Posts

5 Cyberattack Vectors for MSSP to Mitigate in Healthcare

It’s no secret that healthcare continues to be one of the most targeted industries for cybercriminals. Healthcare providers store and maintain some of the most valuable data and the appetite for fraudulent claims or fake prescription medications is insatiable.

Despite all of the regulations, there are still fewer watchdogs overseeing healthcare. For many providers, cyber security hasn’t been a priority until very recently.

With more and more organizations reaching out to cyber security experts for assistance, it’s more important than ever that managed security services providers (MSSPs) understand the healthcare industry so that they can tailor solutions aimed at improving the security posture of healthcare providers.

Inside Users Present the Greatest Threat

According to a 2018 survey of cyber security professionals conducted by HIMSS, over 60 percent of threat actors are internal users within a healthcare organization. Email phishing and spear-phishing attempts are aimed at tricking users into providing credentials or access to information for cybercriminals. Negligent insiders, who have access to trusted information, can facilitate data breaches or cyber incidents while trying to be helpful.

In addition to systematically monitoring and protecting infrastructure components, MSSPs need to consider a multi-faceted campaign that creates a cyber security awareness culture within healthcare organizations. This campaign should include template policies and procedures for organizations to adopt, regular and routine training efforts, and human penetration-testing.

From a systematic perspective, it’s important to have tools that will do everything possible to mitigate cyberattacks. Tools like next-generation email security to block potential phishing or spear phishing attempts; endpoint security solutions to monitor behavior through heuristic-based techniques; and internal network routing through a next-generation firewall to perform deep packet inspection (DPI) on any information transgressing the network — especially if it’s encrypted.

Mobile Devices Open Large Attack Surfaces

Mobile devices have changed the way that we do just about everything. And the same is true for the manner in which healthcare conducts business.

To enable mobility and on-demand access, many electronic health record (EHR) applications have specific apps that create avenues for mobile devices to access portions of the EHR software. The widespread adoption of mobile devices and BYOD trends are pushing healthcare to adapt new business models and workflows. Cyber risk mitigation must be a priority as momentum continues to build.

MSSPs need to pay very careful attention to the access that mobile devices have to the EHR application, whether hosted on-premise or in the cloud. For more protection, implement a mobile device management (MDM) solution if the organization doesn’t already have one.

IoT Leaves Many Healthcare Providers at Risk

The Internet of Things (IoT) is bringing connectivity and statistical information to providers in near real-time while offering incredible convenience to the patient. Even wearable devices have immense capabilities to monitor chronic illnesses, such as heart disease, diabetes and hypertension. With these devices comes an incredible opportunity for hackers and immense threat for healthcare providers.

IoT devices tend to have weaker protections than typical computers. Many IoT devices do not receive software or firmware updates in any sort of regular cadence even though all of them are connected to the internet. There are so many manufacturers of IoT devices, and they are distributed through so many channels. There are no standards or controls regarding passwords, encryption or chain of command tracking capabilities to see who has handled the device.

If it’s feasible for the organization, totally isolate any IoT-connected devices to a secure inside network not connected to the internet (i.e., air gapped).

Encryption for Data at Rest Is Critical

For healthcare providers, it’s equally important to have a strong encryption for both data at rest and data in transit. Encryption for data at rest includes ensuring the software managing PHI doesn’t have a really weak single key that could unlock everyone’s PHI. If at all possible, records should be encrypted with unique keys so that a potentially exposed key doesn’t open the door to everyone’s information.

Attacks Are Hiding within Encrypted Traffic

MSSPs serving healthcare organizations need to realize that there is not one layer of defense that they should rely on. That said, perhaps the most important layer is the firewall.

A next-generation firewall, with DPI capabilities, is a critical component to securing a healthcare network. Even internal traffic transgressing the network should be routed through the firewall to prevent any potential malicious traffic from proliferating the entire LAN and to log transactions.

As much as possible, isolate medical devices and software applications that host PHI inside a secure network zone and protect that zone with an internal DPI-capable firewall that will only allow access to authorized services and IP addresses.


About ProviNET

ProviNET is a SonicWall SecureFirst Gold Partner. For nearly three decades, ProviNET has delivered trusted technology solutions for healthcare organizations. Whether it’s a single project or full-time onsite work, ProviNET designs and implements customized solutions so healthcare organizations can focus on core services.

ProviNET’s tight-knit group of experienced, industry-certified personnel are focused on customer satisfaction. They are a reputable organization, fulfilling immediate IT needs and helping plan for tomorrow. They are ready to put their extensive knowledge to work for healthcare, developing strategies and solving challenges with the latest technology.

To learn more about ProviNET, please visit www.provinet.com.

Ransomware Surges, Encrypted Threats Reach Record Highs in First Half of 2018

To ensure organizations are aware of the latest cybercriminal attack behavior, today SonicWall published a mid-year update to the 2018 SonicWall Cyber Threat Report.

“The cyber arms race is moving faster than ever with bigger consequences for enterprises, government agencies, educational and financial institutions, and organizations in targeted verticals,” said SonicWall CEO Bill Conner in the official announcement.

Cyber threat intelligence is a key weapon in organizations’ fight against criminal organizations within the fast-moving cyber arms race. The mid-year update outlines key cyberattack trends and real-world threat data, including:

Data for the annual SonicWall Cyber Threat Report is gathered by the SonicWall Capture Threat Network, which sources information from global devices and resources including more than 1 million security sensors in nearly 200 countries and territories.

“SonicWall has been using machine learning to collect, analyze and leverage cyber threat data since the ‘90s,” said Conner. “This commitment to innovation and emerging technology is part of the foundation that helps deliver actionable threat intelligence, security efficacy and automated real-time bread detection and prevention to our global partners and customers.”

Get the Mid-Year Update

Dive into the latest cybersecurity trends and threat intelligence from SonicWall Capture Labs. The mid-year update to the 2018 SonicWall Cyber Threat Report explores how quickly the cyber threat landscape has evolved in just a few months.

GET THE UPDATE

Cyber Security News & Trends – 07-06-18

Each week, SonicWall collects the cyber security industry’s most compelling, trending and important interviews, media and news stories — just for you.


SonicWall Spotlight

Breaking down SonicWall’s 12 new features for mid-tier enterprises — TechRepublic

  • Following the release of SonicWall’s latest product news, TechRepublic provides an overview of the features released. This article concludes that the new mid-tier offerings make SonicWall an option for companies of any sector and size.

Review: SonicWall TZ400 Provides Local Governments with Deep, Frontline Protection – StateTech

  • SonicWall’s firewall appliance is a strong choice for state and local governments watching the bottom line.

Cyber Security News

Sophos shares tank as revenues slow – UK Investor Magazine

  • Shares in cyber security group Sophos fall by a fifth as growth slows. The company’s shares fell by more than 20% as it said billings growth – an indicator of future revenues – in the three months to the end of June had slowed to just 6pc, or 2pc when adjusted for foreign currency changes.

New Virus Decides If Your Computer Good for Mining or Ransomware — The Hacker News

  • Researchers at Kaspersky Labs have discovered a new variant of Rakhni ransomware family, which has now been upgraded to include cryptocurrency mining capability as well.

Macro-based malware campaign replaces desktop and Quick Launch shortcuts to install backdoor — SC Magazine

  • Researchers have uncovered an unusual malicious macro-based malware campaign that effectively modifies infected users’ shortcut files so that they secretly download a backdoor program.

Trump nominates former Energy official to lead Homeland Security tech research arm — The Hill

  • President Trump announces that he is tapping William Bryan, an Army veteran and former Department of Energy official, to lead the Department of Homeland Security’s technology research and development arm.

Adidas Reports Data Breach — The Wall Street Journal

  • Adidas warned late on Thursday that hackers may have lifted customer data from its US website.

In Case You Missed It

Cyber Security News & Trends – 06-29-18

Each week, SonicWall collects the cyber security industry’s most compelling, trending and important interviews, media and news stories — just for you.


SonicWall Spotlight

SonicWall Targets Mid-Tier Enterprises with New Network Security Software and Appliances SiliconANGLE

  • Following the release of SonicWall’s latest product news, SiliconANGLE unpacks updates to the SonicWall Capture Security Center. This article also touches on the company’s six new firewall appliances.

Cyber Security News

Despite Caution Over Cryptocurrency, Investors are Bullish The New York Times

  • Initial coin offerings are raising billions for cryptocurrency start-ups, like the Russia messaging service Telegram, which raised nearly $2 billion.

Marketing Firm Exactis Leaked a Personal Info Database With 340 Million Records Wired

  • Earlier this month, security researcher Vinny Troia discovered that Exactis, a data broker based in Palm Coast, Florida, had exposed a database that contained close to 340 million individual records on a publicly accessible server. The haul comprises close to 2 terabytes of data that appears to include personal information on hundreds of millions of American adults, as well as millions of businesses.

Reality Winner, N.S.A. Contractor Accused in Leak Pleads Guilty The New York Times

  • Reality Winner, the former government contractor charged with leaking classified information, pleaded guilty in federal court Tuesday as part of a plea agreement reached with federal prosecutors.

Hotels, Airlines and Travel Sites Battle Bot Attacks ZDNet

  • Attackers in certain countries appear to have a particular focus on breaching organizations operating in the travel sector.

60,000 Android Devices Hit With Ad-Clicking Bot Ransomware SC Magazine

  • A new malicious Android app has infected at least 60,000 devices gaining the ability to extract some important information from each device along with installing some ad click malware.

New Fears Over Chinese Espionage Grip Washington The Hill

  • Lawmakers are scrutinizing the Pentagon over its efforts to keep military secrets safe from hackers, after Chinese actors allegedly breached a Navy contractor’s computer and collected data on submarine technology.

In Case You Missed It

Capture Cloud Platform: A Security Ecosystem that Harnesses the Power of the Cloud

We have fantastic advancements in technologies right now. With software-defined everything (SDx) and cloud becoming more accessible and affordable, both large and small organizations can effectively execute their digital business strategies with greater ease and speed.

As new applications, systems and SDx architecture are deployed to advance the digital business, many organizations also find themselves retooling their cyber security model to maintain the health and defense of their networks and services.

Organizations now must have complete knowledge, visibility and control of the security ecosystem, and the capacity to manage and remove cyber risks that can be disruptive and disastrous to the business.

To help make the cloud journey powerful, agile and safe, SonicWall developed its Capture Cloud Platform to address CISOs’ top three cyber security priorities:

  1. Give actionable cyber threat intelligence to help better understand security risks and quickly respond to them
  2. Reduce security silos by consolidating and integrating security technologies
  3. Manage cyber risk with greater visibility and control

Integrated Security, Management & Analytics

The core value of the Capture Cloud Platform is the integration of several key capabilities with our cloud-based centralized management, reporting and analytics services, including the Capture Advanced Threat Protection (ATP) sandbox, which includes Real-Time Deep Memory Inspection (RTDMITM) technologies, and Capture Labs and Capture Threat Network threat intelligence services.

This all-in-one approach enables our complete portfolio of high-performance hardware, virtual appliances and clients to harness the power, agility and scalability of the cloud and allows organizations to:

  • Drive end-to-end visibility and share intelligence across a unified security framework
  • Proactively protect against known and unknown cyberattacks (e.g., zero days)
  • Gain contextual awareness to detect and respond to security risks with greater speed and accuracy
  • Make informed security policy decisions based on real-time and consolidated threat information

SonicWall Capture Cloud Platform service-oriented architecture tightly unifies the current and future SonicWall security and management services organizations needs to run an efficient security operation center (SOC). It eases and, in most cases, automates the governance of their network, endpoints and cloud security services with single-pane-of-glass (SPOG) experience.

10 Components of the Capture Cloud Platform

Organizations are empowered by Capture Cloud Platform to make the shift from the old on-premises world of IT into the new hybrid cloud-as-a-service world by coalescing SonicWall security solutions with simple, common management tools that not only help achieves desired security and operational goals but also real business values.

Currently, Capture Cloud Platform is comprised of 10 key SonicWall security and service components:

  1. Capture Security Center
  2. Real-Time Cyber Threat Intelligence
  3. Capture Client
  4. Capture ATP
  5. Cloud App Security
  6. Management & Analytics
  7. NSv Series virtual firewalls
  8. NSa Series hardware firewalls
  9. Web Application Firewall (WAF)
  10. MySonicWall & Licensing (credentials required)

The combination of these services delivers mission-critical layered cyber defense, threat intelligence, analysis and collaboration, and common management, reporting and analytics, that work synchronously together.

This help organizations stay on top of the cyber threat landscape, protect sensitive information, meet compliance, and maintain normal service operations while moving the company’s digital transformation forward safely.

Visit our Capture Cloud Platform to get detailed information on each of the solution values and learn how the platform can securely accelerate your cloud journey.

Cyber Security News & Trends – 06-22-18

Each week, SonicWall collects the cyber security industry’s most compelling, trending and important interviews, media and news stories — just for you.


SonicWall Spotlight

Cloud Encryption Market: Security to Remain Primary Factor for Adoption of Cloud Encryption — Tech You n Me

  • This article reviews the cloud encryption market and how key players like SonicWall are releasing innovative new products, like the company’s range of cloud security products that includes the SonicWall Cloud Analytics application for deep security data analysis and automated breach detection.

Sophos XG vs SonicWall NS: Top NGFWs Compared eSecurity Planet

  • In an article detailing the strengths and weaknesses of top vendor next-generation firewalls (NGFWs), the SonicWall NSA is featured in comparison to the Sophos XG.

Cyber Security News

How a Few People Took Equifax to Small Claims Court Over Its Data Breach and Won The New York Times

  • After 145 million Americans’ financial information was exposed last year, some of them won cases against the credit reporting agency in local courts.

Script Kiddie Goes From ‘Bitcoin Baron’ to ‘Lockup Lodger’ After DDoSing 911 Systems The Register

  • Randall Charles Tucker was given a 20-month sentence Tuesday after pleading guilty earlier this year to one count of felony intentional damage to a protected computer. He had faced as many as 41 months.

New Phishing Scam Reels In Netflix Users To TLS-Certified Sites — Threat Post

  • Researchers are warning of a new Netflix phishing scam that leads victims to sites with valid Transport Layer Security (TLS) certificates.

Korean Cryptocurrency Exchange Bithumb Loses More Than $30 Million in Hack The Wall Street Journal

  • Seoul-based bitcoin exchange Bithumb said Wednesday it had lost over $30 million as the result of being hacked, the second cyberattack in two weeks to hit a major South Korean cryptocurrency exchange as safety concerns hamper the industry and weigh on prices.

This New Windows Malware Wants to Add Your PC to a Botnet – or Worse ZDNet

  • Dubbed Mylobot after a researcher’s pet dog, the origins of the malware and its delivery method are currently unknown, but it appears to have a connection to Locky ransomware – one of last year’s most prolific forms of malware.

China-Based Hackers Breached Satellite, Defense Firms: Study The Hill

  • China-based hackers infiltrated satellite operators, defense contractors and telecommunications companies in the U.S. and southeast Asia, according to researchers at Symantec Corp.

In Case You Missed It

Cybersecurity News & Trends – 06-15-18

Each week, SonicWall collects the cyber security industry’s most compelling, trending and important interviews, media and news stories — just for you.


SonicWall Spotlight

CEO Spotlight- Bill Conner, SonicWall 1080 KRLD Radio

  • Bill Conner and David Johnson sit down and discuss SonicWall’s momentum, attack vectors threatening business and what’s happening in cybersecurity today on David’s CEO Spotlight radio segment.

Brightstar is the first SonicWall MSSP in India CRN.in

  • The recent SonicWall and Brightstar India partnership news continues to garner coverage featuring the launch of Security as a Service (SeCaaS) in the region.

“Digital Infrastructure Is Critical In Transforming a City and Creating a Sustainable Smart Ecosystem” BWSmart Cities

  • SonicWall’s Debasish Mukherjee, Country Manager India & SAARC, explains how crucial digital infrastructure is in transforming the cities of the future and how the role of new-age trends — like IoT, cloud and machine learning — drive the growth of the network security market.

Cyber Security News

Intel Chip Flaw: Math Unit May Spill Crypto Secrets to Apps–Modern Linux, Windows, BSDs Immune The Register

  • A security flaw within Intel Core and Xeon processors can be potentially exploited to swipe sensitive data from the chips’ math processing units.

U.S. warns World Cup attendees of Russian hacking risks The Washington Times

  • World Cup attendees risk having their personal data compromised by hackers, state-sponsored or otherwise, the head of the U.S. National Counterintelligence and Security Center warned ahead of the annual soccer tournament starting in Russia this week.

Luckymouse Threat Group Strikes National Data Center to Exploit Government Website ZDNet

  • Researchers say the Chinese threat actors behind the campaign aimed to compromise government resources.

UK Watchdog Issues $330K Fine for Yahoo’s 2014 Data Breach Tech Crunch

  • Another fallout from the massive Yahoo data breach that dates back to 2014: The UK’s data watchdog issued a £250,000 (about $334,000 USD) penalty for violations of the Data Protection Act 1998.

FBI Announces Arrrest of 74 Email Fraudsters ZDNet

  • Police have carried out a worldwide wave of arrests that have seen 74 people detained and over $16 million in purloined funds seized by suspected whalers or business email compromise (BEC) fraudsters.

Hackers Target Payment Transfer System at Chile’s Biggest Bank, ‘Take $10M’  — The Register

  • Banco de Chile has become the latest victim in a string of cyberattacks targeting the payment transfer systems of banks. Hackers reportedly used a variant of the complex KillDisk wiper malware to distract attention before targeting systems linked to the SWIFT inter-bank transfer network.

In Case You Missed It

How to Evaluate & Compare Antivirus Solutions

When evaluating a change in how you secure your network, you need to look beyond the upper-right quadrant.

It is easy to run to analyst graphs and pick a few cyber security solutions that etch closest to the top right. But is that the right path of exploration for your organization? Did these evaluations consider the factors most important to you and your security objectives?

Comparing endpoint protection platforms (EPP), commonly referred to as antivirus (AV) solutions, is no different. For example, SonicWall Capture Client features an antivirus engine (powered by SentinelOne) that scores very high in NSS Labs 2018 results. But there is always more to consider.

So, how do you decide who and what to evaluate? Outside of a good balance between detection versus false positives, organizations should consider:

  • Costs
  • Built-in synergies with other security services and appliances
  • Ability to stop cyberattacks before the execute
  • Inspection of encrypted traffic
  • Ease of remediation

To complement NSS Labs research, SonicWall is providing exclusive access to the Gartner paper, “Understand the Relative Importance of AV Testing in EPP Product Selection.” This resource will help guide your organization as you sift through the benefits, capabilities and performance of top endpoint protection and antivirus solutions.

Within the paper, Gartner breaks down the concepts of advanced endpoint protection into four core components:

  1. Prevention
  2. Detection
  3. Response
  4. Prediction

To learn more, download the full Gartner report, “Understand the Relative Importance of AV Testing in EPP Product Selection.”

Get the Complete Gartner Paper

Deciding on the endpoint solution that’s right for your organization is a complex undertaking. To help guide your path, download the exclusive Gartner paper, “Understand the Relative Importance of AV Testing in EPP Product Selection,” compliments of SonicWall.

Get the Report

Cybersecurity News & Trends – 06-08-18

Each week, SonicWall collects the cyber security industry’s most compelling, trending and important interviews, media and news stories — just for you.


SonicWall Spotlight

Galix Becomes SonicWall’s First Ever Platinum Partner in Africa IT News Africa

  • Galix, an IT services, infrastructure management and compliance company, has become the first ever African partner to receive SonicWall’s Platinum Partner status.

SonicWall Looks Beyond Firewalls to Bolster Cyber-Security eWeek

  • eWeek sits down with SonicWall CEO Bill Conner at RSA to discuss the company’s progress toward becoming a financially and operationally independent company in a written article and accompanying video interview.

Cyber Security News

US-North Korea Summit News Used as Lure in New Malware Campaign Dark Reading

  • North Korea’s Group 123, an advanced persistent threat actor responsible for several major malicious campaigns in recent years, is believed to be behind new malware activity targeting users in South Korea.

Researcher Finds Login Info for 92 Million MyHeritage Users on Private Server SC Magazine

  • A file named myheritage discovered on an outside private server contained the email addresses and hashed passwords of more than 92 million MyHeritage customers, the genealogy and DNA testing company’s CISO said.

Here’s a Transaction Transamerica Regrets: Transgressors Swipe Retirees’ Personal Info The Register

  • Financial house Transamerica has admitted hackers swiped some of its customers’ sensitive personal information, including social security numbers.

Ukraine Says Prevented Cyber Attack on NATO Country Embassy Reuters

  • Ukraine’s state security service (SBU) prevented a cyber attack on the embassy of a NATO country in Kiev, it said in a statement on Tuesday, without specifying which one.

Mich. County Official Falls for Phishing Scam, Quits The Detroit News

  • An official in a small Michigan county has resigned after being tricked into wiring $50,000 to an overseas bank account.

In Case You Missed It

Cybersecurity News & Trends – 06-01-18

Each week, SonicWall collects the cyber security industry’s most compelling, trending and important interviews, media and news stories — just for you.


SonicWall Spotlight

Cybersecurity 500 List, 2018 Edition Cybersecurity Ventures

  • SonicWall is announced as #36 on Cybersecurity Ventures Cybersecurity 500: 2018 Edition List which includes the world’s hottest and most innovative cybersecurity companies to watch in 2018.

British Businesses Facing Cyber Ransom Demands of up to £200,000 The Daily Telegraph

  • Cyber criminals are arming themselves with “malware cocktails”, expertly blended using old variants of malicious computer code. The new viruses are more potent than their predecessors because they have adapted to companies’ cyber defenses, like a digital version of antibiotic-resistant superbugs.

Securing Your Journey to Success With Innovation and Security: SonicWall Silicon Review

  • Recently announced as one of the 10 Best Security Companies in 2018, SonicWall is featured in an editorial highlighting the company’s history and success with CEO Bill Conner at the forefront.

10 Best Security Companies in 2018 Silicon Review

  • SonicWall is announced as one of the 10 Best Security Companies in 2018.

Cyber Security News

Cybercriminals on Average Have Seven-Day Window of Opportunity to Attack SC Magazine

  • Once a vulnerability is announced, the average attacker has a seven-day window of opportunity to exploit the flaw before a defender is even aware they are vulnerable, according to report from Tenable.

Deadly Attacks Feared as Hackers Target Industrial Sites The Hill

  • The hacking threat to critical infrastructure in the United States and beyond is growing larger, with nation states and other malicious actors looking to gain a foothold in sensitive technologies to conduct espionage and potentially stage disruptive or destructive attacks.

U.S. Judge Dismisses Kaspersky Suits to Overturn Government Ban Reuters

  • A U.S. federal judge on Wednesday dismissed two lawsuits by Moscow-based Kaspersky Lab that sought to overturn bans on the use of the security software maker’s products in U.S. government networks.

BackSwap Banking Malware Bypasses Browser Protections With Clever Technique SC Magazine

  • A new banking malware called BackSwap has replaced tricky conventional browser injections with a simpler browser manipulation technique.

Over 5K Gas Station Tank Gauges Sit Exposed on the Public Net Dark Reading

  • It’s been three years since researchers first discovered automated tank gauges (ATGs) at some 5,000 US gas stations exposed on the public Internet without password protection, and a recent scan found 5,635 locations were vulnerable to the same issue.

In Case You Missed It


Upcoming Webinars & Events

June 4
Webinar
1 a.m. PDT
Technical Deep Dive – Securing Office 365 with SonicWall Email Security
> Register Now