As seen on ctscomplete.com on 5/24/21
According to the Federal Emergency Management Agency (FEMA), roughly 40-60% of small businesses never reopen their doors after a disaster. For this reason, it’s smart for businesses to have a disaster recovery plan in place.
What Is a Disaster Recovery Plan?
Also known as a DRP, a disaster recover plan describes how work can be resumed after a disaster in a quick and efficient manner. The plan allows the IT department to recover lost data, and to continue operating after failure. A disaster recovery plan will have exact instructions on how to deal with an unplanned incident, and how to recover lost information.
1. Permanent Data Loss
Data loss is detrimental. If a business doesn’t have a disaster recovery plan in place, they risk losing data that is vital to customer satisfaction and continued operations. Having the right plan in place will help a business protect themselves from external threats and internal accidents. With a DRP, data backups are stored on external devices and cloud storage services. A business can’t afford to permanently lose company and client files.
2. Humans Are Not Perfect
Mistakes happen in the workplace whether it’s hardware, software, or user error. Any accidental click can cause chaos for a business. Even the most cautious person can make the mistake and place important information at risk.
A disaster recovery plan in place with data backups will come in handy when these mistakes happen. DRPs should include preparation for potential cybersecurity threats, an allocated recovery team, and backup solutions for priority files.
3. Customer Re-acquisition Is Expensive
Customer retention is expensive but customer re-acquisition is far more costly. Earning a customer’s trust and loyalty is difficult, which is why taking preventative measures to protect their information and files is essential to standard operating procedures.
In many industries, IT disasters can cost thousands of dollars per minute, depending on the type of data loss. As a result, customers tend to be unforgiving when a managing 3rd party encounters impactful file loss.
4. Broad Range of Threats
With any online data, the threat of cybersecurity is always present. A breach in a network equates to a very serious information security risk, and can cause further unwanted destruction to a business’s network.
The loss from a cyber attack totals over $500,000 on average. This can be the beginning of the end for some businesses, especially for start-ups, causing them to seize continued operations.
Data also has natural disaster threats and technical threats that a disaster recovery plan will address.
5. Reputation Damage
Unhappy customers will spread the word fast about their problems. With social media, the word about a bad experience can spread in seconds. Damaged reputation can not only impact the ability to gain new customers, but it can also negatively impact how existing customers feel.
Investing in a disaster recovery plan will reduce the risk of a bad brand reputation.
6. Protect the Business
After spending money and priceless time to build a business, it makes sense to protect it. It’s almost like driving a car without insurance. A disaster recovery plan is like insurance for businesses, bringing peace of mind in the event of undesirable occurrences.
On average, 96% of businesses with a plan are able to fully recover, and get back on track to continued and successful operations.
Unplanned attempts to recover lost data can be very expensive. Demanding a quick recovery is even more expensive. Planning ahead saves this headache for a business owner. Having a plan in hand will have the business prepared in case of a data loss.
This means that the business owners won’t be forced to hire expensive professionals due to urgency.
As seen on washingtonpost.com by Will Englund on 5/18/21
The system that shippers use to communicate goes down. The company says it was not an attack.
Colonial Pipeline, the main Gulf Coast-East Coast artery for gasoline and other petroleum products, ran into a new computer snag Tuesday as it was still recovering from a shutdown that started May 7 after a ransomware attack.
The company said the latest problem, which interrupted the system used by shippers to place requests for service, called nominations, was not a continuation of the cyberware attack that sparked panic-buying by frustrated motorists across the Southeast last week. In a statement, the company said that the problems arose from the effort to “harden” its systems to ward off future cyberattacks.
It said that the pipeline continued to operate.
“Our internal server that runs our nomination system experienced intermittent disruptions this morning due to some of the hardening efforts that are ongoing and part of our restoration process,” Colonial’s statement said. “These issues were not related to the ransomware or any type of reinfection. We are working diligently to bring our nomination system back online and will continue to keep our shippers updated. The Colonial Pipeline system continues to deliver refined products as nominated by our shippers.”ADVERTISING
Colonial is a privately held company owned by Koch Industries, Royal Dutch Shell and several investment firms. A Shell spokesman said Tuesday that he had no details to add to the Colonial statement. A spokesman for Phillips 66, one of the pipeline’s customers, declined to comment.
The operators of the 5,500-mile pipeline system, which runs from Texas to New Jersey, discovered they were under a ransomware attack May 7, which had infected their information system but not the operating system. To avoid losing control of the pipeline, the company said, it shut down operations.
Colonial supplies the East Coast with 45 percent of its fuel.
By early last week, news of the shutdown had set off a run on gasoline throughout the Southeast, and the majority of stations in several states went dry. States further to the north were less affected because they had larger reserves on hand. The price of gas nationally rose to its highest level since 2014, but it did not spike as much as some analysts had feared.
Colonial began restoring service by midweek, but it has taken several days to get the whole system back to normal. Several reports have asserted that the company paid $5 million in ransom to regain control of its computers from a group called DarkSide that appears to have been based in Russia.
As seen on geekwire.com by Alan Boyle on 5/1/21
What will commercial space stations be good for? The application that typically comes up would be their use as space hotels, or maybe zero-gravity research labs and factories.
“Looking for new markets is something we’re highly motivated to do,” Meyerson told GeekWire. “Data storage and compute is one market. Cybersecurity is another.”
The possibilities for providing data and security services on the final frontier played a big role in C5 Capital’s decision to lead a $130 million funding round for Texas-based Axiom Space, which is due to send citizen astronauts to the International Space Station next year and could start laying the groundwork for its own space station in 2024.
“We have a lot of data that’s created in space, but how valuable would it be to actually do compute and storage in space?” Meyerson asked. “We’ve been talking with Axiom about that and helping them to form partnerships. How do we use the C5 portfolio in cybersecurity and threat protection to assist Axiom with their supply chain and their partners, to bring the most advanced technologies to that critically important area?”
In connection with the funding deal, Meyerson has joined Axiom Space’s board of directors. It’s the latest big move for Meyerson, who lives in Tacoma, Wash., and served as the president of Amazon CEO Jeff Bezos’ Blue Origin space venture from 2003 to 2017.
Meyerson’s experience in the space industry goes even further back than Blue Origin, taking in a six-year stint as senior program manager for Kistler Aerospace’s K-1 reusable launch vehicle (which never got off the ground) and 12 years as an aerospace engineer at NASA’s Johnson Space Center.
But it’s only been in the past few years that people have been talking seriously about creating privately owned outposts in Earth orbit. Space tourism and in-space manufacturing no longer seem as far out as they once did, and Meyerson believes Axiom Space is well-placed to capitalize on the possibilities.
“This is the kind of opportunity that we wouldn’t have been betting on to come if we had done this in 2019,” he said. “But in 2020, it was perfectly aligned, and we said, ‘OK, well, here are all these services, and let’s invest in the destination.’ There’s only one company out there that has this exclusive contract with NASA to access the node on the ISS, and that’s Axiom Space.”
That doesn’t mean Axiom Space will have the space station market all to itself. Other companies — including Sierra Nevada Corp., Bigelow Aerospace, Nanoracks and Meyerson’s old teammates at Blue Origin — also have plans on the drawing boards.
At the same time, heavyweights ranging from Amazon and Microsoft to Lockheed Martin are looking into ways to extend cloud computing to the space frontier. Satellite constellations such as SpaceX’s Starlink and Amazon’s yet-to-be-launched Project Kuiper could play a big role in those efforts.
What’s so attractive about moving data processing off the planet?
“Most importantly, there is a lot of data that is generated in space,” Meyerson explained. “We can envision a number of use cases where that data is generated in space, transmitted back to Earth in one part of the world, and there are compute operations done on that data to process it and turn it into actionable data, and then it is transmitted to another part of the world to have action taken on it.”
Space-based processing could dramatically streamline that data flow.
“We believe that doing those computer operations in space is going to reduce the decision timeline by fractions of a second, if not seconds,” Meyerson said.https://www.youtube.com/embed/N_WvDkdgDuU?feature=oembed&enablejsapi=1
So does that mean Axiom Space will be going up against Amazon Web Services and Microsoft Azure? Not at all, Meyerson said.
“They can definitely draw upon Axiom Space,” he said. “We have great relationships with those companies, and all of the cloud providers and service providers that work on top of the cloud. I think they’re very obvious choices for partners.”
Speaking of partners, the perils of the past year have only confirmed Meyerson’s view that space ventures mesh well with the rest of C5 Capital’s investment portfolio, which is heavy with companies that focus on big data and cybersecurity.
“The digital transformation of everything we do has been so accelerated during the pandemic,” he noted. “And it’s making us more and more vulnerable. So the combination of two things — becoming more reliant on space for critical infrastructure, and the digital transformation leading to more vulnerability — just makes our investments in cybersecurity more important. And we think the natural application is in space.”
As seen on bloomberg.com by Ian King, Debby Wu, & Demetrios Pogkas on 3/29/21
A six-decade-old invention, the lowly chip, has gone from little-understood workhorse in powerful computers to the most crucial and expensive component under the hood of modern-day gadgets.
That explosion in demand—unexpectedly goosed during the Covid-19 pandemic for certain industries like smartphones and PCs—has caused a near-term supply shock triggering an unprecedented global shortage.
In February, lead times—the duration between when an order for a chip is placed and when it actually gets filled—stretched to 15 weeks on average for the first time since data collection started in 2017, according to industry distributor data from Susquehanna Financial Group. Lead times for Broadcom Inc.—a barometer for the industry because of its involvement across the supply chain—extended to 22.2 weeks, up from 12.2 weeks in February 2020.
The crunch has sideswiped the General Motors and Volkswagens of the world and swung politicians from Washington to Beijing into crisis control. It’s also catapulted Taiwan Semiconductor Manufacturing Co. and Samsung Electronics Co. to the top of investor and government agendas. Asia’s two largest chipmakers are responsible for making the vast majority of the world’s most advanced silicon, yet don’t have the capacity to sate all demand. It’s a bottleneck that could last several quarters—or into next year.
Alarm bells are ringing. A growing number of industry players from Continental AG to Innolux Corp. and Renesas Electronics Corp. have in recent weeks warned of longer-than anticipated deficits snarling production—potentially well past the summer. Samsung flagged a “serious imbalance” globally, the largest company so far to warn of fallout from the crunch. Broadcom Chief Executive Officer Hock Tan in March said his company is sold out this year and customers were “willing to book out for delivery of those products out through the rest of 2021.” And on Friday, Nio Inc.—the Chinese EV company sometimes compared with Tesla—became the first high-profile automaker from the country to suspend production because of shortages.
A Pandemic that Reshaped Demand
Overall demand for semiconductors of all stripes—from basic microcontrollers and memory chips to the most sophisticated high-performance processors—has grown over the past decade, as smartphone usage and computing power boomed. A steady rise in semiconductor sales faltered in 2019, but was then boosted 5.4% by 2020’s shelter-in-place demand for home gadgets, IDC data shows.
At the same time, once largely mechanical machines like cars have become smarter, entailing the use of many more chips. Automotive electronics, which may include everything from displays to in-car systems, are set to account for an estimated 45% of a car’s manufacturing cost by 2030, according to a Deloitte report. The cost of the semiconductor-based components used in those electronics is estimated to jump to $600 by 2030 from $475 in 2020.
On the other end of the supply chain, chipmaking capacity has kept pace with the growth in sales over past years, according to SEMI data, suggesting buyers are taking up capacity as soon as it comes online—a sign that semiconductor demand has in general been on par with available production resources. But advanced manufacturing has become concentrated in the hands of fewer and fewer players.
Industry experts say an imbalance is particularly apparent in so-called 200 millimeter wafers, from which lower-end chips are made. Those include power management chips and display ICs (or integrated circuits), required in a wide range of sectors from automotive to consumer electronics, but are in a short supply at the moment.
Uncertainties caused by the pandemic also led to sharp swings in orders last year, which in turn muddied the waters for chipmakers trying to match capacity with demand. That’s why carmakers have had to halt production in 2021 and why Playstations and Xboxes are getting harder to find in stores.
Carmakers got hit first in part because of poor inventory planning. The industry underestimated vehicle consumption and thus the amount of chips they needed when the pandemic hit. They are now expected to miss out on $61 billion of sales this year alone. But TSMC executives said on their two most recent earnings calls that customers across many sectors have been accumulating more inventory than normal to hedge against the unknown.
The problem gets further magnified by the fact that the cost of chipmaking and keeping pace with technology advancements has increased exponentially this decade—making the business of manufacturing semiconductors a rarefied field for the deepest of pockets. As an illustration, TSMC raised its envisioned capital expenditure for 2021 by as much as 63% to $28 billion, while Samsung is earmarking about $116 billion on a decade-long project to catch its Taiwanese arch-rival.https://253ea416c70b2efaa1a61ed03455214a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
The most complex and expensive pieces of silicon these days are logic chips from Qualcomm, Nvidia or Apple that give computers and smartphones their intelligence. But these “fabless” companies don’t operate their own fabrication plants; they just design the semiconductors. Manufacturing happens at advanced factories called foundries that produce the designs of those big-name electronics companies.
This is another key bottleneck. Just three or four foundries now account for the majority of global chip fabrication—TSMC and Samsung and their more distant rivals, California-based Globalfoundries Inc., controlled by Abu Dhabi’s investment arm, and United Microelectronics Corp. Looking at it another way, an estimated 91% of the contract chipmaking business is housed within Asia, the lion’s share of which is divided between just two regions: Taiwan and South Korea, home to TSMC and Samsung, respectively.
An opportunity for the U.S. to regain chip independence might come from Intel Corp., which last week unveiled a $20 billion plan to set up its own foundry business. Intel, the largest chipmaker by revenue, designs and manufactures its own chips, but this expansion would enable it to produce chips for other companies as well.
TSMC is the undisputed leader of that triumvirate, in terms of sheer scale, sophistication and reach, cranking out millions of wafers every year for marquee clients in just about every industry imaginable. TSMC’s total wafer shipments were 12.4 million 12-inch equivalent wafers in 2020, up from 10.1 million in 2019. Taiwan’s largest company has spent more than three decades to perfect its chipmaking craft and billions in past years to ensure it remains at the forefront of technology.https://253ea416c70b2efaa1a61ed03455214a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
According to Bloomberg supply-chain estimates, 25% of all TSMC’s business comes from Apple, the highest-profile client it directly manufactures chips for. However, TSMC’s importance lies in the critical role it plays in the entire semiconductor supply chain; it also manufactures chips for other chipmakers or for fabless chip designers, such as Broadcom, Qualcomm, Nvidia, AMD or Texas Instruments. They are in turn supplying the world’s biggest consumer electronics, communications equipment and auto parts companies.
Supply Chain Bottleneck
TSMC manufactures chips for chip designers and semiconductor firms, which in turn supply major makers of consumer electronics and cars
- Consumer electronics
- Household appliances
- Online Services
Bottlenecks can appear in other parts of the supply chain, too. The Netherlands-based ASML Holding NV has a virtual monopoly on advanced photolithography equipment required to print patterns of cutting-edge chips onto the wafer. Companies from Japan, such as Shin-Etsu Chemical Co., dominate the market for chemicals used in semiconductor manufacturing. And manufacturing cannot start in the first place without access to electronic design automation software, a segment led by the U.S.’s Cadence Design Systems Inc. and Synopsys Inc.
Officials from the U.S. and Europe have beseeched Taiwan’s officials for help in resolving the global chip crunch, and are pushing for the creation of domestic chipmaking capabilities. Yet research from Sanford C. Bernstein shows there isn’t much that governments can do to address the current shortages. It takes years to build a new fabrication facility and get it operating smoothly—regardless of where it is located.With assistance from: Tom Lagerman and Ridho ReinandaEdited by: Edwin Chan, Peter Elstrom and Jeremy Scott DiamondNote on TSMC supply-chain data: Data compiled by Bloomberg. Included are supplier–customer relationships, active as of March 24, for which the value, share of the supplier’s total revenue and share of the customer’s total expenditure, can be quantified either by figures disclosed by the company or by Bloomberg supply chain estimates. Company classifications based on the Bloomberg Industry Classification Standard. “Autos” includes auto parts manufacturers and car makers; “Communications” includes communications and wireless telecommunications equipment manufacturers; and “Hardware” includes computer hardware and storage manufacturers.
As seen on jdsupra.com on 2/25/21
In a recent letter to insurers, the New York State Department of Financial Services (“NYDFS”) acknowledged the key role cyber insurance plays in managing and reducing cyber risk – while also warning insurers that they could be writing policies that have the “perverse effect of increasing cyber risk.” If a cyber insurance policy does not incentivize the insured to maintain a robust cyber security program, the insurer can end up bearing excessive risk when the customer leans on the policy as their business continuity plan.
You may be wondering “What does this have to do with my business? I don’t do any business in NY state.” However, your insurer might be subject to the NYDFS cybersecurity regulation (23 NYCRR 500) and, if so, likely received this letter.
According to NYDFS, every cyber insurer should have a formal strategy that incentivizes their insureds – through more appropriately priced plans – to “create a financial incentive to fill [cybersecurity] gaps to reduce premiums.” Below is our take on five of the key practices outlined in the NYDFS letter that have potential implications for insureds.
- Manage and Eliminate Exposure to Silent Cyber Insurance Risk. Up to now, many organizations have leveraged clauses in standard policies to cover ransomware attacks, such as those covering general liability, theft, malpractice and errors. NYDFS advises that “insurers should eliminate silent risk by making clear in any policy that could be subject to a cyber claim whether that policy provides or excludes coverage for cyber-related losses.” When you next renew your policy, read the fine print carefully to determine if there are any exemptions for cyber-related losses – even if you have a standalone cyber insurance policy. An insurer that was left ‘holding the bag’ for covering a ransomware attack under a policy that wasn’t priced to cover cyber losses is incentivized to update that policy language at the soonest opportunity.
- Evaluate Systemic Risk. Here, insurers are being advised to “stress test” their coverage to ensure they would remain solvent while covering potentially “catastrophic” cyber events impacting multiple insureds. If you are a cloud or managed services provider and/or are part of other organizations’ supply chains, you should expect to receive more scrutiny from your insurer on the strength of your cyber security program.
- Rigorously Measure Insured Risk. No surprises here, unless you haven’t been filling out detailed questionnaires about your cyber security program. Expect more scrutiny of your program, and possibly the involvement of auditors to validate your claims. Check your insurance policy to see if investing in a certification program – such as ISO 27001 or HITRUST – might improve your policy premium.
- Educate Insureds and Insurance Providers. This practice states that “insurers should also incentivize the adoption of better cybersecurity measures by pricing policies based on the effectiveness of each insured’s cybersecurity program.” Take advantage of any educational opportunities your provider offers on cybersecurity best practices and improvements. They might be trying to tell you how you can lower risk – and your rates.
- Require Notice to Law Enforcement. While this is a best practice, NYDFS is recommending this be more formally required in the policy language. Involving law enforcement is important when responding to cyber incidents, especially when it comes to investigating the incident and attempting to recover funds. Make sure you involve legal counsel and have a plan for engaging law enforcement in the event of a breach.
Even if your insurer hasn’t received this guidance, they are certainly aware that cyber risk, and the cost of underwriting cyber insurance, continue to increase. With the cyber insurance market estimated to exceed $20 billion by 2025, and the risk that intermediaries – including insurers – can be liable for ransom payments made to entities sanctioned by the Office of Foreign Assets Control, business leaders should expect that their insurers will be more closely scrutinizing their cyber security plans and controls. Rebuilding encrypted systems and restoring from backup, as opposed to paying ransoms, will need to be the first plan of action.
If your organization is still struggling with the decision whether to invest more in IT security and architecture improvements or continue to rely on insurance as your cyber security plan, the guidance in the NYDFS Cyber Insurance Risk Framework merits a closer look.
While cyber insurance can be essential to helping your organization recover from a data breach, it should not take the place of a strong cyber security program. At minimum your cyber security program should include a Cyber Security Plan, Business Continuity and Disaster Recovery Plan and an Incident Response Plan. These plans should be tested, reviewed and updated at least annually, preferably in conjunction with a penetration test and vulnerability assessment from a qualified third party.
As seen on cnbc.com by Lauren Feiner on 2/23/21
- The massive hack into government systems through a software contractor would have remained unknown by the public if not for one company’s decision to be transparent about a breach of its systems, Microsoft President Brad Smith told lawmakers at a hearing Tuesday.
- Smith’s testimony highlights how cybersecurity incidents can potentially go undisclosed.
- He planned to tell lawmakers that private sector companies should be required to be transparent about significant breaches of their systems.
The massive hack into government systems through a software contractor would have remained unknown by the public if not for one company’s decision to be transparent about a breach of its systems, Microsoft President Brad Smith told lawmakers at a hearing Tuesday.
“The fact that we are here today, discussing this attack, dissecting what went wrong, and identifying ways to mitigate future risk, is occurring only because my fellow witness, Kevin Mandia, and his colleagues at FireEye, chose to be open and transparent about what they found in their own systems, and to invite us at Microsoft to work with them to investigate the attack,” Smith told the Senate Select Committee on Intelligence, according to his prepared remarks.
“Without this transparency, we would likely still be unaware of this campaign. In some respect, this is one of the most powerful lessons for all of us. Without this type of transparency, we will fall short in strengthening cybersecurity.”
Smith’s testimony highlights how many cybersecurity incidents can go undisclosed. Smith told lawmakers that private sector companies should be required to be transparent about significant breaches of their systems. He compared the “patchwork” of disclosure requirements in the U.S. to more consistent obligations in places like the European Union.
FireEye disclosed in a regulatory filing in December that it had been hacked by what it believed to be a state-sponsored actor who mainly sought information related to its government customers. The company said the attack was unusually advanced, employing “a novel combination of techniques not witnessed by us or our partners in the past.”
Soon after, Reuters reported that hackers possibly linked to Russia accessed email systems at the U.S. Commerce and Treasury departments through SolarWinds software updates. The Defense Department, State Department and Department of Homeland Security were also affected, The New York Times later reported. Reuters reported, citing sources, that the SolarWinds attack was related to the FireEye incident.
A few days later, Reuters reported that Microsoft was also hacked. U.S. agencies later shared that Russian actors were likely the source of the attack. Smith said in his written testimony that Microsoft does not dispute that assessment while he said, “Microsoft is not able to make a definitive attribution based on the data we have seen.”
Smith told Congress that Microsoft notified 60 customers, mainly in the U.S., that they were compromised in connection to the attack. But he warned lawmakers that there are certainly more victims that have yet to be identified. A White House cybersecurity advisor estimated last week that nine government agencies and roughly 100 private companies were affected by the attack. Smith told Congress that Microsoft identified further government and private sector victims outside the U.S. that were impacted.
Smith proposed that in addition to requiring more disclosures from private companies, government should provide “faster and more comprehensive sharing” with the security community.
“A private sector disclosure obligation will foster greater visibility, which can in turn strengthen a national coordination strategy with the private sector which can increase responsiveness and agility,” Smith said in his written remarks. “The government is in a unique position to facilitate a more comprehensive view and appropriate exchange of indicators of comprise and material facts about an incident.”
But Mandia, FireEye’s CEO, told CNBC’s Eamon Javers in an interview ahead of the hearing Tuesday that disclosure is “a damn complex issue.”
“The reason it’s a complex issue is because of all the liabilities companies face when they go public about a disclosure,” Mandia said. “They have shareholder lawsuits, they have lots of considerations of business impact. You also don’t want to unnecessarily create a lot of fear, uncertainty and doubt.”
Intelligence Committee Chairman Mark Warner, D-Va., said in his opening remarks Tuesday that it may be worth considering greater disclosure requirements, even if it means creating liability protection for companies that follow those disclosure obligations.
As seen on apnews.com by Frank Bajak on 10/29/20
In an alert Wednesday, Oct. 28, 2020, the FBI and other federal agencies warned that cybercriminals are unleashing a wave of data-scrambling extortion attempts against the U.S. healthcare system that could lock up their information systems just as nationwide cases of COVID-19 are spiking. (AP Photo/Jose Luis Magana, File)
BOSTON (AP) — Federal agencies warned that cybercriminals could unleash a wave of data-scrambling extortion attempts against the U.S. health care system, an effort that, if successful, could paralyze hospital information systems just as nationwide cases of COVID-19 are spiking.
In a joint alert Wednesday, the FBI and two federal agencies said they had credible information of “an increased and imminent cybercrime threat” to U.S. hospitals and health care providers. The alert said malicious groups are targeting the sector with attacks aiming for “data theft and disruption of healthcare services.”
The impact of the expected attack wave, however, is difficult to assess.
It involves a particular strain of ransomware, which scrambles a target’s data into gibberish until they pay up. Previous such attacks on health care facilities have impeded care and, in one case in Germany, led to the death of a patient. But such consequences are still rare.
The federal warning itself could help stave off the worst consequences, either by leading hospitals to take additional precautions or by expanding efforts to knock down the systems cybercriminals use to launch such attacks.
The offensive coincides with the U.S. presidential election, although there is no immediate indication the cybercriminals involved are motivated by anything but profit. The federal alert was co-authored by the Department of Homeland Security and the Department of Health and Human Services.
Independent security experts say the ransomware, called Ryuk, has already impacted at least five U.S. hospitals this week and could potentially affect hundreds more. Four health care institutions have been reported hit by ransomware so far this week, three belonging to the St. Lawrence Health System in upstate New York and the Sky Lakes Medical Center in Klamath Falls, Oregon.
Sky Lakes said in an online statement that it had no evidence patient information was compromised and that emergency and urgent care “remain available.” The St. Lawrence system said Thursday that no patient or employee data appeared to have been accessed or compromised. Matthew Denner, the emergency services director for St. Lawrence County, told the Adirondack Daily Enterprise that the hospital owner instructed the county to divert ambulances from two of the affected hospitals for a few hours Tuesday, when the attack occurred. Neither Denner nor the company replied to requests for comment on that report.
Alex Holden, CEO of Hold Security, which has been closely tracking Ryuk for more than a year, said the attack wave could be unprecedented in magnitude for the U.S. In a statement, Charles Carmakal, chief technical officer of the security firm Mandiant, called the cyberthreat the “most significant” the country has ever seen.
The U.S. has seen a plague of ransomware over the past 18 months or so, with major cities from Baltimore to Atlanta hit and local governments and schools walloped especially hard.
In September, a ransomware attack hobbled all 250 U.S. facilities of the hospital chain Universal Health Services, forcing doctors and nurses to rely on paper and pencil for record-keeping and slowing lab work. Employees described chaotic conditions impeding patient care, including mounting emergency room waits and the failure of wireless vital-signs monitoring equipment.
Also in September, the first known fatality related to ransomware occurred in Duesseldorf, Germany, when an IT system failure forced a critically ill patient to be routed to a hospital in another city.
Holden said the Russian-speaking group behind recent attacks was demanding ransoms well above $10 million per target and that criminals involved on the dark web were discussing plans to try to infect more than 400 hospitals, clinics and other medical facilities.
While no one has proven suspected ties between the Russian government and gangs that use the Trickbot platform that distributes Ryuk and other malware, Holden said he has “no doubt that the Russian government is aware of this operation.” Microsoft has been engaged since early October in trying to knock Trickbot offline.
Dmitri Alperovitch, co-founder and former chief technical officer of the cybersecurity firm Crowdstrike, said there are “certainly lot of connections between Russian cyber criminals and the state,” with Kremlin-employed hackers sometimes moonlighting as cyber criminals.
Increasingly, ransomware criminals are stealing data from their targets before encrypting networks, using it for extortion. They often sow the malware weeks before activating it, waiting for moments when they believe they can extract the highest payments, said Brett Callow, an analyst at the cybersecurity firm Emsisoft.
A total of 59 U.S. health care providers or systems have been impacted by ransomware in 2020, disrupting patient care at up to 510 facilities, Callow said.
Hospitals and clinics have been rapidly expanding data collection and adding internet-enabled medical devices, many of which are poorly secured. Hospital administrators, meanwhile, have been slow to update software, encrypt data, train staff in cyber hygiene and recruit security specialists, leaving them vulnerable to cyber-attacks.
And as hospitals respond to the coronavirus crisis, privacy and security protocols fall by the wayside, leaving patients open to identity theft, said Larry Ponemon, a data security expert. “The bad guys smell the problem.”
Associated Press writers Michael Hill in Albany, N.Y., and Marion Renault in New York City contributed to this report.
As seen on: zdnet.com by Danny Palmer on 11/18/20
Over a quarter of organisations which fall victim to ransomware attacks opt to pay the ransom as they feel as if they have no other option than to give into the demands of cyber criminals – and the average ransom amount is now over $1 million.
A Crowdstrike study based on responses from thousands of information security professionals and IT decision makers across the globe found that 27 percent said their organisation had paid the ransom after their network got encrypted with ransomware.
While law enforcement agencies say organisations should never give in and pay the ransom, many businesses justify making the payment because getting the decryption key from the attackers is viewed as the quickest and easiest way to restore the network.
However, not only does paying the bitcoin ransom just encourage ransomware gangs to continue campaigns because they know they’re profitable, there’s also no guarantee that the hackers will actually restore the network in full.
But infecting networks with ransomware is proving to be highly lucrative for cyber criminals, with figures in the report suggesting the average ransom amount paid per attack is $1.1 million.
In addition to the cost of paying the ransom, it’s also likely that an organisation which comes under a ransomware attack will lose revenue because of lost operations during downtime, making falling victim to these campaigns a costly endeavour.
However, falling foul of a ransomware attack does serve as a wakeup call for the majority of victims; over three-quarters or respondents to the survey say that in the wake of a successful ransomware attack, their organisation upgraded its security software and infrastructure in order to reduce the risk of future attacks, while two-thirds made changes to their security staff with the same purpose in mind.
It’s unclear why almost a quarter of those who fall victim to ransomware attacks don’t plan to make any changes to their cybersecurity plans, but by leaving things unchanged, they’re likely putting themselves at risk from falling victim to future attacks.
That’s especially the case during 2020, which has brought additional cybersecurity vulnerabilities to organisations due to the rise of people working from home because of the coronavirus pandemic.
“In a remote working situation the attack surface has increased many times and security cannot be secondary business priority,” said Zeki Turedi, Chief Technology Officer for EMEA at CrowdStrike.
To avoid falling victim to ransomware attacks, it’s recommended that organisations ensure that systems are updated with the latest security patches, something which can prevent cyber criminals taking advantage of known vulnerabilities to deliver ransomware.
It’s also recommended that two-factor authentication is deployed throughout the organisation, so that in the event of criminal hackers breaching the perimeter, it’s harder for them to move laterally around the network and compromise more of it with ransomware or any other form of malware.
As seen on: infosecurity-magazine.com by Sean Michael Kerner on 8/10/20
Like any other IT environment, there are potential cyber-risks to the International Space Station (ISS), though the station is quite literally like no environment on Earth.
In a session on August 9 at the Aerospace Village within the DEFCON virtual security conference, former NASA astronaut Pamela Melroy outlined the cybersecurity lessons learned from human spaceflight and what still remains a risk. Melroy flew on two space shuttle missions during her tenure at NASA and visited ISS. Hurtling high above the Earth, ISS is loaded full of computing systems designed to control the station, conduct experiments and communicate with the ground.
“Space is incredibly important in our daily lives,” Melroy said.
She noted that GPS, weather tracking and communications are reliant on space-based technology. In Melroy’s view, the space industry has had somewhat of a complacent attitude about satellite security, because physical access was basically impossible once the satellite was launched.
“Now we know that our key infrastructure is at risk on the ground as it is in space, from both physical and cyber-threats,” Melroy stated.
The Real Threats to Space Today
Attacks against space-based infrastructure including satellites are not theoretical either.
Melroy noted that the simplest type of attack is a Denial of Service (DoS) which is essentially a signal jamming activity. She added that it already happens now, sometimes inadvertently, that a space-based signal is blocked. There is also a more limited risk that a data transmission could be intercepted and manipulated by an attacker.
What isn’t particularly likely though is some kind of attack where an adversary attempts to direct one satellite to hit another. That said, Melory said that there could be a risk from misconfiguring a control system that would trigger a satellite to overheat or shut down.
How the ISS Secures its Network
During her presentation, Melroy outlined the many different steps that NASA and its international partners have taken to help secure the IT systems on-board ISS.
The entire network by which NASA controllers at Mission Control communicate with ISS is a private network, operated by NASA. Melroy emphasized that the control does not go over the open internet at any point.
There is also a very rigorous verification system for any commands and data communications that are sent from the ground to ISS. Melroy noted that the primary idea behind the verification is not necessarily about malicious hacking, but rather about limiting the risk of a ground controller sending a bad command to space.
“There’s a very rigorous certification process required for controllers in the International Space Station Mission Control Center (MCC) to allow them to send commands to the space station,” she explained. “In addition there are screening protocols both before a message ever leaves MCC going up to the ISS and once it’s on board ISS, to check and make sure that the command will not inadvertently do some damage to the station.”
Using Twitter in Space
ISS also makes use of a highly distributed architecture such that different sets of systems and networks are isolated from one another.
For station operations, Melroy said that astronauts make use of technology known as Portable Computer Systems (PCS) which are essentially remote terminals to send commands to the station’s primary computing units.
There is also a local area network on the station with support computers used for limited internet access including email and social media like Twitter. While the local ISS network has internet access, it is not directly connected to the public internet.
Melroy explained that there is a proxy computer inside the firewall at the Johnson Space Center, in Houston, Texas, that is connected with ISS. As such, the space station support computers talk to the proxy computer, which then goes out onto the public internet.
“Now of course, just like any computer, it’s still subject potentially to malware,” Melory said. “However, the most important thing is that the station support computers in no way shape or form are networked to the actual commanding of the station, they’re completely separate systems and they don’t talk to each other.”
Areas of Concern for Spaceflight Security
While ISS has multiple layers of security, Melroy commented that there are still some areas of concern for spaceflight and space cybersecurity.
For satellites, she noted that the uplink and downlink to most satellites is encrypted, though the data on-board the satellite often is not. Additionally, she expressed concern about ground-based control systems for satellites. Melroy explained that satellite ground systems have the same cybersecurity risks as any enterprise IT system.
“The most serious problem I think we have in space is complacency, many people in space think that their systems are not vulnerable to cyber-attacks,” Melroy said. “We are going to have to figure out how to insert cybersecurity and an awareness of that into the values and the culture of aerospace, all the way from the beginning in design and through to operations.”
As seen on: newsweek.com by Jocelyn Grzeszczak on 8/13/20
A cybersecurity firm has uncovered serious privacy concerns in Amazon’s popular “Alexa” device, leading to questions about its safety.
Check Point, the California- and Israel-based technology company, published a report Thursday detailing “vulnerabilities found on Amazon’s Alexa,” including a hacker’s access to the user’s voice history and personal information, as well as the ability to silently install or remove skills on the user’s account.
“In effect, these exploits could have allowed an attacker to remove/install skills on the targeted victim’s Alexa account, access their voice history and acquire personal information through skill interaction when the user invokes the installed skill,” according to the report. “Successful exploitation would have required just one click on an Amazon link that has been specially crafted by the attacker.”
Developers are continually working on new programs to make the devices even more user-friendly. Just a few weeks ago, for instance, Amazon announced Alexa Conversations was moving into its beta phase, and would now be able to provide an AI-driven element to voice interactions, making conversations flow more naturally.
In its report, Check Point described how an attacker could hack into a user’s Amazon account to compromise their Alexa device, including a breakdown of the code needed to carry out such an action. In one example of how an attack could occur, the user would click on a malicious link provided by the hacker, allowing them to inject their code into the user’s account.
Check Point also detailed how an attacker could get the device’s entire voice history, which could expose banking information, home addresses or phone numbers, as all interactions with the device are recorded.
Virtual assistants provide relatively easy targets for attackers wishing to steal sensitive information or disrupt a user’s smart home device, according to the report. Check Point’s research found a weak spot in Amazon’s security technology, the report stated.
“What we do know is that Alexa had a significant period of time where it was vulnerable to hackers,” Check Point spokesman Ekram Ahmed told Fox News. “Up until Amazon patched, it’s possible that personal and sensitive information was extracted by hackers via Alexa. Check Point does not know the answer to whether that occurred yet or not, or to the degree to which that happened.”
In an emailed statement to Newsweek, an Amazon spokesperson wrote that security of its devices is a top priority for the company.
“We appreciate the work of independent researchers like Check Point who bring potential issues to us. We fixed this issue soon after it was brought to our attention, and we continue to further strengthen our systems,” according to the statement. “We are not aware of any cases of this vulnerability being used against our customers or of any customer information being exposed.”
To ensure Alexa devices are secure, Check Point recommends that users avoid unfamiliar apps, think twice before sharing information with a smart speaker and conduct research on any downloaded apps, a company spokesperson wrote in an email to Newsweek.
Update (08/13/20, 11:52 a.m.): This article has been updated to include responses from Amazon and Check Point.