Ohio Hospital Disrupted by Ransomware Attack

Ransomware, Security, Security Threats, Training, , ,
25
Dec 2018

Hospitals deliver a crucial service where productivity is key and any downtime can be disastrous. So, what happens when they’re struck by ransomware?

Healthcare providers are no strangers to ransomware as last year’s WannaCry attack demonstrated, so it would be safe to assume that hospitals are more vigilant than ever. And they are, but human error will always remain a factor and accidents can happen. A case in point is the East Ohio Regional Hospital (EORH) and the associated Ohio Valley Medical Center (OVMC) who have both suffered ransomware disasters in recent weeks.

While your organization may not be based in the healthcare section, hackers tend not to discriminate against their victims too closely and you could easily be next. Therefore, we’re going to take a look at what happened with EORH and the lessons that can be learned.

Emergency Room Chaos

The exact details behind the EORH ransomware attack have not been revealed as of yet, but a hospital spokesman has confirmed that their first line of security was considered redundant. This could indicate unpatched software or even poor staff training as the root cause of the attack, but this is purely speculation. Thankfully, the second line of defense employed by the hospital managed to stop the attack in its tracks and no data was breached, so there was no need to pay any ransom.

However, the impact of this ransomware attack led to a massive drop in productivity for the EORH. Computer networks had to be put into an immediate state of shutdown in order to protect any vulnerable data and, in many cases, staff had to move to charting patient data on paper. With split seconds being of significant importance in healthcare, this attack represented a major bump in the road for the EORH. Neither the EORH or OVMC were able to accept ER patients from emergency responders and these patients had to be redirected to other hospitals.

Combating Ransomware

The EORH were exceptionally lucky that their data remained safe and secure following the ransomware attack, but the downtime they experienced was a major disaster. And this is why all organizations need to be vigilant against such attacks. Downtime is never an option for an organization that wants to serve its clients, so make sure you follow these best practices:

  • Complete Regular Backups – No business can claim to be 100% immune from ransomware, but all businesses can regularly backup their data. And, if data is encrypted by ransomware, you then have the option to implement this backup and restore operations.
  • Multi-layered Security is Vital – As the EORH found, multiple layers of security prevented their ransomware burrowing too deep within their network and patient data was safely protected.
  • Educate Your Staff – The importance of educating your staff on the dangers of ransomware can never be underestimated. Humans are prone to error and, as one of your first lines of defense, they need to be educated on the threats they may encounter.
  • Limit Network Privileges – A simple method for limiting the spread of ransomware throughout your network is by limiting network privileges and access purely to those who need it. With every user having deep access into your network, there’s an increased risk of one data breach infecting the entire network.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Fileless Malware: The Rise of a New Threat

malware, Phishing Email, Ransomware, Security, , ,
18
Dec 2018

We’re all aware of the dangers of opening suspicious files, but what happens when hackers develop the skills to unleash malware without infected files?

Due to the popularity of file-based attacks, most security software concentrates on combating this particular avenue of hacking. And it’s certainly an effective method of shutting down most malware attacks before they’re able to steal or, in the case of ransomware, encrypt your data. Due to the success of blocking these attacks, hackers have had to go back to the drawing board and evolve their methods of attack in order to become less detectable.

The end result of this evolution has seen a rise in sophisticated hacking methods and, in particular, fileless malware is now beginning to grab headlines. And, due to the lack of knowledge of this development in hacking, attacks have increased in frequency and their success rate has also flourished. As fileless malware could easily hit your organization at any given time, it’s a good idea to educate yourself on the threat.

What is Fileless Malware?

You don’t have to be a security expert to understand that fileless malware is a malware variant which forgoes the use of infected files. Instead, fileless malware takes advantage of trusted Windows components such as PowerShell that are rarely checked for infections. PowerShell is hardly ever used by the average PC user, but it’s an important component that can be used to execute system administration tasks and, therefore, taking control of this is a hacker’s dream.

As mentioned, fileless malware does not involve the use of any files to infect a PC. The most common technique to launch an attack is through spam email which contains a link to an infected website. If that link is clicked then the user is transported to a spoof website where Flash player loads and, at the same time, activates a malicious script that accesses PowerShell on the victim’s PC. Infected PowerShell scripts are then downloaded which allow the hackers to collect sensitive data and transmit it back to a remote location.

How Do You Combat Fileless Malware?

Data leaks can be highly damaging not just for your staff and customers, but also your organization’s reputation. Therefore, with the advent of fileless malware, it’s essential that you understand how to protect your business from its malicious activity. To help you keep one step ahead of fileless malware, make sure you action the following:

  • If you don’t use PowerShell in your IT operations then disable it. This nullifies the threat of any PowerShell exploit. Additionally, the same applies to Windows Management Instrumentation which has also been discovered to be vulnerable to fileless malware.
  • Monitor the amount of data leaving your network. If there’s a spike in data leaving your network then it’s possible that this is the result of malware transmitting sensitive data to a remote hacker.
  • Don’t rely on antivirus software alone as this is less effective when it comes to fileless malware. Instead, practice vigilance and monitor any unusual emails.
  • Disable macros at all costs, unless they’re company approved, as macros are another tool employed by hackers as part of a fileless malware attack.
  • As ever, regularly update your software to reduce the chance of known software vulnerabilities being exploited.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Emotet: A Clever and Dangerous Brand of Malware

Emotet, malicious code, malware, Security, Security Threats, Trojans, , , , ,
11
Dec 2018

There’s no such thing as good malware, but some is certainly less trouble than others. And, when it comes to the Emotet malware, some are very dangerous.

First discovered in Europe in 2014, Emotet soon began to spread around the world and, before long, was infecting PCs in the US. Comprising several different functions and methods of attack, Emotet is a type of malware which has persisted in the digital landscape due to its constant evolution. Taking advantage of user errors and vulnerable systems, the hackers behind Emotet have managed to infect huge numbers of systems over the last four years. And it would appear that those who are coding Emotet are getting even cleverer.

Due to the severity of Emotet, and the lessons you can learn from it, I’m going to take you through the basics of Emotet.

What is Emotet?

Emotet is known as a banking Trojan due to the way it specializes in stealing user credentials including banking data as well as numerous other credentials. This is achieved by the injection of malicious code into infected computers which allows Emotet to transmit sensitive information.

As with numerous other brands of malware, Emotet delivers its payload through a combination of malicious URLs and infected attachments. Key to spreading the Emotet malware throughout a network is the way that Emotet takes advantage of the EternalBlue vulnerability, an exploit which affects unpatched versions of Windows XP through to Windows 7.

There is, however, more to Emotet than just stealing sensitive data. Adding another string to its bow, Emotet is also responsible for downloading other types of malware to infected PCs. These can include further banking Trojans such as TrickBot or modules as diverse as Outlook address book grabbers and spambots.

Why is Emotet So Clever?

The hackers behind Emotet are highly talented and this is why Emotet is so difficult to detect. Dedicated to their software, the hackers regularly update the code behind Emotet and this is then communicated to compromised systems. This change in Emotet’s DNA allows it, therefore, to remain undetected. Just as security experts believe they had identified the key signature of Emotet, they’re faced with a new variant which renders their work redundant.

New research has also revealed that Emotet’s Command and Control (C&C) server is split into two separate clusters. By designing their C&C server in this manner, the hackers can ensure that the source of Emotet is harder to track down. Additionally, this split of the C&C server allows Emotet to keep functioning if either of the clusters suffers a technical issue. For authorities, disabling this setup is highly difficult and underlines why Emotet has been so successful.

How Do You Protect Your PC from Emotet?

It’s important to protect your organization from malware at all times and variants such as Emotet are the perfect demonstration of why it’s crucial. So, if you want to maximize your defenses, make sure you follow these best practices:

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Security Trends to Look Out For in 2019

Cyber Attack, Encryption, Hacking, Internet of things, Ransomware, Security, Security Threats, , , , , , ,
04
Dec 2018

2018 has been a year where malware, ransomware and data breaches have barely been out of the headlines, but what’s in store for cyber-security in 2019?

As long as there’s a digital landscape, hackers will continue to launch an array of attacks that take in numerous different techniques. And, most importantly, they will continue to evolve their methods to avoid detection and cause more damage to networks and the PCs on them. With this in mind, it’s perhaps the best time to take a look at the security trends which will be most important for your organizations defenses next year.

To help you get prepared for next year, we’re going take a look at some of the major security trends to look out for in 2019.

Backups will continue to be Crucial

With ransomware still remaining a prevalent and major threat to secure and essential data, backing up your data regularly and rigorously will be a vital task for all organizations. Backups may seem a costly affair in terms of budget and time, but it only takes one employee to fall victim to a ransomware scam for your entire network’s data to be compromised. And with new ransomware scams such as Zenis deleting backups, it’s essential that offsite and non-network backups are also held.

Coinminer Malware Remains a Threat

Cryptocurrency is still a lucrative business and mining for cryptocurrency continues to generate large amounts of cash. However, whilst this is perfectly legal and above board, the use of coinminer malware is far from legal or ethical. Due to the amount of processing power involved in mining for cryptocurrency, hackers are using malware to enslave PCs remotely and using their processor power to mine for cryptocurrencies. This form of malware has become harder to detect and more sophisticated throughout 2018, so expect it to evolve further in 2019.

The Hacking of IoT Devices will Increase

Close to 27 billion IoT devices will be connected in 2019 – an increase of nearly 3 billion compared to 2018 – so you can bet your bottom dollar that the number of attacks in this arena will increase accordingly. Unfortunately, many owners of IoT devices are still neglecting to change the default password to access these devices and this is giving hackers free rein to take control of them. Not only does the default password debacle remain an issue, but hackers are now designing malware to take advantage of vulnerabilities in IoT devices.

Security Training

Due to the threats already presented, security training will become paramount in 2019. As hackers evolve their methods of attack at a rapid pace, keeping your organization’s staff aware of these threats is one of the best forms of defense you can employ. Awareness training hammers home the basics of good security practices and you’ll find that these can also be used to combat the new threats which will no doubt go head to head with your security defenses.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More