Month: March 2017

Default ISP Web Filtering Controls Required, Says House of Lords Report on Internet Safety for Children

A House of Lords report on Internet safety for children calls for ISP web filtering controls to be applied as standard.

The UK government is keen for Internet service providers to apply web filtering controls to make it harder for children to access inappropriate website content such as pornography. In 2013, the UK government called on ISPs to implement web filters as standard. Four of the leading ISPs in the UK – Sky, Talk Talk, BT and Virgin Media – responded and have offered filtering controls to their customers.

However, not all ISPs in the United Kingdom provide this level of content control and the House of Lords report suggest that many ISP web filtering controls do not go far enough to ensure children are protected. The report explains that the ‘big four’ ISPs only cover 90% of all Internet users, leaving 10% of users without any form of Internet filtering service.

It is also pointed out in the report that only Sky has opted for a default-on web filter to prevent adult content from being accessed by minors. If new customers want to access adult content they must request that the filter be taken off. The other ISPs have made the service available but do not provide a filtered Internet service that is turned on by default.

The new report calls for ISP web filtering controls to be improved and for ISPs “to implement minimum standards of child-friendly design, filtering, privacy, data collection, and report and response mechanisms for complaints.” The House of Lords report also calls for ISP web filtering controls to be put on all accounts by default, requiring users to specifically request it be turned off if required. Further, the report says the default standard of Internet control should offer the strictest privacy protections for users.

Not everyone agrees with this level of control. The Internet Service Provider Association (ISPA) says that such a move is ‘disproportionate,’ and while the association is committed to keeping children safe when online, mandating ISP web filtering controls is not the way forward. For instance, if an ISP makes it clear that it offers an unfiltered service, that should be permitted. Chairman of the ISPA, James Blessing, believes the best way forward is “a joint approach based on education, raising awareness and technical tools.”

While parents will be well aware of the risks their children face when they go online, the House of Lords report does not believe Internet safety education should be left to parents. addition to making it harder for children to access inappropriate website content, the report calls for mandatory lessons in schools on safe use of the Internet, covering risks, acceptable behavior and online responsibilities.

Health Center Malware Potentially Exfiltrated Patient Data for a Year

A health center malware infection has potentially resulted in 2,500 patients’ protected health information (PHI) being sent to unknown individuals over a period of almost a year. Lane Community College health clinic in Eugene, OR, discovered the malware during routine maintenance last month.

Further investigation determined that the malware had been installed on the computer in March 2016. The malware remained active until last month when it was discovered and removed. The malware was identified as Backdoor:Win32/Vawtrak – a Trojan backdoor that enables attackers to steal login information and take full control of an infected PC.

While data access was possible, Lane Community College health clinic uncovered no evidence to suggest patient data had been stolen, although the possibility that PHI was accessed and stolen could not be ruled out. A spokesperson for the clinic said an analysis of 20 other computers used by the clinic uncovered no further malware infections. In this case, the infection was limited as the computer was not connected to other computers on the network.

The only data exposed were those stored on the machine itself. The information potentially exposed included patients’ names, addresses, phone numbers, dates of birth and medical diagnoses.

A health center malware infection can prove costly to resolve. In this case, the infection was limited to one machine, although once access has been gained and malware installed, hackers can often move laterally within a network and spread infections to other machines. Once data have been exfiltrated and there is no further need for access, hackers commonly install ransomware to extort money from their victims.

The exposure or theft of patient data can often lead to lawsuits from patients. While many of those lawsuits ultimately fail, defending a lawsuit can be costly. Healthcare data breaches that result in more than 500 records being exposed are also investigated by the Department of Health and Human Services’ Office for Civil Rights to determine whether the breaches were caused as a result of HIPAA violations. Should HIPAA Rules be found to have been breached, covered entities may have to cover heavy fines.

Health center malware attacks are commonplace due to the value of healthcare data on the black market. Healthcare providers should therefore implement a range of defenses to protect against malware infections.

Malware is commonly inadvertently installed by end users via spam email or redirects to malicious websites. Both of these attack vectors can be blocked with low cost solutions. Backdoor:Win32/Vawtrak – also known as Trojan-PSW.Win32.Tepfer.uipc – is recognized by Kaspersky Lab – one of the dual AV engines used by the SpamTitan spam filtering solution. SpamTitan blocks 100% of known malware and blocks 99.97% of spam emails to keep end users and computers protected.

To protect against Web-borne attacks and to prevent malicious software downloads, WebTitan can be deployed. Web-Titan is a powerful DNS-based web filtering solution that can be used to block a wide range of web-borne threats to keep healthcare networks malware free.

Both solutions are available on a free 14-day trial to allow healthcare providers to experience the benefits first hand before committing to a purchase.

To find out more about TitanHQ’s cybersecurity solutions for healthcare organizations or to sign up for a free trial, give the sales team a call today.

MajikPOS Malware Used in Targeted Attacks on PoS Systems of U.S. Businesses

A new form of PoS malware – called MajikPOS malware – has recently been discovered by security researchers at Trend Micro. The new malware has been used in targeted attacks on businesses in the United States, Canada, and Australia.

The researchers first identified MajikPOS malware in late January, by which time the malware had been used in numerous attacks on retailers. Further investigation revealed attacks had been conducted as early as August 2016.

MajikPOS malware has a modular design and has been written in .NET, a common software framework used for PoS malware. The design of MajikPOS malware supports a number of features that can be used to gather information on networks and identify PoS systems and other computers that handle financial data.

The attackers are infecting computers by exploiting weak credentials. Brute force attacks are conducted on open Virtual Network Computing (VNC) and Remote Desktop Protocol (RDP) ports. A variety of techniques are used to install the MajikPOS malware and evade detection, in some causes leveraging RATs that have previously been installed on retailers’ systems. The malware includes a RAM scraping component to identify credit card data and uses an encrypted channel to communicate with its C&C and exfiltrate data undetected.

MajikPOS malware is being used by a well-organized cybercriminal organization and credit card details are being stolen on a grand scale. The stolen information is then sold on darknet ‘dump shops’. The stolen credit card numbers, which the researchers estimate to number at least 23,400, are being sold individually for between $9 and $39. The gang also sells the credit card numbers in batches of 25, 50, or 100. The majority of credit cards belong to individuals in the United States or Canada.

POS Malware Infections Can be Devastating

A number of different attack vectors can be used to install PoS malware. Malware can be installed as a result of employees falling for spear phishing emails. Cybercriminals commonly gain a foothold in retailers’ networks as a result of employees divulging login credentials when they respond to phishing emails.

While exploit kit activity has fallen in recent months, the threat has not disappeared and malvertising campaigns and malicious links sent via emails are still used in targeted attacks on U.S retailers.

Brute force attacks are also common, highlighting how important it is to change default credentials and set strong passwords.

POS malware infections can prove incredibly costly for retailers. Just ask Home Depot. A PoS malware infection has cost the retailer more than $179 million to resolve, with the cost of the security breach continuing to rise. That figure does not include the loss of business as a result of the breach. Consumers have opted to shop elsewhere in their droves following the 2014 PoS malware attack.

This latest threat should serve as a warning for all retailers. Security vulnerabilities can – and are – exploited by cybercriminals. If inadequate protections are put in place to keep consumers’ data secure, it will only be a matter of time before systems are attacked.

PetrWrap Ransomware: An Old Threat Has Been Hijacked by a Rival Gang

There is a new ransomware threat that businesses should be aware of, but PetrWrap ransomware is not exactly anything new. It is actually a form of ransomware that was first discovered in May last year. PetrWarp ransomware is, to all intents and purposes, almost exactly the same as the third incarnation of Petya ransomware. There is one key difference though. PetrWrap ransomware has been hijacked by a criminal gang and its decryption keys have been changed.

The criminal organization behind PetrWrap ransomware have taken Petya ransomware, for which there is no free decryptor, and have exploited a vulnerability that has allowed them to steal it and use it for their own gain. The attackers have simply added an additional module to the ransomware that modifies it on the fly. After all, why bother going to all the trouble of developing your own ransomware variant when a perfectly good one already exists!

Petya ransomware is being offered to spammers and scammers under an affiliate model. The ransomware authors are loaning the ransomware to others and take a percentage of the profits gained from ransoms that are paid. This is a common tactic to increase overall profits, just as retailers pay affiliate marketers to sell their products for a commission. In the case of ransomware-as-a-service, this allows the authors to infect more computers by letting others do the hard work of infecting computers.

Yet the gang behind PetrWrap has chosen not to give up a percentage of the profits. They are keeping all of the ransom payments for themselves. The module modifies and repurposes the malware code meaning even the Petya ransomware authors are unable to decrypt PetrWrap ransomware infections.

Kaspersky Lab research Anton Ivenov says “We are now seeing that threat actors are starting to devour each other and from our perspective, this is a sign of growing competition between ransomware gangs.” He pointed out the significance of this, saying “the more time criminal actors spend on fighting and fooling each other, the less organized they will be, and the less effective their malicious campaigns will be.”

Petya – and PetrWrap ransomware – is not a typical ransomware variant in that no files are encrypted. While Locky, CryptXXX, and Samsa search for a wide range of file types and encrypt them to prevent users from accessing their data, Petya uses a different approach. Petya modifies the master boot record that launches the operating system. The ransomware then encrypts the master file table. This prevents an infected computer from being able to locate files stored on the hard drive and stops the operating system from running. Essentially, the entire computer is taken out of action. The effect however is the same. Users are prevented from accessing their data unless a ransom is paid. Petya and PetrWrap ransomware can spread laterally and infect all endpoint computers and servers on the network. Rapid detection of an infection is therefore critical to limit the harm caused.

Cost of a Retail Data Breach: $179 Million for Home Depot

When considering how much to invest in cybersecurity defenses, be sure to bear in mind the potential cost of a retail data breach. Poor security practices and a lack of appropriate cybersecurity defenses can cost a company dearly.

According to the 2018 Cost of a Data Breach Study by the Ponemon Institute/IBM Security, the average cost of a data breach is now $3.86 million. The cost of mitigating data breaches has risen year-over-year by 6.4% with a per capita rise in breach costs of 4.8% per compromised record. Data breaches are also increasing in size. Compared to last year, the average size of a data breach has increased by 2.2%.

The average cost per compromised record was $148 overall, with a retail data breach cost per record of $116. In addition to that breach cost, breached companies in the retail sector see a 2.1% increase in customer churn rate, according to the Ponemon/IBM study.

However, a study conducted by KPMG indicates the loss of customers can be far higher in retail. Its survey revealed 33% of customers would take a break from a retailer following a data breach that exposed their personal information and 19% of respondents would leave the retailer and never return. A HyTrust study suggests businesses may lose 51% of customers following a breach of sensitive data.

While large retailers could perhaps weather the storm, the loss of half of a company’s customers would prove catastrophic for many smaller retailers, many of whom would struggle with a loss of a fifth of their customers.

The bad news for retailers is hackers are targeting the industry to gain access to POS systems and the credit and debit card numbers of customers. Those attacks are also increasing.

The High Cost of a Retail Data Breach

A retail data breach of the scale of the one suffered by Home Depot in 2014 can cost hundreds of millions of dollars to resolve. The Home Depot data breach was massive. It is the largest retail data breach involving a point of sale system that has been reported to date.

The attack was made possible due to the use of credentials that had been stolen from one of the retailer’s vendors. Those credentials were used to gain a foothold in the network, privileges were subsequently elevated, and the Home Depot network was explored. The hackers managed to infiltrate Home Depot’s POS system and captured customers’ credit card details. The malware infection went undetected for five months between April and September 2014. During that time, the malware installed by the hackers allowed them to steal more than 50 million credit card numbers from Home Depot customers, along with 53 million email addresses.

In 2016, Home Depot agreed to pay $19.5 million to customers that had been affected by the breach, which included the cost of credit monitoring services to breach victims.

Home Depot has also paid out at least $134.5 million to credit card companies and banks, and this week, a further $25 million settlement has been agreed to cover damages suffered by the banks as a result of the breach.

The latest settlement amount will allow banks and credit card companies to file claims for $2 per compromised credit card number without having to show evidence of losses suffered. If banks can show losses, they will receive up to 60% of uncompensated losses.

The total cost of the retail data breach stands at around $179 million, although that figure does not include all legal fees that Home Deport will be forced to pay, and neither does it include undisclosed settlements. The final cost of the retail data breach will be considerably higher. It is already creeping close to the $200 million mark.

On top of that, many customers took their business elsewhere after the breach. There is, after all, not just the one DIY retailer in the United States.

For Home Depot, the cost of a retail data breach was clearly much higher than the cost of implementing technologies to monitor its vendors’ cybersecurity practices, scan for malware, and implement security best practices.

Other retailers should take note that while investment in cybersecurity comes at a cost, that cost will likely be just a fraction of the cost of mitigating a data breach.

How TitanHQ Can Help

For more than 2 decades, TitanHQ has been developing cost-effective cybersecurity solutions to protect businesses from malware attacks and data breaches. TitanHQ offers two powerful solutions that protect against attacks via email and the Internet – The main ways that access to retailers’ systems is gained and malware is installed.

SpamTitan is a powerful anti-spam and anti-phishing solution that protects the email channel and blocks phishing attacks, malware, botnets, viruses, and ransomware. The solution includes DMARC authentication, dual anti-virus engines, and sandboxing to allow email attachments to be analyzed for malicious actions in a safe and secure, contained environment.

The solution scans all incoming messages and has a catch rate in excess of 99.9% and works seamlessly with Office 365 to improve protection against phishing and other malicious messages. SpamTitan also scans outgoing messages to alert businesses to a potential account compromise.

WebTitan is a DNS filtering solution that allows retailers to carefully control the types of websites their employees can access. By exercising control over personal internet use, retailers can see improvements in productivity as well as increase security. Employees will be prevented from visiting malicious websites and retailers can block downloads of risky file types.

When used together, retailers can greatly improve their security posture. Further, TitanHQ operates a highly competitive pricing policy. Improving your security posture is likely to be much cheaper than you think.

For further information on both of these solutions, to schedule a product demonstration, or register for a free trial, contact TitanHQ today.

Lire cet article en français.