Category: BAI Security Blog
Cyber Attack

Anonymous FTP: Crippling Healthcare Organizations

If you’ve ever had to share a large number of files with people working remotely, odds are you’ve used a file transfer protocol (FTP) server to accomplish this. It’s an easy way that you and others can access and upload information with a username and password, without taking up your own valuable internal storage space. Unfortunately, most of these FTP servers are operated by only a few companies. I say unfortunately because it means they are large targets for hackers. A recent bulletin released by the FBI details how FTP servers used by healthcare organizations have seen a sharp jump in attacks by cyber criminals. Here’s what we know so far. Anonymous FTP These attacks, the FBI noted, are carried

Read More »
BAI Security April 6, 2017
iot

Keeping Up With Multiplying Cybersecurity Threats: Vulnerability Management

The world of cybersecurity has never lacked its share of individuals and programs out there looking to take advantage of others, but there’s definitely never been this many cyber criminals trying to capitalize on new methods of attack and lacking defenses. Let’s take a look at some cybersecurity statistics from 2016 as reported on by Forbes: AT&T found that there was a 485% increase in the number of times attackers search IoT devices for vulnerabilities Cisco discovered a 221% increase of compromised WordPress websites Dell noticed malware attacks almost doubled from 2015, finishing the year with 8.19 billion attacks IBM concluded the healthcare industry was more frequently attacked than any other –with financial services and manufacturing trailing behind None of

Read More »
BAI Security March 30, 2017
Cybersecurity

In Plain Sight: Zero-Day Vulnerabilities

Zero-day vulnerability is a futuristic sounding term – you can almost picture it as the name of a science fiction novel – but it presents a great threat to organizations across all industries. These vulnerabilities are holes in software which lack a patch or fix, meaning they can be exploited by clever cyber criminals to steal your information. Back in 2014, Anthem, a major US health insurer, suffered what was then the biggest healthcare breach ever. This attack was conducted by a group known as “Black Vine,” who used zero-day vulnerabilities in Internet Explorer to carry out the attack. Recently, RAND corporation, a research organization that develops solutions to public policy challenges to help make communities throughout the world safer

Read More »
BAI Security March 17, 2017
Healthcare

Go Beyond HIPAA: Strengthening IT Security by Sharing Information

HIPPA compliance for healthcare organizations is crucial – yet many still struggle with meeting even the most basic requirements. Furthermore, merely employing a security profile that just meets regulations does not provide adequate protection. But what does it mean in real-life terms to not meet these requirements, and what steps can you take right now to improve your security? A Taller Fence Hearing phrases like, “lacking IT security” can be somewhat vague if you don’t have a firm grasp on the particulars of your network security. So here’s an example that might help: Imagine your IT security system is a fence protecting your yard. The government requires you have a fence that stands 3 feet tall. Now this might be enough

Read More »
BAI Security March 10, 2017

Video: Interview with HRBoost on Cybersecurity

BAI Security’s President and Chief Technology Officer, Michael Bruck, recently joined Nicole Martin from HRBoost to share how data breaches are of particular interest to the HR world. As we recently discussed, important employee documents – like W2 forms – are a gold mine for attackers. In this video, Michael shares how the threat of cyber attackers and data breaches poses a real risk to organizations in all industries.

Read More »
BAI Security March 2, 2017
Banking

New Study Reveals the True Effect Data Breaches have on Customer Loyalty

Suffering a breach is scary. The loss of crucial data and records can deal a crippling blow for any organization forced into extended downtime. But the worst part of a breach may not be the attack itself; the repercussions of this attack can have much further reaching effects. We’ve speculated about this effect in the past, but a new study by Carnegie Mellon University (reported on by The Register) confirms our suspicions: suffering a breach can cost you customers. Lack of Information Studies connecting consumer loyalty to breaches or fraud have been hard to come by in recent years, making this study especially noteworthy. Generally, we know that stock prices of organizations – especially financial institutions – take a hit after suffering breaches,

Read More »
BAI Security February 24, 2017
cyber criminals

Cybercriminals Leave Trails

While we think it’s important to profile the crimes of cybercriminals and the threats they pose to organizations of all shapes and sizes, it’s also essential to remind ourselves time and time again that they are people and they do get caught. Previously, we looked at one British man who was caught running an online banking fraud system. Today, we’re going to analyze another banking fraudster who was recently apprehended. Of Fraud and Mules The US Department of Justice announced that Vyacheslav Khaimov pleaded guilty on February 3rd for running an international cybercrime operation which stole $1.2 million from at least 30 victims. The attack involved a sophisticated form of malware which gained access to the victim’s bank accounts. After

Read More »
BAI Security February 16, 2017
banks

Employers Beware: W-2 Scams Running Rampant

Employees count on their employers to keep their private information safe. This is especially true during one of the most information-sensitive times of the year: tax season. For attackers who rely on social engineering tactics, targeting organizations right now can be a potential goldmine. We’ve previously discussed how social engineering tries to trick members of your staff into giving out valuable information – oftentimes by posing as official sources who need the requested information now. This is a threat you should stay on high alert for year round, but recent news should have you more aware and wary of requests centered around employee tax information. A Common Scam A few high profile social engineering attacks have made the round recently, but let’s

Read More »
BAI Security February 9, 2017
Breach

More Breach Investigations Coming?

We’ve written about the massive Yahoo data breach in this space a few times now. First there was the news of the breach itself and the potential fallout as far as consumer confidence and valuation for the business itself. Then we learned that the breach was even worse than originally reported, with the original breach going back years. At this point, it might seem like all the news has been had out of this particular attack. Well not so fast, as yet again the story of the Yahoo breach continues to provide valuable insights into what organizations might face should they too suffer a breach. Investigation Underway The two previously reported Yahoo breaches occurred in 2013 and 2014. The 2014

Read More »
BAI Security February 2, 2017
Breach

The Anatomy of an Attack

Many times in this space we have discussed the results of an organization suffering a breach. These have included the fines an organization receives due to lackluster security practices, or the long-term damage a breach could potentially inflict on an organization’s reputation. Today, we’re going to move our gaze from the aftermath of an attack to it’s beginnings. What does a breach in real time look like, and what are the immediate steps an organization can take to remedy this attack? Meet the Attacker Since the summer of 2016, a hacking group known as “TheDarkOverlord” has been attacking businesses in the healthcare and financial sectors, grabbing private information and using it as a means of extortion. For example, in September

Read More »
BAI Security January 27, 2017

Recent Posts

Keywords

CONTACT

READY TO LEARN MORE?

We’re here to discuss your upcoming IT security assessment and compliance audit needs.

CONTACT US
SCHEDULE A CALL

Let´s network on

Linkedin Twitter

BAI Security

ABOUT US

SERVICES

Contact