Ross Moir

Recent Posts

Securing Electronic Health Records: Report from HHS Reinforces Need for Contingency Plans

Posted by Ross Moir on Aug 29, 2016 9:06:22 AM

Erics_Healthcare5Actions_Blog_Post.jpg

Type “EHR” and “information security” into Google and you will find tons of Internet websites, news articles, and even YouTube videos on touting the various plusses and minuses of electronic health records, or EHR.  In the last few years, the EHR has become the physician’s best friend, as it helps provide better care, better population health and lower heath care costs.  While EHRs might be changing the way hospitals and practice offices operate, there are still issues with using EHRs securely.   According to the HHS Office of Inspector General, nearly “60 percent of hospitals participating in the federal meaningful use incentive program reported an unplanned disruption in their record systems in 2014 and 2015.” [Note that the meaningful use program is a federally backed program designed to encourage adoption of EHRs by doctors and hospitals].  It is also important to note that most of the reported unplanned disruptions were caused by hardware failure, not from cyber attacks.  While hardware failures are a concern, cyber attacks should also be at the top of the list.  Hospitals are facing an increasing number of directed cyberattacks aimed at disrupting and disabling the IT and health record infrastructure. 

 

Read More

Topics: Cyber Attack, EHR

One APT to Rule Them All: ProjectSauron Remained Hidden for 5 Years

Posted by Ross Moir on Aug 11, 2016 10:03:44 AM

Ransomware_Blog_Post.jpg

 

Researchers and security experts at Kaspersky Labs and Symantec have identified a new type of malware platform that has been so advanced and secretive that very few details are just coming to light now.  ProjectSauron as the malware has been named, has been active since at least 2011. What distinguishes ProjectSauron from other APTs and zero day exploits is that it has operated virtually undetected for five years and has multiple modules that can be installed based on needs of the attacker(s).  Security professionals are stopping short of naming its country of origin but suspect that the advanced persistent threat (APT) malware could “…probably have been developed only with the active support of a nation-state,” according to ARS Technica

Read More

Topics: ProjectSauron, malware

White House Unveils Color-Coded Scale for Cyber Security Threats

Posted by Ross Moir on Jul 29, 2016 11:39:17 AM

Trending_News_Blog_Post.jpg

On July 26, the Obama administration released a framework for incident handling around cyber-attacks.  The framework is part of the Presidential Policy Directive on United States Cyber Incident Coordination and action plan that was released in February of this year.  It provides a clear standard of when and how government agencies will handle cyber security incidents. Included in the directive is a new color-coded scale that assigns specific colors and response levels to the danger of a cyber-attack.

Read More

Topics: Cyber Attack, cybersecurity

Three Things You Can Do to Prevent Ransomware Attacks

Posted by Ross Moir on Jul 26, 2016 1:54:19 PM

3_Things_to_Consider_RSA_Archer_Blog_Post.jpg

With ransomware attacks on the rise in 2016, a lot of organizations are scared.  According to the KnowBe4 2016 Ransomware Threat Concerns survey, many organizations don’t have faith in their backup systems, which compounds the fear of a Crypto-Locker style attack.  The survey of over 1100 companies found that 38% of the companies asked had been hit with a ransomware attack in 2016, up from 20% in 2014.  Ransomware attackers aren’t just limiting attacks to a single industry.  They are hitting hospitals, banking institutions, the manufacturing industry and state and local governments.

 

What can you do to protect your organization and prevent ransomware attacks from occurring in the first place?  Here are three things you can do today to shore up your defenses:

 

Read More

Topics: ransomware

Part Three: FAR Ruling 52.204-21 Definitions

Posted by Ross Moir on Jul 19, 2016 12:05:36 PM

 Updates_to_FARS_3.jpg

This is part three of a continuing series on the Federal Acquisition Register ruling 52.204-21, Basic Safeguarding of Covered Contractor Information Systems.  If you haven’t read part one or part two,  please take a few minutes to read it before continuing.

The recent FAR ruling, released with input from the General Services Administration (GSA) and the National Aeronautics and Space Administration (NASA), have expanded on definitions that affect contractor organizations that process or store Federal contract information on behalf of the federal government in support of government contracts.  This post with explore the definitions in an attempt to bring a little clarity to the vague terms that apply to these systems.

 

Read More

Part Two: FAR Ruling 52.204-21 Security Requirements

Posted by Ross Moir on Jun 21, 2016 9:44:56 AM

Updates_to_FARS_2.jpg

This is part two of a continuing series on the Federal Acquisition Register ruling 52.204-21, Basic Safeguarding of Covered Contractor Information Systems.  If you haven’t read part one, please take a few minutes to read it before continuing. 

In May, the federal government announced an update to FAR 52.204-21 that would impose similar rules and requirements to the Defense Federal Acquisition Register rule 252.204-7012, Safeguarding Covered Defense Information. These requirements, although not explicitly tied to NIST 800-171, are characterized as comparable.  NIST 800-171 has been implemented as the requirements for DFARS.  These new regulations apply to contractors that are not part of the Department of Defense.

Read More

Topics: DFARS

Safeguarding of Contractor Information Systems Expands Beyond DFARS 252-204.7012

Posted by Ross Moir on Jun 1, 2016 2:36:26 PM

Updates_to_FARS.jpg * This is the first in a multi-part series on the new FARS 4.19 clause.

 

Recently, the US Government issued a final rule to the Federal Acquisition Regulations (FAR) to “add a new subpart and contract clause for the basic safeguarding of contractor information systems that process, store, or transmit Federal contract information”.  This is a new mandatory regulation, similar to the requirements established by the US Department of Defense with the Defense Federal Acquisition Regulation Supplement (DFARS).

 

Read More

Topics: DFARS

Adobe and Windows Zero-day Exploits in the Wild

Posted by Ross Moir on May 16, 2016 12:15:31 PM

Ross_Blog_Post.jpg

The recent news of two new zero-day exploits for Windows and Adobe users was disconcerting for many.  The Windows bug is being exploited in the wild, which users should install fixes as soon as possible.  Cataloged as CVE-2016-0189, the exploit allows attackers to execute malicious code when vulnerable computers visit booby-trapped websites.  According to ARS Technica and Symantec, many of the targeted attacks have been aimed at South Korean websites.  The vulnerability exists in the Jscript and VBScript engines and is exploited using Internet Explorer.  According to Symantec, the exploit may have been delivered through a link included in a spear-phishing email, or a compromised, legitimate website that redirected users to the exploit.  The landing page contained JavaScript code that profiled the computer belonging to the user visiting the site.  South Korea was severely impacted by this zero-day attack, which is heavily reliant on Internet Explorer.  Attackers target South Korean organizations often to gain remote access to South Korean organization computers, steal sensitive data, or even wipe hard drives. The Adobe bug was recently identified in a Flash vulnerability that gives attackers the ability to remotely hijack machines and is currently being exploited in the wild.  FireEye first reported the vulnerability on May 10.  The vulnerability affects Windows, Mac, Linux, and Chrome OS.  The CVE number is CVE-2016-4117.

Read More

Topics: Cyber Attack, Phishing

Internet Connected Cars Raise Concerns about Vulnerabilities

Posted by Ross Moir on Apr 29, 2016 3:56:32 PM

Ross_Blog_Car.jpg

Cyber security researchers are increasingly concerned with Internet-connected vehicles.  Vehicles nowadays are connected to owners’ homes, traffic signals, insurance companies, and more and are just as vulnerable as corporate networks.  Security analysts and researchers have demonstrated ways to remotely manipulate a car’s system that controls breaking, accelerating, steering, and other critical functions.  Furthermore, these vulnerable systems were not limited to one brand or model of car.  As such, the FBI and National Highway Traffic Safety Administration (NHTSA) issued a public service announcement in March warning of the potential cyber threats.

Read More

Topics: Security, Wireless Security

Watching the Watchers: FBI Warns of Massive Government Breach

Posted by Ross Moir on Apr 20, 2016 11:00:00 AM

 Trending_News_Blog_Post.jpg

 

In a recent article by Motherboard, the FBI warned of massive government data breaches from a group that has had access to US Government files for years.  APT6 have “compromised and stolen sensitive information from various government and commercial networks since at least 2011”.  While it is unclear from the article just which government agencies are involved, the FBI has released an alert that details several domains that are associated with command and control (C2) of customized malicious software and any activity related to these domains “detected on a network should be considered an indication of a compromise requiring mitigation and contact with law enforcement”.

 

Read More

Topics: Breach