How Valuable is Your Healthcare Data?

Health care is a hot topic in security right now. A quick search for “hospital ransomware” returns a laundry list of news reports on hospitals as targets of cyberattacks. However, it is not just ransomware that people need to worry about. In the re…

Health care is a hot topic in security right now. A quick search for “hospital ransomware” returns a laundry list of news reports on hospitals as targets of cyberattacks. However, it is not just ransomware that people need to worry about. In the report Health Warning: Cyberattacks Are Targeting the Health Care Industry, our McAfee Labs team digs into the dark underbelly of cybercrime and data loss involving health care records. In this case, the darkrefers to the dark web.

Following up on the Hidden Data Economy report, we looked further to see if medical data was showing up for sale. We found dark web vendors offering up medical data records by the tens of thousands. One database for sale offered information on 397,000 patients!

2016-10-27_17-36-06

These databases contained not only names, addresses, and phone numbers of patients, but also data about their health care insurance providers and payment card information.

What’s it worth?

Of course, for this to be worth a cybercriminal’s time, they must be able to profit from it. We are finding that health care records to be a bit less valuable than records such as payment card records that contain financial information. The going price for a single record of information on a user that includes name, Social Security number, birth date, account information such as payment card number (referred to as fullz in dark web lingo) can range from $14 to $25 per record. Medical records sell for a much lower price, anywhere from a fraction of a cent to around $2.50 per record.

Does this mean medical records are not as valuable? Although not as lucrative as fullz, medical record information has  higher value than just a username/password record when sold on the dark web. We think that sellers are trying to maximize their gain from the data theft. In one underground market forum, a seller listed 40,000 medical records for $500, but specifically removed the financial data and sold that separately.

Why is the health care industry a target?

Although there are regulations and guidelines for the health care industry to protect patient information, the industry itself faces many challenges. Foremost, the focus of the majority of health care workers is the treatment of patients. Because they are dealing with life and death situations, the equipment used to treat patients must be working and available at a moment’s notice. This means there is often little time to install a patch or an update on a piece of medical equipment. The equipment may also be running an outdated operating system that simply cannot be patched to protect against the latest threats. It is not uncommon to see medical equipment running on Windows 95. The medical industry is also subject to FDA regulations and approvals. There may be equipment that is approved by the FDA only on an older operating system and would need to be recertified if updated.

How do I stay safe?

Unfortunately, these data breaches are outside the control of the average person. Health care providers typically use the information they collect from you for your treatment, so you cannot withhold your home address or phone number. As a consumer, you need to be alert for health care data breaches that potentially impact you.

  • Pay attention to the news: Once discovered, medical data breaches tend to make the evening news. Even if you went to a health care provider only once to get an x-ray because you thought you broke your thumb and that provider experiences a data breach, odds are your information was compromised.
  • Monitor your credit score: A common use for resold information is the opening of credit cards or bank accounts. Subscribing to a credit-monitoring service will help you know if a new account has been opened without your knowledge.
  • Watch out for phishing: If your contact information has been stolen, you are almost certain to be the target of numerous phishing attempts. Keep an eye out for suspicious emails and text messages. You can read one of my previous blogs for tips on how to spot a phishing attempt.

The nature of today’s digital world can unfortunately cause our personal and private data to be leaked. If you stay vigilant, you can reduce the impact these breaches will have on your life.

Stay on top of the latest consumer and mobile security threats by following me and @IntelSec_Home on Twitter, and “Like” us on Facebook.

Stay Safe!

The post How Valuable is Your Healthcare Data? appeared first on McAfee Blogs.

How Valuable is Your Healthcare Data?

Health care is a hot topic in security right now. A quick search for “hospital ransomware” returns a laundry list of news reports on hospitals as targets of cyberattacks. However, it is not just ransomware that people need to worry about. In the re…

Health care is a hot topic in security right now. A quick search for “hospital ransomware” returns a laundry list of news reports on hospitals as targets of cyberattacks. However, it is not just ransomware that people need to worry about. In the report Health Warning: Cyberattacks Are Targeting the Health Care Industry, our McAfee Labs team digs into the dark underbelly of cybercrime and data loss involving health care records. In this case, the dark refers to the dark web.

Following up on the Hidden Data Economy report, we looked further to see if medical data was showing up for sale. We found dark web vendors offering up medical data records by the tens of thousands. One database for sale offered information on 397,000 patients!

2016-10-27_17-36-06

These databases contained not only names, addresses, and phone numbers of patients, but also data about their health care insurance providers and payment card information.

What’s it worth?

Of course, for this to be worth a cybercriminal’s time, they must be able to profit from it. We are finding that health care records to be a bit less valuable than records such as payment card records that contain financial information. The going price for a single record of information on a user that includes name, Social Security number, birth date, account information such as payment card number (referred to as fullz in dark web lingo) can range from $14 to $25 per record. Medical records sell for a much lower price, anywhere from a fraction of a cent to around $2.50 per record.

Does this mean medical records are not as valuable? Although not as lucrative as fullz, medical record information has  higher value than just a username/password record when sold on the dark web. We think that sellers are trying to maximize their gain from the data theft. In one underground market forum, a seller listed 40,000 medical records for $500, but specifically removed the financial data and sold that separately.

Why is the health care industry a target?

Although there are regulations and guidelines for the health care industry to protect patient information, the industry itself faces many challenges. Foremost, the focus of the majority of health care workers is the treatment of patients. Because they are dealing with life and death situations, the equipment used to treat patients must be working and available at a moment’s notice. This means there is often little time to install a patch or an update on a piece of medical equipment. The equipment may also be running an outdated operating system that simply cannot be patched to protect against the latest threats. It is not uncommon to see medical equipment running on Windows 95. The medical industry is also subject to FDA regulations and approvals. There may be equipment that is approved by the FDA only on an older operating system and would need to be recertified if updated.

How do I stay safe?

Unfortunately, these data breaches are outside the control of the average person. Health care providers typically use the information they collect from you for your treatment, so you cannot withhold your home address or phone number. As a consumer, you need to be alert for health care data breaches that potentially impact you.

  • Pay attention to the news: Once discovered, medical data breaches tend to make the evening news. Even if you went to a health care provider only once to get an x-ray because you thought you broke your thumb and that provider experiences a data breach, odds are your information was compromised.
  • Monitor your credit score: A common use for resold information is the opening of credit cards or bank accounts. Subscribing to a credit-monitoring service will help you know if a new account has been opened without your knowledge.
  • Watch out for phishing: If your contact information has been stolen, you are almost certain to be the target of numerous phishing attempts. Keep an eye out for suspicious emails and text messages. You can read one of my previous blogs for tips on how to spot a phishing attempt.

The nature of today’s digital world can unfortunately cause our personal and private data to be leaked. If you stay vigilant, you can reduce the impact these breaches will have on your life.

Stay on top of the latest consumer and mobile security threats by following me and @IntelSec_Home on Twitter, and “Like” us on Facebook.

Stay Safe!

The post How Valuable is Your Healthcare Data? appeared first on McAfee.

Everyone Loves Selfies, Including Malware!

I was talking with some of my coworkers the other day about why I wanted to jump to the larger iPhone 7 Plus.  For me it came down to the camera.  I travel a lot for work and even though photography is something of a hobby of mine, I don’t always h…

I was talking with some of my coworkers the other day about why I wanted to jump to the larger iPhone 7 Plus.  For me it came down to the camera.  I travel a lot for work and even though photography is something of a hobby of mine, I don’t always have my “good camera” with me, so I end up relying on my phone’s camera to take pictures of things that catch my eye.  The camera has become an integral part of a smartphone that it’s often (as in my case) a key factor in deciding which phone to use.  More companies are starting to take advantage of the ubiquitous nature of the camera phone to let you do things like simulate a fax for a signed document or making deposits through your banking app by taking a picture of the front and back of the check.  Thanks to my phone’s camera I can’t remember the last time I stepped inside a bank.  Unfortunately, cybercriminals are also learning to take advantage of your phone’s camera.

The McAfee Mobile Research Team within McAfee Labs recently discovered a piece of Android malware that uses a bit of social engineering and some sneaky code to collect all sorts of personal information, ending with a picture of your ID card. That’s right, malware is now asking for you to take a selfie.  While this particular piece of malware has only been impacting users in Singapore and Hong Kong so far, it’s always best to be aware of the current threats and prepare accordingly. Let’s take a quick look at what this piece of malware does.malware-codec

Like a lot of malware, it tricks the user into installing it by pretending to be a video codec or plugin.  By doing this, it’s actually getting the user to grant it all the permissions it needs to execute the malicious code.  On a side note, this is why we would call this a Trojan instead of a virus since it is pretending to be a legitimate application with hidden functionality.  Remember the story of the Trojan Horse?  Same concept.  Just much smaller.selfie

This malware now runs in the background, waiting for you to open specific apps where it would make sense to ask for a credit card number.  It then displays its own window over the legitimate app, asking for your credit card details.  After validating the card number, it goes on to ask for additional information such as the 4-digit number on the back.  Once fed that information, it will then proceed to ask all sorts of additional information claiming a need to validate your identity.    Age, birthday, mailing address, etc. are all collected.   After all of this info is gathered, it then asks for a picture of the front and back of your ID.  Now, not content to just get that info, the malware asks you to take a selfie with your ID in hand.  You thought taking a selfie with your boarding pass was bad!  If you entered in everything you were asked for, the cybercriminals controlling this malware would now have all the information they needed to gain access to your online accounts.  While it’s not the first time we’ve seen malware that asks for a picture, this is the first time we’ve seen this in mobile malware.  Cybercriminals have definitely turned their sights on the mobile platform.

How to Stay Safe

Don’t install shady plugins – The majority of the internet has settled on one of a handful of different formats to use for videos.  If you go to a site that is asking you to install a “codec” or “video plugin,” don’t do it.  Either that site is using an older out of date video format (that could be vulnerable to more malware) or it is trying to get you to install malware.  Either way, go to another site.  If you think you are missing a legitimate plugin, go directly to the site that makes the plugin and install it from there.  But really, most mobile operating systems have all the codecs you will need built in, so when in doubt, get out.

Don’t take a picture of your ID – You should always be skeptical when apps start asking for too much information.  Entering in payment information is one thing, but asking for a picture of your ID is a completely different ballpark.  In general, storing that sort of information on a server (picture of your ID, passport, etc.) is not a good security practice, so even if an app you are using is legitimately asking for a copy of your ID, you may want to reconsider ditching that app for another one with better security practices.

Install security software – Typically I tell people to keep their devices up to date.  However, since this piece of malware is a Trojan and installs with the user’s permissions, having your system up to date would not stop this malware.  This is one reason you need to run security software, so it can keep an eye out for malicious apps like this that find tricky ways to get onto your device.

Cybercriminals are certainly not slowing down their efforts to steal your data, but with good security practices and the right protections in place, you have a fighting chance.

Stay on top of the latest consumer and mobile security threats by following me and @IntelSec_Home on Twitter, and ‘Like’ us on Facebook.

Stay Safe

 

 

 

 

The post Everyone Loves Selfies, Including Malware! appeared first on McAfee.

Quarterly Threat Report: What Do the Numbers Mean to Me?

Every quarter, the team at McAfee Labs releases a threat report detailing information about the latest trends in malware and cybersecurity.  This “Cyber State of the Union” provides a lot of great insights but may seem a bit overwhelming to someone who doesn’t work in the security industry.   We’ve really reached a point where information […]

The post Quarterly Threat Report: What Do the Numbers Mean to Me? appeared first on McAfee.

Every quarter, the team at McAfee Labs releases a threat report detailing information about the latest trends in malware and cybersecurity.  This “Cyber State of the Union” provides a lot of great insights but may seem a bit overwhelming to someone who doesn’t work in the security industry.   We’ve really reached a point where information security is something that impacts practically everyone, so I thought it would be a good to go through the report and put some context around the numbers.

The first thing we want to take a look at is the total malware number.  As you would expect, our Labs team finds a lot of malware.

Total Malware

Total Malware

As of the end of 2015, our total collected malware was approaching almost 500 million unique pieces of malware.  Almost half a billion threats running around out there!  What should really put that number into perspective is if you take a look at the far left of the chart and see that at the beginning of 2014, there were barely over 200 million malware samples.  So over the course of 2 years, the amount of malware has more than doubled.  If malware were rain, we have gone from “better take an umbrella” to “get your goulashes.”

The next important number we need to look at is the “Total Mobile Malware” number.  This number represents the number of unique malware that is targeting a mobile operating system.  This does include tablets that are running Android and iOS as well.

Mobile Malware Totals

Mobile Malware Totals

There are two points to pay attention to in this chart.  At the beginning of 2014, the total was around 4 million but by the end of 2015, it was slightly over 12 million.  That’s more than triple growth in 2 years.  There are a number of factors that contributed to this increase, but overall it shows that cybercriminals are definitely paying much more attention to attacking people on their smartphones and tablets.  It makes a certain amount of sense if you think about it.  We do more and more on our smartphones every day, from shopping to paying our bills.  This of course makes them a much more enticing target.  For more information on the state of mobile malware and why we’re seeing such huge increases, you can check out my previous post on the topic, or read the full Mobile Threat Report.

 

Think Macs don’t get malware?

Total Mac OS Malware

Total Mac OS Malware

Your eyes were drawn to the huge upswing in 2015, right?  As we moved into 2015, we saw a huge uptick in malware targeting Macs.  Historically there has been the urban myth that Macs are more secure than PCs, when in reality it’s really just a matter of targets of opportunity.  There have historically just been more PCs in circulation and a cybercriminal wants to use malware that will infect the largest number of systems possible.   As the number of Macs in use continues to grow, we expect to see an increase in the amount of malware targeting the Mac OS.    If you have a Mac, you are not immune to malware.

And last, but certainly not least, we have ransomware.

Total Ransomware

Total Ransomware

If you’re not familiar with ransomware, please take a moment to read my previous post.  Ransomware has proven to be a low risk, high-reward way for cybercriminals to cash in.  As you can see, the amount of ransomware doubled in just 2015 alone.  There are a number of reasons for this, including ransomware-as-a-service and do-it-yourself ransomware kits that make it extremely easy for someone with little to no coding ability to launch a ransomware attack.  Enough people infected with ransomware find themselves without adequate backup or recovery options that cybercriminals continue to profit with this method.

 

Key Takeaways

  1. The total number of malware has doubled in the past 2 years, reaching almost half a billion unique samples.
  2. Malware targeting smartphones and tablets has tripled in the past 2 years, showing that cybercriminals are paying much more attention to mobile devices.
  3. Attacks against Macs are increasing dramatically. If you have a Mac, you are not immune to attack.
  4. Ransomware continues to grow. This threat impacts everyone from people at home to small businesses, to large organizations.

 

How do I stay safe?

  1. Update: Keeping your devices up to date with the latest security and operating system patches is a great first line of defense against malware.  Malware targets software bugs to infect your system, so installing the latest patches can help reduce your risk.

 

  1. Be suspicious: Cybercriminals use the standard tried and true methods for spreading ransomware, so take extra care to not click on a suspicious link or attachment. What makes it suspicious?  Maybe it’s an oddly worded email pretending to be your bank asking for more information.  It could be an unexpected attachment from someone in your contact list.  If you weren’t expecting someone to send you an attachment, call or text them to double check.

 

  1. Run anti-virus on your system: While the two steps above will keep a lot of malware out, it is still very important to run anti-virus on your system to protect against new exploits that aren’t yet fixed by an update or attacks like drive by downloads. The cost of anti-virus software will be dramatically less than what cybercriminals will demand in ransom!

 

  1. Backup, backup, backup: Most malware can be really difficult to completely remove from your system once it has wormed its way in, so sometimes the only way to be completely clean is to restore from a backup. If your system becomes encrypted due to ransomware, your only options may be to either pay the ransom, restore from a backup or lose your files completely.  There are many options out there for backing up your data reliably and safely.

Stay on top of the latest consumer and mobile security threats by following me and @IntelSec_Home on Twitter, and ‘Like’ us on Facebook.

Stay safe!

The post Quarterly Threat Report: What Do the Numbers Mean to Me? appeared first on McAfee.