RM67.6 million lost to cyber crimes in Q1 2019

LABUAN: Cyber crimes involving losses of RM67.6 million in 2,207 cases were reported in the first three months of this year, according to a senior officer of the Communications and Multimedia Ministry (KKMM) today.

Its deputy secretary-general (policy), Shakib Ahmad Shakir, said the ministry and agencies under it were concerned over the large amounts of money lost through such scams.

The three most common types of cyber crimes were cheating via telephone calls which recorded 773 cases with RM26.8 million in losses, cheating in online purchases with 811 cases totaling RM4.2 million and the ‘African Scam’ with 371 cases totaling RM14.9 million.

E-financial fraud recorded 212 cases involving losses of RM21.5 million, he said when opening a Labuan-level briefing on awareness to combat cyber crimes and human trafficking, here.

He said the losses were reported in online scams, credit card frauds, identity thefts and data breaches.

“KKMM is determined to combat cyber crimes in view of the concerns raised on the rise in cyber crimes committed through various means.

“Cyber crimes are a serious threat to the people as these frauds can cause them to lose hundreds of thousands of ringgit of their hard-earned money,” he said.

The briefing is part of the commitment of KKMM to create public awareness on cyber crimes through education and promotion and publicity campaigns.

Shakib said that according to the Commercial Crime Investigation Department, 13,058 cheating cases were reported in 2017 compared to 10,394 last year.

“I was told that telecommunication fraud is the most common form of (cyber) crime in Labuan with 16 complaints in 2017 and 19 complaints last year, a 35 per cent increase,” he said.

Shakib said the ministry would continue to cooperate with its strategic partners like the media, police, the Malaysian National News Agency (Bernama) and Information Department to combat the menace. – Bernama

Source | https://www.nst.com.my/news/crime-courts/2019/04/482208/rm676-million-lost-cyber-crimes-q1-2019

National awareness plan on managing cybersecurity, cybercrime at year-end

KUALA LUMPUR: A national awareness plan on the management of cybersecurity and cybercrime will be launched at the end of this year, Deputy Prime Minister Datuk Seri Dr Wan Azizah Wan Ismail said today.

She said the plan, which was being developed by the National Cyber Security Agency (NACSA), was expected to be implemented in January 2020, targeting four groups – children, youths, adults and parents, as well as organisations.

Dr Wan Azizah, who is also chairman of the E-Sovereignty Committee, said various parties were involved in developing the plan, including government agencies, the private sector, industries and non-governmental organisations.

The plan was an effort to address cyber threats comprehensively besides the National Cyber Security Strategy which was still being developed, she said.

“One of the things that we (the government) stress is the management of cybersecurity and we have the National Cyber Security Strategy … where we look at cyber attacks in other countries. This is important for us to protect the banking system and so on,” she told reporters in a special interview at her office in Parliament House in conjunction with the first anniversary of the Pakatan Harapan (PH) government.

The National Cyber Security Strategy, among others, covers the management of cyber incidences through an active cyber defence approach which outlines proactive, integrated action at every layer of system defence and information and communications technology of the country.

Dr Wan Azizah said Malaysia is also aware that international collaboration is very important and necessary to improve the effectiveness of the management of cybersecurity and cybercrime.

She said that among the initiatives that are being implemented is developing the ASEAN Regional Forum (ARF) Cyber Security Work Plan which is a joint plan for cybersecurity among ARF member countries.

Dr Wan Azizah said Malaysia, together with Australia, has developed the ‘Cyber Point of Contact’, which is a database of the list of liaison officers in member countries, to get assistance and cooperation during cyber incidences. – Bernama

Source | https://www.theborneopost.com/2019/05/08/national-awareness-plan-on-managing-cybersecurity-cybercrime-at-year-end/

Israel Neutralizes Cyber Attack by Blowing Up A Building With Hackers

The Israel Defense Force (IDF) claims to have neutralized an “attempted” cyber attack by launching airstrikes on a building in Gaza Strip from where it says the attack was originated.

As shown in a video tweeted by IDF, the building in the Gaza Strip, which Israeli fighter drones have now destroyed, was reportedly the headquarters for Palestinian Hamas military intelligence, from where a cyber unit of hackers was allegedly trying to penetrate Israel’s cyberspace.

“We thwarted an attempted Hamas cyber offensive against Israeli targets. Following our successful cyber defensive operation, we targeted a building where the Hamas cyber operatives work. HamasCyberHQ.exe has been removed,” said the Israeli Defence Forces on Twitter.

However, the Israel Defense Force has not shared any information about the attempted cyber attack by the Hamas group, saying it would reveal the country’s cyber capabilities.

According to Judah Ari Gross of Times of Israel, the commander of the IDF’s Cyber Division said, “We were a step ahead of them the whole time,” and “this was one of the first times where Israeli soldiers had to fend off a cyber attack while also fighting a physical battle.”

However, it’s not the first time when a country retaliates to a cyberattack with a physical attack. In 2015-16, the U.S. military reportedly killed two ISIS hackers—Siful Haque Sujan and Junaid Hussainof Team Poison hacking group—using drone strikes in Syria.

The commander did not reveal the name of the target, but did say that the cyber attack by Hamas was aimed at “harming the way of life of Israeli citizens.”

The tension between Israel and Hamas has increased over the last year, with the latest conflict began on Friday after Hamas militants launched at least 600 rockets and mortars at Israel and shot two Israeli soldiers

In retaliation to the violence by Hamas, the Israel military has carried out their own strikes on what it claimed were hundreds of Hamas and Islamic Jihad targets in the coastal enclave.

So far, at least 27 Palestinians and 4 Israeli civilians have been killed, and over 100 of them have been injured.

The IDF said its airstrike targeted and killed Hamed Ahmed Abed Khudri, who the Israel military reportedly accused of funding the Hamas rocket fire attacks by transferring money from Iran to armed factions in Gaza.

“Transferring Iranian money to Hamas and the PIJ [Palestinian Islamic Jihad] doesn’t make you a businessman. It makes you a terrorist,” IDF wrote in a tweet that included an image of a Toyota car in flames.

In a new development, Israel has stopped its air strikes on the Palestinian territory and lifted all protective restrictions imposed near the Gaza area, after Palestinian officials offered a conditionalceasefire agreement with Israel to end the violence.

Source : https://thehackernews.com/2019/05/israel-hamas-hacker-airstrikes.html?m=1

MORE DEDICATED CYBER-SECURITY STAFF NEEDED IN HEALTHCARE INDUSTRY

  • Industry that deals with copious amounts of personal, exploitable data
  • Organisation-wide education and awareness are crucial

AS THE adoption of digital technology in the healthcare industry accelerates, there is an increasing need to protect another side of patients’ and healthcare organisations’ well-being – the security of their personal data.

This emphasis on protecting data and mitigating cyber-threats is reflected in the industry’s significant investment into cyber-security.

According to a recent survey by Palo Alto Networks, about 70% of healthcare organisations in Asia-Pacific say that 5% to 15% of their organisation’s IT budget is allocated to cyber-security.

However, despite substantial budgets, there seems to be a need for the healthcare industry to catch-up with industry peers in terms of cyber-security talent, with only 78% having a team in their organisations dedicated to IT security, the lowest among other industries surveyed. This is also well-below the industry-wide average of 86%.

“As an industry that deals with copious amounts of personal, exploitable data, it can be disastrous if this data enters the wrong hands.

“Healthcare organisations need to ensure they are always updated on new security measures, and change their mindset from a reactive approach to a prevention-based approach instead, akin to how they remind patients that prevention is better than cure,” says Sean Duca, vice president and regional chief security officer for Asia-Pacific, Palo Alto Networks.

Risk factors

Aside from monetary loss associated with data breaches and availability of connected devices which monitor patient lives, healthcare professionals are most worried about the loss of clients’ contacts, financial or medical information – 30% have cited loss of details as key.

Fear of damaging the company’s reputation among clients comes next at 22%, followed by 17% citing company downtime while a breach is being fixed as a concern.

Cyber-security risks in healthcare organisations are also amplified with BYOD (Bring Your Own Device), with 78% of organisations allowing employees to access work-related information with their own personal devices such as their mobile phones and computers.

In addition to this, 69% of those surveyed say they are allowed to store and transfer their organisation’s confidential information through their personal devices.

While 83% claimed there are security policies in place, only 39% admit to reviewing these policies more than once a year – lower than the 51% of respondents from the finance industry, a sector also known to hold sensitive client data.

Call to get in shape for the future

As more healthcare organisations fall prey to cyber-attacks, such as ransomware, a lapse in data security is a real threat to the industry, hence organisation-wide education and awareness are crucial towards ensuring that the right preventive measures are implemented and enforced.

Fifty-four percent of the respondents have cited an inability to keep up with the evolving solutions being a barrier to ensuring cyber-security in their organisations, and 63% of respondents attributed this to an ageing internet infrastructure as the likely main reason for cyber-threats, should they happen.

Here are some tips for healthcare organisations:

Ensure that medical devices are equipped with up-to-date firmware and security patches to address cyber-security risks. Medical devices are notoriously vulnerable to cyber-attacks because security is often an afterthought when the devices are designed and maintained by the manufacturer. These precautionary measures may include having an inventory on all medical devices, accessing network architecture and determining patch management plan for medical devices, as well as developing a plan to migrate medical devices to the medical device segment.

Apply a zero-trust networking architecture for hospital networks, making security ubiquitous throughout, not just at the perimeter. Healthcare organisations should look to segment devices and data based on their risk, inspecting network data as it flows between segments, and requiring authentication to the network and to any application for any user on the network.

Practices such as BYOD and some employees’ ability to store and transfer confidential information through their personal devices put them at a higher risk of phishing attacks. To prevent this, healthcare providers should ensure that staff undergo regular end-user security training to reduce successful phishing. Cyber-security best practices can be taught as a new hire class for every employee.

As healthcare organisations migrate portions of their critical infrastructure and applications to the cloud, it becomes imperative for an advanced and integrated security architecture to be deployed to prevent cyber-attacks on three-prongs: the network, the endpoint and the cloud. Traditional antivirus will not be effective in guarding against advanced malware such as ransomware which continuously changes to avoid detection.

Source | https://www.digitalnewsasia.com/digital-economy/more-dedicated-cyber-security-staff-needed-healthcare-industry

NSA might shut down phone snooping program, whatever that means!

The US National Security Agency (NSA) has created a boatload of buzz over the past few days with these two headline-makers:

First, a senior Republican congressional aide suggested over the weekend that the agency might be shuttering its phone metadata slurping program instead of renewing it in December (suppress your glee: the news is less encouraging for surveillance-adverse citizenry than it appears at first blush) and….

…Second, by releasing Ghidra, a free software reverse engineering tool that the agency had been using internally for well over a decade.

First, the political cat-and-mouse game:

Will the USA Patriot Act really die?

News of the NSA potentially killing off its mass phone-spying program – exposed by whistleblower Edward Snowden in 2013 – came on Saturday in the form of a Lawfare podcast interview with Luke Murry, national security advisor to House minority leader Kevin McCarthy.

At 5 minutes in, Murry said that the NSA hasn’t been using its metadata collecting system for spying on US citizens for the past six months, due to “problems with the way in which that information was collected, and possibly collecting on US citizens.” The program is due for Congressional reauthorization in December 2019, but Murry suggested that the administration might not bother:

I’m not actually certain that the administration will want to start that back up given where they’ve been in the last six months.

News outlets jumped on the notion that the NSA might end a widely disliked spying program: one that courts have dubbed illegal, that privacy advocates have protested, and which legislators havefilibustered against, given that it indiscriminately snoops on America’s own citizens.

If you’re wondering which spying program Murry was talking about, join the club. Was it the USA Patriot Act, whose Section 215 supported the NSA’s bulk collection of telephone records, which resulted in the agency having collected the phone records of millions of US persons not suspected of any crime? Or was it the USA Freedom Act, signed into law in 2015 as what was supposed to be a way to clip the NSA’s powers?

Section 215 expired at the end of May 2015 but was re-enabled through to the end of 2019 via the USA Freedom Act, which passed the following month, as well as being extended via various otherlegal maneuvers.

In the interview with Lawfare, Murry muddled the two laws. When asked about national security topics coming up this year, he said:

One which may be must-pass, may actually not be must-pass, is Section 215 of USA Freedom Act, where you have this bulk collection of, basically metadata on telephone conversations – not the actual content of the conversations but we’re talking about length of call, time of call, who’s calling – and that expires at the end of this year.

Again, Section 215 is actually from the Patriot Act. But whatever law Murry referred to, we shouldn’t be too excited by the notion that it will go away, because if history is any guide, it won’t. Rather, it will likely be reinterpreted and spring up in a new form. The Register has done a thorough rundown of how the NSA works that, and it’s well worth a read.

For example, Section 215 goes far beyond authorizing the collection of phone metadata, but the truth is that the secretive NSA hasn’t told us about the other 97% of data collection it authorizes. From the Register:

In 2014, for example, there were 180 orders authorized by the US government’s special FISA Court under Section 215, but only five of them related to metadata; the rest cover, well, the truth is that we don’t know what they cover because it remains secret.

It could be that Section 215 covers collection of emails and instant messages, search engine searches, and video uploads, for example. The law says that the NSA can collect “tangible things”, which could mean just about anything.

After the blanket surveillance program was reauthorized in 2015, the Office of the Director of National Intelligence (ODNI) issued an official statement that sure did sound good: the NSA would stop analyzing old bulk telephony metadata and start deleting it. What it would shift to, the DNI said, was the Freedom Act’s new, “targeted production” of records.

It turns out that the phone data collection didn’t stop, however. In a June 2018 statement, the ODNI said that the NSA had begun deleting all the call detail records that it had gotten its hands on – afterthat new, “targeted” approach.

The NSA blamed “technical irregularities in some data received from telecommunications service providers” for the junking of the phone records – problems that, it promised, had been resolved, clearing the way for yet more future records collection.

Murry said the program never got rebooted, though, and that he doesn’t believe it will. This undoubtedly has something to do with strenuous efforts by two US senators, Ron Wyden and Rand Paul, who’ve both been waging war against the NSA’s spying.

During their wrangling, which has gone on for over a year and has focused on getting more control of Section 702 of the Foreign Intelligence Surveillance Act (FISA), the NSA has avoided answering Rand’s questions (PDF), such as whether the NSA is collecting domestic communications. It’s also gotten creative with coming up with secret interpretations of the law.

The Register suggests that the fact that the public only knows about the telephone metadata aspects of the far broader Section 215 could be an advantage to the NSA, as it continues to find ways to keeping getting the data it wants. From the Register:

If the NSA offers to give up its phone metadata collection voluntarily, it opens up several opportunities for the agency. For one, it doesn’t have to explain what its secret legal interpretations of the law are and so can continue to use them. Second, it can repeat the same feat as in 2015 – give Congress the illusion of bringing the security services to heel. And third, it can continue to do exactly what it was doing while looking to everyone else that it has scaled back.

On a far more security-crowd-pleasing note, there’s the NSA’s release of Ghidra:

Ghidra

The NSA released Ghidra, a software reverse engineering tool, at the RSA security conference on Wednesday. It marked the first public demonstration of the tool, which the agency has been using internally and which helps to analyze malicious code and malware tracks down potential vulnerabilities in networks and systems.

ZDNet, reporting from the conference, said that the NSA’s plan is to get security researchers comfortable working with the tool before they apply for government cybersecurity positions, be those jobs at the NSA or at the other government intelligence agencies with which the NSA has privately shared Ghidra.

At this point, Ghidra is available for download only through its official website, but the NSA also plans to release its source code under an open source license on GitHub.

The initial reviews have been, overall, positive, in large measure because “free” is a lot cheaper than the alternative tool, IDA Pro. The commercial license for IDA Pro costs thousands of US dollars per year.

If you haven’t tried out Ghidra yet, you can get more information on the official website or on theGitHub repo.

Source : https://nakedsecurity.sophos.com/2019/03/07/nsa-might-shut-down-phone-snooping-program-whatever-that-means/

AirAsia’s Face Recognition System for Flight Boarding Will Be Rolled Out This 2019!

According to Free Malaysia Today, AirAsia Deputy group CEO Aireen Omar recently stated that the low-cost carrier will be implementing a face recognition system for flight boarding in selected airports across Malaysia this year (2019).

AirAsia Deputy group CEO Aireen Omar

A pilot test for this system is currently being carried out at the Senai airport in Johor Bahru which began in February 2018. The system, known as the Fast Airport Clearance Experience System (FACES), is Malaysia’s first airport facial recognition system with self-boarding gates.

FACES is able to identify guests as they approach these automated boarding gates and they can easily board flights without presenting any travel documents.

Speaking about this system when the pilot test was first launched last year, çsaid,

“Airports are typically the worst part of flying. FACES marks our latest effort to make the on-ground experience more seamless and less stressful by using cutting edge biometric technology to authenticate guests.”

“With FACES, your face is your passport, making it a breeze to clear the gate and board your flight.”

Group CEO of AirAsia and Co-Group CEO of AirAsia X Tan Sri Tony Fernandes

“I want to thank Senai International Airport for once again supporting our efforts to improve the travel experience for our guests through digital innovation, as they did when they became the first airport in Malaysia to implement self-service baggage check-in. We hope the success of FACES here will serve as an inspiration and we are keen to work with other airports in Malaysia to revolutionise the way people travel with this technology and make flying enjoyable again.”

Meanwhile, the airline’s deputy group CEO added that after a year of pilot testing, the technology has been refined and improved and that more airports would be selected for the next phase of this project. Well, we’re excited to see this new system being implemented at more airports this year!

SOURCE | https://www.worldofbuzz.com/airasia-face-recognition-system-for-flight-boarding-will-be-rolled-out-this-2019/

5 Important Augmented And Virtual Reality Trends For 2019 Everyone Should Read

Alongside AI and automation, virtual reality (VR) and its closely related cousin augmented reality (AR) have been touted for several years now as technologies likely to have a profoundly transformative effect on the way we live and work.

Solutions which allowing humans to explore fully immersive computer-generated worlds (in VR), and overlay computer graphics onto our view of our immediate environment (AR) are both increasingly being adopted in both entertainment and industry.

Over the next year, both VR and AR applications will become increasingly sophisticated, as devices get more powerful and capable of creating higher quality visuals. Our understanding of how humans can usefully navigate and interact within virtual or augmented environments will also evolve, leading to the creation of more “natural” methods of interacting and exploring virtual space.

Here are the 5 key trends I see for 2019:

  1.  AR and VR increasingly enhanced with AI

In a collision of two-letter abbreviations unlike anything that has come before it, AR and VR developers will increasingly build smart, cognitive functionality into their apps.

Computer vision – an AI (artificial intelligence) technology which allows computers to understand what they are “seeing” through cameras, is essential to the operation of AR, allowing objects in the user’s field of vision to be identified and labeled. We can expect the machine learning algorithms that enable these features to become increasingly sophisticated and capable.

The Snapchat and Instagram filters we are used to, to, e.g. overlay bunny ears and cat whiskers on selfies, are a very consumer-facing application of AI tech combined with AR. Their popularity in these and various other applications of image enhancement functionality isn’t likely to dwindle in 2019.

For more scientific use cases, there’s Google’s machine learning-enabled microscope to look forward to, which can highlight tissue which it suspects could be a cancerous tumor growth as a pathologist is looking at samples through the viewfinder.

VR is about putting people inside virtual environments and those environments – and their inhabitants – are likely to become increasingly intelligent over the next year. This is likely to include more voice control stemming from AI natural language processing, increasing immersion by reducing the reliance on icons and menus intruding into the virtual world. Gamers in VR will also face more challenging opponents as computer-controlled players will more effectively react and adapt to individual play styles.

2.  VR and AR will increasingly be used in training and teaching

Both technologies have obvious use cases in education. Virtual environments allow students to practice anything from construction to flight to surgery without the risks associated with real-world training. While augmented environments mean, information can be passed to the student in real time on objectives, hazards or best-practice.

This year Walmart announced that it is using 17,000 Oculus Go headsets to train its employees in skills ranging from compliance to customer service. In particular, training in the use of new technology is a focus for the retailer, with staff learning to use the new Pickup Tower automated vending units in virtual environments before they were deployed in stores.

Additionally, the US Army has announced a deal with Microsoft to use its HoloLens technology in military training, meaning soldiers will get real-time readings on their environment. Currently, this includes readouts to provide real-time metrics on soldier performance such as data about heart and breathing rates, but research objectives are to develop pathfinding, target acquisition and mission planning.

As VR and AR both continue to prove their worth at reducing risk and cost associated with training, it is likely we will see an increasingly rapid pace of adoption in industries involving work with expensive tools and equipment, or hazardous conditions, throughout 2019.

3.  Consumer Entertainment VR hits the mainstream

Ok, this one has been predicted for a couple of years now. VR adoption in homes has been steady since consumer headsets hit the market a couple of years ago, but hardware and application developers haven’t quite hit the sweet spot yet when it comes to creating the VR “killer app.”

But some significant developments are coming up that could mean 2019 is the year we start to see the real action here. Previous generations of VR headsets have been limited in one of two ways. Either by the user having to be tethered to a big, expensive computer to power the “experience,” hence limiting our mobility and therefore the sense of immersion. Or by relying on relatively low-powered mobile tech to control stand-alone headsets, meaning graphics quality is limited – another immersion-breaker.

This year, stand-alone headsets incorporating powerful, dedicated computer technology will hit the shelves, from both Vive and Oculus. Confident that their users will now be unrestricted by cables or low-powered displays, VR developers will create more realistic and accurate simulations of our real world within their virtual worlds. This will mean more immersive entertainment experiences and an unprecedented level of realism within VR games.

As well as being mobile, the new generation of headsets will improve the technology powering the virtual experience, by including features such as eyeball-tracking and increased field-of-view. Again, this will help users feel they can interact and explore in more natural ways.

Of course, it isn’t just the major players who are innovating – in a market like VR there’s always room for an underdog to shake things up. Amazon lists over 200 different VR headsets available to buy, many of them being created by startups promising new features and functionality that could end up being game-changers.

4.  VR and AR environments becoming increasingly collaborative and social

Facebook’s purchase of Oculus in 2016 showed that the social media giant believed virtual reality would become vital to the way we build shared online environments. Whether it’s for virtual “conference calls” where participants can see and interact with each other, or socializing and relaxing with friends.

Pioneers such as Spatial are leading the way with AR tools for the boardroom and office, where users can see virtual whiteboards and pin boards, as well as collaboratively work on design documents overlaid on real-world objects.

This year, I am also expecting to see Facebook’s VR Spaces platform, which allows users to meet and socialize in VR, move out of beta, and Tencent has announced that it is looking into adding VR to its WeChat mobile messaging system – the most widely used messenger app in the world.

business and future technology concept – handsome man with futuristic glasses

Combined with the predicted increase in sales of VR and AR headsets, this could mean that 2019 is the year we experience meeting and interacting with realistic representations of our friends and family in VR, for the first time.

5.  AR increasingly finding its way into vehicles

Fully (level 5) autonomous cars may still be a few years away from becoming an everyday reality for most of us, but automobile manufacturers have plenty of other AI tech to dazzle us with in the meantime.

Two of the most significant trends in new vehicles in 2019 will be voice assistants – with most major manufacturers implementing their takes on Alexa and Siri – and in-car AR.

Powered by machine learning, Nvidia’s DriveAR platform uses a dashboard-mounted display overlaying graphics on camera footage from around the car, pointing out everything from hazards to historic landmarks along the way. Audi, Mercedes-Benz, Tesla, Toyota, and Volvo have all signed up to work with the technology.

Alibaba-backed startup WayRay takes the route of projecting the AR data directly onto the car windshield, giving navigation prompts, right-of-way information, lane identification, and hazard detection.

In-car AR has the potential to improve safety – by allowing the driver to keep their eyes on the road as they read feedback that would previously have been given on a sat-nav or phone screen, as well as increase comfort and driver convenience. In a few years, it’s likely we will wonder how we ever lived without it.

FOR MALAYSIA VIRTUAL REALITY/AUGMENTED REALITY EXPERTS/PROVIDER, Please refer here:

INTEGRASI ERAT SDN. BHD | Website http://www.i-erat.com/

Source | https://www.forbes.com/sites/bernardmarr/2019/01/14/5-important-augmented-and-virtual-reality-trends-for-2019-everyone-should-read/#73410c5b22e7

Cyber espionage warning: The most advanced hacking groups are getting more ambitious

The top 20 most notorious cyber-espionage operations have increased their activity by a third in recent years – and are looking to conduct more attacks, according to a security company.

The most advanced hacking groups are becoming bolder when conducting campaigns, with the number of organisations targeted by the biggest campaigns rising by almost a third

A combination of new groups emerging and threat actors developing successful strategies for breaking into networks has seen the average number of organisations targeted by the most active hacking groups rise from 42 between 2015 and 2017 to an average of 55 in 2018.

The figures detailed in Symantec’s annual Internet Security Threat Report suggest that the top 20 most prolific hacking groups are targeting more organisations as the attackers gain more confident in their activities.

Groups like Chafer, DragonFly, Gallmaker and others are all conducting highly targeted hacking campaigns as they look to gather intelligence against businesses they think hold valuable information.

Once attackers might have needed the latest zero-days to gain access to corporate networks, but now it’s spear-phishing emails laced with malicious content that are most likely to provide attackers with the initial entry they need.

And because these espionage groups are so proficient at what they do, they have well tried-and-tested means of conducting activity once they’re inside a network.

“It’s like they have steps which they go through, which they know are effective to get into networks, then for lateral movement across networks to get what they want,” Orla Cox, director of Symentec’s security response unit told ZDNet.

“It makes them more efficient and, for organizations, it makes them harder to spot because a lot of the activity looks like traditional enterprise activity,” she added.

In many of the cases detailed in the report, attackers are deploying what Symantec refers to as ‘living-off-the-land’ tactics: the attackers uses everyday enterprise tools to help them travel across corporate networks and steal data, making the campaigns more difficult to discover.

Not only is the number of targeted campaigns on the rise, but there’s a larger variety in the organisations being targeted. Organisations in sectors like utilities, government and financial services have regularly found themselves targets of organised cyber-criminal gangs, but increasingly, these groups are expanding their attacks to new targets.

“Often in the past they’d have a clear focus on one sector, but now we see these campaigns can focus on a wide variety of targets, ranging from telecoms companies, hotels, universities. It’s harder to pinpoint exactly what their end goal is,” said Cox.

While intelligence gathering remains the key goal of many of these campaigns, some are beginning to expand by also displaying an interest in compromising systems.

This is a particularly worrying trend, because while stealing data in itself is bad enough, attackers with the ability to operate cyber-physical systems could be much worse.

One group Symantec has observed conducting this activity is a hacking operation dubbed Thrip, which expressed particular interest in gaining control of satellite operations — something that could potentially cause major disruption.

In the face of a rise in targeted attacks, governments are increasingly pointing the finger not just at nations but individuals believed to be involved in cyber espionage. For example, the United States named individuals it claims are responsible for conducting cyber attacks: they include citizens of Russia, North Korea, Iran and China. Symantec’s report suggests the indictment might disrupt some targeted operations, but it’s unlikely that cyber espionage campaigns will be disappearing anytime soon.

Source | https://www.zdnet.com/article/cyber-espionage-warning-the-most-advanced-hacking-groups-are-getting-more-ambitious/

HEALTHCARE SECURITY SOLUTIONS

Protecting human lives is the job of healthcare organizations.
Protecting the digital lives of their patients is ours.

With FBI warnings about cyberattacks against healthcare organizations, the FDA’s concern about insecure medical devices, and complex regulatory requirements, such as GDPR, you may be facing significant challenges when it comes to protecting patients’ private information.  At Trend Micro, we understand the healthcare industry’s unique security requirements, and we provide layered solutions that fit your existing infrastructure, won’t strain your IT resources, and will grow and change in step with your evolving IT strategy.

Detect breaches caused by targeted attacks, unsecured medical devices, and security gaps. TrendMicro Network Defense helps you detect, analyze, and respond to network breaches, targeted attacks, and advanced persistent threats. Trend MicroTM Deep Discovery—the heart of the Network Defense solution—achieved the top score in the 2017 NSS Labs Breach Detection tests, and has been named a “Recommended” Breach Detection System for 4 years in a row.

•    Secure all of your end users as they use tablets, smartphones, legacy systems (such as devices running Windows XP), and kiosks. Trend Micro User Protection has consistently achieved the best overall performance and the lowest false-positive rates according to AV-Test.org. With proactive
monitoring of all personally identifiable information, you can significantly reduce the risks associated with data loss—a critical security and business concern for healthcare organizations.

• Protect Patient Portals and other critical applications even as you move toward cloud- based server deployments. Trend Micro’s Hybrid Cloud Security provides advanced server security that was purpose-built for physical, cloud, virtual, and hybrid deployments. Since 2009, the independent analysts at IDC have ranked Trend Micro as the global leader in server security.

“With Trend Micro solutions, we see which types of threats we are facing and can quickly resolve them before they affect our system. This makes us very confident with our HIPAA, FERPA, and PCI compliance audits.”
Jaime Parent, Associate CIO, Vice President IT, Operations at Rush University Medical Center

All of our solutions are powered by XGenTM security, a blend of cross-generational threat defense techniques that protect servers and applications across the modern data center and the cloud – all while preventing business disruptions and helping with regulatory compliance. Our smart, optimized, and connected technology ensures that everything is working together to give you visibility and control across the evolving threat landscape. SMART. OPTIMIZED. CONNECTED.

When you deploy Trend Micro’s User Protection, Hybrid Cloud Security, and Network Defense, your organization’s network, endpoints, and servers will be protected with one integrated security framework.  Trend MicroTM Control ManagerTM provides a centralized management console that gives you total, unified visibility across your entire security infrastructure—making it simple for small security teams to monitor and respond to security concerns across the organization with minimal resources. You will be able to protect user financial and health data, prevent breaches and data loss, and secure end-user behaviors and endpoint devices, making it easy to comply with regulatory requirements, such as GDPR, HIPAA, HITECH, PCI DSS, and more.

With a network like ours, spread across the entire country, being able to secure mobile and desktop devices under one platform simplifies the security for our network and improves our team’s productivity.
Greg Bell, IT Director at DCI Donor Services

To give you the best protection against today’s threats, Trend MicroTM Smart Protection NetworkTM delivers proactive global threat intelligence against zero-hour threats by:

• Using big-data analytics to examine data from hundreds of millions of sensors around the globe, and processing more than 16 billion threat queries daily

• Identifying new threats fifty times faster than average, according to recent tests conducted by NSS Labs

• Blocking 1 Billion ransomware attacks, and identifying 500,000 new threats, each and everyday

For us, Trend Micro is at the top of its game when it comes to virtualization security—I believe no one can touch them.
David Kelly, Virtualization Manager at Beaumont Hospital

To read success stories from our healthcare customers, and for more information on how
Trend Micro can help your organization meet its obligation to secure patient data and protect
critical corporate information, please visit:
http://www.trendmicro.com/us/business/industries/healthcare/index.html
If you’d like to discuss how to tailor a Trend Micro security solution to meet your specific
needs, please contact us by visiting:
http://www.trendmicro.com/us/about-us/contact/index.html

How smart hospitals are dealing with cybersecurity

The healthcare industry is using technology to improve the work of the sector’s professionals and patients’ lives – but how is it confronting cyber threats?

Is there a difference between going digital and becoming a smart hospital? Apparently, there is.

Dr Milind Sabnis, healthcare director at Frost & Sullivan, explained at the 9th Healthcare Innovation Summit that going digital and generating data is not enough.

Instead, healthcare institutions must be able to make sense of the data and derive actionable results to be successful.

“A smart hospital is a hospital that optimises, redesigns, and builds new clinical processes, management as well as infrastructure to provide a valuable service or an insight which was not there before, and in the process, help achieve better patient care, experience as well as operational efficiency”, he explained.

Senior stakeholders — from regulators, policymakers and healthcare institutions to practitioners and technology providers — agree that the pressure is on to integrate ICT and medical technologies into healthcare services effectively.

In Dr Sabnis’ view, smart hospitals look into three areas of development to reduce operational costs, improve margins, reduce staff burden, increase the recovery rate, and improve satisfaction and experience of the patient.

First, they look at managing logistics more efficiently. Second, they make sure that their staff provides positive patient experiences through clinical excellence. And third, they introduce innovative services and technology initiatives to keep operations patient-centric.

“Whether you like it or not, smart transformation is coming. If you do not prepare for it, do not acclimatise yourself to it, you are going to be extinct,” Dr Sabnis concluded.

Cybersecurity in healthcare

James Woo, CIO of Farrer Park Hospital, emphasised that even smart hospitals today must be future-ready in at least four domains — people, processes, technology and cybersecurity.

Of these, security is among the top concerns.

“Cybersecurity is actually very important. Why? Because even though you have built everything, without that at the end of the day, you have nothing”, explained Woo. “All your people, processes and technologies are not going to work.”

It is a fact: healthcare institutions cannot rely solely on their firewalls to defend against such intrusions. Research has shown that hackers can enter a network and lie dormant for 140 days before detection.

Hence, healthcare institutions are embracing a robust security strategy for protection today and in the future.

Rethinking primary healthcare  

Professor Barbara Starfield, from the John Hopkins Bloomberg School of Public Health, defines primary care as “that level of health service systems that provides entry into the system of all new needs and problems.”

She said it also provides person-focused care over time and care for all unusual conditions and coordinates integrated care given elsewhere.

Simply put, there is much more to do in primary care than just the episodic care usually given to patients.

“In a bigger scheme of things, the way we integrate care within primary care is very important”, affirmed Dr K Thomas Abraham, Advisor at SATA CommHealth. “We need to understand that there could be vertical integration and horizontal integration.”

He said vertical integration involves integration within hospitals or other institutions where care is given while horizontal integration is between practitioners or within the industry.

“I think the future is about how we empower our patients through the use of technology, through the use of different resources that are available for their care”, Dr Abraham said. “Self-care is important; this is how you manage patients and reduce the cost of healthcare and prevent them from being hospitalised.”

How can technology help patients?

A study has shown that socioeconomic factors, as a determinant of health, contribute 40 percent to a person ’s general health and well-being, while clinical care contributes only 10 percent.

This leads healthcare professionals to start looking more closely at patients’ environment as well as individual characteristics and behaviours.

Today, technology also makes it possible to care for patients remotely.  A study conducted by Accenture reveals that virtual care solutions in primary care can generate savings of up to US$10 billion annually for the industry.

However, while mobile health (mHealth) and telehealth solutions undoubtedly raise staff efficiency and reduce the cost of services, it also opens up new paradigms in healthcare.

“Today’s technology has the power to aid the healthcare sector in many ways – integrated care, self-care, social care, and virtual care”, concluded Dr Abraham. “These are not new things to us, but if we put greater effort into finding new ways of advancing these areas, we are definitely going to see better primary care, and it would definitely make better outcomes for our patients too.”

Source | https://www.cio-asia.com/article/3311696/health-care-industry/how-smart-hospitals-are-dealing-with-cybersecurity.html