ESET and the Ponemon Institute have conducted a study which revealed an alarming increase in cyberattacks against healthcare organisations. According to the study, healthcare organisations average about one cyberattack per month. Almost half (48 percent) of respondents said their organisations have experienced an incident involving the loss or exposure of patient information during the last 12 months. Yet despite these incidents, only half indicated their organisation has an incident response plan in place. Key findings of the study: Exploiting existing software vulnerabilities and web-borne malware attacks are the most common security incidents. According to 78 percent of respondents, the most…
ISBuzz Team
The news that millions of OpenSSL secured websites that are now at risk due to the new DROWN attack, Security experts from Rapid7 and Black Duck have the following comments on it. [su_note note_color=”#ffffcc” text_color=”#00000″]Tod Beardsley, Security Engineering Manager, at Rapid7 : The work behind today’s DROWN attack announcement represents the very best of open, collaborative, international security research. Academics and professionals actively probing the edges of practical cryptanalysis is the open source security promise. In the case of DROWN, the attacker does have to be in a privileged position on the network in order to eavesdrop on a TLS session, and…
Over the years, cloud applications have become more of the norm at organizations rather than the exception. The cloud is no longer the little sibling of on-premises applications. According to a report by Allied Market Research, there has been a huge growth in adoption with still more than a 30 percent growth predicted in the next four years. There are many reasons for this growth, including employees more frequently working from home or on the go and needing applications that they can access from anywhere at any time. As the cloud market continues to evolve and grow, there needs to…
Malware and potentially unwanted applications (PUAs) have become overwhelmingly polymorphic, with 97 percent of malware morphing to become unique to a specific endpoint device, according to a report from security specialist Webroot. Travis Smith, senior security researcher at Tripwire have the following comments on it. [su_note note_color=”#ffffcc” text_color=”#00000″]Travis Smith, Senior Security Research Engineer for Tripwire : “Attackers have learned that they need to adapt to their surroundings to avoid detection. Their adaption techniques include both polymorphic code as well as the ability to randomize the IP address of their command and control servers. It is important as defenders to have…
Obama administration’s decision to renegotiate an international pact that limits the export of cybersecurity products. The reversal follows months of pressure from the technology community and lawmakers who warned the vague definitions within the agreement would restrict companies’ ability to use legitimate tools to test and fortify their own defences. Harley Geiger, director of public policy at Rapid7 have the following comments on it. Harley Geiger, Director of Public Policy at Rapid7: “It’s very positive news that the Administration intends to renegotiate the Wassenaar Arrangement export controls on cybersecurity tools. As written, the Arrangement would hinder routine cybersecurity activities and harm…
Two German hospitals are being extorted by cyber criminals through ransomware. This follows the payment of the $17,000 ransom by an LA Hospital in February. Travis Smith, senior security researcher at Tripwire explains this growing trend of attacks. [su_note note_color=”#ffffcc” text_color=”#00000″]Travis Smith, Senior Security Research Engineer for Tripwire : “It’s not surprising that we are seeing more hospitals targeted following the breach of Hollywood Presbyterian Hospital. When ransomware infected consumers previously, victims were held ransom for a few hundred dollars. Now there is precedence for attackers to increase the price of ransom exponentially for businesses, who have a greater financial…
Researchers at Forcepoint Security Labs are helping businesses fight back against malware authors by reverse engineering the algorithms used by the Locky ransomware. Ransom demands are now getting into the tens of thousands of dollars, making this a key issue for businesses. But Forcepoint has analysed the Locky ransomware and published one month’s worth of domains generated by this version of the Domain Generation Algorithm, so businesses can check their logs, pre-populate alerts or set up blocking within their existing security solutions. Carl Leonard, principal security analyst at Forcepoint, said: “Malware authors regularly change their tactics to try and stay…
This weekend saw Cyber Security Challenge UK team up with Protection Group International (PGI) to create the ultimate insight into a cyber criminals mind – a life-size recreation of a hacker’s bedroom. This event formed the first in a series of competitions for Cyber Security Challenge UK, which aims to find the UK’s best cyber security talent. Combining the unique facilities at PGI’s Cyber Academy and its security specialists, which include former UK Government experts and military personnel, the event challenged 24 candidates to solve a crime akin to those encountered by law enforcement and intelligence agencies every day. The…
Our increasing reliance on data is causing it to evolve into a progressively valuable asset that needs effective protection. Unfortunately we are seeing a few stories in the news about data being hacked, or worse, stolen, meaning the need for exceptional protection is on the rise. To protect data assets you need to provide robust regulation, standards and governance as well as a superior technological infrastructure. So how are we doing that exactly? A lot of our work in the Isle of Man is data driven so we’re investing in enhancement of our services and leading the way in data…
The volume of malware targeting users of mobile devices grew more than three times in 2015, compared to 2014. The most dangerous threats in 2015 were ransomware, malware capable of obtaining unlimited rights on an infected device and data stealers, including financial malware. These are the main findings of the annual Mobile Virusology report prepared by the Kaspersky Lab Antimalware Research group. The 2015 mobile threat landscape in numbers: 884,774 new malicious programs were detected by Kaspersky Lab, a three-fold increase on 2014 (295,539). The number of new mobile banking Trojans decreased to 7,030 from 16,586 in 2014; 94,344 unique…