Friday, March 27, 2020

UPDATE- Wondering how many more people figured out that Russia, China & Iran are hacking our medical systems?



At medical office. Can I pay with my iPhone? “We don’t do that.” I said sure you do, clicked twice & paid. 

Medical offices have got to be easy to hack. Our medical systems are geared for profits. It makes sense to me that the primary purpose of security in our medical systems is protecting financial transactions not patient information security. Once CORVID-19 was discovered China, Russia & Iran were likely planning their cyberattacks on U.S. medical systems.

I Watched “Kill Chain” on HBO. 

Halfway in I began thinking it’s just as easy for Russia to hack our medical systems as our voting system.

UPDATE:
 In 2018, Russian state hackers were found to have infiltrated the systems of key pieces of United States infrastructure. The Department of Homeland Security and the FBI found in a report that the hacks “affected multiple organizations in the energy, nuclear, water, aviation, construction, and critical manufacturing sectors.” 
It was an attack that took considerable effort. Yet, once inside, with the ability to affect this wide swath of American society, the Russian government didn’t seem to do anything in particular. Experts believe that the attack was more of a scouting expedition, meant to understand U.S systems from the inside-out. There’s far too little known to the public to make any concrete assumptions about the goals of the HHS hackers, but the attack could have offered insight into how the U.S rapid response network operates, and the system’s capabilities. 
The HHS is only the latest actor involved in fighting coronavirus to have been the victim of cyberattacks. Two private labs focused on creating coronavirus test kits, Quest Diagnostics and LabCorp, were involved in 2019’s massive American Medical Collection Agency (AMCA) hack, which HealthITSecurity.com declared the worst hacking incident of the year. 
The AMCA, a billing provider for the medical service industry, saw the information of over 20 million Americans leaked online. The vast majority of this leaked patient information, consisting of personal and financial information, came from Quest and LabCorp, which saw 12 million and 7.7 million victims respectively. 
The Inverse Analysis 
Under normal circumstances, the healthcare industry is already a prime target for hacking. As an industry, having quick access to information can make the difference between life and death, and it is not as always technically proficient as other industries. But the novel coronavirus makes these extraordinary times. Cyber-attacks against the crucial elements of healthcare infrastructure around the world will almost certainly continue. The only question is which will be the first one to succeed.
MORE AT:



"In advance of the 2020 Presidential election, KILL CHAIN: THE CYBER WAR ON AMERICA’S ELECTIONS takes a deep dive into the weaknesses of today’s election technology, investigating the startling vulnerabilities in America’s voting systems and the alarming risks they pose to our democracy. From filmmakers Simon Ardizzone, Russell Michaels and Sarah Teale, the team behind HBO’s 2006 Emmy®-nominated documentary “Hacking Democracy,” and producer Michael Hirschorn, KILL CHAIN follows Finnish hacker and cyber security expert Harri Hursti as he travels around the world and across the U.S. to show how our election systems remain dangerously unprotected."



"Hursti has a long history of drawing attention to the vulnerabilities of election technology. In 2005, he hacked into a widely-used voting machine in Florida; despite widespread public outrage, the same machine is slated for use in many states in the 2020 election. In Kill Chain, with humor and candor, Hursti travels across the country and to his homeland of Finland to assess the current state of election security and whether improvements touted by the election technology manufacturers since his 20045 hack have, in fact, made elections safer. 

Returning to Florida, Hursti learns that prior to the 2016 election, the FBI alerted officials that a foreign power had targeted a Florida vendor that runs voter registration in eight states, an attack capable of wreaking havoc on election day.
Despite claims by election-machine makers that they keep units under lock-and-key, Hursti finds a warehouse in Ohio full of AccuVote TSX machines, a model that will be used in the 2020 election, being sold on eBay. 

During Georgia’s 2018 gubernatorial election, Secretary of State and Republican candidate Brian Kemp had oversight of the election process and fought against replacing outdated, insecure Accuvote machines. Hursti and other election monitors are in Georgia on election day, as machine errors create lengthy wait-times at many polling places. 

Also in the film, a hacker, based in India, reveals that he hacked into Alaska’s voting systems on the day of the 2016 presidential election and could have changed any vote or deleted any candidate.   

In an interview this week, Hursti, a founding partner of Nordic Innovation Labs, a global technology solutions company, warned that the real question about the 2020 election is “who will be the actors” hacking them. 

“There are a bunch of actors already flexing their muscles. It will be a tug of war between the different actors,” he said.
Beside violating the security of the election process, their secondary goal, he added, may be to “undermine people’s trust in society.”  

“The only way forward is with hand-marked ballots,” he noted, adding that barring this, “We should do everything we can to improve the security of election infrastructure.”   
As Senator Amy Klobuchar says in the film, “It’s not just about hardware, it’s the hardware of our democracy.” 

MORE AT:
Forbes
New Documentary Debuting Tonight Explores Weaknesses In U.S. Election Technology


"Attack phases and countermeasures

Computer scientists at Lockheed-Martin corporation described a new "intrusion kill chain" framework or model to defend computer networks in 2011.[6] They wrote that attacks may occur in phases and can be disrupted through controls established at each phase. Since then, the "cyber kill chain™" has been adopted by data security organizations to define phases of cyber-attacks.[11]

A cyber kill chain reveals the phases of a cyber attack: from early reconnaissance to the goal of data exfiltration.[12] The kill chain can also be used as a management tool to help continuously improve network defense. According to Lockheed Martin, threats must progress through several phases in the model, including:

  • Reconnaissance: Intruder selects target, researches it, and attempts to identify vulnerabilities in the target network.
  • Weaponization: Intruder creates remote access malware weapon, such as a virus or worm, tailored to one or more vulnerabilities.
  • Delivery: Intruder transmits weapon to target (e.g., via e-mail attachments, websites or USB drives)
  • Exploitation: Malware weapon's program code triggers, which takes action on target network to exploit vulnerability.
  • Installation: Malware weapon installs access point (e.g., "backdoor") usable by intruder.
  • Command and Control: Malware enables intruder to have "hands on the keyboard" persistent access to target network.
  • Actions on Objective: Intruder takes action to achieve their goals, such as data exfiltration, data destruction, or encryption for ransom.
  • Defensive courses of action can be taken against these phases:[13]


  • Detect: determine whether an attacker is poking around
  • Deny: prevent information disclosure and unauthorized access
  • Disrupt: stop or change outbound traffic (to attacker)
  • Degrade: counter-attack command and control
  • Deceive: interfere with command and control
  • Contain: network segmentation changes


A U.S. Senate investigation of the 2013 Target Corporation data breach included analysis based on the Lockheed-Martin kill chain framework. It identified several stages where controls did not prevent or detect progression of the attack.[10]...


Critiques of the cyber kill chain

Among the critiques of Lockheed Martin's cyber kill chain model as threat assessment and prevention tool is that the first phases happen outside the defended network, making it difficult to identify or defend against actions in these phases.[15] Similarly, this methodology is said to reinforce traditional perimeter-based and malware-prevention based defensive strategies.[16] Others have noted that the traditional cyber kill chain isn't suitable to model the insider threat.[17] This is particularly troublesome given the likelihood of successful attacks that breach the internal network perimeter, which is why organizations "need to develop a strategy for dealing with attackers inside the firewall. They need to think of every attacker as [a] potential insider".[18]"

MORE AT:

WIKIPEDIA

Kill chain

This article is about the military and information security concept.

No comments:

Post a Comment

You can add your voice to this blog by posting a comment.