Guest post by Stu Sjouwerman, founder and CEO, KnowBe4.
Stu Sjouwerman
Bad guys are abusing the Social Security Administration’s (SSA) online service called My SocialSecurity Account in two ways:
A phishing scam that encourages employees to create an account, where your user enters all their confidential information at the scammer’s site, leaving them open to ID theft and social engineering attacks with that data and infect their workstation either in the office or the house.
The scammers set up My Social Security Accounts on behalf of people, and change the account to direct the benefits checks to a bank account they control.
Basically, this “My Social Security Account” is very useful. It allows you to set up a personal online account that enables you to view your earnings history, estimates of benefits, change your address or start or change direct deposits of your check into a bank account. The SSA also supports two-factor authentication, which is good.
However, it’s a heaven for scammers. Yes, to open an account the SSA requires verification of personal data by asking questions that only the Social Security recipient should know but this info is easily available to an identity thief, who can open an account in the name of the intended victim.
The introduction of two-factor authentication does not prevent an identity thief from initially setting up a My Social Security Account in the name of their victim, and we all know that you can social engineer the user to send the 2FA code to the hacker.
What to Do About This
I suggest you send your employees, friends and family the following. Feel free to copy/paste/edit:
Guest post by Stu Sjouwerman, founder and CEO, KnowBe4.
A story about hospital ransomware or a compromised computer seems to emerge weekly. It is no surprise that healthcare breaches have been on a steady increase for the past five years. Loss of personal health information (PHI) poses a financial risk for health care institutions, expected to cost the industry in the neighborhood of 6.2 billion dollars.
By the numbers
Despite the prevalence of cybersecurity incidents, a study by Ponemon Institute in May 2016 showed that the majority of healthcare organizations and business associates were most concerned with negligent or careless employees causing healthcare data breaches.
Sixty-nine percent of healthcare organizations believe they are more vulnerable to a data breach than other industries.
When asked what the greatest threat was to healthcare data security, the majority of healthcare organizations stated employee inaction or error (69 percent). Rounding out the top three concerns were cybercriminals at 45 percent and the use of insecure mobile devices at 36 percent.
Employee error was also the top concern for business associates (53 percent), followed by use of cloud services (46 percent) and cyberattacks (36 percent).
Ransomware is currently one of the most prevalent threats to Healthcare. A June survey done by KnowBe4 of Healthcare IT professionals shows 44 percent of healthcare organizations have been hit with ransomware, 6 percent above the national average of 38 percent. 65 percent of these IT professionals know someone personally who has been hit and another 47 percent would pay the ransom if faced with a scenario of failed backups. With some healthcare ransomware demanding five figures, this can get pretty expensive.
Why hospitals are the perfect targets
I was interviewed by WIRED magazine’s Kim Zetter. She’s written a great article that analyzes why hospitals are perfect targets for ransomware. She started out with: “Ransomware has been an internet scourge for more than a decade, but only recently has it made mainstream media headlines. That’s primarily due to a new trend in ransomware attacks: the targeting of hospitals and other healthcare facilities.”
Now, Who Else Should Be Scared?
Hospitals have shown themselves to be soft targets and are under full attack by several cybercrime gangs using different attack vectors. The SamSam ransom gang attacks server vulnerabilities in JBoss apps using an open source pentesting tool called JexBoss, so these are targeted attacks are based on scans the bad guys did. Cisco technical background:http://blog.talosintel.com/2016/03/samsam-ransomware.html
That is an exception though; the vast majority of ransomware infections are caused by phishing emails. Next are malicious links and ads leading to compromised websites with Exploit Kits causing drive-by-infections.
