If it seems like cyber issues are around every corner these days, you aren’t imagining things. In episode 128 way back in November 2017, we discussed the fact that we thought there were signs of a coming cyberstorm. Today we look at what is going on and see if we may actually be in the midst of that storm or is it still building. [1:57] There is certainly enough happening out there to think the storm has hit.
In this episode:
Cyber issues around every corner
Today’s Episode is brought to you by:
Where to meet us [5:00]
- GSASC/SCASCA Joint Semi-Annual Conference and Trade Show Feb 16, 2018, in ATL
- Hall Booth/Sterling Seacrest Partners HIPAA with the Experts Breakfast seminar Feb 22
- 4medapproved Cybersecurity Officer live course February 28, March 1, 7, 8, 2018 use GRINDLE20 for a discount.
- The Georgia Access Management Association (GAMA) March 16, in ATL at PatientCo offices in Buckhead
- 2018 JAWS Society Annual Conference, (a national society of oral and maxillofacial administrators) April 22-25 in Newport Beach, CA
- North GA Medical Management Association in Dalton, GA June 14
The HIPAA Boot Camp – Virtual Edition – For the first time, our Boot Camp is going virtual.
- The virtual format is done in 3-4 hour online sessions over a two week period.
- March 13/14/15 and 21/22.
- $997 early bird special rate through Feb 28th.
- $1,297 March 1 – 13.
- One registration covers attendance of up to 3 people on your team.
- One on one planning sessions included. You schedule them for after the end of class.
- Access to recordings and all resource material available online for at least 6 months.
Want to be part of Help Me With HIPAA? Become a Patreon at www.HelpMeWithHIPAA.com/give[7:00]
HMWH App now has more features. You can now access a PDF with the show notes ready for your HIPAA training documentation! Find it under the bonus feature in the app for both the Apple and Android versions. It is a little gift box on the app bar. (didn’t hear this)
Like us and leave a review on our Facebook page: www.Facebook.com/HelpMeWithHIPAA
We have a listener question to start with today: [8:17]
As a BA (IT company) should he get BAA with all vendors?
It is really not necessary, you don’t want BAA in place if you are not BA. There are many reasons to avoid making this mistake.
Cyber issues around every corner
Tax season scams – W2, tax refund, fraudulent filings are all out there this time of year. Do not fall for them. That is just our public service announcement for today.
The big news has been about Allscripts being hit hard by a ransomware attack. The Sam-Sam attack didn’t hit just them, though. Several other healthcare organizations were also hit around the same time.
Malware report shows interesting trends
The Malwarebytes Labs malware report also has some scary details when you add all of this information together. Just a few of the findings we found interesting included cryptocurrency mining and supply chain issues.
Our first prediction comes during a period of cryptocurrency fever, where drive-by mining and skyrocketing values are driving interest from both users and criminals alike. If this craze continues, we are likely going to keep seeing an evolution of drive-by mining tools, new mining platforms (such as Android and IoT devices), and new forms of malware designed to mine and/or steal cryptocurrency.
This past year experienced two notable supply chain attacks: the spread of NotPetya through the MeDoc accounting software update process and the compromise of CCleaner software. This will continue to be an avenue that cybercriminals take as long as they can break through the defenses of software development company networks. This may lead to infection through update/upgrade, replacement of legitimate downloads with malware, drive-by exploits, and even database updates for security software.
The charts in the report were very interesting. Source: Cybercrime tactics and techniques: 2017 state of malware by Malwarebytes Labs [24:11]
The Malwarebytes reports pointed out this strange spike in spyware at the end of last year (it started in July – August) didn’t seem to go away (chart above). It is possible that they are scouting the networks for access points and information on your traffic using the spyware. This data can definitely be used to gather connections needed for advanced spear phishing attacks.
By watching who is connected to whom and learning who has access to the valuable data they can develop an attack plan that works quickly and gets the most data. We already know of cases where they listened to VOIP voicemail while snooping around on a network. In fact, they listened to voicemail messages between senior officials and used the information to short stocks and make a bunch of cash.
Along with the spyware detections during the same time hijacking incidents went up, also. The report does include interesting distinctions between business and consumer based attacks. That lets you see the stark differences. It is important, though, to remember that one business has way more information that one consumer. At least in most cases. That means they have to hit thousands of consumers to get the same result as one business of any size. When we reviewed just the business malware the top 10 detections started with hijacking while it was adware for consumers.
Cyber issues with your phones [29:43]
Heads of 6 US intelligence agencies say we should not use products and services made by Huawei and ZTE. The intelligence agencies are starting to see issues, Huawei – founded former engineer by People’s Liberation Army of China. Potentially spreading malware and capturing every move.
Should we use Kaspersky AV? [32:18]
- Don’t think Kaspersky company itself, done great research, great info in fighting malware (good people)
- Another side – if I had asked Microsoft, Apple, Google – CIA could use your software to spy on people they would have said “no”. If our government can do it, Putin isn’t doing it.
- If he goes after those engineers, could assume if you told him “no” you may disappear
- Any way they can prevent that from happening
- Software is monitoring everything on the computer and sending info to be analyzed
- No evidence that they are working with the government
- From SRA standpoint – am I willing to take that risk?
After all of these discussions, we still come back to training. The importance of training can not be overstated. The only chance you have, in many cases, is to make sure the person under attack knows enough to stop the attacker instead just enough to be dangerous as they say.
Please remember to follow us and share us on your favorite social media site. Rate us on your podcasting apps, we need your help to keep spreading the word. As always, send in your questions and ideas!