Another week, another roundup of cybersecurity news and trends. We are going to take a look at new NIST guidance for the energy sector, the impact of hospital data breaches on identity theft, the continued threat of ransomware, and the role of artificial intelligence (AI) and machine learning (ML) for effective endpoint protection.
NIST Releases Guidance for Energy Sector
It’s no secret that the internet at large is under virtually constant siege from malware and exploits. As industries that have traditionally operated more “off the grid” become take advantage of internet-of-things (IoT) and connected technologies to cut costs and streamline operations, they are also exposed to increased risk of cyber attacks. This is particularly true of the energy sector—which represents a prime target for cyber attackers or rival nation states.
The National Institute of Standards and Technology (NIST) issues cybersecurity recommendations designed to help organizations in the United States (or around the world) implement best practices to improve protection and streamline compliance. NIST has now issued guidance aimed more specifically at the challenges of the energy sector and addressing technologies that are more unique to the industry.
Jonny Milliken, Threat Research Manager for Alert Logic’s Active Intelligence team, stressed the importance of the initiative. “Critical infrastructure protection is not just a business prerogative but a requirement for effective national security as well. Any efforts which can be made up upgrade this security are always welcome.”
Hospital Data Breaches Put Patients at Risk of Identity Theft
A recent study found that 94% of the patients affected by a data breach in the healthcare sector over the last decade have had sensitive personally identifiable information (PII) compromised as a result. PII includes a variety of information that can be used to differentiate or validate someone’s identity, like a name, home address, date of birth, driver’s license number, Social Security number, and other such data. It can also include the types of information often asked for in security verification questions, such as a mother’s maiden name, or a place of birth.
From the perspective of an attacker, any data is valuable data. Some elements may not be very useful on their own, but can be combined with information that can be found publicly online, or from an individual’s social media profile to allow someone to assume or steal the person’s identity. Healthcare data, however, is particularly valuable. Milliken pointed out, “Medical records are an especially damaging piece of information to have disclosed. Unlike passwords or usernames, they cannot ever be changed. These types of immutable PII need extra focus and attention for security for just this reason.”
Continued Threat of Ransomware
Hopefully it will not come as a shock to learn that ransomware isn’t going to fade away any time soon. It’s a relatively low risk attack with the potential to generate significant—and easy—revenue for attackers, so it’s more likely to increase over time.
Even ransomware attacks that were believed to no longer be a threat appear to be making a comeback. GandCrab established itself as a leading ransomware threat over the last two years as a “ransomware-as-a-service” offering, but the authors announced earlier this year that they planned to quit while they were ahead (and not yet caught) and retire GandCrab.
It seems, though, that GandCrab—or a variation on GandCrab—is making a comeback. Researchers have determined that REvil (also referred to as Sodinokibi), which has risen in prominence since GandCrab left the scenes, actually shares code with GandCrab and may be a reincarnation or evolution of that threat.
It’s worth pointing out that ransomware is just a form of malware, and it has to find its way onto a vulnerable machine somehow in order to be a threat. Like any other malware attack, ransomware is likely to infiltrate via either a phishing attack or by exploiting a vulnerability on the target machine. The best way to guard against a ransomware attack is to have effecter cybersecurity in place to detect and prevent execution, and to educate users to avoid suspicious links and websites. Also—make sure you back up all critical systems and data so you can recover from a ransomware attack and resume normal operations without being forced to pay the ransom.
AI & ML for Endpoint Security
The dynamic nature of hybrid cloud environments built on container technologies in a DevOps culture make it challenging to effectively monitor and manage cybersecurity. At the same time, the sheer volume of vulnerabilities and exploits, and new malware threats have organizations under constant siege and make effective 24/7 cybersecurity an imperative.
Artificial intelligence and machine learning play an important-and growing—role in effective cybersecurity because they are necessary to keep up with the pace and scale of potential threats. A recent story from Forbes noted, “Bad actors are using AI and machine learning to launch sophisticated attacks to shorten the time it takes to compromise an endpoint and successfully breach systems. They’re down to just 7 minutes after comprising an endpoint and gaining access to internal systems ready to exfiltrate data according to Ponemon.”
When the attackers are using AI and ML to automate attacks, you also need AI and ML to try and stay one step ahead. That is why there has been a shift from the traditional approach of signature-based threat detection to a newer endpoint detection and response (EDR) strategy that offers more comprehensive cybersecurity against threats in real-time.