[BreachExchange] 'Cyber Hygiene' Could Prevent the Next Attack

Audrey McNeil audrey at riskbasedsecurity.com
Thu Apr 7 20:27:49 EDT 2016


http://www.forensicmag.com/articles/2016/04/cyber-hygiene-could-prevent-next-attack

Back in February, Hollywood Presbyterian hospital in Los Angeles was
hacked. CT scans went down, patients were moved to other area hospitals,
and medical staff was reduced to using fax machines and written notes to
relay patient information.

The unknown assailants demanded a ransom.

Two weeks ago, another attack: MedStar Hospitals, serving hundreds of
thousands of patients at 10 facilities in the Washington D.C. area, fell
victim to a similar “ransomware” attack. The medical group responded
quickly, and have said that they did not pay the hackers.

Hollywood Presbyterian wasn’t so lucky—that attack cost the hospital
$17,000.

According to a 2014 report, the number of attacks rose each month in 2013
from 100,000 in January to 600,000 in December.

“Unfortunately, a lot of companies don't tell anybody if they had fallen
victim to ransomware, and especially if they have paid the criminals,” Adam
Kujawa, the head of a San Jose-based anti-malware company, told the AP in
February.

But, one expert says basic "cyber hygiene" could go a long way to
protecting data from being hacked. Here are five examples from Associated
Press cybersecurity expert, Tami Abdollah, published as an excerpt from a
recent AP article:

Make Safe and Secure Backups

Once your files are encrypted, it's nearly always game over. Backups often
are out of date and missing critical information.

Ransomware has become increasingly sophisticated and effective at
separating users from the contents of their computers. For example,
sometimes it targets backup files on an external drive. You should make
multiple backups — to cloud services and using physical disk drives, at
regular and frequent intervals. It's a good idea to back up files to a
drive that remains entirely disconnected from your network.

Update and Patch Your Systems

The recent samsam virus-like attack takes advantage of at least two
security vulnerabilities on servers, including one discovered in 2007.
Updating software will take care of some bad vulnerabilities. Browsers such
as Chrome will automatically update behind the scenes, saving you the time
and deterring hackers.

Use Antivirus Software

It's basic but using antivirus will at least protect you from the most
basic, well-known viruses by scanning your system against the known
fingerprints of these viruses. Low-end criminals take advantage of less
savvy users with such known viruses even though malware is constantly
changing and antivirus is frequently days behind detecting it.

Educate Your Workforce

Basic cyber hygiene such as ensuring workers don't click on questionable
links or open suspicious attachments can save headaches. System
administrators should ensure that employees don't have unnecessary access
to parts of the network that aren't critical to their work. This helps
limit the spread of ransomware if hackers do get into your system.

If Hit, Don’t Wait and See

When hackers hit MedStar Health Inc., the hospital chain shut down its
network as soon as it discovered ransomware on its systems. That action
prevented the continued encryption — and possible loss — of more files.
Hackers will sometimes encourage you to keep your computer on and attached
to the network but don't be fooled.

If you're facing a ransom demand and locked out of your files, law
enforcement and cybersecurity experts discourage paying ransoms because it
incentivizes hackers and pays for their future attacks. There's also no
guarantee all files will be restored. Many organizations without updated
backups may decide regaining access to critical files, such as customer
data, and avoiding public embarrassment is worth the cost.

The hackers, of course, are counting on that.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160407/fc4bdf56/attachment-0001.html>


More information about the BreachExchange mailing list