Tag Archive for: Organizations

Hackers have breached organizations in defense and other sensitive sectors, security firm says

/in


Posted:

Turn Off, Turn On: Simple Step Can Thwart Top Phone Hackers
Carolyn Kaster

FILE – In this Feb. 17, 2016, file photo an iPhone is seen in Washington. At a time of widespread digital insecurity it turns out that the oldest and simplest computer fix there is — turning a device off then back on again — can thwart hackers from stealing information from smartphones.

(CNN) — Suspected foreign hackers have breached nine organizations in the defense, energy, health care, technology and education sectors — and at least one of those organizations is in the US, according to findings that security firm Palo Alto Networks shared exclusively with CNN.

With the help of the National Security Agency, cybersecurity researchers are exposing an ongoing effort by these unidentified hackers to steal key data from US defense contractors and other sensitive targets.

It’s the type of cyber espionage that security agencies in both the Biden and Trump administrations have aggressively sought to expose before it does too much damage. The goal in going public with the information is to warn other corporations that might be targeted and to burn the hackers’ tools in the process.

Officials from the NSA and the US Cybersecurity and Infrastructure Security Agency (CISA) are tracking the threat. A division of the NSA responsible for mitigating foreign cyber threats to the US defense industrial base contributed analysis to the Palo Alto Networks report.

In this case, the hackers have stolen passwords from some targeted organizations with a goal of maintaining long-term access to those networks, Ryan Olson, a senior Palo Alto Networks executive, told CNN. The intruders could then be well placed to intercept sensitive data sent over email or stored on computer systems until they are kicked out of the network.

Olson said that the nine confirmed victims are the “tip of the spear” of the apparent spying campaign, and that he expects more victims to emerge. It’s unclear who is responsible for the activity, but Palo Alto Networks said some of the attackers’ tactics and tools overlap with those used by a suspected Chinese hacking…

Source…

How Healthcare Organizations Can Keep Active on Email Security

/in


Photography By Kyle Carpenter

The IT staff implemented Forcepoint’s email security gateway in a hybrid cloud and on-premises configuration. When incoming email arrives, Forcepoint in the cloud first scans and blocks spam, viruses, malware and phishing attacks. Emails deemed safe are then sent to MRHC’s on-premises Forcepoint virtual appliance, which performs another security scan to look for issues such as spoofed email headers, he says.

As a precaution, the appliance adds an external email warning in the subject line for emails from outside the organization. “It notifies the recipient to use extreme caution when opening attachments or links,” Chelmowski says.

In addition, Forcepoint’s Secure Web Gateway tool inspects links and stops users from going to malicious sites, while Forcepoint’s DLP software checks to ensure that users do not accidentally expose sensitive information in email or on websites. “If they are on a webpage and try to enter something sensitive, it can alert them,” Chelmowski says.

An email encryption virtual appliance doubles as another DLP tool, checking outbound email for protected health information. If found, it automatically encrypts the email before sending it.

LEARN MORE: Why is layered security essential to healthcare systems’ incident response planning?

If malicious emails somehow get through the Forcepoint technology, MRHC’s traditional on-premises security tools, such as firewalls and anti-virus desktop software, defend against threats. A security information and event management tool also aggregates logs from network and security devices to look for malicious activity.

“We try to limit the threat landscape as much as we can,” Chelmowski says.

Healthcare Cybersecurity Defense in Depth

The reliance on digital communication has grown during the pandemic for the Moffitt Cancer Center in Tampa, Fla., a 7,500-employee nonprofit with five core clinical locations and a cancer research facility. Securing email is a top priority, says Cybersecurity Operations Manager Hugh Percy.

The organization scans emails three times before they reach users: with the cloud-based Mimecast Secure Email Gateway, a next-generation firewall with an…

Source…

Basic Preventative Steps for Organizations

/in


Thursday, September 23, 2021

The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) recently issued a Ransomware Profile* identifying steps organizations can take to prevent, respond to and recover from ransomware events**. According to the profile, its “purpose…is to help organizations identify and prioritize opportunities for improving their security and resilience against ransomware attacks.” NIST encourages organizations to use the document as a guide for profiling the state of their own readiness and to identify gaps to achieve their goal.

IN DEPTH

Modeled on NIST’s Cybersecurity Framework Version 1.1, the profile provides practical guidance to organizations to protect against the ransomware threat, including the following “basic preventative steps”:

  • Use antivirus software at all times;

  • Keep computers fully patched, including scheduled checks and installation of patches “as soon as feasible”;

  • Segment networks;

  • Continuously monitor directory services (and other primary user stores) for indicators of compromise or active attack;

  • Use products or services to block access to server names, IP addresses, or ports and protocols that are known to be malicious or suspected to be indicators of malicious system activity;

  • Allow only authorized applications—including establishing processes for reviewing, adding or removing authorized applications—on an allowlist;

  • Use standard user accounts versus accounts with administrative privileges whenever possible;

  • Restrict personally owned devices on work networks;

  • Avoid using personal apps—like email, chat and social media—from work computers;

  • Educate employees about social engineering; and

  • Assign and manage credential authorization for all enterprise assets and software, and periodically verify that each account has the appropriate access only.

The profile outlines steps that organizations “can take now” to help recover from a future ransomware event, including:

  • Develop and implement an incident recovery plan that has defined roles and strategies for…

Source…

Majority of Organizations Uncertain They Can Recover from a Ransomware Attack, Says New Dell Technologies Report | Texas News

/in


ROUND ROCK, Texas, Sept. 9, 2021 /PRNewswire/ —

News summary

  • Study shows organizations are managing more than 10 times the amount of data than they did five years ago
  • Eighty-two percent of IT decision makers are concerned their existing data protection solutions won’t meet all future business challenges
  • Sixty-two percent fear their existing data protection measures may not be sufficient to cope with cyber threats, while 74% agree they have increased exposure to data loss with the growth of employees working from home
  • Dell EMC PowerProtect Data Manager with Transparent Snapshots uniquely offer organizations a simpler, faster way to protect VMware virtual machines at scale without compromising performance
  • Dell EMC PowerProtect appliances with Smart Scale can deliver cost savings and simplified management for large data environments
  • Dell Technologies Managed Services for Cyber Recovery Solution helps reduce risk of data loss with Dell experts operating cyber recovery vault processes and supporting data recovery efforts

Full story

The Dell Technologies (NYSE:DELL) 2021 Global Data Protection Index (GDPI) findings reveal organizations are facing several data protection challenges driven by the constant threat of ransomware and the consumption of emerging technologies such as cloud-native applications, Kubernetes containers and artificial intelligence.

According to a recent IDC survey, more than one-third of organizations worldwide have experienced a ransomware attack or breach that blocked access to systems or data in the previous 12 months.i To help address these rising – and seemingly inevitable – issues, Dell Technologies is introducing new software and services to accelerate virtual machine (VM) backup data availability, simplify management of large data sets, and maintain business continuity while alleviating dependencies on day-to-day cyber recovery operations.

“While ransomware attacks can be devastating for people and businesses, accepting defeat as a foregone conclusion is not the answer,” said Jeff Boudreau, president and general manager, Infrastructure Solutions Group, Dell Technologies. “We understand the stakes have never been higher, and the…

Source…