Ransomware’s Devastating Effects on the Healthcare Industry [Infographic]
Posted on by Zuly GonzalezCategories Resources, Security, Web Security1 Comment on Ransomware’s Devastating Effects on the Healthcare Industry [Infographic]

healthcare ransomware effects infographicRansomware has taken its toll on the healthcare industry. With new attacks seemingly every week, are you prepared to fight back, and protect your organization and your patient’s protected health information (PHI)?

As we mentioned previously in Why Ransomware Gangs Love the Healthcare Industry, ransomware is projected to grow 670%, and the healthcare industry has the highest cost per record stolen of any industry at $363 per stolen record. And with your patient’s lives in your hands, the stakes couldn’t be higher.

This infographic highlights the devastating effects ransomware and security breaches have had on the healthcare industry. (Click on the image for a full-sized version.) Are you protected?

Please share to spread the word!

Not into sharing infographics? Tweet these statistics instead:

  • The cost of cyberattacks to U.S. health systems over 5 years is $305 billion. [tweet this]
  • Cyber criminals to collect $1 billion in ransomware payments in 2016. [tweet this]
  • The cost per stolen healthcare record is $363. [tweet this]
  • Healthcare is 4 times more likely to be impacted by advanced malware than the avg industry. [tweet this]
  • Healthcare is 4.5 times more likely to be impacted by ransomware than the avg industry. [tweet this]
  • There are 340% more security incidents and attacks in healthcare than the average industry. [tweet this]
  • Ransomware attacks are projected to grow 670%! [tweet this]
  • Healthcare records are 10 times more valuable than credit card details on the black market. [tweet this]

Looking for more? Check out this article for more interesting statistics and information on ransomware in the healthcare industry.

Embed This Image On Your Site (copy code below):

How to Browse the Web Safe From Viruses for Free
Posted on by Beau AdkinsCategories Computer Security, Light Point Web, Resources, Security, Web SecurityLeave a comment on How to Browse the Web Safe From Viruses for Free

VirtualBoxToday, I’m going to walk you through the process of being able to browse the web in complete safety. The title of this post explicitly mentions “viruses”, but I’m using this as a more well-known moniker for the term “malware”. Malware is a more generic term which encompasses viruses, spyware, trojans, etc.

What I mean by “complete safety”, is that you do not have to worry about malware infecting your computer. It does not mean you are safe from being tricked into giving your banking passwords to a site that is only pretending to be your bank.

Step 1. Set up VirtualBox

The method I will be describing in this post relies on Virtual Machines for security. Think of a virtual machine as a fake computer inside your real computer. By using a virtual machine, you can perform tasks on a computer in a way that is completely isolated from your real computer. With this, you can browse the web inside the virtual machine, so that if you stumble on some malware, only the virtual machine will be infected. The virtual machine management software will also allow you to rollback all changes made to a virtual machine to a known state. Using these abilities correctly will allow you to browse in safety.

The first step is to install a virtual machine management software package, also known as a “hypervisor”. There are many different options for this, but I’m going to recommend VirtualBox. You can download and execute the installer from here. Just click the “VirtualBox x.x.x for Windows hosts” link (assuming you are using Windows). Once it is downloaded, just run the installer.

Step 2. Download Your Guest OS

Next, you will need an Operating System to use inside the Virtual Machine. You could install Windows as the Operating System, but you would need to buy a license. For a free alternative, I suggest installing Ubuntu. Ubuntu is a Linux-based Operating System. It is very high quality, and completely free.

When you download Ubuntu, you do not get an installer. Instead you get an “ISO” file. An ISO file is a bit-for-bit copy of a CD that you would use to install it on another computer. Its a rather large file. To start the download, go here and choose your version (either is fine). You need to remember where you download this file to.

Step 3. Set up Your Virtual Machine

Now that you have VirtualBox installed and an OS ISO file ready, you can create your first Virtual Machine. Start up VirtualBox (you probably have a shortcut on your desktop). Click the button at the top labeled “New”. Give your Virtual Machine a name, for example, “Browsing Machine”. Choose “Linux” as the Operating System, and the Version as “Ubuntu”.

Next, you need to select how much RAM to give this Virtual Machine. I would recommend 1 Gig at the least. Enter “1024” in the box labeled “MB”. This means 1024 Megabytes, which is equal to 1 Gigabyte. Note: you need to have more RAM than this on your computer. If you do not have more than a Gig of RAM on your computer, then unfortunately, you probably do not have system requirements to use virtual machines.

On the next screen, leave the default options (“Boot Hard Disk”, and “Create new hard disk”). Continue on to the “Hard Disk Storage Type” screen. Leave the default option of “Dynamically expanding storage”. On the next screen, leave the defaults in place and continue on.

VirtualBox SettingsOnce you get through all the options mentioned above, you will be returned to the main VirtualBox screen, but now you will see a new entry for your Virtual Machine in the pane on the left. Click on it to select it, and then click the “Settings” button at the top. In the settings dialog, select “Storage” in the left hand pane.

VirtualBox Settings Highlighted

In the center of the screen, click on the disk image labeled “Empty” under the “IDE Controller” entry. Next, on the right of the screen, click the disk icon next to the “CD/DVD Drive: IDE Secondary Master” entry, and in the popup, select “Choose a virtual CD/DVD disk file”. A file select dialog will appear. In this dialog, select the ISO file you downloaded in Step 2. Now click the “OK” button at the bottom of the settings dialog.

You are now back to the main VirtualBox screen again. You can now click the “Start” button at the top, to start your virtual machine. At this point a blank Virtual Machine will start, and it will begin the install process for your downloaded OS. It will ask you a lot of setup questions that I will not walk-through here.

When the Ubuntu setup process is finished it will tell you to eject the CD from the drive before continuing. Because this is a virtual machine attached to an ISO file, this is not possible. Ignore this, and keep going. You will see the virtual machine shut down, and then start up again. Once it has began starting again, click the “X” at the top right of the Virtual Machine’s window to close it. It will ask you how you want to close it. Choose “Power off the machine” and click “OK”. The virtual machine is now shut down.

VirtualBox Settings With ISO Mounted and Highlighted

Now that the virtual machine is off, we need to detach the ISO image we have set previously. Return to the settings screen, and on the left, select “Storage” as you had down previously. Next select the entry below the “IDE Controller” in the center. Finally, on the right, click the disk icon next to “CD/DVD Drive: IDE Secondary Master” and choose “Remove disk from virtual drive”. Finally, click “OK” at the bottom of the settings screen.

Step 4. Create a Restore Point

At this point, your Virtual Machine is a totally fresh install. You may want to take a moment to get the Virtual Machine customized to your liking. After you have done so, you should make a restore point, also called a “snap shot”. VirtualBox can use a snap shot to restore your virtual machine to a known state. For example, if you stumble upon an infected website, your virtual machine can become infected as well. But, you can then revert your virtual machine to its state from before the infection. It is like it never happened.

First, start your virtual machine using the “Start” button at the top of the VirtualBox window. Once your Virtual Machine starts, take a moment to do any one time customizations, such as installing a browser of your choice, upgrading software, etc. Once you are finished, shut the machine back down.

Back on the main VirtualBox window, on the upper right hand side of the screen, you will see an icon that looks like a camera, labeled “Snapshots”. Click this button to show you the snap shots. You will see an entry labled “Current State”. Just above it is another camera icon. Click it to take a snap shot. A dialog will appear that will ask for a name and description of this snap shot. Enter something useful meaningful to you, so you know what you have changed. Click “OK” to take the snap shot.

Once the snap shot is taken, you will see an entry with the name you choose for the snapshot, with a “Current State” entry below it. You now have your restore point.

Step 5. Browse the Web

You can now start your Virtual Machine and use it to browse the web whenever you want. The websites you visit in the virtual machine are isolated and separated from your actual computer. You may have some problems downloading files or printing things from within the virtual machine, so some tasks may have to be done on your real computer.

Step 6. Restore Your Snap Shot

Whenever you are done browsing, you should shutdown the virtual machine, and restore it to the snapshot created in step 4. The easiest way to do this is to simply click the “X” in the top right of the Virtual Machine to close the window. It will ask you how you want to close it. Choose “Power off the machine”, and check the box labeled “Restore current snapshot…”. This will turn off the Virtual Machine, and throw away all the changes you made since the snapshot was created.

Drawbacks of Using This Method

While this is an effective way to browse the web safely, it is not entirely painless. First off, using a virtual machine takes an enormous amount of resources. While the Virtual Machine is on, it will consume a large amount of memory, and maybe a lot of processing power.

Additionally, it can be frustrating to have your changes wiped out all the time. For example, if you add a bookmark to your browser, it will be lost when you revert.

It can also be annoying that it takes so much time to start the virtual machine. If you want to browse the web right now, waiting a minute or two for a virtual machine to start is painful.

Another Option

The method described above is basically the technology behind Light Point Web, except we do our best to shield you from the downsides just mentioned.

For example, we run the virtual machine on our computers, so your computer is not bogged down with it. We also integrate into your existing browser, so you are not prevented from changing settings in your browser or saving bookmarks.

Finally, our Virtual Machines are always running, so you do not need to wait for one to start when you are ready to browse.

If you are concerned about browser security, give this method a try. It is free, but it does take some time and effort. If you would rather someone else handle the work and headaches, give Light Point Web a try. We offer a free trial, so what do you have to lose?

Managing Projects with Subversion and Trac: Free eBook
Posted on by Beau AdkinsCategories Business of Software, Events, Resources, Startups1 Comment on Managing Projects with Subversion and Trac: Free eBook
Beau Adkins Business of Software 2011
Image credit: Betsy Weber

Along with Zuly, I attended Business of Software (BoS2011) this year. This was my first time attending, and I have to say it was an intense 3 days; lots of learning and lots of networking. Although I had a good time and met a lot of really nice people, I’m glad to be back home programming. It was a bit draining for an introvert like myself.

Workshop sessions were held during BoS2011 by both speakers and attendees. Zuly held a workshop session with Ricardo Sanchez and Jason Cohen on Practicing Your Startup Pitch, which was well received.

I held a workshop on Managing Software Projects with Subversion and Trac. I designed the workshop so that it would be easy for novices to follow, but it also contains some advanced topics. I created a simple eBook for the workshop that walks you through step by step on setting up Subversion and Trac. You can download the Managing Software Projects with Subversion and Trac eBook for free.

If you download the eBook, I would love to hear what you think of it. Feel free to share your thoughts in the comments below, or contact me via email.

National Cyber Security Awareness Month Is Here
Posted on by Zuly GonzalezCategories Computer Security, Events, Resources, Security, Web SecurityLeave a comment on National Cyber Security Awareness Month Is Here

National Cybersecurity Awareness Month LogoOctober is National Cyber Security Awareness Month (NCAM). NCAM is sponsored by the Department of Homeland Security (DHS), the National Cyber Security Alliance (NCSA) and the Multi-State Information Sharing and Analysis Center (MS-ISAC). October 2011 marks the eighth year NCAM has been organized.

Through a series of events across the country, National Cyber Security Awareness Month engages public and private sector partners to raise awareness and educate the public about cybersecurity. A listing of the events can be found here. They will also feature a different cybersecurity issue each week in October.

  • Week One: Emphasizes general cybersecurity awareness with events highlighting the Stop.Think.Connect. Campaign.
  • Week Two: Showcases the urgent need to develop cyber education programs to train the next generation cyber workforce.
  • Week Three: Focuses on national and local efforts to prevent identity theft and other cybercrimes.
  • Week Four: Highlights strategies small and medium sized business owners can use to bolster their own cybersecurity defenses.

We encourage everyone to become involved and participate in local NCAM events, but remember that Internet safety and security doesn’t end in October. You should practice Internet security all yearlong.

And what better way to kick off National Cyber Security Awareness Month than to sign-up for a free trial of Light Point Web, our malware protection software that lets you safely browse the web from the cloud.

NSA Recommendations for RSA SecurID Users After Cyber Intrusion
Posted on by Zuly GonzalezCategories Computer Security, Resources, Security8 Comments on NSA Recommendations for RSA SecurID Users After Cyber Intrusion

The National Security Agency (NSA) SignOn March 17, 2011, RSA announced that it had been the victim of a cyber intrusion, and as a result, information related to its SecurID product – a two-factor authentication device – had been compromised. According to RSA, the compromise does not lead to a direct attack on SecurID, but it does decrease its effectiveness.

In reaction to the RSA cyber intrusion, The National Security Agency (NSA) released Information Assurance Advisory No. IAA-003-2011: Recommended Actions for SecurID Users in Response to RSA Cyber Intrusion. This advisory expands on the information previously released by NSA via Information Assurance Alert No. IAR-001-2011: Mitigations for the RSA Cyber Intrusion, and provides additional guidance on:

  • The use of SecurID hard tokens and soft tokens
  • Fortifying the security profile of SecurID’s authentication factors
  • Measures to harden SecurID’s Authentication Manager

Here is a summary of NSA’s recommendations for SecurID customers.

The Use of SecurID Hard Tokens and Soft Tokens

RSA is exploring remediation strategies and best practices for its customers. However, implementation of these strategies may take some time. Customers should continue to work with RSA to develop short-term and long-term mitigations. Options include:

  • Continued use of hard tokens: In some circumstances, the risk of continued use of hard tokens may be deemed minimal.
  • Replacing hard tokens with soft tokens: For this option, an application is installed to generate a one-time password.

Fortifying the Authentication Factors

As a best practice, SecurID should not be used as the sole means of authentication. Recommendations on additional authentication measures and how to securely implement them are:

  • Augment SecurID with usernames and passwords: A relatively simple way to augment SecurID is to also require a user to log in to the system. This forces the adversary to compromise additional user information in order to gain access. Specific measures include the following:
    • Enable account login restrictions
    • Require users to phone-in before logging in
  • Augment SecurID with the DoD Common Access Card (CAC): A DoD customer could augment its existing SecurID system with the DoD CAC card, which is widely used across the DoD.
  • Perform regular audits of remote login activity: Enclaves should regularly audit login activities in order to identify unauthorized activity. Specific steps include:
    • Verify remote logins with each user
    • Analyze logs for unusual IP addresses
    • Analyze logs for failed login attempts
    • Notify users of last logins
  • Implement robust PIN policies: Implement strong policies for PIN and password usage and selection. The following should be considered:
    • Enforce the selection of robust PINs and passwords
    • Have users select new PINs and passwords and increase the frequency at which this needs to be performed
    • Implement quicker user lock-out after failed login attempts

Authentication Manager (AM) Hardening

These include:

  • Change default passwords
  • Install a system integrity checker
  • Only install valid software
  • Do not co-locate the AM with other services
  • Restrict Internet access from the AM
  • Limit user access to the AM
  • Baseline the AM network communications
  • Establish firewall rules to restrict network access to the AM
  • Limit user access to only a specific IP address or range of IP addresses
  • Restrict remote access to the AM

Additional Resources

Read NSA’s entire Information Assurance Advisory No. IAA-003-2011: Recommended Actions for SecurID Users in Response to RSA Cyber Intrusion here.

Read NSA’s entire Information Assurance Alert No. IAR-001-2011: Mitigations for the RSA Cyber Intrusion here.

Visit RSA’s SecurID Customer Resource Center, which provides links to SecurID information related to the attack, and where customers can tune in for updates.

In response to the RSA breach, the DHS issued the Technical Information Paper TIP-11-075-01 System Integrity Best Practices. This TIP calls for users to:

  • Enable strong logging
  • Limit remote access
  • Apply additional defense-in-depth techniques
  • Validate software

Were you affected by the SecurID compromise? Do you have additional resources to share with us? Let us know in the comments.

Free Black Hat Webcast: Attacking With HTML5
Posted on by Zuly GonzalezCategories Computer Security, Events, Resources, Security, Web Security1 Comment on Free Black Hat Webcast: Attacking With HTML5

Black Hat LogoThe founders of the Black Hat conference, the best computer security conference in the world, will be hosting a free webcast. The webcast, Attacking with HTML5, will be held on December 16, 2010 at 2:00 PM EST. You can register for the Black Hat webcast here.

Black Hat has been hosting security webcasts since July 2008. The Black Hat webcasts are a regular series of live web events focusing on what’s hot in Information Security. Each month, they bring together Black Hat speakers, independent researchers and leading experts to discuss relevant topics in security, and give you a chance to ask questions live. You can see a list of all the previously recorded Black Hat webcasts here.

Attacking With HTML5 Description

HTML5 is a set of powerful features aimed at moving the web applications closer to existing desktop applications in terms of user experience and features. HTML5 is not the technology of the future as many believe; it is available right now in almost all modern browsers. Though the widespread use of HTML5 by websites is still a few years away, the abuse of these features is already possible.

Web developers and users assume that just because their site does not implement any HTML5 features that they are unaffected. A large section of the internet community believes that HTML5 is only about stunning graphics and video streaming. This talk will show how these assumptions are completely contrary to reality.

This presentation will show how existing ‘HTML4’ sites can be attacked using HTML5 features in a number of interesting ways. Then we look at how it is possible to use the browser to perform attacks that were once thought to require code execution outside the sandbox. Finally, they will look at an attack where the attacker is not interested in the victim’s data or a shell on the machine, but is instead after something that might perhaps even be legal to steal.

Special Offer for Black Hat DC 2011

If you register for the free webcast, you will receive $250 off of a new registration to the Black Hat DC 2011 Briefings (Training classes are excluded). When you register for the webcast you will receive a discount code in your confirmation email to use when registering for the Black Hat DC 2011 Briefings.

Do you know of any other security webcasts? Share with us in the comments.