In this week's news, an airport in Ukraine discovered a Remote Access Trojan (RAT) on an IT’s computer, Cisco released a report stating that security professionals were less confident in their security infrastructures in 2015 than in 2014, and it looks as though the FDA is stepping up their game on cyber security in the healthcare sector.

Highlighting the cyber-security news from the past week in a 120 sec. read. Starting now.


Remote Access Trojan (RAT)

Boryspil Airport located close to Kiev in Ukraine detected a malware on one of their IT personnel’s computer.

Why is this signficant?

  • The origin of the malware is still under investigation, but it looks as though patterns from the malware are very similar in behavior to the malware responsible for the power outage in Ukraine last month.
  • Luckily, the malware within the airport’s computer network was detected early on before any damages occurred. According to Ukraine’s infrastructure ministry, they will be conducting a review of the anti-virus software in companies under the ministry. Unfortunately, in more recent news, the current anti-virus software industry is under constant scrutiny with the severity of the vulnerabilities being exposed.
  • Cyber-espoinage is increasing with cyber security measures being a focus more than ever before.  It’s time for cyber security to be to be high on management’s risk board when protecting sensitive data and securing infrastructures such as an airport. 

Read the fully story on Reuters 


Security Infrastructure

Cisco released a report stating that security professionals were less confident in security infrastructure in 2015 compared to 2014.  They also conducted an analysis on more than 115,000 Cisco devices proving that 92% had software with known vulnerabilities, 31% were outdated/not available in the market and 8% “end of life”.

Why is this signficant?

  • 85% of organizations were affected by malicious browser extensions. Vulnerable, old and unsupported browsers have become an organization’s Achilles Heel. 
  • According to Cisco’s analysis, the most difficult threat detection took up to 200 hours to detect, which were adware and browser injections - compared to malicious downloads targeting Microsoft Word at a detection time of less than 20 hours.  Surprisingly, security teams place ad ware and browser injections as low priority, even though this is a gateway for threat actors to install malicious malware - 85% of organizations suffered  the consequences from malicious browser extensions.
  • "The financial services industry has the highest percentage of devices that had passed their last day of support, at 20 percent.”

Read the full story on CSO Online


Cyber-Security Awareness

Since 2014, the FDA recognizes that hospitals and healthcare providers are constant targets for cyber attacks.  The FDA and MITRE Corporation have been collaborating on ways to solidify and bring awareness to the heightened risk of cyber security within healthcare.  

Why is this signficant?

  • The biggest cyber threats in the healthcare sector are malware and unintentional infections, an employee unintentionally infects a device, resulting in a threat actor exfiltrating data from the device in the attack. 
  • Just in 2015, Office of Civil Rights (within the Health and Human Services) reported 112M patient records that were breached affecting 500 individuals or more.  Due to healthcare investing more in different levels of insurance protecting them from a severe financial loss, rather than investing in different cyber security solutions, this results in a severe data loss.
  • HIPAA was established in 1996 in order to protect patient data from loss, theft or the exposure of their medical data.  Apparently, there is a disconnect with HIPPA enforcing hefty penalties on the healthcare provider/hospital when patient data is breached.  The ratio of complaints to the civil rights office in these matters is in the thousands and there are only a handful of formal actions addressed. 

Read the fully story on Healthcare IT News

 **Learn how enSilo address Healtchare Security Concerns. Download the healtchare industry brief **