Posts

Does Abandoning Embassy in Kabul Pose Cybersecurity Risks?

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360


Cyberwarfare / Nation-State Attacks
,
Fraud Management & Cybercrime
,
Governance & Risk Management

Security Experts Size Up Impact of US Rush to Leave Afghanistan

Does Abandoning Embassy in Kabul Pose Cybersecurity Risks?

It’s unlikely that the U.S. abandoning its embassy and other facilities in Afghanistan poses cyber risks, thanks to the emergency planning that was in place, some security experts say.

See Also: OnDemand | Beyond Credit Risk: Onboard Thin-File Customers with Confidence

“Realistically, any cybersecurity impacts from the rapid evacuation are minimal to nonexistent,” says Jake Williams, a former member of the U.S. National Security Agency’s elite hacking team and co-founder and CTO at BreachQuest. “However, this is only because of lots of planning and practice with equipment and document destruction. Even if the situation on the ground moved faster than anticipated, these facilities would have prioritized lists of what to destroy first.”

The Taliban is not likely to be a cybersecurity threat to the U.S. because the group is focused primarily on establishing control of the Afghanistan government, security experts say.

Plus, as Frank Downs, a former NSA offensive analyst, notes: “Based upon the operating procedures of the Taliban in the past, it would be hasty to assume they are an advanced cyberthreat.”

Part of the advanced planning to secure the embassy and other sites took place last week when the Department of Defense Inspector General sent a notification to U.S. Army commands in the U.S. and Afghanistan,…

Source…

Consultant, school system officials say hackers pose common woes for institutions

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360


Jul. 16—While Joplin officials continue to mostly remain mum, a failure of the city government’s computer and telephone systems more than a week ago could have been the result of a ransom demand, a Joplin information technology expert says.

City systems seemed to be operating July 6, but city officials announced July 7 that the city’s computer systems were down. That interrupted the city’s internet-based telephone system and its online capabilities.

In a statement, the city called it a “network security incident” and said it was reported to a law enforcement agency.

There has since been no explanation of the cause and not much word on the status of the investigation. City officials did cite phone system restoration, but nothing about the computer systems. In recent days, the city has not made further statements or answered Globe questions sent to officials about the situation.

Ransomware attack?

John Motazedi, the owner of a local IT consulting firm, SNC Squared, speculated that the city might have been hit by ransomware, a malware program used to encrypt computer systems. Motazedi said his opinion is conjecture but that the failures reported by the city resemble what happens when hackers disable a system to demand a ransom payment.

Motazedi said there are several ways to infect a computer system with crippling software. It can be done by sending a coded program through an email that can unleash encryption through the system, downloading a malicious program without knowing it is infected, or by going into the system’s servers, the central brain of a computer system, to implant the encryption.

“Typically they get in through some administrative account because that account can get into other machines that are connected together,” Motazedi said. An administrative account is used by IT technicians to oversee computer operations and make changes to the system.

Once a system is overtaken by encryption of its programs, the user cannot operate the computer or the system but will instead receive a pop-up message to pay a certain amount of money to receive a code that can be used for decryption. Typically, internet criminals demand payment in bitcoins, a kind of online currency difficult to…

Source…

Russia hacking claims pose challenge for Biden – BBC News

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360



Russia hacking claims pose challenge for Biden  BBC News

Source…

Compliance with July 1 CMS Interoperability Rule Deadline May Pose Ransomware Risk | Arnall Golden Gregory LLP

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360


In recent months, the word “ransomware” has moved from a topic discussed only among cybersecurity professionals to a term used at dinner tables and water coolers across the country. Simultaneously, in the healthcare space, hospitals, healthcare systems, and payers are scrambling to meet the July 1, 2021 deadline for the first wave of interoperability and patient access requirements included in the final rule issued by the Centers for Medicare & Medicaid Services in June of 2020.

As system interoperability and connectivity increase, so does the risk of ransomware. Cybersecurity experts agree that one of the initial defenses against widespread ransomware is via network segmentation. Segmenting a network means, for example, ensuring that an organization’s IT environment is created in a manner where patient-facing technology does not interact with software running medical equipment. However, compliance with the Interoperability and Patient Access final ruling significantly impairs an organization’s ability to segment its network and exposes the organization to an increased risk of ransomware attacks.

To mitigate some of the risks while still complying with the Interoperability and Patient Access rule, we suggest companies do the following:

  • Frequent Backup – the more frequently data is backed up, the less power ransomware has over an organization. Losing an hour of data is much less harmful than losing a month.
  • Segmented and Encrypted Backup Encryption – although the rule makes it difficult to segment production environments, it does not prevent segmenting backup data. Companies should ensure that the backups are also encrypted to provide an additional layer of defense.
  • Thorough Vendor Review – an organization’s security is only as strong as its weakest link, and no complex healthcare ecosystem can exist without the use of third-party vendors. Therefore, vendors should be thoroughly vetted and investigated prior to onboarding to ensure that the security procedures do not introduce unnecessary risk into the technology environment.
  • Scoping for Clarity, Cooperation, and Root Cause Analysis – ensure that each of your vendors has an obligation to cooperate with both…

Source…