Security breaches they’re constant, they’re advanced, they’re
persistent, and they’re happening everywhere.
Hilton Hotels, Ashley Madison, CVS, Anthem, Premera,
IRS, OPM, and now T-Mobile.
Over the past year large scale companies have been hit,
through a multitude of tactics, infiltration points, and approaches and for
varying reasons. One thing is clear, these breaches are not slowing down. There
is a wide array of cyber security solutions on the market today. For those
looking to learn more about improving security via removal of admin rights, we’ve
put together a toolkit for National Cyber Security Awareness Month with
information that will be useful to your research.
Viewfinity Toolkit: National Cyber Security Awareness Month
In recognition of the 2015 Cyber Security Awareness Month, Viewfinity has compiled a succinct toolkit that provides a number of educational resources, business-related information, and tangible tools to help IT security professionals. Since there are an abundance of resources available related to IT security, for this toolkit, we focused on our core competency and what we do best.
All of us at Viewfinity would also like to use this national awareness as an opportunity to recognize all IT security professionals and solution vendors for their efforts in continuously improving skills and products related to combatting cybercrime. We hope this handful of materials related to the practice of least privilege security proves useful.
You can access the kit here.
Looks like the golden rule of “one should treat others as
one would like others to treat oneself” is being put into play by Google and select
academic institutions. They are
developing measures that will make it more expensive for cyber criminals to
create fraudulent accounts. This fights
the fight on a new battle front – the idea is to make it cost-prohibitive to
start the criminal behavior as a different approach to the perimeter defenses
through IT security solutions.
Dark Reading reporter Jai Vijayan, published an article that
explains how Google has teamed up with several academic institutions to devise “ways
to fight organized cybercrime by targeting the support infrastructure and
financial services used by threat actors to conduct illegal activities.”
long-term strategy is to target the support infrastructure and financial
services used by criminals,” Google says.
Vijayan explains in his article, “The goal of the effort is
to try and discourage fraudulent activity to the extent possible by making it
costlier for criminals to operate, Kurt Thomas and Elie Bursztein, two members
of Google’s Anti-Fraud and Abuse Research said in a blog post Thursday.”
“By studying and understanding how
cybercriminals are abusing the phone verified account system to do bulk
registration of fraudulent accounts, Google for instance, has been able to make
its accounts 30 to 40 percent costlier to register in the
black market,” Thomas and Bursztein said.
It’s a smart approach.
Google will just need to stay on top of the ways in which these
criminals will create new accounts that will not immediately be recognized for deceitful
Read the full article here:
Others Seek to Make Cybercrime Costlier For Criminals
Adam Greenberg, Senior Reporter for SC Magazine outlined an insider attack example of how stolen healthcare records are used reporting in his blog today "that a former CVS employee – CVS is Molina Healthcare's over-the-counter (OTC) benefits vendor – took their personal information from CVS' computers and sent it to his personal computer."
Greenberg's report, states that "CVS believes he did this to fraudulently obtain OTC products from CVS." Why stolen healthcare record information is needed to obtain OTC products is unclear to me, however one's mind immediately makes the leap to prescription medication. Now there's some information that can be exploited to gain access to narcotics and other drugs that might sell for hundreds of times their value on the street!
This is just another example of how healthcare information can be used for malicious intent, and not the standard run-of-the-mill exploit.
Read the full SC Magazine blog article.
Bob Bragdon VP/Publisher, CSO posted an infographic that highlights the findings from the 2015 U.S. State of Cybercrime Survey, conducted by CSO, PwC, the U.S. Secret Service and CERT Division of Software Engineering Institute at Carnegie Mellon University which dives deep into the origins, effects and causes of cybercrime.
Below is an excerpt from one of the sections in the infographic depicting the intensity and frequency of security incidents. A particularly alarming statistic is that 62% of respondents identified "3rd party vendors as the biggest risk to their supply chain/business ecosystem." This ties directly into the information reported by KrebsonSecurity related to the source of the Target breach - a small heating and air conditioning firm that worked with Target was hacked and VPN credentials were stolen and used to connect to Target's network. I believe we will learn about other breaches where hackers manipulated 3rd party vendor systems to attack a larger enterprise with whom they have an established partnership.
The full infographic can be viewed on IDG's website.
The last 12-15 months have seen the healthcare industry hit
hard with cybersecurity breaches and yet this data is not sold outright and
repurposed in the same way as credit card and other financial data. So why are healthcare companies a prime
target for hackers? It’s not necessarily
a “one and done” transaction. It’s all
related to the lifespan of the information and the ability to further exploit a
person’s medical history to gain free healthcare and access to prescription
meds. This is incredibly valuable to so
many individuals who do not have access to paid healthcare.