Ivanti threat thursday deck october v2
Download as PPTX, PDF0 likes145 views
The document summarizes discussions from a webinar on prioritizing risk. It describes several recent healthcare and retail cyber attacks, including a ransomware attack on a large hospital system that affected over 80 sites, a ransomware attack disrupting clinical trial data, and a ransomware group stealing unencrypted patient data from a hospital and demanding ransom. It then discusses challenges with vulnerability management and the need for improved communication between security and operations teams. The document promotes a product for prioritizing patch risk and compliance through features like risk-based prioritization and tracking out-of-compliance systems. It ends with a reminder to stay vigilant of cyber threats during the US election period.
More Related Content
Similar to Ivanti threat thursday deck october v2 (20)
Ivanti threat thursday deck october v2
- 1. Copyright © 2020 Ivanti. All rights reserved. How Do You Prioritize Risk? Chris Goettl | Phil Richards | Adam Jones October 29, 2020
- 2. Copyright © 2020 Ivanti. All rights reserved. Agenda Items Healthcare Breach: UHS Healthcare Breach: Clinical Trials Healthcare Breach: New Jersey Hospital Retail Breach: Dickey’s BBQ Topic: How Do you Prioritize Risk? 1 2 3 4 4
- 3. Copyright © 2020 Ivanti. All rights reserved. Situation Analysis Recommendations Exploit Type: Exposure: Attack Vectors:Impact: Data Protection Backup and Restore Fortune 500 hospital system, UHS, that operates 400 healthcare facilities was hit allegedly with a Ryuk breach. Access to phone systems and computers were cut creating needs to redirect patients to different hospitals. Employees quickly shut down systems to stop the attackers from reaching all devices and additional sites, but over 80 sites had already been affected. . Ransomware Healthcare: Universal Health Services 80+ Healthcare facilities in US affected All critical systems – phone, computers Suspected Ryuk Phishing Attack Emergency Response Plan Tabletop Exercises Access ControlsZero Trust Access Continuous Vulnerability Management
- 4. Copyright © 2020 Ivanti. All rights reserved. Situation Analysis Recommendations Exploit Type: Exposure: Attack Vectors:Impact: Philadelphia-based software company eResearch Technology (ERT) was hit with by a ransomware attack a few weeks ago. Staff were not able to access clinical trial data some of which pertained to COVID-19 vaccine trials. ERT’s customers include IQVIA that contracts with Bristol Myers Squibb and AstraZeneca’s COVID-19 vaccine trials. Ransomware Healthcare: ERT Delays Access to trial data disrupted All critical systems – phone, computers Suspected Ryuk Data Protection Data Classification Backup and Restore Emergency Response Plan Tabletop Exercises Access ControlsZero Trust Access Continuous Vulnerability Management
- 5. Copyright © 2020 Ivanti. All rights reserved. Situation Analysis Recommendations Exploit Type: Exposure: Attack Vectors:Impact: Data Protection University Hospital New Jersey in Newark, New Jersey, paid a $670,000 ransomware demand. A hospital representative contacted the threat actors via the dark web to stop publication of 240 GB of stolen data that included patient info. The threat actors, known as SunCrypt, steal unencrypted files, encrypt them, then demand ransom. Ransomware Healthcare: University Hospital New Jersey $670K PII of Patient and Other Data 48k documents Internal Systems Unencrypted data SunCrypt threat actors Security Awareness Training Monitor Employee Behavior Data Protection Access ControlsZero Trust Access Continuous Vulnerability Management
- 6. Copyright © 2020 Ivanti. All rights reserved. On October 1, the U.S. Department of Treasury issued an advisory on sanctions risks associated with payments to malicious cyber-actors demanding ransomware payments. Ransom Advisory
- 7. Copyright © 2020 Ivanti. All rights reserved. Situation Analysis Recommendations Exploit Type: Exposure: Attack Vectors:Impact: An extensive data breach took place allegedly at Dickey’s Barbeque Restaurant affecting potentially 100 locations. Stolen credit card information from more than three million credit cards are supposedly in circulation. Some franchise owners that have not implemented chip- based card readers may also be potentially liable for these losses. Data Breach Retail: Dickey’s BBQ 3M Customer data Credit Cards CC Data from May 2019 to Sept 2020 PoS or a more central point of processing Update Credit Card to Chip Readers Continuous Vulnerability Management Zero Trust Access Controls Network Isolation Expand PCI Compliance coverage
- 8. Copyright © 2020 Ivanti. All rights reserved. How Do You Prioritize Risk?
- 9. Copyright © 2020 Ivanti. All rights reserved. How Do You Prioritize Risk? Why is vulnerability management still difficult? • How are your data and risk conversations between Security and Operations? • Do you understand patch reliability and known issues? • Can you prioritize testing and reduce operational impacts?
- 10. Copyright © 2020 Ivanti. All rights reserved. Modern Ransomware impacts your organization at scale. A mid size company that is hit with a ransomware attack can take up to 15 days to recover operations. In user productivity alone, that is a business cost of about $1 million. $4.44 Million …the global cost of ransomware attacks has risen to $20 billion in 2020 from $11.5 billion just the year before. The average cost of one of these attacks has reached $4.44 million, which is higher than the cost of a data breach or hack.* Identify your priorities to manage increasing threats. * Cybersecurity Ventures
- 11. Copyright © 2020 Ivanti. All rights reserved. Copyright © 2020 Ivanti. All rights reserved. “Ivanti Neurons for Patch Intelligence gives my IT team the most comprehensive view of the state of device patching available. It enables data and risk driven conversations between IT and security to help direct resources. We have reduced our vulnerable devices by 50% and spent 75% fewer hours on these activities in the process. Eliminating duplicate work between IT and Security has helped us manage compliance related tickets more efficiently and has been a significant benefit for the team." - Adam Jones, Senior Director of IT, Ivanti Ivanti Neurons for Patch Intelligence saves time and increases efficiency through improved collaboration between IT and Security.
- 12. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Introducing: Ivanti Neurons for Patch Intelligence Patch Reliability • Actionable intelligence pulled from crowdsourced patch deployment data and public sentiment data to understand patch reliability Risk-Based Prioritization • Prioritized risk-based information sourced from the top threat databases • More actionable information based on real- world threats Patch Compliance • Feature-rich dashboards give you a centralized view into your environment • Track any out-of- compliance machines and updates against your SLA Links: Ivanti Neurons | Ivanti Neurons for Patch Intelligence
- 13. Copyright © 2020 Ivanti. All rights reserved. Final Thoughts #becybersmart As October’s Cybersecurity Awareness Month ends, continue to be vigilant of cyber threats U.S. election voting ends November 3. - Ignore disruptions and disinformation - The more sensational, the more suspicious - Turn off social media and vote
- 14. Copyright © 2020 Ivanti. All rights reserved. Q&A
- 15. Copyright © 2020 Ivanti. All rights reserved. Get the latest updates at: ivanti.com/ThreatThursday Thank You!
Editor's Notes
- #4: This happened at the end of September, but was such a major breach – deserves to be reviewed. Also have some other healthcare hits we can discuss. Huge hit - https://www.bleepingcomputer.com/news/security/uhs-hospitals-hit-by-reported-country-wide-ryuk-ransomware-attack/ https://healthitsecurity.com/news/3-weeks-after-ransomware-attack-all-400-uhs-systems-back-online Three weeks to recovery. 46 Hospitals hit in Other data point -Blackbaud Breach: https://www.beckershospitalreview.com/cybersecurity/19-more-health-systems-identified-in-blackbaud-security-breach-bringing-total-to-46.html
- #5: Clinical Trials: https://www.nytimes.com/2020/10/03/technology/clinical-trials-ransomware-attack-drugmakers.html?&web_view=true Suspected Ryuk https://www.cpomagazine.com/cyber-security/ransomware-attack-on-a-major-health-tech-firm-slows-down-several-covid-19-clinical-trials/ Nation state activities targeting theft of COVID research according to FBI and DHS warnings. Chinese and other nation state sponsored threat actors have been targeting American coronavirus research\intellectual property https://www.biospace.com/article/clinical-trial-software-company-eresearchtechnology-hit-by-ransomware-attack/
- #6: ransomware operation known as SunCrypt, who infiltrates a network, steals unencrypted files, and then encrypts all of the data. New Jersey Hospital Pays: https://www.bleepingcomputer.com/news/security/new-jersey-hospital-paid-ransomware-gang-670k-to-prevent-data-leak/ Strange pile not exactly the same but in terms of payments you might want to mention: Robin Hood cyber criminals https://www.computerweekly.com/news/252490872/Charities-warned-over-Robin-Hood-cyber-criminals
- #7: https://home.treasury.gov/system/files/126/ofac_ransomware_advisory_10012020_1.pdf Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments1 Date: October 1, 2020 The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) is issuing this advisory to highlight the sanctions risks associated with ransomware payments related to malicious cyber-enabled activities. Demand for ransomware payments has increased during the COVID-19 pandemic as cyber actors target online systems that U.S. persons rely on to continue conducting business. Companies that facilitate ransomware payments to cyber actors on behalf of victims, including financial institutions, cyber insurance firms, and companies involved in digital forensics and incident response, not only encourage future ransomware payment demands but also may risk violating OFAC regulations. This advisory describes these sanctions risks and provides information for contacting relevant U.S. government agencies, including OFAC, if there is a reason to believe the cyber actor demanding ransomware payment may be sanctioned or otherwise have a sanctions nexus.2 Background on Ransomware Attacks Ransomware is a form of malicious software (“
- #8: Dickey’s BBQ: https://krebsonsecurity.com/2020/10/breach-at-dickeys-bbq-smokes-3m-cards/ Good old fashioned credit card swiping.
- #9: How do you prioritize risk? Why is vulnerability management still difficult? What has changed? Trends. Intro of Patch Intelligence Adam Jones case study Short demo? And quick conversation amongst the trio (Phil/Chris/Adam)
- #11: Downtime calculation example taken from: https://bullwall.com/solutions/rc/cost-of-downtime/dollars/ using 5000 employees at 25% impact, 75% dependency on IT, $50 avg employee cost, 15 days downtime, and 8 hours to restore each user to operation. Cost in this example came out to $1 million Patch the wrong priorities first, be breached next. Prioritizing patches: your most important line of defense as threats grow If you have the wrong priorities your efforts are in vain.
- #12: How the experience has changed with your group. Different song sheets, often not the same – short circuits the conversation…. Execution from Phil! And Adam gets it finished! Patching vs. configuration changes – in web servers etc – where Patch Intell shines. CVE – click it, look it up, remediate it. What patch? I don’t know Patch Intell short circuits the risk data – exploited in the wild – notes added to a patch to install – make everything goes faster. Patching and config mnmgt most important things that can be done. Key it off – the old days (vulnerability scans) spreadsheets Coming it at us from two different directions – sounds like Research – hours and hours of work – see the scan, who logged into it, with Patch Intell
- #13: Ivanti Neurons for Patch Intelligence helps you achieve faster SLAs for your vulnerability remediation efforts via supervised and unsupervised machine learning algorithms. Easily research, prioritize, and receive better insights for your patch management program in one central location. Benefit from patch reliability data that automatically delivers actionable intelligence pulled from thousands of public and crowdsourced sentiment data. This information provides improved patch reliability so you can act on threats faster and reduce your time to patch. You also receive a more accurate picture of your threat landscape through prioritized risk-based metrics and feature-rich dashboards that monitor compliance.