Security News

Ransomeware Affects 100+ Dental Offices

A Colorado IT Company that provides services to 100+ dental offices has suffered a Ransomeware attack. 

Complete Technology Solutions(CTS) has been attacked and attackers installed Sodinokibi ransomeware on computers at more than 100 dentistry businesses that rely on CTS for IT services, including network security, data backup, and voice-over-IP phone service.CTS declined to pay an initial $700,000 ransom demand for a key to unlock infected systems at all customer locations.

As per the latest update the Complete Technology Solution is still in Denial. The hack was exclusively reported by Security Researcher Mr. Brian Kerbs.

Hood Analysis 101

Dental Office and all the medical related institutions(including their IT Services providers )should comply with HIPAA guidelines.

HIPAA which is also knows as Health Insurance Portability and Accountability Act is developed in US whose aim is to provide the IT security guidelines to Medical Institutions. Since the IT provider and impacted Dental offices are based in US we assume that the either the CTS was not following the HIPAA guidelines completely or they are not complaint with HIPAA at all.

One more question that need to be raised here is that IT providers (Complete Technology Solutions) have failed to notify that they are being targeted by a Cyber Attack.

Few basic steps that can be followed by Organizations suffering from Ransomeware attacks

1. You must have a way to protect against malicious software.

2.   You must make sure that all of your systems are up-to-date.

3.  You must have a plan for responding to security incidents

4. You must perform a risk analysis on all critical systems

We thank Mr. Brian Kerbs for his Security Reporting in this matter.

Forgotten User Account came back to Bite Avast and Nord VPN

AVAST and Nord VPN finally accepted the fact that there network were breached, However both the cases are unrelated but they share a common breach cause “Unknown or Forgotten” user accounts that are responsible for providing the passwords.

AVAST mentioned on its blog that on September 23 they identified the suspicious behavior on its network and later identified that that the attack attempts were made starting from May 14, 2019 . The origin of attack is seems to be UK.

Nord VPN also admitted that some unauthorized user accessed a server from the data center it rented in Finland. The company says it’s sure that the infiltrator wasn’t able to access customer data, since the compromised server didn’t contain any activity logs, usernames or passwords. An Ars Technica report says the hackers were able to steal encryption keys that could be used to stage decryption attacks on some customers. But NordVPN maintains that the “service as a whole was not hacked, the code was not hacked, the VPN tunnel was not breached and the NordVPN apps stayed unaffected.”

Hood Analysis 101

The new normal in cyber security world  is that every organizations should follow the access management process. Organizations should have deployed a Identity & Access management system and Privileged Access managements systems through which they can monitor or prevent the unauthorized access event. 

The incident in AVAST is more of a process issue rather a technical one if the issue is due to a Forgotten user. The user management process should be stringent if you need to avoid the security incident that AXA faces recently.

Here we can see two separate incidents, press release of  Nord VPN wants to link the incident to unauthorized user access but the major incident is that attackers manage to get the keys.Phase 1 is getting in to the server and then stealing the private keys of the Nord VPN. Some facts still under analysis.