Cybersecurity blog posts
HIPAA security – keeping data secure
Published July 24, 2015
If you are a "covered entity" under the HIPAA Security rule, then you already know that your company (and thus your employees) collect a lot of protected health information (aka PHI). PHI is basically information about another person that is not for public knowledge but needed in order to conduct business. What business? Information that insurance companies need to process claims and health care professionals need for continuity of care.
Due to more recent mandates, healthcare entities have been required to use electronic health records where patient information is entered, accessed, stored, and distributed through computer and web based programs. The HIPAA security rule simply states that all data that pertains to PHI must be secure and not accessible by persons that do not need to know or by persons that intend to harm.
When we think of breeches in data we first think of “hackers.” According to Symantec, the healthcare industry is a hot target for hackers because medical records contain valuable personal information such as social security numbers, birth and death dates, billing information, etc. Criminals use this information to buy medical equipment, drugs that can be resold, or combine a patient number with a false provider number and file made-up claims with insurers.
Background systems managed by good IT Management firms (like NRC) can reduce the hacker threat. Now your agency is left to face the bigger threat of human error. According to USA today, 80% of the breeches that occur are rooted in employee negligence, by human error or the less frequent rogue employee. According to hipaajournal – 31% of the breeches reported are due to lost or stolen devices, 29% to criminal attacks, 8% to a malicious insider, and 29% to employee errors.
There are some simple steps each employee can take to minimize errors:
- Stolen or lost devices (including removable media) should be reported to the Security Officer immediately.
- Protect your passwords – don’t write them down, post them, or share them.
Tip: develop a password based on a phrase, song, or poem that you know well!
- Log off computer when not in use – if even for a minute.
- Have a guest visiting your office? Close up your machine (ctrl + l should do it).
- Don’t let others use your computer.
- Don’t download programs on your computer without talking with IT (some of those programs look fine but are actually designed to glean information).
- Be careful to whom you send that email! If you have to send email, encrypt it.
Administrator tips:
- Limit BYODs unless there is a solid system for protecting information such as Windows 8.1 Enterprise solutions and Office 365.
- Don’t let guests on your network! Set up a guest account!
- Track activity! Watch out for rogue employees.
- Immediately disable access to systems when employees leave the agency.
- Have a solid policy in place that addresses how company equipment, software, and access is used.
- Limit employees’ ability to use removable media and disable printing where it makes sense.
5 Ways to Avoid a Phishing Attack
Published March 05, 2015
Here at New River Computing, we like to share interesting infographics as we come across them. Our main goal is to try and disseminate intricate IT related information quickly and clearly, to as many users as possible.
This particular one from AVNET's Behind the Firewall deals with Phishing Attacks. And offers the following five recommendations
- Determine who the real sender is.
- Check the salutation.
- Use you mouse hover to check links before clicking.
- Examine the footer.
- When in doubt, delete.
Craigslist resume scam spreads Trojan virus
Published February 27, 2015
Reports of "Craigslist résumé" viruses have skyrocketed in recent months. Some of our clients here at New River Computing have unfortunately fallen victim to this recent outbreak. Thankfully, we've been successful at cleaning up the aftermath, but often the remediation process is long and arduous due to the sophistication of the malware.
This particular malware campaign has been enjoying a fair bit of success because the attacks are specifically aimed at businesses that use Craigslist for job recruitment. Cyber-criminals search for job postings, then send a fake response to the ad with the attached résumé (often in the form of a Word document) which serves as the delivery method for the virus. Once the message is read, the user, thinking the sender is a legitimate job applicant, opens the attached “fake résumé” file, triggering the malware to install and compromise the computer. This particular virus associated with this malware campaign is called "Trojan-Downloader:W32/Wauchos."
Deep Dive:
Trojan-Downloader:W32/Wauchos is known to be distributed as disguised executable files attached to spam e-mail messages. If the attachment is run, the malware will attempt to contact multiple remote servers. If successfully contacted, it will then download additional malware onto the system, such as Trojan:W32/Cridex or Trojan-Spy:W32/Zbot.
Words of Wisdom:
No antivirus software can keep businesses 100% safe from all forms of viruses and malware. Unfortunately it takes antivirus companies an average of about six hours to update their malware definitions, once they know about the malware. Recent catch rates from top antivirus software run at best between 80% – 90%. This means that user education still remains the BEST first line of defense against malware. Be cautious and NEVER open a file that you aren’t 110% positive is from a trusted source.
Safe Surfing!
Battling fake Microsoft Support scammers
Published November 10, 2014
Fake antivirus support is a problem. We know fake “Microsoft representatives” call targeted Windows users to persuade them that their computers are inundated with warnings and errors as shown in the Windows Event Viewer, a legitimate Microsoft application that lists system information. We even watched Jerome Segura, a senior security researcher at Malwarebytes—catch some of these over-the-phone tactics on video.
Unfortunately it seems scammers still use the telephone to cold call folks pretending to work for Microsoft (or some other reputable software company) in order to convince users that their computer needs “fixing.” But as users get smarter, scammers get bolder. Recently, scammers have begun claiming that they need immediate remote access to computers in order to fix security threats. Once they convince the user to allow them remote access in order to “take care of the problem,” these savvy scammers then suggest installing fake malicious software—in order to “protect” the machine from future infections.
Just a few days ago, this happened to one of our clients. After receiving a phone call from someone claiming to be from “Microsoft Security Services,” Sally, as we’ll call her, was told that her computer had been hacked by someone in Austin, TX, and the “representative” claimed he needed to remote in to fix it right away.
Of course, Sally was panicked—a normal and reasonable reaction. Following the scammer’s instructions, she went to a website, entered a few different numbers, clicked a few “ok” prompts, and then allowed the scammer to take control of her computer. As he worked through these steps with her, he used a few tricks to fool her into thinking that her computer was badly infected when, in fact, it was fine.
In order to trick Sally, the scammer pulled up legitimate, normal IT troubleshooting tools - such as:
Netstat
CPU Monitor
Event viewer
...etc. in order to confuse her. For someone in the IT business, like us, these screens are commonplace and useful for regular computer maintenance; for others, these look like a bunch of numbers and error messages which make no sense and cause serious alarm or fear that the computer is terribly at risk.
After driving this fear home, the scammer told Sally he could fix the problem for a fee. Sally then gave him her credit card number, but after a few minutes, the scammer claimed that the credit card transaction had failed and that he would need to try a different card. At that point, Sally said she wanted to call us, her IT support. Of course, the scammer tried to convince her otherwise, but she knew better.
After she told me what happened, I not only recommended she immediately cancel her credit card, but I immediately inspected her machine.
After a few minutes on her computer, I realized something wasn’t right. While I performed various diagnostics, the mouse cursor moved, windows closed, and different things stopped running. Thinking it was Sally, I asked her to wait until I finished checking things out. But it wasn’t Sally. Instead, it was the scammer still connected to the machine, and he was trying to install malware!
Immediately it was a race to win full control of the computer. The scammer closed programs and tools as fast as I could get them open. He eventually tried to lock the machine by installing a fake AV program with a bogus warning, “FBI Has Locked This Computer Due To Fraudulent Activity.” He also tried to encrypt files in order to hold Sally’s data for ransom. Luckily I was able to run a quick series of commands to end the rogue processes, before blocking the scammer’s network access. He could have won; it was close—too close.
You might be wondering, “Isn’t antivirus software supposed to protect my computer from this kind of stuff?” Good question. Here’s our answer: AV software does not, and more importantly, CANNOT protect a computer from every threat out there. You have to think of antivirus software like suspenders on pants. They can go a long way in preventing your pants from falling down, but if you pull hard enough, they will still fall off. AV software is just the same. It can go a long way to prevent your machine from becoming infected, but if you click “yes” enough times and give scammers access to your machine, even the best antivirus software will be defeated.
The biggest lesson to learn: educate yourself. User education is the most important factor to not getting infected and/or scammed. Be cautious before clicking “yes” and NEVER trust someone that calls out-of-the-blue, claiming he or she is from Microsoft or some other well-known software or security company. Microsoft and other such companies will NEVER call you to let you know that your computer is infected and then ask for money to fix it.
(In addition, there are convincing illegitimate websites and pop-up ads designed to trick users into believing that their computers are infected, that they need immediate assistance, and that salvation requires a phone call to the scammer. It’s usually something like, “WARNING: Your computer is severely infected. Call 1-800…”)
The dangers of peer-to-peer-file sharing
Published April 25, 2014
Peer-to-Peer or P2P is a method of sharing of files between two or more computers on the Internet. Users share files via P2P by using peer-to-peer applications such as Gnutella, KaZaA, iMesh, LimeWire, Morpheus, SwapNut, WinMX, AudioGalaxy, Blubster, eDonkey, BearShare etc., and list goes on and on.
How P2P Works
The P2P application takes a piece of allotted data or sometimes whole directories from your hard drive and allows other users to freely download this content, and vice versa. P2P programs are most often used to share music and videos over the Internet. Although sharing, by passing around a CD or DVD is not illegal; sharing by creating multiple copies of a copyrighted work IS illegal. Some P2P programs will share everything on your computer with anyone by default. Much of the P2P activity is automatic and its use is unmonitored. Computers running this software will be busy exchanging files whenever the machine is turned on. Using P2P software can be, and often is very dangerous.
Consequences of Copyright Infringement
Downloading and sharing files which contain copyrighted material is against the law. The responsibility to restrict sharing and monitor the legality of files on your network lies solely with you and/or your employer (if it takes place at work using company equipment).
This is what can happen:
- Legal consequences. Copyright holders may offer a legal settlement option or pursue legal action against you.
- Financial implications. If a copyright holder chooses to pursue legal action, the minimum damage for sharing copyrighted material is $750 per file (in addition to legal and court fees). According to several different news sources, individuals who settled their cases outside of court were forced to pay substantial amounts. There is no way to predict how much you may be required to pay in settlement costs if illegal files are found to be on a machine or being transferred to/from an IP address that you own.
The Digital Millennium Copyright Act (DMCA) makes it a crime to create software that helps distribute copyrighted materials. It also limits an Internet Service Provider’s (ISP) liability if the ISP notifies the alleged infringer and suspends access to illegal copies of copyrighted materials.
There Are Risks Associated With Using P2P Programs
Some of the P2P programs themselves contain “spyware” that allows the author of the program, and other network users, to see what you’re doing, where you’re going on the Internet, and even use your computer’s resources without your knowledge to carry our various activities –the most popular use at this time is to harvest computer power to mine Bitcoins. Another annoyance with this type of software is that once installed, these applications can be almost impossible to remove. In some cases a user has to know which files to remove and which registry entries to edit to completely get rid of the application. Content downloaded via P2P applications can be potentially laced with malware, be legally protected copyright data or be personal and/or private information. Tests carried out by various researchers have revealed that common P2P searches often contain very sensitive, private data including: patent applications, medical information, financial and other personal and business-related information.
Since the computers running the P2P programs are usually connected to a network, they can be used to spread malware. Another risk is that various types of illegal files can be downloaded and re-shared over P2P networks by mistake. Users can even have files placed on their machines without knowing by others who want to share illegal material without getting caught. This tactic allows nefarious users “spoof” their personal network and IP address information. Short explanation: they use YOUR computer network to distribute and share THEIR illegal material so, it’s traced back to YOU and not THEM. So, in the end, YOU will be the one getting the knock on the door from law enforcement.
“Stealing is Stealing and Wrong is Wrong”. There’s no need to use P2P software to enjoy music and movies. There are multiple free and LEGAL options available to watch movies and listen to music. While most of these free services are ad-supported, many also offer very low cost subscription options that, in my personal opinion, are worth every penny and are ad-free!
Legal Alternatives for Downloading
Some of the sites listed here, provide some or all content at no charge. They are funded by advertising or represent artists who want their material distributed for free. This is not an exhaustive list but, it’s a good place to start.
TV shows: Watch TV shows online legally and free->> Hulu TV
Music Listen to music online legally and free->> Pandora (personal favorite), Last.fm , I Heart Radio, Xbox Music and Spotify.
Remember that it’s important to delete any files on any machines which may have been obtained over a P2P network and to also remove the P2P software. Use caution while surfing the internet and use some of the legal alternatives mentioned above for consuming media. If you suspect users on your business network of using P2P software, please don’t hesitate to contact New River Computing for support.
As always, STAY SAFE!