Saturday, March 11, 2017

Email attacks authorized by conveniently obtained credentials

A latest report from 2 information security firms analyzes the prevalence of email attacks deployed on a review of 1,000 healthcare agencies that involve the physicians, third party administrators, software vendors, regional health policies, medical billing firms and hospitals.

On average, 68% of the reviewed entities and their business associates had workers compromised accounts with visibly available credentials on the Dark Web, where stolen data is marketed. Some 76% of stolen credentials involved actionable password data, and 23% had completely visible text passwords, in accordance to Evolve IP and ID Agent, which undertook the survey.

“With 68% of healthcare agencies having compromised credentials within the Dark Web, agencies are failing to rightly secure the customers from on-line account takeover and data exploit,” claims Kevin Lancaster, CEO of ID Agent. “To combat the increasing threat, it is significant to establish an end-to-end solution to automate the process of recognizing stolen credentials and proactively securing customer on-line accounts.”

“While it is virtually impossible to stop phishing attacks, the right disaster recovery plan and (disaster recovery) services can stop a healthcare agency from facing serious losses or even potentially going out of business,” claims David M. McCrystal, healthcare program manager of Evolve IP.

The study of email attacks on healthcare agencies discovered that outdated passwords retain their value because most individuals use the same password or a similar password across all their online domains.

Even agencies with a single compromise still confront major risk on the Dark Web, the companies warn, with the risk proportional to company size.

The vendors point out that there is a usual exploit lifecycle to stolen data:

  • Gain access to information from emails exploited by phishing, malware, data breach, social engineering and other attack forms

  • Utilize obtained data to study a targeted company or individual

  • Gain system access

  • Develop a foothold in the system

  • Gain more privileges

  • Move laterally through the agency and its supply chain to extract information or control system access


More information from Evolve IP and ID Agent, involving the requirement to accept proactive threat intelligence, continuous security management and rapid incident response and recovery processes, is available here.

 

No comments:

Post a Comment