Articles of interest from the week of November 23, 2020

Cyber-attacks Reported on Three US Healthcare Providers

Three healthcare providers in Florida, Georgia, and New York are notifying patients that their protected health information may have been exposed in recent cyber-attacks involving ransoms. (By Sarah Coble, Infosecurity). Ingalls: Protecting your organization from being hacked used to involve a fairly straightforward set of technical controls that kept customer computer networks secure and data backed up in the event of a system failure. To do this 10 years ago, an organization needed to setup firewalls, antivirus, patch management, and data backup. Today, organizations of all sizes need Managed Detection and Response (MDR) to defend against malicious network traffic. Our MDR service delivers threat monitoring, detection and response leveraging a combination of technologies, advanced analytics, threat intelligence, and human expertise in incident investigation and response. How does MDR work?

7 Dumb Ways to Be a Ransomware Victim, and How to Avoid Them

Ransomware is once again in the news. Attackers are reportedly targeting health care providers and are using targeted phishing campaigns disguised as meeting invites or invoices that contain links to Google documents, which then lead to PDFs with links to signed executables that have names with distinctive words like "preview" and "test." (By Susan Bradley, CSO Online) Ingalls: One of the most telling statistics from this year’s Verizon Data Breach Investigations Report (DBIR) is that Ransomware remains a serious threat to all industries and accounts for nearly a quarter of all malware based attacks.  Ransomware has become so widespread and commonplace that a normal attack garners neither the shock of security professionals nor the attention of the media. Are You Prepared To Defend Against Ransomware?

Google Services Weaponized to Bypass Security in Phishing, BEC Campaigns

A spike in recent phishing and business email compromise (BEC) attacks can be traced back to criminals learning how to exploit Google Services, like Forms, Firebase, Docs and more. (By Becky Bracken, Threatpost). Ingalls: Businesses face significant financial loss when a cyber attack occurs. In 2019, the U.S. business sector had 17% increase in data breaches: 1,473 breaches. Cybercriminals often rely on human error—employees failing to install software patches or clicking on malicious links—to gain access to systems. From the top leadership to the newest employee, cybersecurity requires the vigilance of everyone to keep data, customers, and capital safe and secure. #BeCyberSmart to connect with confidence and support a culture of cybersecurity at your organization. To learn more visit our recent blog, 5 Ways To Be Cyber Secure At Work.

Louisiana Hospitals Report Data Breach

The data of thousands of patients has been exposed following a cyber-attack on Louisiana State University medical centers. LSU Health New Orleans issued a HIPAA breach notification on November 20 after detecting a cyber-intrusion into an employee’s electronic mailbox.  "The intrusion appears to have occurred on September 15, 2020, and the mailbox access was discovered and disabled on September 18, 2020," said LSU Health. (By Sarah Coble, Infosecurity) Ingalls: At a time when cybersecurity is more strategic to businesses than ever before, determining ones cybersecurity risk management strategy is crucial. Our Master Risk Control: Pick A Cybersecurity Risk Management Strategy blog post provides some valuable insight on the different options.

8 Types of Phishing Attacks and How to Identify Them

Every data breach and online attack seems to involve some kind of phishing attempt to steal password credentials, to launch fraudulent transactions, or to trick someone into downloading malware. Indeed, Verizon's 2020 Data Breach Investigations Report finds that phishing is the top threat action associated with breaches. (By Fahmida Y. Rashid, CSO Online) Ingalls: Phishing attacks are a good example of why you need end point protection. Our Managed Detection and Response (MDR) service is designed for advanced detection, threat hunting, anomaly detection and response guidance utilizing a defense-in-depth approach which monitors and correlates network activity with endpoints, logs and everything in between.