that Microsoft has even released a security patch for the old Windows XP system. Please take steps to assure that all relevant machines running the Windows operating system are updated.
  • Organizations that don’t have well-thought-out backup and recovery plans are also very vulnerable. Management should be asking if there is a plan to assure that all important files are backed up in a way that will prevent a ransomware infection from attacking both the primary files and the backups.

President Trump ordered homeland security adviser Thomas P. Bossert to coordinate a government response to the spread of malware and find out who was responsible. According to the Times:

“The source of the attack is a delicate issue for the United States because the vulnerability on which the malicious software is based was published by a group called the Shadow Brokers, which last summer began publishing cybertools developed by the National Security Agency.”

Government investigators, while not publicly acknowledging that the computer code was developed by American intelligence agencies, say they are still investigating how the code got out. There are many theories, but increasingly it looks as though the initial breach came from an insider, perhaps a government contractor.

In a report, How to Protect Your Networks from Ransomware, the U.S. government recommends that users and administrators take preventative measures, including:

  • Implement an awareness and training program. Because end users are targets, employees and individuals should be aware of the threat of ransomware and how it is delivered.
  • Enable strong spam filters to prevent phishing emails from reaching the end users and authenticate inbound email using technologies like Sender Policy Framework (SPF), Domain Message Authentication Reporting and Conformance (DMARC), and DomainKeys Identified Mail (DKIM) to prevent email spoofing.
  • Scan all incoming and outgoing emails to detect threats and filter executable files from reaching end users.
  • Configure firewalls to block access to known malicious IP addresses.
  • Patch operating systems, software, and firmware on devices. Consider using a centralized patch management system.
  • Set anti-virus and anti-malware programs to conduct regular scans automatically.
  • Manage the use of privileged accounts based on the principle of least privilege: no users should be assigned administrative access unless absolutely needed; and those with a need for administrator accounts should only use them when necessary.