Cyber Attack Hits US Health Department As It Tries To Fight Coronavirus

Pymnts | March 17, 2020

A cyber attack was leveled at the U.S. Department of Health and Human Services on Sunday amid that department’s continued vital role in the coronavirus mitigation. The attack didn’t have any dire effects like a data breach, officials said, and HHS networks were functioning like normal by Monday. Officials were investigating the matter on Monday as well. Not many details were given on what happened exactly, but the attack was noticed because of a “significant increase” in activity on the server, according to spokeswoman Caitlin Oakley. Oakley also confirmed that the database was working fine. Bloomberg News, citing unnamed sources, claimed that there were numerous incidents of hacking, with the apparent intention of slowing things down. One reporter on Twitter said that the hacking constituted an overloading of the server with millions of hits, which could mean a denial-of-service where a deluge of fake traffic is heaped upon a site with the aim at knocking it offline. Those kinds of incidents don’t usually have the intended effect on government sites.

Spotlight

Low cyber-threat awareness amongst Gen-Y professionals coupled with blasé attitudes towards cyber security are leaving organisations across the country exposed to attack and data leaks according to new research commissioned by Internet security company ESET. Thirty-eight percent of Gen-Y professionals, those aged 18 to 30 years old, are unaware of, or don’t believe, their company has an IT security policy, whilst a further 30 percent of those who are aware of the existence of an IT security policy do not know what it is. Half also believe it’s nearly always their organisation’s sole responsibility to ensure the safety of data.

Spotlight

Low cyber-threat awareness amongst Gen-Y professionals coupled with blasé attitudes towards cyber security are leaving organisations across the country exposed to attack and data leaks according to new research commissioned by Internet security company ESET. Thirty-eight percent of Gen-Y professionals, those aged 18 to 30 years old, are unaware of, or don’t believe, their company has an IT security policy, whilst a further 30 percent of those who are aware of the existence of an IT security policy do not know what it is. Half also believe it’s nearly always their organisation’s sole responsibility to ensure the safety of data.

Related News

DATA SECURITY

Trend Micro Demonstrates Threat Expertise at Virtual Black Hat USA 2021

Trend Micro | August 03, 2021

Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global cybersecurity leader, today announced its participation at virtual Black Hat USA 2021, July 31st - August 5th. Attendees can visit the virtual booth to test their skills in the Exploit Elimination Challenge, as well as see how threat intelligence fuels Trend Micro's platform security and attend sessions with Trend Micro's industry experts. Trend Micro Research is at the heart of the company's ongoing innovation to anticipate and protect against existing, emerging and future threats. The company's cybersecurity platform delivers visibility and extended detection and response (XDR) using telemetry across endpoints, email, cloud workloads and networks. Built-in threat intelligence informs correlated detections and actionable alerts to ease the workload of security teams. About Trend Micro Trend Micro, a global cybersecurity leader, helps make the world safe for exchanging digital information. Fueled by decades of security expertise, global threat research, and continuous innovation, Trend Micro's cybersecurity platform protects hundreds of thousands of organizations and millions of individuals across clouds, networks, devices, and endpoints. As a leader in cloud and enterprise cybersecurity, the platform delivers a powerful range of advanced threat defense techniques optimized for environments like AWS, Microsoft, and Google, and central visibility for better, faster detection and response. With 7,000 employees across 65 countries, Trend Micro enables organizations to simplify and secure their connected world. www.TrendMicro.com.

Read More

SOFTWARE SECURITY

Green Hills Software Expands Leadership in Automotive Cybersecurity

prnewswire | October 28, 2020

Green Hills Software, the worldwide leader in embedded safety and security, announced today it has adopted the two new international security standards and regulations for automotive cybersecurity – ISO/SAE 21434 and UNECE WP.29 for the INTEGRITY real-time operating system (RTOS) and associated products and services. For decades, Green Hills has been an industry-recognized leader helping electronics manufacturers create and deploy embedded systems at the highest levels of safety and security. By offering compliant products and associated evidence reports for these new standards, Green Hills will build upon its proven pedigree as the foundational run-time software provider trusted by OEMs and their Tier 1 suppliers for automotive electronics. Utilizing these new security standards enables manufacturers to design and deploy purpose-built, secure, software-defined systems in connected vehicles, including highly automated driving, high performance compute clusters, domain controllers, vehicle gateways, telematics, keyless entry, diagnostic connections and electric vehicle charging stations, to name a few. As reliance on vehicle connectivity grows and demand for software-defined services rises, the risk of cyberattacks against connected vehicles continues to rise. With over 100 ECUs and hundreds of millions of lines of code, connected vehicles are a target-rich platform for cyberattacks. Multiple points of entry to modern connected vehicles provide opportunities for malicious vehicle control, fraud, and data-breaches that threaten companies, drivers, and road users. A single exploited security vulnerability could put an entire fleet of vehicles at risk, numbering in the millions. With nearly 80% of new cars connected1 to the internet, cybersecurity breaches have the potential to put billions of dollars in sales and lawsuits at risk – not to mention the damage to brand reputation. As a result, governmental bodies and independent regulators are drafting two related measures for managing cybersecurity threats throughout a connected vehicle's lifecycle. Green Hills is collaborating with its customers and adopting cybersecurity assessment policies for the following: The draft ISO/SAE 21434 "Road vehicles – Cybersecurity engineering" Standard was recently published by SAE International and ISO (Organization for Standardization). It is a baseline for vehicle manufacturers and suppliers to ensure cybersecurity risks are managed efficiently and effectively from both a product lifecycle and organizational perspective spanning concept, development, production, operation, maintenance, and decommissioning. The WP.29 regulations from the United Nations Economic Commission for Europe (UNECE) make OEMs responsible for cybersecurity mitigation in four cybersecurity areas spanning the entire vehicle lifecycle: managing cyber risks; securing vehicles by design; detecting and responding to security incidents; and providing safe and secure over-the-air (OTA) software updates. While WP.29 defines concrete examples of threats and mitigations, OEMs can choose how they show the threats are addressed, such as complying with ISO/SAE 21434. The regulation is expected to be finalized in early 2021 and applied initially to many member nations including European nations, South Korea, UK, and Japan, and will likely influence vehicle homologation polices in the US, Canada and China. WP.29 will be legally binding within adopting countries, and while the ISO/SAE 21434 standard is not a regulation, it is expected to be widely accepted in the global industry like ISO 26262 is today. "Connected cars bring significant risks and rewards to OEMs and their suppliers," said Chris Rommel, Executive Vice President, IoT & Industrial Technology at VDC Research. "Green Hills has earned a high stature in the industry for supplying security-critical foundational software to companies building life-critical systems like aircraft avionics, vehicle ADAS and medical equipment, and its support of these new cybersecurity standards is noteworthy." "ISO/SAE 21434 and WP.29 are valuable additional steps towards protecting connected vehicles from cybersecurity vulnerabilities," said Dan Mender, VP of Business Development at Green Hills Software. "Green Hills has decades of experience developing and delivering security-certified technologies at the highest levels. Adopting these standards expands our offerings to global automotive OEMs and their suppliers bringing the industry's leading secure software run-time environment to next-generation connected vehicle electronics." Reference (1) Source: VDC Research Group, Inc.: Automotive Cybersecurity Software & Services Market report, 2019 Strategic Insights Security & The Internet of Things Research Program. About Green Hills Software Founded in 1982, Green Hills Software is the worldwide leader in embedded safety and security. In 2008, the Green Hills INTEGRITY-178 RTOS was the first and only operating system to be certified by NIAP (National Information Assurance Partnership comprised of NSA & NIST) to EAL 6+, High Robustness, the highest level of security ever achieved for any software product. Our open architecture integrated development solutions address deeply embedded, absolute security and high-reliability applications for the military/avionics, medical, industrial, automotive, networking, consumer and other markets that demand industry-certified solutions. Green Hills Software is headquartered in Santa Barbara, CA, with European headquarters in the United Kingdom. Green Hills, the Green Hills logo and INTEGRITY are trademarks or registered trademarks of Green Hills Software in the U.S. and/or internationally. All other trademarks are the property of their respective owners.

Read More

DATA SECURITY

Major European Banks Invest In DDoS Attack Simulation Platform From HUB Security

HUB Security | December 10, 2021

HUB Security announced its 2021 summary of sales for its D.Storm product to several leading customers in Israel, as well as three central banks in Europe, for an accumulated revenue of approximately €1 Million. D.Storm is HUB Security's unique cybersecurity SaaS platform for the simulation of DDoS attacks, where cybercriminals flood servers with false data to cause websites to crash. HUB Security developed the product by utilizing its many years of experience conducting risk assessments and analyzing the attack patterns of cyberattackers for customers around the world. "DDoS attacks are becoming more frequent, larger in size, and longer with the use of new botnets,The strong sales and feedback of D.Storm indicate that companies are responding seriously and conducting rigorous testing to better understand how to upgrade their cybersecurity programs." Eyal Moshe, CEO and co-founder of HUB Security HUB Security also announced that it is currently in advanced negotiations for the sale of D.Storm to a number of additional customers in Israel and abroad. Three more global banks are also in the process of having advanced proof-of-concept (PoC) discussions. HUB Security estimates that it will soon finalize additional contracts worth millions of Euros in sales in 2022. The purpose of D.Storm is to identify vulnerabilities and exploits in an organization's infrastructure by replicating real-world attack methods using fully automated tools. The platform enables customers to run dozens of DDoS attack methods, including volumetric, infrastructure, and application attacks. With the aid of tens of thousands of attack bots that spread across different countries and continents, D.Storm is fully capable of imitating real browsers, which simulates the challenge of distinguishing between fake and legitimate users. The platform collects data from the bot attacks in real-time and presents it to the user for in-depth analysis. This approach allows customers to substantially minimize their attack surface and prepare measures to withstand potential DDoS attacks on their strategic and sensitive assets. HUB Security estimates that sales of the solution are expected to have a material effect on its activities in 2022. About HUB Security HUB Security was established in 2017 by veterans of the 8200 and 81 elite intelligence units of the Israeli Defense Forces. The company specializes in unique Cyber Security solutions protecting sensitive commercial and government information. The company debuted an advanced encrypted computing solution aimed at preventing hostile intrusions at the hardware level while introducing a novel set of data theft prevention solutions. HUB operates in over 30 countries and provides innovative cybersecurity computing appliances as well as a wide range of cybersecurity professional services worldwide.

Read More