How hackers are winning right now
I don't recall receiving more cyber alerts from federal and international cyber agencies than were sent out this past week. Let's take a look at a few of the current scams and what you need to be on the lookout for.
First, Windows 7 has reached its end of life on January 14th of this year and the number of active attacks has recently increased, according to the FBI, and DHS-CISA. These attacks are targeting unpatched vulnerabilities and aren't necessarily the types of attacks users can defend themselves from. The key takeaway here is if you have Windows 7 devices on your corporate or home networks, then it's time to upgrade them. Windows 7 devices are not secure and they haven't been HIPAA compliant in January. If you want to feel the full wrath of the HIPAA police and face potential negligence lawsuits, running Windows 7 devices and having a breach is an invitation.
Second, COVID19 attacks continue to morph and have success. Most of the attacks we're seeing are based on email phishing schemes with malicious attachments or links to malicious sites. These attacks are capitalizing on the fear and uncertainty so many are experiencing, and they're cleverly designed to look like legitimate government correspondence and websites. Once again, don't rely upon unsolicited emails for anything. Revert to traditional sources and searches to gain information and insights.
Third, corporate networks are being hit hard with cyberattacks from known nation-states. These attacks are seeking to steal sensitive information, create business disruptions, and potentially shut companies down. One such attack on a major medical company occurred last week. They were hit with a strain of ransomware that is commonly used against healthcare organizations. At risk is the personal health information of hundreds of thousands of US citizens. It has not been reported at this time the extent of the attack or if their data has been exfiltrated.
Fourth, companies engaged in the federal PPP program are in the process of filing for loan relief. The process has triggered a flurry of email scams loaded with malicious attachments and links to fake websites that trigger ransomware attacks,
What most of these attacks have in common is their primary method of attack is coming from emails. The challenge is they're incredibly sophisticated and difficult to detect both at the user level and at the gateway by advanced defenses. If your company has deployed some of these more advanced solutions, don't assume anything that gets through can be trusted.
Don't let fatigue or malaise lull you into a sense of complacency. A single networked device can take down an entire network or company. A single click can trigger a ransomware attack locking down every device on the network.
Here's an infographic published by HHS Office for Civil Rights to help navigate if you're attacked. https://www.hhs.gov/sites/default/files/cyber-attack-quick-response-infographic.gif
If you have any questions or if you are concerned about your organization's cybersecurity, give us a call at (800) 970-0402. We'll be happy to help.
For more HIPAA information, download our ebook - The Ultimate HIPAA Compliance Handbook.
The HIPAA Security Rule requires the implementation of a security awareness and training program for all members of its workforce (including management). Have your team sign up for weekly HIPAA Security Reminder to help stay compliant.