Cyber  Security
 
 
 
   
The Top 5 Security Threats to Watch for in 2014
The year has barely started, and we've already had enough data breaches at major retailers to make a barter economy seem like a good idea.  Unfortunately, there are yet more security threats to look forward to in 2014. Below are some of the primary predictions from industry experts:
 
Mobile malware: 
The absence of any notoriously successful mobile exploit has lulled users into a false sense of confidence about the level of danger they face.
 
The Internet of things:  
Connected devices can make life more convenient, but they also create additional opportunities for the bad guys.
 
Virtual currencies under siege:  
Though they remain a fringe phenomenon, virtual currencies like “Bitcoin” have achieved a level of success and growth that can't be ignored.
 
Windows XP:  
The ancient operating system retains significant market share in the desktop OS category, and it powers a wide spectrum of kiosks and embedded devices. As of April 2014, Microsoft will no longer support Windows XP, which means no more patches and no more security updates.
 
More data breaches:  
The data breaches keep coming, and there's no reason to believe they will subside anytime soon. The Target debacle that closed out 2013 continues to grow in scope as the investigation continues. The original estimate of 40 million has been revised to 110 million, and now additional retailers such as Neiman Marcus are discovering that their customer data storage systems have been breached.
 
 
 
 
 
 
Hottest Security Stories of 2013
 
Data loss, privacy violations, stolen source code, malware development, and more. In hindsight, 2013 was busy year for security professionals, as well as a costly one for the organizations and individuals targeted by criminals.
 
As mentioned, 2013 was a busy year with regard to security incidents with over one-hundred forty million (140,000,000) plus records having been compromised during the past twelve months. The sources of these losses have been blamed on everything from nation state attacks and activists, to hackers with an agenda.
 
1.  Eric Snowden – NSA classified security leaks
2.  Target Corporation – 40 Million credit cards compromised
3.  Adobe – 38 Million Users accounts compromised
4.  Bit9 – Digital certificates, digital signatures compromised
5.  Digital Activism – DDOS attacks, business slowdowns
6.  The Syrian Electronic Army – Media Attacks
7.  Watering Hole Attacks –Facebook, Twitter, Apple compromises
8.  China’s APT1 – State sponsored cyber attacks
9.  South Korea – Banking and television attacks (shut down)
 
 
  
 
 
 
Are you still running Windows XP at home?
 
On April 8, 2014, Microsoft will stop providing any type of security updates for Windows XP, possibly leaving your home system vulnerable, and potentially any of your on-line personal information (such as: medical records, on-line banking, on-line shopping, on-line taxes, pictures and music collections) could become at risk.
 
Mr. Frank Hunt, of the PWC Planning Department, has put together some very valuable information for the PWC Home users to consider as the Windows XP operating system reaches end of life. 
 
 
 
 
 
 

 

 

 

Click on image to view poster 
 
 
 
  
 
 
 
Contacts: Chief Information Security Officer
Phone:  703-792-7956;   703-792-7179
 

 Tip of the Day

 
 

 Current Threats

 
 
HeartBleed "Open-SSL" is a bug that allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software.  This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users
 
 
 
CryptoLocker Ransomware is Trojan horse malware which surfaced in late 2013, a form of ransomware targeting computers running Microsoft Windows. CryptoLocker disguises itself as a legitimate attachment; when activated, the malware encrypts certain types of files stored on local and mounted network drives. The malware then displays a message which offers to decrypt the data if a payment (through either Bitcoin or a pre-paid voucher) is made by a stated deadline.

CryptoLocker Ransomware Infections _ US-CERT

Internet Crime Complaint Center (IC3) _ CryptoLocker Ransomware Encrypts Use 

 

 Breaches & Incidents

 
24 Jun 2014
Affected Users: 563
How: Stolen Laptop
Riverside County, CA
 
Riverside County Regional Medical Center (RCRMC) has notified 563 patients that some of their personal data may have been compromised after a laptop computer was reported missing from a hospital procedure room late last week.
 
 
 
29 May 2014
Affected Users: 1.3 Million
How: Unauthorized Access
 
The Montana Department of Public Health and Human Services (DPHHS) is notifying about 1.3 million clients and employees that unauthorized access was gained to a server that stored their personal data. 
 

Montana_Department of Public Health and Human Services - News.pdfMontana_Department of Public Health and Human Services - News.pdf