locky_ransomware.jpg

This week we witnessed ransomware hitting more hospitals, the IRS admitting that the scope of the breach it notified about half a year ago is actually x7 larger, and Microsoft announced an EDR service.  

Highlighting the cyber-security news from the past week in a 120 sec. read. Starting now.

 


Ransomware

Ransomware hit two German hospitals.

why is this signficant?

  • Encrypting ransomware creators have been targeting hospitals more recently, forcing them to use fax machines and paper while being locked out of their PC's until the ransom is paid.  It seems as though this is the beginning of the trend that could potentially be hitting more easy targets, such as hospitals in the future. 
  • Also last week, another hospital in New Zealand was a target for a newly modified ransomware termed Locky that spreads through Microsoft Word, as easily as just opening an infected Word document.  In this case, Locky ransomware was contained and the hospital did not pay the ransom.
  • Just as we saw in an episode of Mr. Robot, the series showed a hacker modifying patient records and if this starts happening, this could have a detrimental effect on the healthcare with the victims being innocent patients.

**enSilo customers are protected out-of-the-box from Locky ransomware**

Read the fully story on The Register

Breaches 

In May 2015, the U.S.'s Internal Revenue Service (IRS) reported a data breach of 100,000 tax payers.  Now the IRS has updated the breach to more than 700,000.

why is this signficant?

  • The IRS originally reported approximately 100,000 taxpayer accounts had been compromised, then in August reported the total of compromised victims was 334,000. "Friday's estimate added an additional 390,000 accounts, boosting the estimated total to more than 700,000."
  • U.S. citizens are obliged to file the yearly income taxes every April.  The IRS has been proven to be an easy target and the payment time depends on the IRS's timeframe to wire funds to an account.  This type of easy target and fast money, could move cyber criminals to increase the sophistication of their APT's causing a more dramatic outcome. 
  • The hackers forged their way into the application “Get Transcript” that makes it easy for tax payers to check the status of their income tax return. Hackers used credentials from other breach incidents and used these to penetrate into the system. Once again, demonstrating the ripple effect of breaches across organizations.
  • We currently are in the heat of tax season with the deadline date fast approaching, tax scams are most likely at the prime with so many people filing their taxes online.

Read the fully story on Softpedia

Security Landscape

Microsoft has announced that they are adding Microsoft Defender Advanced Threat Protection (ATP) as a service that will be available this year.

why is this signficant?

  • Microsoft has invested a lot of effort and resources into hardening their operating system against advanced attacks. This move signifies that they too are admitting that no matter how secure they’re working at building secure software, holes invariably exist and augmented protection services are necessary.
  • This is a paid service that will detect, investigate and respond to advanced attacks.  In the future there is talk about remediation tools that will be added later down the road.
  • Microsoft is taking advantage of the current threat landscape that is growing daily in the security hemisphere.  "Some 80% of endpoint protection platforms will include user activity monitoring and forensics capabilities associated with EDR by 2018, according to Gartner. Just 5% did so as of 2013." Unfortunately, Microsoft is sticking to detection, whereas the breach had already occurred instead of preventing the attackers’ objectives of actual data theft.
  • This service will be limited to Windows platform and most likely will focus on SMB and Microsoft shop. 

Read the fully story on Dark Reading