Halting Hackers: Safety Secured.

The world is evolving into a hyper-connected world, where what only a few years ago seemed like science fiction is becoming a reality thanks to IOT devices. These IOT devices range from refrigeration systems, automated manufacturing systems, medical systems and even coffee pots are connected.

Introduction

Medical systems are becoming the largest front-runner in this world, with recent reports pointing to over 3.7 million medical devices are being used to monitor the health of patients all over the world, [1] and the number is growing. However, with the growing numbers of the IOT device market, inevitably the security risks that will affect these devices are also increasing.

While securing regular systems is a daunting task in a world where even the cyber-attacks are becoming automated, securing IOT systems compounds the difficulty exponentially due to the devices rarely having built-in or even third-party defenses such as anti-malware. With medical equipment being used to monitor vitals, 3d print heart valves and having robots to assist in surgery, the risk of not securing these devices has risen far above just the loss of PII or HIPPA violations.

An attacker gaining access to a patient’s vitals with intent to manipulate the output is a scary thought. However, an attacker accessing the network, connected to a 3d printer, being used to print out a heart valve, and disabling the temperature safety features could potentially cause a fire within a lab which would be utterly terrifying.

Past vulnerabilities within IoT devices

IoT devices have already seen their fair share of “newsworthy” attacks. However, these are merely the ones detected or at the very least reported.

The Mirai Botnet
In 2016, the most massive DDOS attack ever was launched against the service provider, Dyn, using an IOT botnet. This attack crippled a large portion of the internet, including Twitter, the Guardian, Netflix, Reddit and CNN, proving that no one is truly immune to DDoS attacks. Attackers were able to control these IoT devices using a malware dubbed Mirai. The malware once present on a system continuously scanned the internet for vulnerable IoT devices, attempting the default usernames and passwords to log in to the devices. Such a wide variety of IoT devices were being used in the attack that it made it impossible for companies merely to patch or update the system.

Cardiac Devices at St. Jude
In 2016, the FDA confirmed that St. Jude Medical’s cardiac devices contained vulnerabilities that could allow an attacker to gain access to the device. [2] An attacker controlling these devices could either purposefully administer incorrect pacing or shocks. The implications of cardiac devices malfunctioning due to attacker intervention are staggering.

Importance of IoT security within the medical field

While important for every IoT owner, the need for securing these devices within the medical field holds higher consequences for not doing so.

Healthcare breaches are on the rise and those breaches have resulted in the theft or exposure of at least 176,709,305 healthcare records. [3] The average settlement for these HIPAA violation cases: $500,000.00 USD.

Most IoT medical devices contain PII about the patient they are attached to at that moment. From “doomsday” scenarios of further injury to patients to attackers gaining control are both terrifying HIPAA violations that are a more realistic and more prevalent issue that faces the medical field concerning IoT devices.

Securing the IoT

As with all systems, there are a few key ways to best guard your systems from attackers and IoT devices are no exception.

1. Don’t connect the IoT devices to your network unless necessary
2. Create a separate network from your main network
3. Change the default passwords of your IoT devices
4. Ensure firmware upgrades are installed
5. Keep personal devices separate from work IoT devices
6. Track and assess all company-owned IoT devices

However, these steps are only the beginning, and with the need for a constant network connection for most IoT healthcare devices, these steps may not be appropriate for the needs of the business.

All is not lost though, as there is monitoring software out there that will secure and protect IoT devices from outside influences. While IoT security is a hot commodity at the moment, there are three major players in the IoT security game: Zingbox, CloudPost and Medigate. These are cybersecurityarly stage providers for IOT cyber security product providers which specialize in Healthcare.

With Secure Nation’s team of skilled IT security experts and their background in IT management, information security, risk assessment, security policy audit and development, penetration testing, overall network design and project management, you’re in good hands. We help you to build a stronger information security and technology program. We work to not only strengthen your compliance status; but, also heighten your overall security posture without increasing cost.

References
[1] Internet of Things (IoT) Healthcare Market is Expected to Reach $136.8 Billion Worldwide, by 2021 https://www.marketwatch.com/press-release/internet-of-things-iot-healthcare-market-isexpected-to-reach-1368-billion-worldwide-by-2021-2016-04-12-8203318

[2] FDA Warns St. Jude Pacemakers Vulnerable to Hackers | Inc.com. https://www.inc.com/willyakowicz/fda-warns-st-jude-pacemaker-vulnerable-to-hackers.html

[3] Sivilli, F. (2018, July 31). HIPAA Violation & Breach Fines | List of HIPAA Violations. Retrieved from https://compliancy-group.com/hipaa-fines-directory-year/

Email Fraud Threat Report: Year in Review 2017

In its Email Fraud Threat Report: Year in Review 2017, Proofpoint (our parent company) highlights the rise of business email compromise (BEC) attacks during the course of 2017. The report draws from analysis of more than 160 billion emails sent to more than 2,400 organizations across 150 countries. Following are some of the key findings related to these specialized phishing attack patterns.
Continue Reading

The Internet of Things White Paper

Created by the State, Local, Tribal, and Territorial Government Coordinating Council, this white paper describes issues related to the “Internet of Things” (IoT). The Internet of Things (“IoT”) can be defined as the interconnection, via the internet, of computing devices embedded in everyday objects, enabling them to send and receive data.
Table of Contents:
  • Security and Privacy Implications For IoT Devices
  • Weaponization Of IoT Devices
  • Securing the Internet of Things
  • Laws, Standards and Guidelines
  • Resources
Continue Reading

What Is Social Engineering?

In this first segment of a two-part video blog, Wombat brings end users up to speed on the concept of social engineering. Viewers will understand what this threat is and the ways they might encounter social engineers in their work and personal lives, including phishing attacks, smishing text messages, social media fraud, vishing calls, and imposter scenarios.
Continue Reading

Massive 46M Dollar Cyberheist

Brian Krebs just reported on a massive 46M dollar Cyberheist. Tech firm Ubiquiti Networks Inc. disclosed this week that cyber thieves recently stole 46.7 million dollars using an increasingly common scam in which crooks spoof emails from executives at the victim firm in a bid to initiate unauthorized international wire transfers.
Continue Reading

How New Phishing Malware Rombertik Kills Your Hard Drives

InfoSec researchers at Cisco’s TALOS group discovered a strain of malware that spreads through phishing. Attackers use social engineering tactics to entice users to download, unzip, and open the attachments that ultimately result in the machine’s compromise. The strain is dubbed Rombertik, monitors everything that happens inside an infected machine’s browser and exfiltrates it to a server controlled by the attacker, similar to Dyre. However, when it detects that it is being analyzed, it takes extreme evasive action; it wipes the Master Boot Record (MBR) or home directories, trapping the machine in an infinite boot loop. The MBR is the first sector of a computer’s hard drive that the machine reads before loading the operating system. However, deleting or destroying the MBR involves re-installing the operating system, which almost always means data is lost. In what is likely a bit of sick humor from the criminals, in case it cannot get access to the MBR, Rombertik works just like ransomware and starts encrypting all files in the user’s home folder. The malware chooses a random 256-byte encryption key for each file, but none of the keys are saved anywhere, so you end up with what is effectively random, shredded bits instead of your files. After the MBR is overwritten, or the home folder has been encrypted, the computer is restarted. Only files with the extensions .EXE, .DLL, .VXD and .DRV will survive. The upshot: Rombertik begins to behave like a wiper malware sample, trashing the user’s computer if it detects it’s being analyzed. While the Cisco TALOS team has observed anti-analysis and anti-debugging techniques in malware samples in the past, Rombertik is unique in that it actively attempts to destroy the computer’s data if it detects certain attributes associated with malware analysis. What To Do About It: Ultimately, you need to practice defense-in-depth which protects your entire attack surface, but here are two tips that will mitigate attacks like this with the best bang for your IT security budget:
  • Have multiple layers (and different AV engines) of malware scanning in place; the firewall, your mail server/email gateway, and the desktop. That means a different vendor, using a different AV engine for your firewall, your mail server/email gateway and your endpoint AV. Then filter out almost all email attachment types except a few essential ones. Check out which AV engines your vendors use, because there is a lot of OEM-ing going on in the AV space, which might result in you using the same engine, but with a different label. Not good.
  • Step your users through effective security awareness training and follow up with regular simulated phishing attacks which will keep them on their toes with security top of mind.
  • Have good backup routines that are constantly tested to ensure if your data is lost that it can be easily recovered.
Contact us at SecureNation to discuss Defense In Depth, Employee Security Training, or Disaster Recovery options.

SCAM: Nepal Earthquake

More than 7,000 people dead and counting. And you can also count on cyber-criminals exploiting the disaster. What else is new. Disgusting. Scammers are now using the Nepal disaster to trick people in clicking on links, both on Facebook, Twitter and phishing emails trying to solicit charitable giving for the earthquake victims. It is typical of past disaster fraud scams in which the scammers play on the heartstrings of people that want to help the victims.  Here are some examples:
  • Facebook pages dedicated to victim relief contain links to scam websites.
  • Tweets are going out with links to charitable websites soliciting donations, but in reality included spam links or links that lead to a malware infection.
  • Phishing emails dropping in a user’s inbox asking for donations to the Nepal Earthquake Fund.
Previous disasters have been exploited like this, but the bad guys are going at it again will all guns blazing. Be wary of anything that is about the Nepal Earthquake in the following weeks. Please warn your employees, friends and family against this scam of the week. If you want to make a donation, go to the website of the charity of your choice and make a donation. Type the address in your browser, do not click on any links in emails or text you might get. THINK BEFORE YOU CLICK. Here is the FBI alert about this scam. It might be a good idea to send this link to all employees, an FBI alert usually has a bit more impact. http://www.fbi.gov/sandiego/press-releases/2015/fbi-warns-public-of-disaster-scams