US-CERT Warns of Ebola Phishing Scam

Cynthia Goldsmith This colorized transmission electron micrograph (TEM) revealed some of the ultrastructural morphology displayed by an Ebola virus virion. See PHIL 1832 for a black and white version of this image. Where is Ebola virus found in nature?The exact origin, locations, and natural habitat (known as the "natural reservoir") of Ebola virus remain unknown. However, on the basis of available evidence and the nature of similar viruses, researchers believe that the virus is zoonotic (animal-borne) and is normally maintained in an animal host that is native to the African continent. A similar host is probably associated with Ebola-Reston which was isolated from infected cynomolgous monkeys that were imported to the United States and Italy from the Philippines. The virus is not known to be native to other continents, such as North America.

Scammers are capitalizing on the Ebola virus scare by sending out phishing email messages with attachments that contain malware or links to bogus websites that direct victims to enter login credentials.

Using emotion and current events to get people to click on bad links is the basis of most, if not all, types of hacking. This week hackers from the “Sandworm Team”targeted NATO servers during the summit held in Wales on the crisis in Ukraine using spear-phishing to exploit a bug in Windows. It is believed that the hackers originate from Russia and their motives are not only to make a political statement and to intimidate, but to steal trade secrets.

A study in June by the Center for Strategic and International Studies put the cost of hacking to consumers and companies between $375 and $575 billion globally.

US-CERT website recommends the following:

EdgeWave’s EPIC2 Military Grade team of engineers and analysts work 24/7 to prevent phishing scams and web attacks from interfering with business operations of over 6,000 companies. This week alone, over 8 million threats were prevented by EPIC2. Visit www.EdgeWave.com or call 1-800-782-3762 to speak with a cyber security professional.

New Email Scam Campaigns Discovered by EdgeWave in October 2014

scam_alert_big

The EdgeWave EPIC2 Cyber Operations Group has detected several email scam campaigns of note in October 2014.

Registering over 8 million catches, EdgeWave found penny stock advertisements at the top of the list for subject matter. These emails can contain malicious links as well as an opportunity for pump-and-dump stock scams.  Pump-and-dump schemes are fraudulent stock deals where small cap stocks are manipulated and investors are urged to make a purchase before the price goes up. This is another variation on the get-rich-quick scheme: think Wolf of Wall Street. The lesson, as always, is to never trust stock advice from an unsolicited message, especially when it is giving you a specific stock as a “strong buy”.

Closely behind, over 7.5 million official looking emails try to lure recipients into clicking on bad links with notices from “courts”.

EdgeWave also continues to note large campaigns for dating sites coming from Russian domains.  “These sites have historically been linked to cyber-criminal activity and malware,” said Tom Chapman, Cyber Operation Group Director.

EdgeWave prevented 1.7 million hits for knock-off Coach Bags. Offers for luxury items such as handbags and watches are common types of spam. “We’ve been seeing a lot of this — in multiple languages — in the past month or two, and it’s not slowing down,” Chapman said.

Threat awareness in all companies and organizations is critical to maintaining a secure network; but humans make mistakes. The bad guys depend on that. EdgeWave EPIC2 advanced threat defense is a unique combination of human and automated review, providing the most accurate threat detection to prevent inappropriate email from landing in employee mailboxes in the first place. Learn how to put EdgeWave EPIC2 to work securing your email with EdgeWave ePrism Email Security. 

Tom Chapman is a retired Naval Intelligence Officer specializing in cyber warfare.  Before coming to EdgeWave, he established and directed the Cyber Analysis Cell supporting the U.S. Navy Fleet Commands responsible for protecting 400,000 personnel, 300 ships and 4,000 aircraft from cyber-attacks.

Defense Update by Brad Graves

San Diego Business JournalSan Diego Business Journal
Published Online October 3, 2014, in Print October 6, 2014

Another Sort of Training: The experience of being in the military has all sorts of parallels in the commercial world. Ask Mike Walls, a Norfolk, Va., resident who spends part of his time in San Diego with locally based EdgeWave. The business provides cyber security to small and midsized businesses, including those in the education, health careand commercial sectors.

Walls was a pilot who worked in cyber defense late in his 28-year U.S. Navy career. During his last assignment, he found himself actually battling intruders in cyberspace. It was an intense experience, and a new one. Walls said the Navy was the first service to conduct a named operation in cyberspace — something along the lines of Operation Iraqi Freedom in the kinetic world. He declined to give other details, including the identity of the other players. “It’s not just going after organized criminals or a couple hackers,” he said. “It was a significant threat.”

Walls, who retired with the rank of captain, concluded his Navy career with a job in 10th Fleet, an organization that has a unique spot in Navy lore. The Navy set up 10th Fleet in World War II to deal with anti-submarine warfare, then deactivated it at war’s end. It was reactivated in 2010 to deal with cyber warfare.

When he was ready to go into civilian life, Walls said his wife made a request; she preferred that he not settle into a career as an airline pilot. That was fine, Walls recalled, because he had grown to like the cyber security aspect of his last command. He had even become passionate about it.

During his transition out of the military, Walls checked in with Dave Maquera, who had been his stateroom mate and squadron mate on the aircraft carrier USS John F. Kennedy during the days when both flew A-6E Intruder aircraft. Maquera had gone on to become CEO of a San Diego company called EdgeWave.

They spoke of fighting and maneuvering on the network, and Walls recalled Maquera finally saying, “Hey, why don’t you come aboard?”

Walls did that in June. His title is now managing director of cyber security operations and analysis.

These days, Walls employs many lessons from his military training, including staying ahead of the enemy in the decision-making process. The concept of the OODA loop — the process of observe, orient, decide and act — is key. OODA was originally an Air Force concept, but it has since made its way into the civilian world, notably into business school curriculum. It’s a good concept to use in cyberspace, Walls said; “Your decision-making can’t be reckless, but it has to be deliberate and timely.”

Though it serves commercial customers, EdgeWave touts “military grade” products in its current advertising. The business, formerly known as St. Bernard Software, is taking on more Navy retirees, recently hiring Tom Chapman, a former intelligence officer. It’s probably not EdgeWave’s last military hire.

Technical Security is Physical Security

social-media-security-2

 

 

 

 

 

 

 

 

 

The U.S. intelligence community is warning military personnel about the risks associated with using social media because there is evidence that ISIL is using sites like Facebook and Twitter to target and threaten military members and their families. ISIL is the State Department’s preferred designation for the al-Qaeda linked Islamic terror group, referred to as ISIS by the media.

Service members are responding to the guidance by minimizing the personal information they post on social media, and by controlling who can view their profiles. Some have deleted their accounts, including an Air Force pilot and his son, who were directly threatened by the terrorist group.

In spite of all of the news related to personal information breaches, many Americans still don’t realize that using social media is a primary information source for anyone with nefarious intent. For example, location services on our smartphones enable applications to identify our geographic location. Ask yourself if you want your latitude and longitude embedded in the photos you post on Facebook while on vacation. If I’m a criminal, or worse, I can use open source software tools to extract the geo-coordinates and time stamp from your photos, confirming that you are not in your house…your house is now a potential target for me to rob.

Social media sites are also platforms commonly used by bad actors to spread malware through bad links and malicious advertising, or “malvertising.” Always remember that those free social media sites aren’t providing services because they are altruistic, hoping to bring the people together through a warm and welcoming online global community (am I being cynical?). Most social media sites make their money through advertising, and they are using your personal information to feed the advertising firms.

As a former military officer, I am sensitive to the risks associated with social media. While I was serving on active duty, we focused on operations security and trained our teams to understand that anything posted on Facebook, Twitter or other sites is potential information that terrorists and adversaries can use to build a picture of how and where military units are operating. We’ve already addressed how the Department of Defense is responding to the risks to service members and their families associated with using social media. The point is that you don’t have to be in the military or associated with the military to become a victim.

The reality is that recommendations for military families apply to ALL of us. Take time to review your profiles on all of your social networking sites. Limit your exposure by not allowing strangers to view your personal information and pictures. I have referenced a couple of links that may be helpful. Finally, we all know someone who is serving, or has served in the military…keep an eye out for them and report any suspicious activity to civil authorities.

Comments and questions for Mike Walls are welcome: blog@edgewave.com


Mike Walls is Managing Director, Security and Operations and Analysis at EdgeWave. While on Active Duty in the U.S. Navy, Mike served as Commander Task Force 1030 reporting directly to the Navy’s Fleet Cyber Command, and was responsible for Cyber readiness of over 400,000 people, 300 ships, and 4,000 aircraft.

Healthcare Technology Cybersecurity: A Growing Concern

healthcare cybersecurity

 

 

 

 

 

 

 

 

 

Last week the FDA published new guidelines for medical device security, requiring manufacturers of medical assets to provide proof they are designing and developing new devices with built-in security features that will protect against intrusion.

For the future, this will be very beneficial to administrators, practitioners and patients. But what about that brand new state-of-the-art radiation oncology center that was just built at a cost $50 million? Or the new $1.2 million networked MRI machine? We were hoping we wouldn’t have to upgrade so soon, right? The reality is that we will be patching for years to come.

The vulnerability of thousands of devices used in healthcare to Shell Shock and other threats is alarming. Most IP-enabled machines used in healthcare run on Windows or Linux, and have not been protected in any way. A denial of service attack on a hospital’s network could freeze bedside monitors and other networked operation-critical machines.

The fact is that the healthcare industry has not kept pace managing its technology in a secure fashion. According to the Ponemon September 2014 Breach report, 94% of healthcare organizations have had a breach involving one or more records. The Washington Post reported recently that healthcare data breaches have hit more than 30 million patients.

Determined adversaries don’t have to go very far to find a weakness to exploit: technicians share MRI results with physicians using unsecured phones or tablets; PHI and pharmacy instructions go back and forth between provider office databases; networked medication delivery devices and life support systems are connected to each other by a flawed operating system.

No one would argue that connected medical devices and personnel have increased the quality and efficiency of patient care. Yet few of these patient care devices have been completely protected against compromise by someone within the organization or from outside threats.

Protecting PHI and the flow of information to provide high-quality service is critical in healthcare. Data encryption and end-point security is available and easily deployed immediately with EdgeWave’s Military-Grade cyber security system. Download your free cyber security kit at www.edgewave.com, or speak to someone about a complimentary assessment of your security needs at 1-800-782-3762.