Tag: phishing

The Pandemic Causing Increased Attacks on Corporate Security

Since the start of the pandemic, there has been much disruption in some industries. Many businesses have been challenged during the pandemic as a result of the difficulty of managing cyber and data security. Data breaches relating to remote workers and hacking of corporations continue to escalate at an alarming rate, require prompt response to mitigate the fallout.

There have been several significant shifts in the ways that businesses operate and their reliance on digital systems. Many businesses moved to a largely remote working model. Some have had to focus more on online activities in order to keep their brands active and visible. Businesses in a number of industries began to deliver products and services online for the first time. Meanwhile, those that already existed in online spaces saw an increase in business. All of these changes have meant that various security issues have arisen and become more prominent for businesses everywhere.

Increase in corporate data breaches

Cybercriminals have been taking advantage of the unprecedented circumstances caused by the pandemic, exploiting the vulnerabilities of businesses everywhere. Verizon carried out a recent study called ‘Analyzing the COVID-19 data breach landscape‘, which looks at 36 confirmed data breaches that were directly related to the pandemic. In addition, there was 474 data breaches between March and June 2020. Using this data, they determined that many cybercriminals were using the same methods to obtain data as before the pandemic while exploiting the disruption experienced by many businesses.

Remote Teleworkers facing cyber attacks threatening corporate security

One way in which corporate data breaches have been impacted by the pandemic is through increased use of ransomware. Seven of the nine malware incidents from Verizon’s 36 COVID-19 data breach cases demonstrated a spike in ransomware usage. Another change is in the way that criminals use phishing emails to play on the emotions of users. In a time when stress is high and mental health problems have increased, many people are more susceptible to phishing emails. Phishing was already a popular and often successful form of cyber attack before and even more so now.

Cost of data breaches for companies hit a record high in 2021

The cost of a data breach also hit a record high during the pandemic, according to IBM Security. They revealed the results of a global study showing the average cost of data breaches for companies surveyed was $4.24 million per incident. This is a 10% increase from the previous year. When remote work was a factor in the breach, data breaches cost an average of $1 million more. Stolen user credentials were the most common cause of data breaches. However, the study also showed the use of methods such as AI, security analytics, and encryption helped to reduce costs.

The COVID-19 pandemic has affected corporate data breaches due to a number of shifts in the way businesses are working, user behavior, and more. It’s vital for companies to take the right steps to prevent breaches and protect themselves.

If your company recently fell victim to a cyber attack, such as ransomware, or suspected data exfiltration by an unknown hacker, call Enigma Forensics today. We offer emergency incident response services and can help preserve available data, identify the origins of the attacker, and assist with the restoration of company services. Our experts have experience testifying and helping to mitigate risk and maximize your potential of recovering damages and lost data. Call us today at 312-668-0333 for a complimentary consultation.

Data Breach Incident Response
Data Breach Response After the Fact
, , , , , , , , ,

Secure the Voting System from Election Hacking

Cook County Deputy Clerk John Murkovic has worked hard to secure the electronic voting system. He’s made it hard for cyber hackers to throw a wrench in our election process. Learn what measures he has implemented against election hacking.

Cook County Deputy Clerk John Mirkovic focuses on securing the electronic voting systems from election hacking

Enigma Forensics, CEO Lee Neubecker and Cook County Deputy Clerk John Mirkovic discuss election hacking and measures that have been taken to help secure Cook County for the upcoming 2020 Election scheduled for November 3rd, 2020. The two discuss past hacking attempts during to 2016 election cycle on the Democratic National Committee, including phishing attacks that compromised numerous campaign workers.

Protecting the Vote From Cyber Attacks and Election Hacking

Lee Neubecker (LN): Hello, today I have John Mirkovic from the Cook County Clerk’s Office. He’s the deputy clerk and he oversees all the technology and communications working with Karen Yarbrough, and today I’m going to be talking to him about protecting the vote from cyber attacks. First, I wanted to start off by recapping what happened in 2016. Hillary Clinton’s Campaign Chairman, John Podesta, was phished with an email on March 19, 2016. And what had happened is he forwarded an email to a staffer that had replied with a typo. The staffer said this is a legitimate email versus what the staffer should have said is this is an illegitimate email. So he did the right thing by checking first, but he probably should have picked up the phone and not relied on email. So then he went and he clicked through and reset his password. And the type of attacks that are happening right now is such that when you click a link, sometimes it will pretend to be Office365 or Google, and it will want you to put your username and password in so that you can see the document. Well, in fact, those sites are getting your credentials for later cyber attacks, or they’re trying to put malware on your computing device. So what happened after that? In April 2016, hackers created a fake email account and spearfished 30 Clinton staffers. They sent a spreadsheet that had the name Hillary-Clinton-favorable-rating.xlsx and that attachment was designed to make the staffer want to click. So these are social engineering attacks on campaign staff. And then later DCLeaks was registered, and all these emails were published and put out there, which was very damaging and probably changed the outcome of the election in 2016. So I have John here, and John, I want to ask you, what steps has the Cook County Clerk taken to prevent similar attacks here in Cook County?

Securing Electronic Voting

John Mirkovic (JM): Well, I think one is that we don’t make it so easy that you can change credentials via one email that way. So, what happened to Mr. Podesta, it would have required a few more steps in our agency, which is usually good, I guess, but it was such a clever attack. There’s almost no way to stop something that clever, and that relies on someone’s sense of urgency and emotion. So we, in our office, we work with Cook County on our email servers, so we would reach out to a different office to work with that. So the ability to make it hard to change emails, for example, you know, it can be frustrating sometimes but you know, you realize when you build those layers up if they frustrate you that means they’re going to frustrate an attacker as well so that’s one way.

LN: So deployment of frustration, a government staple, right?

JM: Yeah, the old help desk.

LN: Well, having these processes in place though, by design they help protect people and make it more difficult for hackers to get in. So that’s great. There’s been a lot of talks about potential hacks coming on election day, should voters be concerned that their vote’s going to be hacked on election day?

JM: I think they should be more concerned about the disinformation campaign that is going on about hacking voting machines in Illinois, and that we have the misinformation from nebulous foreign state actors, but they’re actually people in this country who are being paid. You know, they think they’re working for a news agency, but it’s some shell and all they’re doing is spreading misinformation, especially in Illinois. You know, we’ve had to refute notions that our ballot marking devices are connected to the internet and that anybody can get in there. So to answer your question, we use a lot of layers of security and some of them, and the main one is we don’t even give ourselves the ability to update these machines on election day or in the field, which again that frustrates us, but we also know that if there’s no way to communicate with those machines by us even, then no one else can, so.

LN: Isn’t there also a simultaneous paper audit trail for the voting machines?

JM: Yeah, so voters in suburban Cook County should be really happy with the system we have in Illinois, which requires a paper backup of every vote. So voters in the suburbs may remember, I don’t know if they had them in the city, but they may remember the sort of receipt paper printers that were built into the machines and they would kind of scroll really quick and show you what you voted for, but it really wasn’t user-friendly, so.

LN: John, just finally, should voters be concerned about election equipment being hacked on election day?

JM: Well, you know, depends where they live. If they live in a state that isn’t as committed to security, I think that people should ask questions and these are the right types of questions to ask, and if you live in a state and you find out your ballot marking device or voting machine is connected to the internet, you should be worried about that. In Illinois, that is not the case and we don’t even use the open internet for any transmission of data, we use secure cellular networks that can work one-way communications and send encrypted data that cannot be tampered with in transit. So voters should ask questions and, but they should also be mindful of who’s causing them to ask questions, and if that person is playing on their emotions.

LN: Great. Do you think that early voting and vote by mail will help reduce the potential impact of election day hacking?

JM: Yeah, I believe so. If you think about centralized versus decentralized targets. You know, an election where you have ballots being cast in 400,000 different locations, as opposed to 1,000, that’s a bigger attack vector and harder to, you know, for a foreign adversary to manipulate really. So it’s really, a mail election sort of really makes it hard for a hacker to find a way to get in there, so I think that vote by mail does make election safer.

LN: Great. Well, thanks a bunch for being on the show, I really appreciate you taking the time to come on.

JM: Thank you, Lee.

Cook County Security
Securing Electronic Voting
Cook County Clerk on Election Security

Check out Cook County’s website!

https://cookcountyclerk.com/

Top Five Cyber Attacks

Phishing, Ransomware, Endpoint Security, IoT Devices and Cloud Jacking. What do they have in common? Top Five Cyber Attacks we are concerned about and you should be too!

The frequency of cyberattacks is growing. The following is Enigma Forensics’ top five cyber attacks that you should be made aware of.

Phishing Attacks are specific forms of email or text messages that are targeting victims to gain access to their personal information. Phishing messages often try to induce the receiver to click a link to a package shipment delivery message or other seemingly legitimate hyperlinks. It acts like a harmless or subtle email designed to get victims to supply login credentials that often become harvested by the attacker for later use in efforts to compromise their target. Sometimes phishing emails spoof the sender to be someone who has already been compromised. Once compromised, often times the compromised user’s mailbox is used to relay other outbound messages to known individuals in their saved contacts. This form of attack earned its name because it masquerades as an email of someone you may know and because you know the sender, you are more likely to nonchalantly open the email and click on the attachment to learn more about the content. With a click of a mouse, BOOM you can be compromised. This is a very easy and effective scam for cybercriminals. Warning: Do not open attachments or forward chain emails!

Ransomware is often spread through phishing emails that contain malicious attachments or through drive-by downloading. Drive-by downloading occurs when a user unknowingly visits an infected website and then malware is downloaded and installed without the user’s knowledge. The cybercriminal then holds the stolen information for ransom, thus the name! They may ask for a ransom payment in the form of digital currency such as bitcoin. Whether or not the victim pays the ransom depends on what information they have stolen or what criminals have threatened to do with the stolen information. Warning: Do not visit unsecured sites!

Remote Worker Endpoint Cyber attacks are currently the most popular because of the number of employees working from home caused by the Coronavirus. In the month of March, many workers were sent scurrying to their homes without companies placing proper cyber protection protocols. Employees are using their personal devices to conduct work and often are not fully patched, updated, and using encryption to protect their home devices against cybercriminals. Many company executives have been targeted at their homes, where they are much less likely to have commercial-grade firewalls designed to protect endpoints and company trade secrets.

IoT Devices attacks are a popular vehicle used by cybercriminals to establish a beachhead for launching lateral attacks across a home or work network. IoT devices involve extending internet connectivity beyond standard devices, such as desktops, laptops, smartphones, and tablets, to any range of traditionally dumb or non-internet-enabled physical devices and everyday objects. Embedded with technology, these devices can communicate and interact over the internet. They can also be remotely monitored and controlled. IoT Devices should be segmented and on a different network than corporate work from home devices. IoT devices pose a great threat because many of these devices lack automatic update processes and can become a beachhead for cybercriminal attacks in your home.

Cloud Jacking will increase with an estimated growth of cloud computing to be a $266.4 billion dollar industry in 2020. The idea of cloud storage makes one believe it is an improved option rather than the traditional on-premise computing storage. This will and has become a major security concern and has created a strong urgency to increase the creation of cloud security measures. Cybercriminals will up their game and cloud jack data information whenever possible. The race in on to see who does it cloud security better; the good guys or the bad guys. To protect against Cloud Jacking cyber attacks, organizations should enable two-factor authentication options, such as Google authenticator.

Two-factor authentication requires two of the three following means of authentication:

  • Something you know (A password)
  • Something you have (A key fob or cell phone authenticator)
  • Something you are (Retina Scan, Facial recognition, fingerprint)

Hospital Data Breached

Hospital Data Breach

Hackers will continue to pummel the sector with targeted attacks.

Have you heard the news about the most recent Chicago, Illinois area hospital data breach?  We’re referring to the article in the Chicago Tribune, By Lisa Schencker on December 31, 2019.  “Personal information of nearly 13,000 people may have been exposed in Sinai Health System data breach” Click here to view the article.

After reading this article many questions came to mind.  Who would hack a hospital system?  Are cyber attacks on hospitals becoming more frequent? Could a foreign hacker be targeting hospitals to conduct cyber warfare?  Could it be a disgruntled employee who maliciously wants to obtain patient electronic medical records (EMR) and target a particular patient?

It has been reported that 70% of hospital data breaches include sensitive demographic or financial information of that could lead to identity theft. The Sinai Health System data breach included 13,000 patients’ names, addresses, birth dates, Social Security numbers, health information or health insurance information were potentially exposed. 

One could easily assume that if a hacker was armed with this information, they could sell patient electronic medical records and financial data to the highest bidder. The potential for patient harm is exponential.

Data Breach Incident Response

What happens next? Computer Forensic Experts are called to initiate a data breach response. Experts start with immediately stopping the breach, accessing the damage, notifying those affected, conducting a security audit. Forensic experts create a recovery plan to prepare for future attacks.  Finally, Forensics experts train employees to protect the data and enforce strong passwords.

Computer Forensic Experts A.K.A. Cyber Security sleuths or electronic detectives are really excellent at detecting where and how the breach occurred and accessing the damage.  In cases of litigation due to a data breach or medical malpractice, Computer Forensics Experts are hired by law firms to serve as expert witnesses to help win the litigation. In addition, many hospitals hire Computer Forensic Experts to assist in auditing their records to prove their side of the case. 

Prepare a Data Breach Incident Response Plan

Looking forward to 2020. Cyber Forensic experts agree the entire sector needs to adjust its security approach to keep pace with hackers. The Department of Health and Services and many states may impose fines on those who are not following security guidelines. It’s vitally important to create a Data Breach Incident Response Plan.

Enigma Forensics are experts in Data Breach Incident Response. To learn more about Enigma Forensics read below.

Data Breach Response
If you think you have been breached…contact Enigma Forensics.com
Patient Medical Records: Metadata as Evidence in Litigation