Daily Archives: November 13, 2019

#school | #ransomware | Hospital cyberattacks linked to heart attack deaths, study shows

Source: National Cyber Security – Produced By Gregory Evans

Detecting and treating a heart attack is a race against time.Reuters

  • A rise in ransomware attacks and data breaches against hospitals across the US may account for an uptick in heart attack deaths at those hospitals, according to a new study.
  • Ransomware attacks are a rising cybersecurity threat, and their frequency doubled across industries in the past year.
  • The study suggests that as hospitals were forced to adapt to cyber attacks with more robust security and overhauled IT systems, doctors and nurses were slowed down in providing care, losing valuable seconds during emergencies.
  • Visit Business Insider’s homepage for more stories.

Detecting and treating a heart attack is a race against time — every minute that passes as emergency room patients wait for an ECG can put their life at greater risk.

New research reveals a rising threat to cardiac patients that is increasing wait times at hospitals across the country: cyber attacks and data breaches carried out by hackers.

A study published by researchers at Vanderbilt and the University of Central Florida earlier this month examined mortality rates for heart attacks at more than 3,000 hospitals nationwide, 311 of which had experienced data breaches.

The study, which we saw thanks to cybersecurity researcher Brian Krebs, found that those hospitals took as many as 2.7 minutes longer to give patients an ECG in the years following a data breach. Those hospitals also saw 36 additional deaths per 10,000 heart attacks per year on average.

The delayed treatment times at those hospitals wasn’t just a direct consequence of the breach — they were also impacted by doctors and nurses adjusting to IT changes that the hospitals implemented to recover from the breach, according to the researchers.

“In spending time in a lot of different health care organizations, what we saw in terms of reactions to breaches was rather predictable — that is, installing better security controls,” Eric Johnson, dean of Vanderbilt University’s Owen Graduate School of Management who co-led the study, told PBS.

Hospitals have been repeatedly targeted by ransomware hackers, who seize sensitive patient data or hack into hospitals’ IT systems and hold it for ransom. The number of ransomware attacks more than doubled in the first quarter of 2019 compared to the year prior, according to McAfee Labs. 

The solution that researchers suggest is to invest more in data security and standardize how all hospitals store patient data. The department of Health and Human Services has issued voluntary cybersecurity practices for hospitals but doesn’t enforce clear standards across the industry — researchers say that such regulation is needed.

“We are not aware of formal regulations … even though poorly implemented electronics health records (EHR) have been associated with safety concerns,” the researchers wrote. “Protecting health information is an important responsibility of all parties in the health care industry.”

Digital Health Pro

Featured Digital Health Articles:
– Telehealth Industry: Benefits, Services & Examples
– Value-Based Care Model: Pay-for-Performance Healthcare
– Senior Care & Assisted Living Market Trends
– Smart Medical Devices: Wearable Tech in Healthcare
– AI in Healthcare
– Remote Patient Monitoring Industry: Devices & Market Trends

Source link

The post #school | #ransomware | Hospital cyberattacks linked to heart attack deaths, study shows appeared first on National Cyber Security.

View full post on National Cyber Security

hacker proof, #hackerproof




#cybersecurity | #hacking | Google Online Security Blog: How Google adopted BeyondCorp: Part 4 (services)

Source: National Cyber Security – Produced By Gregory Evans


Intro
This is the final post in a series of four, in which we set out to revisit various BeyondCorp topics and share lessons that were learnt along the internal implementation path at Google.

The first post in this series focused on providing necessary context for how Google adopted BeyondCorp, Google’s implementation of the zero trust security model. The second post focused on managing devices – how we decide whether or not a device should be trusted and why that distinction is necessary. The third post focused on tiered access – how to define access tiers and rules and how to simplify troubleshooting when things go wrong.

This post introduces the concept of gated services, how to identify and, subsequently, migrate them and the associated lessons we learned along the way.

High level architecture for BeyondCorp

Identifying and gating services


How do you identify and categorize all the services that should be gated?

Google began as a web-based company, and as it matured in the modern era, most internal business applications were developed with a web-first approach. These applications were hosted on similar internal architecture as our external services, with the exception that they could only be accessed on corporate office networks. Thus, identifying services to be gated by BeyondCorp was made easier for us due to the fact that most internal services were already properly inventoried and hosted via standard, central solutions. Migration, in many cases, was as simple as a DNS change. Solid IT asset inventory systems and maintenance are critical to migrating to a zero trust security model.

Enforcement of zero trust access policies began with services which we determined would not be meaningfully impacted by the change in access requirements. For most services, requirements could be gathered via typical access log analysis or consulting with service owners. Services which could not be readily gated by default ACL requirements required service owners to develop strict access groups and/or eliminate risky workflows before they could be migrated.

How do you know which trust tier is needed for every service?
As discussed in our previous blog post, Google makes internal services available based on device trust tiers. Today, those services are accessible by the highest trust tier by default.

When the intent of the change is to restrict access to a service to a specific group or team, service owners are free to propose access changes to add or remove restrictions to their service. Access changes which are deemed to be sufficiently low risk can be automatically approved. In all other cases, such as where the owning team wants to expose a service to a risky device tier, they must work with security engineers to follow the principle of least privilege and devise solutions.


What do you do with services that are incompatible with BeyondCorp ideals?

It may not always be possible to gate an application by the preferred zero trust solution. Services that cannot be easily gated typically fall into these categories:

  • Type 1: “Non-proxyable protocols”, e.g. non-HTTP/HTTPS traffic.
  • Type 2: Low latency requirements or localized high throughput traffic.
  • Type 3: Administrative and emergency access networks.

The typical first step in finding a solution for these cases is finding a way to remove the need for that service altogether. In many cases, this was made possible by deprecating or replacing systems which could not be made compatible with the BeyondCorp implementation.

When that was not an option, we found that no single solution would work for all critical requirements:

  • Solutions for the “Type 1” traffic have generally involved maintaining a specialized client tunneling which strongly enforces authentication and authorization decisions on the client and the server end of the connection. This is usually client/server type traffic which is similar to HTTP traffic in that connectivity is typically multi-point to point.
  • Solutions to the “Type 2” problems generally rely on moving BeyondCorp-compatible compute resources locally or developing a solution tightly integrated with network access equipment to selectively forward “local” traffic without permanently opening network holes.
  • As for “Type 3,” it would be ideal to completely eliminate all privileged internal networks. However, the reality is that some privileged networking will likely always be required to maintain the network itself and also to provide emergency access during outages.

It should be noted that server-to-server traffic in secure production data center environments does not necessarily rely on BeyondCorp, although many systems are integrated regardless, due to the Service-Oriented Design benefits that BeyondCorp inherently provides. 


How do you prioritize gating?

Prioritization starts by identifying all the services that are currently accessible via internal IP-access alone and migrating the most critical services to BeyondCorp, while working to slowly ratchet down permissions via exception management processes. Criticality of the service may also depend on the number and type of users, sensitivity of data handled, security and privacy risks enabled by the service.


Migration logistics

Most services required integration testing with the BeyondCorp proxy. Service teams were encouraged to stand up “test” services which were used to test functionality behind the BeyondCorp proxy. Most services that performed their own access control enforcement were reconfigured to instead rely on BeyondCorp for all user/group authentication and authorization. Service teams have been encouraged to develop their own “fine-grained” discretionary access controls in the services by leveraging session data provided by the BeyondCorp proxy.

Lessons learnt


Allow coarse gating and exceptions

Inventory: It’s easy to overlook the importance of keeping a good inventory of services, devices, owners and security exceptions. The journey to a BeyondCorp world should start by solving organizational challenges when managing and maintaining data quality in inventory systems. In short, knowing how a service works, who should access it, and what makes that acceptable are the central tenets of managing BeyondCorp. Fine-grained access control is severely complicated when this insight is missing.

Legacy protocols: Most large enterprises will inevitably need to support workflows and protocols which cannot be migrated to a BeyondCorp world (in any reasonable amount of time). Exception management and service inventory become crucial at this stage while stakeholders develop solutions.

Run highly reliable systems
The BeyondCorp initiative would not be sustainable at Google’s scale without the involvement of various Site Reliability Engineering (SRE) teams across the inventory systems, BeyondCorp infrastructure and client side solutions. The ability to successfully achieve wide-spread adoption of changes this large can be hampered by perceived (or in some cases, actual) reliability issues. Understanding the user workflows that might be impacted, working with key stakeholders and ensuring the transition is smooth and trouble-free for all users helps protect against backlash and avoids users finding undesirable workarounds. By applying our reliability engineering practices, those teams helped to ensure that the components of our implementation all have availability and latency targets, operational robustness, etc. These are compatible with our business needs and intended user experiences.

Put employees in control as much as possible

Employees cover a broad range of job functions with varying requirements of technology and tools. In addition to communicating changes to our employees early, we provide them with self-service solutions for handling exceptions or addressing issues affecting their devices. By putting our employees in control, we help to ensure that security mechanisms do not get in their way, helping with the acceptance and scaling processes.

Summary

Throughout this series of blog posts, we set out to revisit and demystify BeyondCorp, Google’s internal implementation of a zero trust security model. The four posts had different focus areas – setting context, devices, tiered access and, finally, services (this post).

If you want to learn more, you can check out the BeyondCorp research papers. In addition, getting started with BeyondCorp is now easier using zero trust solutions from Google Cloud (context-aware access) and other enterprise providers. Lastly, stay tuned for an upcoming BeyondCorp webinar on Cloud OnAir in a few months where you will be able to learn more and ask us questions. We hope that these blog posts, research papers, and webinars will help you on your journey to enable zero trust access.

Thank you to the editors of the BeyondCorp blog post series, Puneet Goel (Product Manager), Lior Tishbi (Program Manager), and Justin McWilliams (Engineering Manager).

Source to this story comes from Google News.

The post #cybersecurity | #hacking | Google Online Security Blog: How Google adopted BeyondCorp: Part 4 (services) appeared first on National Cyber Security.

View full post on National Cyber Security

hacker proof, #hackerproof




#cybersecurity | #hackerspace | How to Ensure Factory Reset Protection Using Scalefusion

Source: National Cyber Security – Produced By Gregory Evans

Factory Reset Protection using Scalefusion

Factory reset is the most commonly used feature to delete the device data. Factory reset also clears the device of any existing applications and settings. A Factory reset literally resets the devices to the settings available on the device at the time it was shipped from the factory. 

Also known as Master reset, the Factory reset feature of Android devices make a used device as good as new (the software of course).The new user can create and update the device settings to their preferences. For devices that are exchanged in leasing or passed on to new users, factory reset is a very important feature. Factory reset streamlines the new set up of old devices. But for corporate-owned devices, this can invite trouble

The Importance of Factory Reset Protection in Corporate-owned Devices

Corporate-owned devices are devices purchased and distributed by a company or an organization for business use. These devices can be distributed to individual employees or be deployed as public kiosks, shared devices between frontline workers, configured as digital signage and so on. 

These corporate-owned devices are hence at the risk of being stolen, lost or misused. Managing the devices with an MDM solution can prevent data breaches on such devices. But the device in itself is susceptible to misuse if the MDM profile is removed from the said device. The attackers can factory reset the device and unlock it from the MDM profile and use it for personal benefits. 

Factory reset enables the end-user to wipe any data, apps and settings on the device and reset the device to new preferences without the control of IT admins/ device owners. To ensure that the device is not available for any other use than the pre-decided business purpose, it is necessary to ensure factory reset protection on corporate-owned devices.  

If the device is not protected against Factory reset, the end-user can take the following actions on the device:

  • Reset the device settings
  • Clear the security policies & restrictions on apps & browsing
  • Install applications
  • The device will not be trackable by the company 
  • Device will be misused for personal/non-business use

How to ensure Factory Reset Protection using Scalefusion MDM

Scalefusion MDM offers Factory reset protection feature to protect the Android devices from being factory reset. IT admins can block the Factory reset feature on Android EMM and Samsung Knox devices.

Here’s how to turn on the Factory Reset Protection using Scalefusion

On Android EMM devices:

Step 1: Activate the Factory Reset Protection via the Android Utilities setting of the Scalefusion dashboard. Currently all the email accounts for FRP are deactivated.

https://securityboulevard.com/

Step 2: Now, click on the Add Account button to add a gmail account that can be used to complete device setup upon factory reset. You can add one or more Gmail accounts that can be used to sign-in to the device if it is factory reset.

https://securityboulevard.com/

Step 3: Now, select the Google Plus account credential to activate the factory reset protection. You can select the account your browser is currently logged in or choose another account.

https://securityboulevard.com/

Step 4: Now the account will be added to the Scalefusion Dashboard for FRP protection.

https://securityboulevard.com/

When the end-user of any enrolled EMM device will attempt to factory reset the device, the device will ask for the login credentials of the previously set up Gmail accounts to continue the device setup. 

Factory Reset Protection by Scalefusion will be available on Samsung, Sony and LG EMM devices. It is important to ensure that for these devices, Scalefusion is set as device owner in the EMM settings.

On Samsung Knox devices:

Samsung Knox extends additional security settings to Knox devices. When IT admins are managing Samsung Knox devices with Scalefusion MDM, the Factory reset is automatically disabled. If the user tried to factory reset the device, the MDM profile is automatically re-installed during the device setup.

To ensure FRP on Samsung Knox devices, setup Samsung Knox on the Scalefusion dashboard before enrolling Samsung Knox devices.

https://securityboulevard.com/

Ensuring Factory reset protection with Scalefusion helps IT admins gain granular control over devices, eliminating the threat of device misuse and tampering.

Source link

The post #cybersecurity | #hackerspace |<p> How to Ensure Factory Reset Protection Using Scalefusion <p> appeared first on National Cyber Security.

View full post on National Cyber Security

hacker proof, #hackerproof




Google Online Security Blog: OpenTitan

Source: National Cyber Security – Produced By Gregory Evans

The founding partners of the OpenTitan project

OpenTitan is an active engineering project staffed by a team of engineers representing a coalition of partners who bring ideas and expertise from many perspectives. We are transparently building the logical design of a silicon RoT, including an open source microprocessor (the lowRISC Ibex, a RISC-V-based design), cryptographic coprocessors, a hardware random number generator, a sophisticated key hierarchy, memory hierarchies for volatile and non-volatile storage, defensive mechanisms, IO peripherals, secure boot, and more. With OpenTitan, a coalition of partners have come together to deliver a more open, transparent, and high-quality RoT.

The OpenTitan project is rooted in three key principles:

  • Transparency – anyone can inspect, evaluate, and contribute to OpenTitan’s design and documentation to help build more transparent, trustworthy silicon RoT for all.
  • High quality – we are building a high-quality logically-secure silicon design, including reference firmware, verification collateral, and technical documentation.
  • Flexibility – adopters can reduce costs and reach more customers by using a vendor- and platform-agnostic silicon RoT design that can be integrated into data center servers, storage, peripheral and other devices.

Participating in the OpenTitan project

OpenTitan will be helpful for chip manufacturers, platform providers, and security-conscious enterprise organizations that want to enhance their infrastructure with silicon-based security. Visit our GitHub repository today.

If you are interested in actively collaborating on OpenTitan to help make secure open source silicon a reality, we encourage you to contact the OpenTitan team. If you would like your product to be considered for a pilot OpenTitan RoT integration, the team would be excited to hear from you.

Source link

The post Google Online Security Blog: OpenTitan appeared first on National Cyber Security.

View full post on National Cyber Security

hacker proof, #hackerproof