CLOSE X
RSS Feed LinkedIn Instagram Twitter Facebook
Search:
FMG Law Blog Line

Posts Tagged ‘cyber criminals’

A Majority of Federal Agencies Are “At Risk” For Further Data Security Incidents

Posted on: June 6th, 2018

By: Allen Sattler

The Office of Management and Budget (“OMB”) performed a cyber security risk assessment of 96 federal agencies, and it recently published its findings in the “Federal Cybersecurity Risk Determination Report and Action Plan.”  The OMB reported that only 25 of the 96 agencies assessed were adequately managing their risk.  Most agencies, 74% of them, were either “at risk” or “high risk.”  A “high risk” rating meant that the agency either did not have in place or failed to sufficiently deploy key, fundamental cybersecurity policies, processes, and tools.

The OMB performed the risk assessment in response to an Executive Order requiring that the OMB develop a plan to adequately protect the executive branch by improving its cybesecurity.  The assessment conducted by the OMB examined the agencies’ ability to identify, detect, and respond to cyber incidents.  Nearly 31,000 cyber incidents affected the 96 agencies in 2016 alone.

The OMB found that most agencies had poor situational awareness.  The OMB explained that those agencies often lacked the information and resources needed to understand or determine the tactics, techniques, and procedures being used by threat actors to exploit their systems.  For instance, in 38% of the cyber incidents analyzed, the agencies affected could not identify the method of attack used by the threat attacker.  The OMB also found that most agencies lack standardized procedures and information technology, which makes mitigating the vulnerabilities of those systems difficult.  For instance, one agency operates 62 separate email services on its systems, making it “virtually impossible” to track and inspect inbound and outbound communications to prevent attacks.  The OMB explained that if the email service is standardized, the agency can then manage the risk.  For instance, it can inspect, detect, and quarantine malicious messages, such as phishing attempts and emails that include attachments with malicious code.

The OMB also found that agencies lack the ability to detect when large amounts of data have been pulled from their systems by an outside attacker.  Only 27% of the agencies reported the ability to detect and investigate whether large amounts of data have been exfiltrated from their systems.  Also, while agencies have largely complied with policies requiring them to encrypt data in transit, less than 16% of agencies achieved their targets for encrypting data at rest.

The findings by the OMB are alarming given that the federal government is often a prime target for attack by cyber criminals, as shown by previous, high-profile breaches.  For instance, in 2015, the Office of Personnel Management sustained a data breach that resulted in the disclosure of fingerprint data belonging to 5.6 million federal employees.

If you have any questions or would like more information, please contact Allen Sattler at [email protected].

VISA Issues Security Alert Due to Increased Data Breaches Caused by Insecure Remote Access

Posted on: July 30th, 2014

By: David Cole

When a merchant experiences a data breach involving credit card information, it is often required by the card brands to hire a Payment Card Industry Forensic Investigator (PFI). The PFI investigates the incident and then provides a report to the card brands on what happened, how it happened, and whether the merchant’s system complied with the Payment Card Industry Data Security Standards (PCI DSS).  The card brands receive hundreds of PFI reports each year, and they occasionally issue security alerts when they see an emerging threat pattern in PFI reports.

Just this month, Visa issued a security alert titled “Insecure Remote Access and User Credential Management,” in which it reported an increase in data security breaches stemming from insecure remote access.  The alert notes that a number of remote access solutions are commonly used to provide remote management and support for merchants, such as LogMeIn, PCAnywhere, VNC, and Microsoft Remote Desktop.  When used correctly, applications like these are effective ways to provide technical support among large numbers of merchants.  But if used maliciously, they can expose payment card data and other sensitive information to cyber criminals. This is because insecurely deployed remote access applications create a conduit for cyber criminals to log in, establish additional “back doors” by installing malware, and steal payment card data.

The alert warns that the circumstances around multiple data breaches in the last several months suggest that an actor or group of actors are targeting merchants who share common Point-of-Sale (POS) integrators or remote support vendors.  It then identifies several common vulnerabilities that are allowing intruders to gain access through remote applications.  These include: (1) remote access ports and services always being available on the Internet; (2) outdate or unpatched systems; (3) use of default passwords or no passwords at all; (4) use of common usernames and passwords; (5) single factor authentication; and (6) improperly configured firewalls.

To protect against these vulnerabilities, the alert advises merchants to examine their remote management software for insecure configurations, use of outdated or unpatched applications, common or easily-guessed usernames and passwords, and ensure that overall payment processing environment is securely configured and maintained in accordance with the PCI DSS.  In addition, merchants should follow these other security practices to mitigate their risk:

  • Ensure proper firewalls rules are in place, only allowing remote access only from known IP addresses.
  • If remote connectivity is required, enable it only when needed.
  • Contact your support provider or POS vendor and verify that a unique username and password exists for each of your remote management applications.
  • Use the latest version of remote management applications and ensure that the latest security patches are applied prior to deployment.
  • Plan to migrate away from outdated or unsupported operating systems like Windows XP.
  • Enable logging in remote management applications.
  • Do not use default or easily-guessed passwords.
  • Restrict access to only the service provider and only for established time periods.
  • Only use remote access applications that offer strong security controls.
  • Always use two-factor authentication for remote access. Two-factor authentication can be something you have (a device) as well as something you know (a password).