Hacks, Attacks, and Counters: Cybersecurity News Jan 8, 2018

Welcome back everyone! As per our new weekly tradition, we’ve compiled the top cybersecurity headlines from the weekend and presented our own takeaways and analysis of each. Let’s start the work week off right with a healthy dose of knowledge!

January 5: Florida Health Care Officials Reveal Potential Mass Medical File Exposure

In a press release, officials from Florida’s Agency for Health Care Administration (AHCA) stated that a malicious phishing email attack on November 15 of last year may have led to the exposure of 30,000 Medicaid enrollees’ personal information.

While it is still unclear how much access the hackers behind the attack had to the records or what information the records contained, but an investigation by the Inspector General’s office determined that the exposed information may have included names, dates of birth, addresses, Social Security Numbers, and medical diagnoses.

The AHCA states that their employees are undergoing cybersecurity hygiene training and they have no evidence to believe that the information has been used maliciously.

Takeaway: The healthcare field overall lacks the comprehensive security solutions necessary to protect the valuable records they collect on a daily basis; experts believe this will result in health care being a bountiful target for hackers in 2018. However, this headline also warns against neglecting employee cybersecurity training and forgoing implementing consistent digital hygiene practices at your enterprise. This attack only worked because of a phishing email, which employees can easily be trained to recognize and ignore. As this story shows, even a single employee not following best practices can put thousands if not millions at risk for exposure.

January 5: Antivirus Software Preventing Vital Microsoft Vulnerability Patch

Antivirus programs may be preventing the deployment of a necessary Microsoft Windows’ patch for the Intel microprocessor vulnerability, nicknamed Meltdown and Spectre. As previously reported, these holes affect almost all modern CPUs.  

Microsoft announced on January 3 that it will not deliver patches to users with third-party antivirus programs unless the programs are confirmed to be compatible.  Incompatible antivirus programs can result in serious memory issues resulting in blue screen of death errors. According to Microsoft, third party antivirus programs need to support the update and set a Windows registry key for customers to receive the updates before they will initiate the update.

As of time of writing, only some companies are doing both, with a few not even completing the compatibility testing. Microsoft reportedly released the patch earlier than many companies expected, which may explain the delay.

Takeaway: Besides confirming that the shockwaves from the reveal of the Intel security vulnerability continue to resonate, this does speak to the necessity of compatibility between solutions and operating systems and for solutions to be properly updating themselves. A solution must adapt to changes in the security landscape quickly; delays always favor hackers. But the speed at which the patch was deployed may provoke worry about how secure it is in fixing the security hole. Vigilance as always will be rewarded.  

January 7:  Hackers Targeting South Korean Winter Olympics

Organizations associated with the South Korean Winter Olympics, which will begin February 9 in Pyeongchang, are being targeted by malware campaigns well in advance of the games. Experts believe that the hackers are working on behalf of a nation-state, with Russia, North Korea, and China as the most likely suspects; no evidence to implicate any nation-state has yet been uncovered.  

The campaign appears to have begun in earnest in late December 2017 via a phishing email campaign using disguised (“spoofed” in InfoSec jargon) messages supposedly from South Korea’s National Counter-Terrorism Center. These messages contained Word Documents that, if opened, would give hackers free reign on the user’s computers.  The initial attacks have been traced to Singapore. The hackers’ seem to be primarily interested in reconnaissance as of time of writing. McAfee is investigating the issue.

Takeaway: Another headline about phishing from the weekend. South Korea is allegedly earmarking $1.3 million for cybersecurity protection, but that will prove meaningless without good employee training to help them avoid common hacking and phishing tactics. Insider threats do not have to be malicious to be damaging. All it takes is one employee failing to recognize a spoofed email or to blindly trust an email without questioning it to put your organization and potentially millions of others in jeopardy of identity theft, blackmail, or outright robbery. Training preemptively, and encouraging vigilance, are vital parts of the modern security landscape.

Additionally, the nature of this attack classifies it as a malwareless attack, which has proven much more difficult to prevent, detect, and remove by traditional antimalware. These attacks are projected to increase over time as their success becomes more and more evident.