Maximus specialises in providing services for the US healthcare industry, specifically Medicaid, Medicare, health care reform, welfare-to-work and student loan servicing.

The company declared the incident to the U.S. Securities and Exchange Commission after becoming aware it had been impacted by the initial MOVEit vulnerability attack that has plagued organisations around the world. At present, it is unclear as to who the victims are or where they are from because Maximus also provides services outside the US, to countries such as Australia, Canada and the UK.

With the Clop ransomware group being attributed with the attack, Maximus joins a seemingly growing list of high-profiled companies that have been affected, which includes: the US Department of Energy, Shell, the BBC, British Airways and the University of Georgia.

We reached out to industry experts to gather their thoughts on this attack:

Elliott Wilkes, chief technology officer at Advanced Cyber Defence Systems:

“If ever there was an example of why you need to closely monitor and continuously evaluate the security of your suppliers and supply chain, look no further than the MOVEit vulnerabilities that were disclosed in June of this year. While the company behind MOVEit file transfer technology has released patches for the two zero-day vulnerabilities that were discovered in June, many large organisations aren’t very nimble when it comes to patching systems, even when critical vulnerabilities are exposed like this. This is perhaps the largest breach of this calendar year, but due to the challenge organisations have with patching their vulnerable systems in a timely manner, this won’t be the last breach due to MOVEit we hear about.

What’s interesting is that the company behind the MOVEit software appears to have all of its compliance-driven security checks and protocols in place, things like PCI-DSS and HIPAA, requirements to manage credit card and health PII, respectively. It is clear that these compliance frameworks are simply the starting point for security posture. Organisations that manage large swaths of customer data and sensitive personal information must perform regular and continuous audits of their systems, checking their configurations and versions for vulnerabilities. It is important to use multiple methods and vendors to perform rigorous security testing of your internal systems as well as the products you deliver to customers. This includes penetration testing but also establishing internal teams to perform continuous validation of your security. These can be enhanced with bug bounty programs that use monetary incentives to get ethical security researchers to test your systems. I’ve seen a fair number of SQL-injection vulnerabilities (like this one in MOVEit file transfer system) caught by ethical hackers working on bug bounties for key systems in the US government and beyond. This class of vulnerability is certainly not beyond the scope of regular programmes and security tools that have emerged in the past decade.”

Erfan Shadabi, cybersecurity expert at comforte AG: 

“A breach in the healthcare sector is highly damaging due to the sensitive nature of the data involved. It exposes some of the most private personal and medical information of an already vulnerable section of the population, leading to identity theft, medical fraud, and financial losses for individuals and organizations. Such incidents erode trust, impact patient safety, and incur heavy legal and regulatory consequences. Organizations, especially in the healthcare sector,  should prioritize data-centric security measures. By adopting robust data-centric security strategies, organizations can protect sensitive information at its core, mitigating the impact of potential breaches. Encrypted data, strict access controls, and continuous monitoring are essential components to safeguard personal and healthcare data effectively.”

Ray Kelly, fellow at the Synopsys Software Integrity Group:

“This massive exploit of the MOVEit vulnerability is yet another demonstration of the importance of securing the software supply chain when it comes to data privacy. The key takeaway for business leaders is clear—just a single vulnerability in one piece of a third-party vendors’ software can lead to the compromise and exposure of personally identifiable information across every organization that vendor services. Organizations should ensure that any third-party vendor performs regular security assessments across their entire portfolio and infrastructure, and also meets compliance policy standards such as GDPR and SOX. Unfortunately, adopting these practices is not a silver bullet and does not ensure your organization’s protection against a future ransomware attack via the software supply chain.”

The post MOVEit latest: US Government services provider Maximus hit appeared first on IT Security Guru.

A malicious individual then gained unauthorised access to the agent’s support queue, exposing user email addresses, Discord support messages and attachments sent via the ticket system.

Discord – which has a user base of over 150 million monthly active users – has deactivated the compromised account and undertaken security checks on the agent’s machine, including malware scans.

The social media platform has collaborated with the third-party partner and has ensured security measures have been put in place, so such an incident is avoided going forward.

Discord has contacted users warning them to remain vigilant of any unusual activity regarding accounts including phishing or fraud attempts.

Commenting on the news and offering insight are the following cybersecurity experts:

Jamie Boote, associate principal consultant at the Synopsys Software Integrity Group, said “Companies need to take a top-down approach to protecting their data. It starts with policy and standards that classify all types of data the company would expect to create, collect, store, or generate. Once these data classification standards are in place, companies then need to catalogue where all sensitive or privacy data is collected, handled, or stored into an inventory. You can’t protect something if you don’t know where or what it is.

Alex Archondakis, Head of Professional Services at Pentest People, comments; “Organisations often focus security resources on their own internal and external assets, however, this attack proves that your security is only as good as the weakest link in your supply chain. Every level of the supply chain should be analysed to understand what type of data or access can be acquired from exploiting it. The company chosen for each section should be researched to ensure that they perform regular penetration tests against their systems and hold relevant cyber security certificates such as Cyber Essentials Plus. In the case of third parties storing your sensitive data, one should ensure that anyone with access to it has been through relevant vetting procedures.”

Chris Hauk, Consumer Privacy Advocate at Pixel Privacy said, “The growing popularity of Discord, especially among gamers, makes it an increasingly attractive target for the bad actors of the world. Discord users must remain alert for any phishing emails using the email addresses gleaned in the data breach.”

Paul Bischoff, Consumer Privacy Advocate at Comparitech added, “Scammers might personalise their messages using data from the breach to make them more convincing. Never click on links or attachments in unsolicited messages!”

The post Discord Suffers Data Breach Through Compromised Third Party appeared first on IT Security Guru.

Read Full Story 

ORIGINAL SOURCE: The Sun

The post Snapchat Phishing Scam: 55,000 users Compromised appeared first on IT Security Guru.

The cybersecurity industry tends to focus its attention on what to do after a breach or a hack occurs. After all, this is the topic of discussion for the media, or an organisations’ partners and customers. “What does the victim do now?” But shouldn’t we at least be as interested, if not more so, in what the organisation should be doing before a breach ever occurs? This is how we’ve come up with the term, staying left of the breach – meaning before it takes place.

It’s pretty much commonly agreed upon within the industry that data breaches are inevitable. It won’t be long before the media outlets give us another Equifax, Three, Deloitte or Wonga (to name but a few) – and demonstrate the potential irreversible damage the breach may have on said organisation.

As the stories of these breaches emerge, we continue to see organisations remaining right of breach for far too long; that is, in pure reactive mode. Panicking and scrambling to collect information that may no longer exist – often days, weeks, or even months after the breach occurred. So, what exactly does this look like in practice?

Living right of breach

The first step to understanding the difference is learning what to expect if you choose to remain right of breach…

A sense of panic and dread

It’s only natural upon learning that your organisation has been breached that a sense of dread will begin to fall over any business leader.  There is a correct way to react, but because you’re living “right of breach”, you begin to panic and scramble for answers. What resources or assets have been compromised? And, very often you can’t find the data you need to inform legal counsel and senior executive decisions due to inadequate incident preparation. Combine the lack of planning with a lack of experience and the overwhelming requirement to report to compliance and regulatory bodies, and the result is pandemonium.

The end result is that a breach becomes wildly expensive for any organisation – not just in terms of litigation – but in terms of brand reputation, to which it can have a devastating effect for even the largest of conglomerates.

Regulations and notifications

Depending on where your organisation is based, you will be held accountable to any number of compliance requirements and regulation bodies. One such regulation that centres around breach notification is the EU’s General Data Protection Regulation (GDPR). Organisations whose business operations are predominately based within the European Union (EU) have had no choice but to pay attention to the regulation once it comes into effect in May of 2018. After all, if they choose to ignore it, they could face significant fines for noncompliance. These fines are the greater of €20 million or 4% of the organisation’s global gross revenue. The time and money spent having to comply is surely the preferable option for organisations operating within the EU.

To the left, to the left

Now that we understand a little more about the costs of being breached, let’s turn our attention to the benefits of staying in that ideal left of breach posture, and some ways to remain there.

Plan for the worst, hope for the best

If you plan for incidents to occur, if you run your organisation “left of breach”, you can budget for the costs of planning and implementing your security strategy. Yes, there are one-time start-up costs and annual upkeep or maintenance costs, but all of these will become part of budget planning, and hence, the annual financial planning process.

By taking this approach, you can detect breaches much earlier in the threat lifecycle, which removes a great deal of the costs resulting from a breach. Through early detection and remediation, you avoid the costs of notification and the legal fees for subsequent lawsuits.

More importantly, if you’re only responding to a breach many months after the fact, it can very hard to say definitively what data was compromised. Detecting and halting the breach before the attacker can access sensitive data means you won’t have to deal with notification costs.

Why early detection is the way forward

When you build your infrastructure with visibility in mind, you naturally learn a fair bit about what’s going on inside your virtual walls. You begin seeing a great deal of the activity that’s occurring on your systems, both long-running and short-lived processes. As you begin monitoring your systems, even the most basic filters for process activity will illustrate suspicious activity.

This sort of visibility, particularly when coupled with system hardening and audit configuration, inherently leads you to understand and detect suspicious activity, as well as outright breaches, much earlier in the threat lifecycle. Rather than learning from an external third party that you’ve been breached, you detect the breach before the attacker can access sensitive data.  As such, you can then state definitively that sensitive data was not accessed in your report to your compliance oversight body.

Endpoint visibility and monitoring tools allow organisations to detect the presence of malicious actors much sooner within the breach cycle. This then allows security teams to identify their entry point and respond with a planned approach before they develop a foothold within the IT infrastructure.

Getting to the left of breach

Getting left of breach means configuring your systems appropriately for your infrastructure and then utilise them for visibility.

When I say configuring your systems, ask yourself questions like:

• Why is our DNS or DHCP server running a web server and Terminal Services?
• Should both of those be accessible from the internet?
• Are our systems configured to provide only the necessary and defined services, and are those systems and services patched appropriately?

The purpose of system configuration is to reduce your potential attack surface, making it harder for cybercriminal to gain access to systems by forcing them to change the methods they use to attack your organisation.

Enabling endpoint visibility and monitoring the information collected allows your organisations to capture a complete record of an adversary’s access to your network.  The appropriate application of threat intelligence allows you to filter through the vast amount of “normal” activity within your infrastructure that is indicative of day-to-day business, and alert on activity associated with dedicated adversaries. This process then gives you the ability to quickly filter through massive amounts of data to focus on just those relevant activities. The same is true for insider threats as well as a wide range of security issues.

It comes down to the saying “An ounce of prevention is worth a pound of cure.” Of course, you can justify spending large sums of money and time by waiting for a breach to occur. Once that happens, what choice do you have? Isn’t it better to take the time, money, and energy to focus on staying “left of breach”, rather than suffering from the enormous costs (financial, legal, brand) associated with being “right of breach”? Chances are your stakeholders and investors will thank you in the long run when your organisation is breached.

The post Learning to live left of breach appeared first on IT Security Guru.

View Full Story 

ORIGINAL SOURCE: IB Times

The post Turla Targets Post Soviet States appeared first on IT Security Guru.

Reports demonstrate a marked technique shift by attackers who favor obfuscation techniques that evade standard perimeter controls. The data, collected from eSentire’s best-in-class threat monitoring technologies, spans thousands of private and public cloud sources across the company’s 600+ client base, and includes primarily mid-sized businesses in the finance, legal, healthcare, technology, and insurance industries.

“It’s not that businesses don’t need prevention technologies, rather, you need to be able to detect when those technologies are being bypassed and intervene immediately,” said J.Paul Haynes, eSentire CEO.

In its 2017 Market Guide for Managed Detection and Response Services, Gartner states that: “Organizations are looking to improve real-time threat detection and incident response capabilities; however, they often struggle to invest limited resources in the required people, processes and technology. Managed detection and response improves threat detection monitoring and incident response capabilities via a turnkey approach to detecting threats that have bypassed other controls.”¹

“Last year’s monster breaches, like WannaCry, affected countless mid-sized businesses, and since those attacks, we’ve seen a steady rise in organizations proactively seeking measures to safe-guard against similar attacks,” said Haynes. “Mid-sized enterprises have similar cyber risk profiles to large enterprises, yet a fraction of the budget to invest in detection and responses capabilities.”

MDR is the fastest growing segment in cybersecurity as firms of all sizes struggle to acquire and retain the threat hunting skills, advanced cyber technologies, and threat intelligence processes to continuously anticipate the next move the ‘school of fish’ is making.

“This new data supports an existential problem when it comes to defending against threats,” said Haynes. “Early breach indicators are measured in minutes and hours, and countermeasures need to be deployed in near real-time. In our world, it is not the 200+ days to detect which you read in the headlines, it’s now!”

As the largest pure-play MDR provider, eSentire saw significant market expansion in 2017, with in excess of 60% year-over-year revenue growth. Today, the company maintains a 97% customer retention rate.

“At the end of the day, while the volume of attacks continues to rise, combining endpoint, network, and threat intelligence data equips eSentire’s threat hunters with the richest possible data allowing faster decision making, investigations, and the ability to disrupt attacks,” said Haynes. “Ultimately, businesses need to avoid greater financial losses and need more than traditional prevention technologies to achieve that.”

About eSentire:
eSentire® is the largest pure-play Managed Detection and Response (MDR) service provider, keeping organizations safe from constantly evolving cyber-attacks that technology alone cannot prevent. Its 24×7 Security Operations Center (SOC), staffed by elite security analysts, hunts, investigates, and responds in real-time to known and unknown threats before they become business disrupting events. Protecting more than $5 trillion in corporate assets, eSentire absorbs the complexity of cybersecurity, delivering enterprise-grade protection and the ability to comply with growing regulatory requirements. For more information, visit www.esentire.com and follow @eSentire.

The post Hackers adopt ‘school of fish’ approach as they sharpen focus on mid-sized businesses appeared first on IT Security Guru.

The post Nissan Canada Data Breach Affects 1.1Million appeared first on IT Security Guru.

The post Australia's Dept of Health Leaks 2.9 Million Patients' Sensitive Data appeared first on IT Security Guru.

The post Perth Airport Hacked appeared first on IT Security Guru.

The post Millions of Brit's Unaware their Details have been Hacked appeared first on IT Security Guru.