Welcome to the first in a series of cyber and information security news weekly roundups from ISMS.online. I’m sure you won’t be surprised when I say it’s been a busy old week in the world of cyber security…
4 and a half minute read
Vulnerabilities caused by the invisible network
Technology is a wonderful thing. Through devices and networks, it connects us, helps us to work smarter, and in some cases improves our health. But this openness has the potential to lead to some frightening vulnerabilities. One of which has revealed itself this week in a hospital in New Jersey.
During an audit of RWJ Barnabas Health’s 13 hospitals, their chief information security officer, Hussein Syed found that there were 70,000 unregistered internet enabled devices accessing the hospital’s network.
Among those devices were life-saving pieces of equipment, that if switch off unintentionally (or intentionally) would cut the power of oxygen machines, heart monitors and lights.
This vulnerability raises concerns over the Internet of Things and increases the need for more frequent tech audits, regardless of industry.
Holding health data to ransom
According to Hussein Syed, data on health is 50 times more valuable than credit card data. We only have to look closer to home, when the WannaCry ransomware disabled the NHS and other essential systems.
The potential to hijack a hospital’s system can rely on something as small as an unauthorised device, causing the whole defence to crumble.
A kick in the teeth for Kaspersky
Kaspersky has a range of successful internet security software products, recommended by the likes of finance giant Barclays bank, who offer a free version to their online banking customers.
But this week brought some devastating news for the anti-virus giant when the Trump administration announced that they were banning US government agencies from using the products.
So what has sparked all this off?
The Department of Homeland Security was concerned that Kaspersky products were vulnerable to interference from the Kremlin, and “ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks.”
Kaspersky Chief Executive, Eugene Kaspersky insists there is simply nothing in the story, stating:
“No credible evidence has been presented publicly by anyone or any organization as the accusations are based on false allegations and inaccurate assumptions.”
US credit rating company Equifax suffer UK and US breach
Names, email addresses, dates of birth and social security numbers have been exposed in a data breach involving over 143 million Americans and up to 400,000 UK citizens.
Help or hindrance?
Upon news of the data breach, Equifax was quick to set up a special website, hosted separately to their main site. The purpose was to keep those affected up to date on the actions being taken to prevent further data security issues.
Great idea, I think we all agree. Unfortunately, the company then mistakenly published the web address of a spoof version of that site, built by Nick Sweeting, a security researcher, via their own Twitter feed.
Mr Sweeter built the site because he claimed that it would take him “literally 20 mins to build a clone of this site.” Exposing the potential for further exploitation of hacking victims.
Arguably the world’s most popular free to use optimisation and PC cleaner tool was hijacked this week by malware.
The exposed ‘backdoor’ remained undetected for a month and affected 32-bit versions of the CCleaner 5.33.6162, as well as CCleaner Cloud 1.07.3191.
Although, strangely it appears that the targets of the infected computers, of which there are at least 20, had been carefully selected from a group of high-profile tech companies.
Arguably, the worst thing about hearing of this breach is that it’s a trusted download.
And trusted downloads rare in the world of innocent looking infected pieces of software residing on pages all over the web.
But let’s finish on a lighter note, shall we…
Top 10 most dangerous celebrities
Well, not exactly. This week, the cyber security firm, McAfee published a list of celebrity searches that were most likely to lead innocent searchers to corrupted websites.
Here is your top 10…
1. Avril Lavigne
2. Bruno Mars
3. Carly Rae Jepsen
4. Zayn Malik
5. Celine Dion
6. Calvin Harris
7. Justin Bieber
9. Katy Perry