Friday Five: 3/24 Edition
Happy Friday! Here is our weekly roundup of popular cyber security news that you may have missed.
For 2016, Beazley, a provider of data breach response insurance predicts a 250% increase on ransomware attacks, according to their new Beazley Breach Insights 2016 report. They also found that hacking and malware breaches doubled in frequency over the past year. The report found that healthcare, financial services, and higher education sectors are highly vulnerable to hackers, due to medical records, identity theft, and other crimes. According to Paul Nikhinson, a privacy breach response service manager for BBR services, a medical record is worth 16 times more than a credit card record. Read the full article for more on Beazley's findings.
Google, Microsoft, Yahoo, Comcast, LinkedIn, and 1&1 Mail & Media Development and Technology have created a new mechanism that will allow providers to define the policies and rules for establishing encrypted email communication. While the protocol is currently in draft mode, it has been submitted to the Internet Engineering Task Force (IETF) for approval. Current email servers allow for opportunistic encryption, which means that connections are vulnerable to man in the middle attacks. By presenting the email sender with any certificate that is then accepted and allows for traffic to be decrypted, a hacker can easily intercept traffic. Additionally, the encryption can be removed entirely in an encryption downgrade attack. Read to learn what security changes the proposed protocol will bring about.
On Monday the Justice Department announced it might no longer need Apple’s assistance to unlock the iPhone used by San Bernardino’s gunman. As a result, a judge postponed the court hearing over the issue. In a new court filing the government said an outside party had demonstrated a way for the FBI to unlock the phone, thereby eliminating the need for Apple’s assistance in unlocking the device. The case is being viewed as a watershed moment in the debate over privacy and security. Read the full article for the latest in the FBI vs. Apple story.
U.S. Cyber Command Chief Admiral Michael Rogers presented his goal in Washington last week to set up an outpost of CYBERCOM in Boston. This would be only the second satellite location that would function as its own while also tapping into local companies’ technology. Some of the agency’s goals include defending the U.S. against other countries’ cyber-attacks while supporting combatant commanders. For more on the new CYBERCOM outpost, read the article.
Methodist Hospital in Henderson Kentucky, Southern California’s Chino Valley Medical Center, and Desert Valley Hospital, are all part of an increasing number of ransomware attacks on hospitals in the past few months. The Methodist Hospital had to declare a state of internal emergency while trying to gain access to encrypted files and emails. Jamie Reid, the hospital’s information system director stated that the malware used was “Locky,” from ransomware earlier this year. Spreading throughout the internal network upon initially infecting a system, the hospital had to turn off all devices and power them up one by one. It has not been determined whether the hospital paid the $1,600 ransom to attackers. The latest attacks are part of a larger trend of ransomware attacks on hospitals in the past few months, and is predicted to only increase in the future. Read the rest of the article to find out why hospitals are becoming such an easy target of cyber attacks.