October was another eventful month in the world of Information Security News. A variety of breaches occurred, we received more developments in the aftermath of the Equifax breach, vulnerabilities in Wi-Fi connections around the world were exposed, and we learned that Britain aims to be the safest place in the world to be online. All that, and more, in our latest Information Security News Roundup.
- People with ties to the Russian Government were able to exploit anti-virus software from the Russian-owned Kaspersky Labs and breach the home computer of a National Security Agency contractor. The breach had occurred in 2015 but was not uncovered until the spring of 2017. The contractor had taken classified material home with him and put it on his home computer, which was running Kaspersky’s security software. The Trump administration has recently ordered all U.S. federal executive agencies to remove Kaspersky software from government computers.
- In his testimony from Captial Hill, Equifax ex-CEO Richard Smith said that an individual responsible for applying the patch for the exploited vulnerability had failed to do so; this allowed the hackers to access the personal information of 143 million Americans.
- The Incumbent Premier, William Lai, of Taiwan requested a national review of information security policies in the aftermath of a breach that saw Far Eastern International Bank lose nearly $60 million.
- Hyatt Hotels suffered a breach of payment card data from March 8th until it was discovered on July 2nd. This breach was widespread, hitting a number of Hyatt establishments in countries such as Japan, India, and Saudi Arabia.
- Breaches are up 18.5% to on a year-to-date basis, with 1,012 reported so far in 2017. While the number of total breaches has seen an increase thus far in 2017, the total number of records compromised is down. This can largely be attributed to the mega-breach at Yahoo in September 2016 that exposed the records of half a billion people.
Information Security and Healthcare
- An Arkansas-based hospital was affected by ransomware that shut down access to patient data and rendered imaging files, such as X-Rays, inoperable. The impact on the medical devices, such as X-Ray machines, is particularly troubling. The possibility of medical devices, surgical devices or life-support devices especially, being affected by hackers is concerning; a failure of these devices during critical moments could have life-threatening impacts.
- Medical data for approximately 150,000 patients was exposed by a misconfigured Amazon repository. This incident serves as another reminder of the need to protect cloud-based patient data from being inadvertently accessible to the public.
- KRACK takes advantage of the “four-way handshake”, a process between a device and a router that has been around for 14 years and is designed to deliver a fresh, encrypted session each time you get online. Hackers were able to breach the process and unencrypt the data, allowing them to view and access any unencrypted activity on your Wi-Fi connection. Microsoft and other providers were quick to roll out patches to fix the issue.
- This year, New York became the first state to set minimum cybersecurity standards by which all banks and other financial services institutions must abide. The “Cybersecurity Requirements for Financial Services Companies,” or 23 NYCRR Part 500, requires financial institutions to put in place a cybersecurity program, maintain written policies, report all cybersecurity incidents, and ensure a Chief Information Security Officer is in place.
- The National Association of Insurance Commissioners adopted the Insurance Data Security Model Law which created rules for insurers, agents and other licensed entities covering data security, investigation, and notification of breaches.
Information Security News From Around The World
- The former head of the FBI’s Cyber Division, James Trainor, expects losses from cybercrime to increase around the world. Trainor said that previous estimations were vastly underestimating the current climate, and projected losses to be somewhere around the $6 trillion mark.
- Britain unveiled its Information Safety Strategy which it hopes will help the island nation become the safest place in the world to be online. The Safety Strategy will crack down on malicious activity such as cyberbullying, support digital startups to ensure that new apps and products are safe at production, and help make the internet a safer place for minors.
Other Information Security News
- 4 out of 10 lawyers plan to increase their cybersecurity spending in the coming months. On average, the law firms who are planning to increase their cybersecurity budgets plan to increase spending by about 13%.
That is all for the Information Security News Roundup for the month of October. Want to get more information security news? Check out FRSecure’s Twitter or LinkedIn feeds for updates on what’s going on in the world of information security.