It Could Have Been Stopped!
Catbird vSecurity detects and prevents these types of security attacks.
- Hospital Insider Breach Leads to Lawsuit
- In its lawsuit, Children's Healthcare of Atlanta alleges a corporate audit adviser, who had announced plans to leave the organization, sent protected health information about an unspecified number of patients, as well as other sensitive corporate data, to her personal e-mail account. Security expert Mac McMillan, CEO of the consulting firm CynergisTek, says this type of insider incident is "not all that unusual." Several studies suggest that a majority of those who leave their jobs take corporate information with them to their new employers, he says. "What was more alarming, though, was that they felt it was acceptable to do so," he adds. Organizations can take steps to prevent insider data breaches. Catbird vSecurity monitors for and enforces policies within TrustZones in accordance with HIPAA compliance as well as generates alerts when violations occur.
- WellPoint to Pay US $1.7 Million for HIPAA Violations
- WellPoint, an Indianapolis-based health insurance provider, will pay the US Department of Health and Human Services (HHS) US $1.7 million for violations of the Health Insurance Portability and Accountability Act (HIPAA). The charges stem from WellPoint's weak database security that exposed the personal records of more than 600,000 people. The database was reportedly accessible between October 2009 and March 2010, exposing patients' names, Social Security numbers (SSNs), and health data. WellPoint reported the issue as required under HIPAA rules; a subsequent investigation conducted by HHS found that WellPoint was using inadequate policies and procedures to protect access to online data. In 2011, WellPoint was ordered to pay US $100,000 to the state of Indiana to settle charges resulting from a breach that exposed personal information of 32,000 Indiana patients. John Pescatore, former Gartner security VP, thinks that the full cost of dealing with this will end up above $20M. "This case seemed to point out more systemic problems - no one security control or process would have prevented all the problems. But the cost of preventing the incident will likely end up to be less than 20% of the ultimate cost of suffering the incident." Note Pescatore's comment that "no one security control…would have prevented all of the problems". Only layered security and defense in depth would be adequate. Catbird's multi-function security underlying our HIPAA compliance enforcement gives real-time status of customers' security posture against a broad range of HIPAA controls, reducing risk of failing an audit or suffering a breach.
- Confidential report lists U.S. weapons system designs compromised by Chinese cyberspies
- Most data centers today rely on virtualized infrastructure – the Defense Department and its contractors are no exception. In fact, the branches of the armed services are encouraged to consolidate data center operations through virtualization in order to reduce operating costs. Virtualized data centers and their respective VMs depend on virtualized network components: virtual switches, vNICs, and virtual networking. Yet, little has been done to monitor and control these new virtual network components. Bad guys who gain access to server VMs can easily configure virtual network components to avoid detection and exfiltrate data, overcoming existing physical network security controls. While we do not know the source of the breach, the broad adoption of virtualization leads us to believe that it could have been detected through security deployed at the vNIC and vSwitch level.
- In Hours, Thieves Took $45 Million in A.T.M. Scheme
- Many of today’s payment processors rely on virtual infrastructure for portions of their payment operations. Extensive use of virtual networks and other virtual network components renders traditional network security devices obsolete. While the exact nature of the breach has not been reported by major news organizations, it’s likely that some portion of the infrastructure was virtualized. If that was the case, Catbird's extensive network security monitoring and enforcement would have helped detect the breach. The NY Times reported:
“Hackers infiltrated the system of an unnamed Indian credit-card processing company that handles Visa and MasterCard prepaid debit cards. Such companies are attractive to cybercriminals because they are considered less secure than financial institutions, computer security experts say.”
Some of the largest payment processors rely on Catbird to secure their virtual infrastructure precisely because it delivers the network security and compliance visualization necessary to protect their virtual infrastructure. It Could Have Been Stopped™ with Catbird vSecurity TrustZones.
- China Cyberspies Outwit U.S. Stealing Military Secrets
- It’s a safe bet to assume that QinetiQ Group relied on virtual systems for much if not all of it’s data processing. The new software-defined data center requires network-based controls that reside inside the virtual switch fabric. Catbird vSecurity could have detected these intrusions at the virtual switch layer and provided the option for automated enforcement actions.
Data centers today are built on top of virtual infrastructure, where traditional network security devices are unable to detect and enforce security on virtualized network components. The Department of Defense and it’s contractors are no exception, they depend on virtual systems for most data center and field level operations. Catbird vSecurity was purpose-built to complement their existing security infrastructure and provide the visibility and enforcement needed to detect this type of intrusion.
- Verizon’s 2013 Data Breach Investigations Report
- This report highlights “the compromise-to-discovery timeline” or the lag between the time an organization has been breached and the time it discovers the breach—as measured in months or years rather than hours or days. Yet again, an argument for the criticality of automated security monitoring and enforcement. Catbird vSecurity provides unparalleled automated network security within virtual and hybrid infrastructure, ensuring that unauthorized activity on the virtual infrastructure is quickly detected and mitigated. It Could Have Been Stopped™ with Catbird vSecurity TrustZones.
- VM researchers post rude awakening about virtualization security
- A virtual machine stealing information from another virtual machine running on the same piece of hardware? That's not supposed to happen. Virtual machines run various tasks on a single computer rather than relying on a separate machine to run each one. The assumption is that one can’t eavesdrop or tamper with the other. But now a technique reported in a paper, “Cross-VM Side Channels and Their Use to Extract Private Keys,” by Yinqian Zhang of the University of North Carolina, Chapel Hill, and computer scientist colleagues from the University of North Carolina, University of Wisconsin, and RSA Laboratories, suggests a different story. (phys.org) It Could Have Been Stopped with Catbird vSecurity TrustZones.
- Tridium’s Niagara Framework: Marvel of connectivity illustrates new cyber risks
- Government and business leaders in the United States and around the world are rushing to build better defenses —and to prepare for the coming battles in the digital universe. To succeed, they must understand one of the most complex, man-made environments on Earth: cyberspace. (Whitney Shefte, Sohail Al-Jamea and Robert O’Harrow Jr./The Washington Post) It Could Have Been Stopped with Catbird vSecurity TrustZones.
- Warp Trojan from China said to fool routers into spreading Windows malware
- Security firm says Chinese malware spreads infections through trick involving unsolicited ARP requests to routers)
Catbird Trustzones, deployed according to best practices, would have prevented this type of attack.
- Oracle won’t patch four-year-old zero-day in TNS listener
- Oracle has issued a security bulletin this week, recommending customers consider workarounds to address a long-standing zero-day vulnerability in nearly all versions of its database management system. Rothacker suggests the real problem has nothing to do with the miscommunication that led to the attack code being released. The problem, he said, is that Oracle has known about this very serious vulnerability for four years and done nothing to fix it. "How many other problems do they know about that they haven't fixed?" he asked. It Could Have Been Stopped with Catbird vSecurity TrustZones. Catbird TrustZones, when deployed in a best practice configuration, will detect and prevent a MITM attack aimed at the Oracle TNS vulnerability.
- Symantec declares pcAnywhere safe to use
- Symantec has said that its pcAnywhere software is now safe to use, with free upgrades offered to users.
According to Reuters, the company has now determined that the current version of pcAnywhere is safe, provided it has been updated with a security patch released on 23 January.
Company spokesman Brian Modena said it is offering free upgrades to pcAnywhere 12.5 at no charge to all customers, even those using old editions that would not typically qualify for support. He also said that while Symantec is advising all users to upgrade, they can safely continue using versions 12.0 and 12.1 if they download a second software patch released on 27 January. It Could Have Been Stopped with Catbird vSecurity TrustZones.
- SCADA vulnerability imperils critical infrastructure, feds warn: Secret accounts open control systems to attack
- An electronic device used to control machinery in water plants and other industrial facilities contains serious weaknesses that allow attackers to take it over remotely, the US agency that safeguards the nation’s critical infrastructure has warned. It Could Have Been Stopped with Catbird vSecurity TrustZones. Catbird zones and network access control could have helped protect against this attack.
- Computer Virus Shuts Down Georgia Hospital
- Malware in a Georgia hospital’s computer system forced it to turn away patients, highlighting the problems and vulnerabilities of computerized systems...The problem likely was caused by a worm infection, which would have spread rapidly across the hospital's network. Foul play isn't suspected, and the problem may be caused by something as simple as a USB drive brought into the facility by an employee. It Could Have Been Stopped with Catbird vSecurity TrustZones.
- Hackers Likely Have Japanese Warplane, Nuclear Data
- InformationWeek, October 25, 2011 – Attackers likely accessed sensitive data relating to military aircraft, missiles, and nuclear power plant designs and safety systems, said Japanese defense officials.
It Could Have Been Stopped with Catbird vSecurity TrustZones. Catbird could have helped stop this blended/persistent threat attack by:
- Catbird TrustZones and ZACL would have detected and blocked the egress of data from the compromised systems to the outside server (in China).
- Catbird PharmingShield would have detected the breach of the websites and their subsequent use to Pharm out the attack to the web site users.
- ICS-ALERT-11-343-01—CONTROL SYSTEM INTERNET ACCESSIBILITY
- December 09, 2011 – On October 28, 2010, ICS-CERT published an alert titled "ICS-ALERT-10-301-01—Control System Internet Accessibility" on the ICS-CERT web page. The alert warned control system owners and operators that a search engine called SHODANa ICS-CERT is tracking and has responded to multiple reports of researchers using SHODAN, Every Routable IP Project was being used to locate Internet facing control systems. ICS-CERT is issuing this new alert to warn of an uptick in related activity and urge asset owners and operators to audit their control systems configurations and verify whether or not they are susceptible to an attack via this vector.
It Could Have Been Stopped with Catbird vSecurity TrustZones. Catbird can detect and prevent this type of attack by:
- Using Catbird, our customers can use external network discovery and vulnerability scanning to detect internet facing systems.
- Using Catbird's XCCDF capabilities the secure configuration, default password reset, and continuous monitoring may be performed.