Cyber Threats, Ransomware & Related Risks

Cyber Threats, Ransomware & Related Risks

• Cyber Threats, Ransomware & Related Risks

• Common IT Exposures

• Best Practices

• Collaborating with the CIO

• The Internet of Things (IoT)

Reveton & variants (2012-2014)

• Reveton & variants (2012-2014)

• CryptoLocker (2013)

• CryptoLocker.F & TorrentLocker (2014)

• CryptoWall (2014)

• CryptoWall 3.0 & 4.0 (2014-2015)

• TeslaCrypt, 2.0, 3.0 (2014-2015)

• VaultCrypt (2015)

2016: The Year of Online Extortion – 10 New ransomware families monthly

• 2016: The Year of Online Extortion – 10 New ransomware families monthly

• Jigsaw (April 2016)

• Locky & Goliath variant & TrueCrypter (May 2016)

• Stampado (July 2016)

• CryptXXX (July 2016)

• VariantscuteRansomware (July 2016)

• CTB Faker, Alfa & Ranscam (July 2016)

• Pokemon Go Ransomware (Aug 2016)

• Venus Locker (Aug 2016)

Feb: Hollywood Presbyterian Hospital in CA

• Feb: Hollywood Presbyterian Hospital in CA

• Mar: Medstar Georgetown University Hospitals in MD/DC (10/250)

• Mar: Methodist Hospital in KY

• Mar: Prime Healthcare Management in Chino and Victorville, CA (2)

• Mar: Norfolk General Hospital in Ontario

• May: Kansas Heart Hospital

• May: DeKalb Health in IN

Readily accessible remotely

• Readily accessible remotely

• Weak or gapped security protections & compliance

• Culture that emphasizes speed & ease of use/access vs. safety

• Limited security awareness

Weak, unprotected or re-used passwords (e.g., LinkedIn)

• Weak, unprotected or re-used passwords (e.g., LinkedIn)

• Targeted spear phishing emails

• Social engineering hacks via phone or in-person/on-premise

• Physical security breaches

• High risk websites with “drive by” AKA “no click” ads

BYOD or lost/stolen endpoint devices

• BYOD or lost/stolen endpoint devices

• Unencrypted or insecure USBs, CDs

• Non-sanctioned “Rogue Clouds” e.g., Google Drive, DropBox, etc.

• Public Wi-Fi

• Non-secure corporate, e-commerce or patient portal sites

Unpatched server & application vulnerabilities

• Unpatched server & application vulnerabilities

• Mis-used domain administrator accounts

• Weak East-West firewalling within corp network- VLANs, vShield

• Over-use of mapped drives

• Unencrypted data at rest – SEDs, BitLocker

• Data replication & back-up gaps

• Untested or out of date BCDR plans

Internet content filtering, ad blockers - OpenDNS, Websense, Ghostery

• Internet content filtering, ad blockers - OpenDNS, Websense, Ghostery

• Implement Next Gen Firewalls with SSL Decryption – Palo Alto

• Outsource 24x7x365 network traffic monitoring – Dell SecureWorks

• Implement data loss prevention solution – Symantec, McAfee, Splunk

• Use a secure password manager – LastPass

• Mobile device management solution – MobileIron, AirWatch

Devise effective security awareness training programs

• Devise effective security awareness training programs

• 16 Character passwords using passphrases (e.g., IT’s0n1ym0n3y!)

• Phishing email testing tools such as PhishMe

• Conduct social engineering tests via phone and at facilities

• Implement Dual factor authentication for user logins/access – Duo

• Secure file sharing service such as Box

• Secure messaging service such as NetSfere

Threats:

• Threats:

• Denial-of-Service

• Patient Data Theft

• Therapy Manipulation

• Asset Destruction