Cyber News Roundup: Cyber Threats Are Here, There, Everywhere – Including the Cloud

Editor’s Note: This is your cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including individuals, businesses, non-profit organizations, government entities, and educational institutions. Sign up to receive ongoing updates here.

It’s a big world. A world full of big cyber threats. Whether it’s a breach of every citizen in Ecuador, or millions of Americans’ medical images and data available on the Internet for all to see, or new hacking groups – the latest cyber threats are real and big, and happening everywhere.

The latest news reports that personal data about almost every Ecuadorean citizen has been exposed online. According to an article on BBC, names, financial information, and civil data of about 20 million people was found on an unsecured cloud server, available for all to see. The exposed files include official government ID numbers, phone numbers, family records, marriage dates, education histories, work records – a wealth of personally identifiable information (PII). Reporter Catalin Cimpanu, a ZD Net reporter who broke the story, said the information is “as valuable as gold in the hands of criminal gangs.” The source of the data, a Novaestrat database, has since been secured.

Meanwhile, closer to home, millions of Americans’ medical images and data medical data – including more than 16 million scans, names, birthdates, and in some cases, Social Security numbers – are available on the Internet, for anyone to view. ProPublica reports that hundreds of computer servers worldwide that store patient X-rays and MRIs are so insecure that anyone with a web browser or a few lines of computer code can view patient records. According to the article, “the insecure servers add to a growing list of medical records systems that have been compromised in recent years. Unlike some of the more infamous recent security breaches, in which hackers circumvented a company’s cyber defenses, these records were often stored on servers that that lacked the security precautions that long ago became standard for business and government agencies.”

Under U.S. law, HIPAA, health care providers and their business associates are legally responsible and accountable for security the privacy of patient data. The consequences of unauthorized access to such information could be devastating. “Medical records are one of the most important areas for privacy because they’re so sensitive,” said Cooper Quintin, a security researcher and senior staff technologist with the Electronic Frontier Foundation, a digital-rights group.

“What we typically see in the health care industry is that there is Band-Aid upon Band-Aid applied” to legacy computer systems, said Jackie Singh, a cybersecurity expert. She contends that it’s a shared responsibility among manufacturers, standards makers, and hospitals to ensure computer servers are secured.

Take precautions with cloud security

Mark B. Cooper, president and founder of PKI Solutions – and supporter of Cyber Oregon – says, “are we asking enough questions about cloud security for organizations to make informed risk management decisions?” More than 80% of organizations store their information in the public cloud, begging the question of cloud security. Cooper believes that organizations need to proceed with caution about what they store. He says, “A clear and strong identity management process and plan is critical in this turbulent time. As hybrid enterprise solutions evolve, including cloud and on-premises software, the need for stronger identity management and identity-as-a-service (IaaS) is a must.” Cooper will present the keynote “Cloud Insecurity: The Need for Stronger Identity Management,” at the Cloud Security 2.0 eSummit on October 17, 2019. For more information and to register: https://www.cyberriskalliance.com/cloud-security-2-0-esummit-thursday-october-17-2019/

Cyber Oregon sponsors, ZScaler and CrowdStrike, both cloud-based cybersecurity companies, announced a partnership that will provide businesses with real-time security protection across their computer networks. They will offer mutual customers always-on, zero-day, and ransomware protection with real-time, immediate protection against hackers, viruses and other virtual threats.

Here, There, Everywhere

The latest hacking group is targeting IT companies, attacking heavily in Saudi Arabia and the wider Middle East. The hacking group, dubbed TortoiseShell, uses custom and off-the-shell malware to gain domain admin level access to organizations, enabling them to gain access to all the machines on the network. According to a ZDNet article, a campaign that is focused on IT companies, is the first stage of a supply chain attack looking to compromise the IT suppliers as a stepping stone to their customers’ networks. “Compromising a web server, with a likely old exploit, can be a simpler approach than using e-mail. The alternative of using a phishing e-mail to compromise the victim generally required the attacker to have at least some knowledge of the email recipient in order to customize the email to that individual,” said Gavin O’Gorman, an investigator in the Symantec security response team.

Cyber Oregon partner blog of interest

• CrowdStrike: Ransomware Increases the Back-to-School Blues