Cloud Access Security Broker Keeping Confidential Information Confidential

In the past few years, the use of personal cloud storage has been on the rise, from GoogleDrive to Dropbox and even Microsoft Onedrive. These cloud storage options allow users to share data across computer systems, and while this can be seen as a boon in productivity for employees, these cloud storage services can become an IT security nightmare nearly overnight. Users and more importantly, employees have these services installed on their personal cell phones, personal computers, and even their work computers.

Malicious or Accidental Exfiltration of Company Data?

Every company has different policies on how data is to be handled, these policies are only as good at the tools and prevention measures that monitor and block malicious, or ignorant use by employees. While a company may have measures in place to monitor malicious use or exfiltration of files and information, are they monitoring every possible aspect? USB devices may be disabled but does the company have a way to monitor cloud storage or even data stored in the cloud? Who has access to the cloud storage, that a company’s confidential data may be saved to? How would a company even know if their data was being saved to cloud storage by malicious or even well-meaning employees?

Even well-meaning employees can create compliance violations, a nurse or medical transcriptionist saving patient data within the cloud on a personal storage account, could lead to hefty fines as well as possible loss of contracts or abilities to bid on future projects for the company. The average HIPAA fine currently being 1.5 million (a), so these types of slip-ups can and have cost companies greatly.

BYOD is a lurking issue for cloud storage

More companies are switching to BYOD, or Bring Your Own Device, and allowing users to have access to the company’s networks and data with their personal devices (b).  These devices often mobile devices, usually come preloaded with cloud access, be it Google Drive with Android devices, or icloud with Apple devices. While the rise in productivity seems to benefit companies, the potential loss of confidential or proprietary data is greater with this policy.

How to guard against this?

The answer to these problems is a simple one, CASB or Cloud Access Security Broker. “Cloud access security brokers” (CASBs) are on-premises, or cloud-based security policy enforcement points, placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as the cloud-based resources are accessed. CASBs consolidate multiple types of security policy enforcement. Example security policies include authentication, single sign-on, authorization, credential mapping, device profiling, encryption, tokenization, logging, alerting, malware detection/prevention and so on (c).”  

Essentially, a guardian of your companies data that alerts and forbids sensitive company, personal, or proprietary information from being loaded onto unsanctioned cloud services.

These systems achieve this goal in different ways, from scanning the information that is passed through the network, to checking the hashes of the files and information passing through the CASB.  In the case of Netskope, a popular CASB solution, as well as several others, even the use of steganography is not enough to get past the system and exfiltrate data.

Cloud DLP

All data stored within the cloud is not scary; however, it is still vulnerable to the same issues with security. Companies that have adopted the practice would be relieved to know that many of the big players in the CASB market offer a form of cloud DLP.

Cloud DLP specifically protects the companies that have moved to cloud storage by ensuring sensitive data is not stored on the cloud without first being encrypted, and is only sent to the authorized cloud services.  These Cloud DLP options will either alter or altogether remove the classified or sensitive information before it comes in contact with the cloud.

Some of the key benefits of this cloud DLP include:

  • Integration with cloud storage to scan servers, and then identify and encrypt data
  • Continuous audit of uploaded information
  • Instantly alert the proper administration when data has been put at risk.

Think of Cloud DLP as having a virtual security guard that checks the receipts of users taking files out into the world of the internet, and ensuring nothing gets taken that has not been approved.

The Big Players in CASB

According to the Gartner Magic Quadrant, there are four big players currently in the CASB market:

  • Netskope offering multiple built-in and tenant-specific threat intelligence feeds.
  • McAfee with their recently acquired Skyhigh Networks offering the ability to create Data Loss -Prevention Policies without the need for coding, allowing a recording extension to observe the behavior as the app is invoked.
  • Bitglass offering the ability to include enterprise digital rights management within their Data Loss Prevention policies.
  • Symantec offering a large range of predefined DLP selectors based on compliance, and other common factors.

 

Resources

(a) Sivilli, F. (2018, September 17). Average HIPAA Violation Fine now $1.5 Million. Retrieved from https://compliancy-group.com/average-hipaa-fine-is-now-1-5-million/

(b) BYOD Statistics Provide Snapshot of Future. (n.d.). Retrieved from https://www.insight.com/en_US/learn/content/2017/01182017-byod-statistics-provide-snapshot-of-future.html

(c) Cloud Access Security Brokers – CASB – Gartner tech definitions. (2018, February 08). Retrieved from https://www.gartner.com/it-glossary/cloud-access-security-brokers-casbs/

Halting Hackers: Safety Secured.

The world is evolving into a hyper-connected world, where what only a few years ago seemed like science fiction is becoming a reality thanks to IOT devices. These IOT devices range from refrigeration systems, automated manufacturing systems, medical systems and even coffee pots are connected.

Introduction

Medical systems are becoming the largest front-runner in this world, with recent reports pointing to over 3.7 million medical devices are being used to monitor the health of patients all over the world, [1] and the number is growing. However, with the growing numbers of the IOT device market, inevitably the security risks that will affect these devices are also increasing.

While securing regular systems is a daunting task in a world where even the cyber-attacks are becoming automated, securing IOT systems compounds the difficulty exponentially due to the devices rarely having built-in or even third-party defenses such as anti-malware. With medical equipment being used to monitor vitals, 3d print heart valves and having robots to assist in surgery, the risk of not securing these devices has risen far above just the loss of PII or HIPPA violations.

An attacker gaining access to a patient’s vitals with intent to manipulate the output is a scary thought. However, an attacker accessing the network, connected to a 3d printer, being used to print out a heart valve, and disabling the temperature safety features could potentially cause a fire within a lab which would be utterly terrifying.

Past vulnerabilities within IoT devices

IoT devices have already seen their fair share of “newsworthy” attacks. However, these are merely the ones detected or at the very least reported.

The Mirai Botnet
In 2016, the most massive DDOS attack ever was launched against the service provider, Dyn, using an IOT botnet. This attack crippled a large portion of the internet, including Twitter, the Guardian, Netflix, Reddit and CNN, proving that no one is truly immune to DDoS attacks. Attackers were able to control these IoT devices using a malware dubbed Mirai. The malware once present on a system continuously scanned the internet for vulnerable IoT devices, attempting the default usernames and passwords to log in to the devices. Such a wide variety of IoT devices were being used in the attack that it made it impossible for companies merely to patch or update the system.

Cardiac Devices at St. Jude
In 2016, the FDA confirmed that St. Jude Medical’s cardiac devices contained vulnerabilities that could allow an attacker to gain access to the device. [2] An attacker controlling these devices could either purposefully administer incorrect pacing or shocks. The implications of cardiac devices malfunctioning due to attacker intervention are staggering.

Importance of IoT security within the medical field

While important for every IoT owner, the need for securing these devices within the medical field holds higher consequences for not doing so.

Healthcare breaches are on the rise and those breaches have resulted in the theft or exposure of at least 176,709,305 healthcare records. [3] The average settlement for these HIPAA violation cases: $500,000.00 USD.

Most IoT medical devices contain PII about the patient they are attached to at that moment. From “doomsday” scenarios of further injury to patients to attackers gaining control are both terrifying HIPAA violations that are a more realistic and more prevalent issue that faces the medical field concerning IoT devices.

Securing the IoT

As with all systems, there are a few key ways to best guard your systems from attackers and IoT devices are no exception.

1. Don’t connect the IoT devices to your network unless necessary
2. Create a separate network from your main network
3. Change the default passwords of your IoT devices
4. Ensure firmware upgrades are installed
5. Keep personal devices separate from work IoT devices
6. Track and assess all company-owned IoT devices

However, these steps are only the beginning, and with the need for a constant network connection for most IoT healthcare devices, these steps may not be appropriate for the needs of the business.

All is not lost though, as there is monitoring software out there that will secure and protect IoT devices from outside influences. While IoT security is a hot commodity at the moment, there are three major players in the IoT security game: Zingbox, CloudPost and Medigate. These are cybersecurityarly stage providers for IOT cyber security product providers which specialize in Healthcare.

With Secure Nation’s team of skilled IT security experts and their background in IT management, information security, risk assessment, security policy audit and development, penetration testing, overall network design and project management, you’re in good hands. We help you to build a stronger information security and technology program. We work to not only strengthen your compliance status; but, also heighten your overall security posture without increasing cost.

References
[1] Internet of Things (IoT) Healthcare Market is Expected to Reach $136.8 Billion Worldwide, by 2021 https://www.marketwatch.com/press-release/internet-of-things-iot-healthcare-market-isexpected-to-reach-1368-billion-worldwide-by-2021-2016-04-12-8203318

[2] FDA Warns St. Jude Pacemakers Vulnerable to Hackers | Inc.com. https://www.inc.com/willyakowicz/fda-warns-st-jude-pacemaker-vulnerable-to-hackers.html

[3] Sivilli, F. (2018, July 31). HIPAA Violation & Breach Fines | List of HIPAA Violations. Retrieved from https://compliancy-group.com/hipaa-fines-directory-year/

Email Fraud Threat Report: Year in Review 2017

In its Email Fraud Threat Report: Year in Review 2017, Proofpoint (our parent company) highlights the rise of business email compromise (BEC) attacks during the course of 2017. The report draws from analysis of more than 160 billion emails sent to more than 2,400 organizations across 150 countries. Following are some of the key findings related to these specialized phishing attack patterns.
Continue Reading

The Internet of Things White Paper

Created by the State, Local, Tribal, and Territorial Government Coordinating Council, this white paper describes issues related to the “Internet of Things” (IoT). The Internet of Things (“IoT”) can be defined as the interconnection, via the internet, of computing devices embedded in everyday objects, enabling them to send and receive data.
Table of Contents:
  • Security and Privacy Implications For IoT Devices
  • Weaponization Of IoT Devices
  • Securing the Internet of Things
  • Laws, Standards and Guidelines
  • Resources
Continue Reading

What Is Social Engineering?

In this first segment of a two-part video blog, Wombat brings end users up to speed on the concept of social engineering. Viewers will understand what this threat is and the ways they might encounter social engineers in their work and personal lives, including phishing attacks, smishing text messages, social media fraud, vishing calls, and imposter scenarios.
Continue Reading

Massive 46M Dollar Cyberheist

Brian Krebs just reported on a massive 46M dollar Cyberheist. Tech firm Ubiquiti Networks Inc. disclosed this week that cyber thieves recently stole 46.7 million dollars using an increasingly common scam in which crooks spoof emails from executives at the victim firm in a bid to initiate unauthorized international wire transfers.
Continue Reading

How New Phishing Malware Rombertik Kills Your Hard Drives

InfoSec researchers at Cisco’s TALOS group discovered a strain of malware that spreads through phishing. Attackers use social engineering tactics to entice users to download, unzip, and open the attachments that ultimately result in the machine’s compromise. The strain is dubbed Rombertik, monitors everything that happens inside an infected machine’s browser and exfiltrates it to a server controlled by the attacker, similar to Dyre. However, when it detects that it is being analyzed, it takes extreme evasive action; it wipes the Master Boot Record (MBR) or home directories, trapping the machine in an infinite boot loop. The MBR is the first sector of a computer’s hard drive that the machine reads before loading the operating system. However, deleting or destroying the MBR involves re-installing the operating system, which almost always means data is lost. In what is likely a bit of sick humor from the criminals, in case it cannot get access to the MBR, Rombertik works just like ransomware and starts encrypting all files in the user’s home folder. The malware chooses a random 256-byte encryption key for each file, but none of the keys are saved anywhere, so you end up with what is effectively random, shredded bits instead of your files. After the MBR is overwritten, or the home folder has been encrypted, the computer is restarted. Only files with the extensions .EXE, .DLL, .VXD and .DRV will survive. The upshot: Rombertik begins to behave like a wiper malware sample, trashing the user’s computer if it detects it’s being analyzed. While the Cisco TALOS team has observed anti-analysis and anti-debugging techniques in malware samples in the past, Rombertik is unique in that it actively attempts to destroy the computer’s data if it detects certain attributes associated with malware analysis. What To Do About It: Ultimately, you need to practice defense-in-depth which protects your entire attack surface, but here are two tips that will mitigate attacks like this with the best bang for your IT security budget:
  • Have multiple layers (and different AV engines) of malware scanning in place; the firewall, your mail server/email gateway, and the desktop. That means a different vendor, using a different AV engine for your firewall, your mail server/email gateway and your endpoint AV. Then filter out almost all email attachment types except a few essential ones. Check out which AV engines your vendors use, because there is a lot of OEM-ing going on in the AV space, which might result in you using the same engine, but with a different label. Not good.
  • Step your users through effective security awareness training and follow up with regular simulated phishing attacks which will keep them on their toes with security top of mind.
  • Have good backup routines that are constantly tested to ensure if your data is lost that it can be easily recovered.
Contact us at SecureNation to discuss Defense In Depth, Employee Security Training, or Disaster Recovery options.