What can we learn from the Okta breach?

Okta has recently admitted to making a mistake by delaying the disclosure of a hack that occurred in January. Okta says that in January the company believed this was an unsuccessful account takeover by Lapsus$ data extortion group, targeting a Sitel engineer that required no further action. This “attempt” impacted 366, 2.5% of Okta’s customers. This was an issue of Incident Response gone bad. The cause was a hacker obtaining Remote Desktop Protocol access to a Sitel employee’s laptop.

Another similar incident is the Blackbaud hack in 2022, where the company identified a months-long ransomware attack, paid an undisclosed ransom, and the hacker had already compromised the data of over 120 organizations. The company faced criticism for downplaying the incident and waiting weeks to disclose information related to the attack.

Events like these highlight the importance of having strong Incident Response plans in place, including plans on communication in the event of an event, as well as testing and practicing these procedures before an incident occurs. Take this as a lesson and keep your company and your clients secure, by doing the necessary preparation, properly investigating if you notice anything suspicious, and having cyber insurance in place before an incident occurs.

Ukraine is changing the way we need to think about cybersecurity.

Ukraine is changing the way we need to think about cybersecurity.

CISA (The Cybersecurity and Infrastructure Security Agency) is warning organizations that Russia’s invasion of Ukraine could include malicious cyber activity against the U.S. and stated that “evolving intelligence indicates that the Russian Government is exploring options for potential cyberattacks”.  CISA asks that organizations report any malicious cyber activity. Additionally, during this time, every organization should adopt a heightened cybersecurity posture to be prepared to respond in the event of a cyber incident.

CISA provides recommended actions and resources to reduce the likelihood of a cyber intrusion, quickly detect a potential intrusion and ensure the organization is prepared in the event of an incident. These actions include but are not limited to:

  • Require MFA for all remote, privileged, or administrative access to the organization’s network.
  • Ensure all software is up to date (prioritizing known exploited vulnerabilities identified by CISA).
  • Disable all ports and protocols that are not essential to the business.
  • Confirm the organization is protected by antivirus/anti-malware software and update signatures in the tools.
  • Routinely test backup procedures and have an incident response plan in place.
  • Conduct employee awareness training to educate all personnel on how to prevent and spot a cyber-attack and improve your organization’s overall digital wellness.
  • Do not click any links that seems suspicious.

If you have been neglecting your digital hygiene, now is the time to get back on track, CISA advises organizations to plan for the worst-case scenario. Reference the recommended actions and materials provided by CISA and keep your organization educated and up to date on the potential risks and the importance of digital hygiene at this time.

The Importance of Cybersecurity in the Healthcare Industry

The healthcare industry has been digitally transforming over the past few years, especially due to the global pandemic. With this increase in technology comes an increase in risk and greater difficulty protecting patient privacy. Healthcare providers already have many crucial components to manage such as patient privacy and care, as well as the numerous compliances and regulations. Now that cyber-attacks are on the rise, healthcare providers are also working to keep their data and systems secure, but cybercriminals are taking advantage of this busy time.

Cybersecurity is a bit different and more complicated when it comes to healthcare and medical data. There are more digital systems than we typically realize. Patients fill their prescriptions and schedule appointments online. Not to mention heating, ventilation, air conditioning, infusion pumps, and many other systems that can be compromised by cybercriminals. The impact of a ransomware attack on healthcare data will be a much larger than most other industries because the data is extremely sensitive, and lives depend on it.  

According to Deloitte experts, the primary concerns for the healthcare industry are phishing, man-in-the-middle attacks, attacks on network vulnerabilities, and ransomware. To combat these types of attacks, clinics need to incorporate employee cybersecurity training, so that employees are educated on digital hygiene and know how to spot a threat. Clinics should also focus on data usage control, by monitoring, blocking, and logging any malicious activity, as well as implementing strict access rights (based on least privilege). Additionally, with mobile phones, apps, and other devices being more commonly used by administrative personnel, it is crucial to monitor any remote devices and disable any nonessential accounts. Businesses in any industry should be incorporating MFA, regular backups, and regularly updating software.  

The healthcare industry is growing rapidly, and so are cyber threats. If clinics can execute these security measures and keep up with them, they will be in a much better place to withstand any threat that arises and keep their data and patients secure.    

How Phishing is Leveraging Social Media

How Phishing is Leveraging Social Media

Social media platforms like LinkedIn, Twitter, and Facebook, as well as simple text messages have become a popular vector for phishing attacks. As phishers step up their scams, organizations need to keep their employees informed on how to spot them.

LinkedIn

LinkedIn is widely considered a trusted domain. This means that any malicious emails that are leveraging LinkedIn most likely will not get blocked by your anti-spam and malware filters. The “redirect” feature for business on LinkedIn that allows you to track ad campaign performance can also unfortunately be used by hackers to redirect users to phishing scams. If you are unsure whether a message is legitimate or not, take a pause and do your own research on the site or service in question.

Twitter

You may have heard of the July 15th Twitter hack that compromised high-profile, verified Twitter accounts. This phishing attack sent out fake tweets with links to a phishing site designed to steal cryptocurrency. Although people were scammed out of money, it could have been much worse, and information could have easily been stolen. If this type of scam can happen to celebrities, political leaders, and large corporations, it can happen to anyone.

Facebook

Earlier this year, Facebook users were warned of phishing campaigns disguised as Messenger chats. When it comes to Facebook, if you are getting unprompted messages from friends or people you know, asking you to click a link or provide any information, just ignore it. If you think it may be legitimate or important, reach out to that person with another means of communication and ask them to be sure.

SMS

As if social media scams aren’t bad enough, mobile phishing scams are becoming more popular than ever. With all the buttons and ads that pop up on your phone, it can be easy to let your guard down when it comes to mobile phishing scams. Then there is SMS phishing, which can install malware on your device and significantly control your device functionality. If you receive a suspicious text message, do not open it, and absolutely do not click on any links.

All it takes is one click for a hacker to compromise your device. Mobile security should be a top priority for any organization. With more employees using mobile devices for work and having their social media apps such as LinkedIn on their phones, organizations need to step up their anti-phishing capabilities to keep users secure no matter what device they are working from. Organizations should be including regular security awareness training to help employees understand these threats and how they target individuals and businesses. Phishing can come from any source, and you need to be suspicious of any and every suspicious message or link you come across.

Log4j: FTC Warns Organizations they may face Legal Action

The Federal Trade Commission (FTC) released an alert, warning companies that they may face legal penalties if they aren’t taking the proper steps to mitigate Log4j vulnerabilities to protect consumer information. Earlier this month, FTC officials said there is a “severe risk” to consumer products, software, and applications caused by a vulnerability in the Java logging package. This vulnerability is being exploited by hackers and it is critical that vendors who rely on Log4j take the proper precautions to reduce their likelihood of an attack.

An example of this is the Equifax breach, which was caused by failing to patch a known vulnerability. Because of this vulnerability, the personal information of 147 million consumers was left exposed. Equifax paid $700 million to settle actions taken by the FTC. The FTC intends to pursue any companies that fail to take steps to protect consumer data from exposures caused by Log4j, or similar vulnerabilities that may occur in the future.

The FTC advises companies to keep your Log4j software package updated to the most recent version, and reference Log4j Vulnerability Guidance provided by CISA. This FTC alert is a wake-up call to many companies that cyber threats are evolving, and so are security requirements and legal actions that will be taken if they do not take the proper steps to protect consumer information.