Maximus specialises in providing services for the US healthcare industry, specifically Medicaid, Medicare, health care reform, welfare-to-work and student loan servicing.

The company declared the incident to the U.S. Securities and Exchange Commission after becoming aware it had been impacted by the initial MOVEit vulnerability attack that has plagued organisations around the world. At present, it is unclear as to who the victims are or where they are from because Maximus also provides services outside the US, to countries such as Australia, Canada and the UK.

With the Clop ransomware group being attributed with the attack, Maximus joins a seemingly growing list of high-profiled companies that have been affected, which includes: the US Department of Energy, Shell, the BBC, British Airways and the University of Georgia.

We reached out to industry experts to gather their thoughts on this attack:

Elliott Wilkes, chief technology officer at Advanced Cyber Defence Systems:

“If ever there was an example of why you need to closely monitor and continuously evaluate the security of your suppliers and supply chain, look no further than the MOVEit vulnerabilities that were disclosed in June of this year. While the company behind MOVEit file transfer technology has released patches for the two zero-day vulnerabilities that were discovered in June, many large organisations aren’t very nimble when it comes to patching systems, even when critical vulnerabilities are exposed like this. This is perhaps the largest breach of this calendar year, but due to the challenge organisations have with patching their vulnerable systems in a timely manner, this won’t be the last breach due to MOVEit we hear about.

What’s interesting is that the company behind the MOVEit software appears to have all of its compliance-driven security checks and protocols in place, things like PCI-DSS and HIPAA, requirements to manage credit card and health PII, respectively. It is clear that these compliance frameworks are simply the starting point for security posture. Organisations that manage large swaths of customer data and sensitive personal information must perform regular and continuous audits of their systems, checking their configurations and versions for vulnerabilities. It is important to use multiple methods and vendors to perform rigorous security testing of your internal systems as well as the products you deliver to customers. This includes penetration testing but also establishing internal teams to perform continuous validation of your security. These can be enhanced with bug bounty programs that use monetary incentives to get ethical security researchers to test your systems. I’ve seen a fair number of SQL-injection vulnerabilities (like this one in MOVEit file transfer system) caught by ethical hackers working on bug bounties for key systems in the US government and beyond. This class of vulnerability is certainly not beyond the scope of regular programmes and security tools that have emerged in the past decade.”

Erfan Shadabi, cybersecurity expert at comforte AG: 

“A breach in the healthcare sector is highly damaging due to the sensitive nature of the data involved. It exposes some of the most private personal and medical information of an already vulnerable section of the population, leading to identity theft, medical fraud, and financial losses for individuals and organizations. Such incidents erode trust, impact patient safety, and incur heavy legal and regulatory consequences. Organizations, especially in the healthcare sector,  should prioritize data-centric security measures. By adopting robust data-centric security strategies, organizations can protect sensitive information at its core, mitigating the impact of potential breaches. Encrypted data, strict access controls, and continuous monitoring are essential components to safeguard personal and healthcare data effectively.”

Ray Kelly, fellow at the Synopsys Software Integrity Group:

“This massive exploit of the MOVEit vulnerability is yet another demonstration of the importance of securing the software supply chain when it comes to data privacy. The key takeaway for business leaders is clear—just a single vulnerability in one piece of a third-party vendors’ software can lead to the compromise and exposure of personally identifiable information across every organization that vendor services. Organizations should ensure that any third-party vendor performs regular security assessments across their entire portfolio and infrastructure, and also meets compliance policy standards such as GDPR and SOX. Unfortunately, adopting these practices is not a silver bullet and does not ensure your organization’s protection against a future ransomware attack via the software supply chain.”

The post MOVEit latest: US Government services provider Maximus hit appeared first on IT Security Guru.

It is perhaps no surprise that a new attack group, dubbed Orangeworm, has been discovered targeting the healthcare industry. There have been repeated warnings that healthcare systems are easy pickings for cybercriminals, and although there has been an understandable desire within the industry to press ahead and unlock the benefits of IoT technology, a lack of consideration regarding the security ramifications of this has begun to concern many.

While innovation in the healthcare industry is having a great impact on the quality of life for many people, what if the opposite is also true? While in the case of Orangeworm it seems the attackers were only looking to learn about the inner workings of a system, could this often life-saving medical equipment be turned against us?

There has been much speculation over potential scenarios in which devices such as insulin pumps are hijacked and held to ransom; or terrorists attack connected pacemakers en masse. Sadly, this is no longer the stuff of fiction, as made clear by the FDA’s recent warnings regarding exploitable flaws in connected cardiac pacemakers. Medical device manufacturers must come to terms with the idea that the security of the healthcare equipment itself is also a life and death issue.

Medical device manufacturers must now begin adhering to best practice security advice. New data privacy laws and strict FDA requirements mean the responsibility is now with the developers to ensure the protection of networks and systems, or they will face the consequences. To help meet these obligations, the security industry and medical device manufacturers must develop a closer relationship, ensuring that new devices are developed with security defences baked in. The ethos of “secure by design” must become entrenched within all product developers.

The post New malware strain strikes X-ray and MRI systems – how can we cure the security sickness? appeared first on IT Security Guru.

• Security incidents. McAfee Labs counted 311 publicly disclosed security incidents in Q2, an increase of 3% over Q1. 78% of all publicly disclosed security incidents in Q2 took place in the Americas.
• Vertical industry targets. The health, public, and education sectors comprised more than 50% of total incidents in 2016-2017 worldwide.
• • North America. Health sector attacks led vertical sectors in Q2 security incidents in the Americas.
  • Asia Pacific. In Asia, the public sector led in reported Q2 incidents, followed by financial services and technology.
  • Europe, Middle East and Africa. In Europe, the public sector led the sectors substantially in Q2, followed by entertainment, health, finance, and technology.
• Attack vectors. Account hijacking led disclosed attack vectors, followed by DDoS, leaks, targeted attacks, malware, and SQL injections.
• Malware overall. New malware samples leaped up in Q2 to 52 million, a 67% increase. This Q2 rise in new malware is in part due to a significant increase in malware installers and the Faceliker Trojan. The latter accounted for as much as 8.9% of all new malware samples. The total number of malware samples grew 23% in the past four quarters to almost 723 million samples.
• New ransomware samples again increased sharply in Q2, by 54%. The number of total ransomware samples grew 47% in the past four quarters to 10.7 million samples.
• Mobile malware. Total mobile malware grew 61% in the past four quarters to 18.4 million samples. Global infections of mobile devices rose by 8% in Q2, with Asia again leading the regions with 18%.
• Mac malware. With the decline of a glut of adware, Mac OS malware has returned to historical levels, growing by only 27,000 in Q2. Still small compared with Windows threats, the total number of Mac OS malware samples increased by just 4% in Q2.
• Macro malware. New macro malware rose by 35% in Q2. 91,000 new samples raised the total overall sample count to 1.1 million.
• Spam campaigns. The botnet Gamut again claims the top rank in volume during Q2, continuing its trend of spamming job-related junk and phony pharmaceuticals. The Necurs botnet was the most disruptive, pushing multiple pump-and-dump stock scams during the quarter.

 
For more information on these threat trends and statistics, please visit www.mcafee.com for the full report and infographic.
 
 
Upon Further Review: WannaCry and NotPetya
McAfee’s analysis of the WannaCry and NotPetya attacks builds on the organisation’s previous research by providing more insight into how the attacker creatively combined a set of relatively simple tactics, melding a vulnerability exploit, proven ransomware, and familiar worm propagation. McAfee notes that both attack campaigns lacked the payment and decryption capabilities to successfully extort victims’ ransoms and unlock their systems.
“It has been claimed that these ransomware campaigns were unsuccessful due to the amount of money made,” said Raj Samani, Chief Scientist for McAfee. “However, it is just as likely that the motivation of WannaCry and NotPetya was not to make money but something else. If the motive was disruption then both campaigns were incredibly effective.  We now live in a world in which the motive behind ransomware includes more than simply making money, welcome to the world of pseudo-ransomware.”
For more on these takeaways, please visit our blog titled “More Effective at Destruction than Ransomware.”
 
 
The Rise of Script-Based Malware
McAfee researchers also profile the notable increase in script-based malware over the last two years. This Microsoft scripting language is used to automate administration tasks such as running background commands, checking services installed on the system, terminating processes, and managing configurations of systems and servers. Malicious PowerShell scripts usually arrive on a user’s machine through spam emails, gaining a foothold through social engineering rather than software vulnerabilities, and then leveraging the scripts capabilities to compromise the system.
The script-based malware trend also includes the weaponisation of JavaScript, VBScript, and other types of non-executable modules using .doc, PDF, .xls, HTML, and other benign standards of personal computing.
 
 
Threat Hunting Best Practices
The September report also suggests techniques to help threat hunters spot the presence of adversaries in their environment. Starting with the principles of what McAfee’s Foundstone group calls the “three big knows”—“know the enemy, know your network, know your tools”—the report offers best practices for hunting for command and control, persistence, privilege escalation, lateral movement, and exfiltration.
“One underlying assumption is that, at every moment, there is at least one compromised system on the network, an attack that has managed to evade the organisation’s preventive security measures,” said Ismael Valenzuela, Principal Engineer, Threat Hunting and Security Analytics at McAfee. “Threat hunters must quickly find artifacts or evidence that could indicate the presence of an adversary in the network, helping to contain and eliminate an attack before it raises an alarm or results in a data breach.”
For guidance on how organisations can better protect their enterprises from the threats detailed in this quarter’s report, visit Enterprise Blog.
 
About McAfee Labs
McAfee Labs is one of the world’s leading sources for threat research, threat intelligence, and cybersecurity thought leadership. With data from millions of sensors across key threats vectors—file, web, and network—McAfee Labs delivers real-time threat intelligence, critical analysis, and expert thinking to improve protection and reduce risks. McAfee Labs also develops core threat detection technologies that are incorporated into the broadest security product portfolio in the industry.
 
About McAfee
McAfee is one of the world’s leading independent cybersecurity companies. Inspired by the power of working together, McAfee creates business and consumer solutions that make the world a safer place. www.mcafee.com

The post McAfee Labs Report sees cyberattacks target healthcare and social media users appeared first on IT Security Guru.

The post Virus infects MedStar Health system’s computers, forcing an online shutdown appeared first on IT Security Guru.

A pacemaker is a medical device implanted under a person’s skin, with wiring going down to his heart, helping regulate abnormal heart rhythms.

Invented in the 1920s, these devices have evolved across time, shrinking in size, and in recent years gaining more digital capabilities, especially when it comes to sending data from the patient’s body to nearby equipment (called access points), or remote servers.

In today’s world of IoT hacking, this can raise serious concerns if the pacemakers are not using proper security and privacy-protecting protocols.

Original source: Softpedia

View the full story here

The post Security Researcher with Implanted Pacemaker Sounds the Alarm on IoT Medical Devices appeared first on IT Security Guru.

The post Dangerous Celebrities and Healthcare Hacks appeared first on IT Security Guru.

The post Cyber attack on USA-based healthcare insurance company Excellus affects as many as 10 million members appeared first on IT Security Guru.

The post Yet another US healthcare company hacked appeared first on IT Security Guru.

The post This hospital drug pump can be hacked over a network appeared first on IT Security Guru.

The post Breach at Medical Managment Continues to Affect Other Healthcare Organizations appeared first on IT Security Guru.