breach

ICIT Publication: I Got 99 Problems But a Breach Ain’t One

Critical Infrastructure Information Security systems are failing under persistent adversarial efforts because too many organizations still depend on antiquated legacy systems, un-cyber-hygienic personnel, and devices that lack security-by-design. This is not merely a cyberwar, we are now in a state of cyber-kinetic-meta war. There was no clear beginning and there will be no end. The .. read more

There’s Proof That North Korea Launched the WannaCry Attack? Not So Fast! – A Warning Against Premature, Inconclusive, and Distracting Attribution

By James Scott, Sr. Fellow, ICIT Last week, ICIT urged responsible news outlets to focus on meaningful aspects of the May 12, 2017 WannaCry attack on over 230,000 systems in over 150 countries, such as the desperate need for security-by-design in software and technology, the perpetual failure of organizations across the globe to secure their .. read more

The Know Your Enemies 3.0 Advanced Persistent Threat Advisory is Finally Here!

We Connect the Dots between Nation State, Cyber Mercenary, Cyber Caliphate and Cyber Criminal Advanced Persistent Threats by James Scott, Sr. Fellow, ICIT Allegations of cyber-incidents, IP theft, and cyber-attack have significant tangible results and seismic geopolitical implications. Most compromised organizations do not detect breaches until eight months after the initial incident; consequently, typical attribution .. read more

On March 28th, 2017, posted in: Latest Posts by Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Cybersecurity in Non-Profit and Non-Governmental Organizations

Non-Profit and Non-Government Organizations (NGOs) rely greatly on the use of information technology for both their operations and innovative strategic program initiatives.  In a sense, they are no different than any small, medium or large-scale enterprise with regard to computing.  Keeping information confidential and free from integrity and privacy challenges as well as ensuring their .. read more

The Painfully Vulnerable Election System and Rampant Security Theater

by James Scott, Sr. Fellow, ICIT and Drew Spaniel, Fellow, ICIT ‘Clunky as Heck’ and Security via Obscurity Create Only an Illusion of Secure Elections “Election Officials, consider your voting machines, networks and tabulators infected until you’ve forensically proven otherwise.”  James Scott, Senior Fellow, ICIT The first step to correcting the plague of cyber-kinetic vulnerabilities .. read more

DYN Attacks Exploit Old and Well Known Vulnerabilities

by James Scott, Sr. Fellow, ICIT and Drew Spaniel, Researcher, ICIT Throughout the morning, DYN has released statements indicating that the issue has been resolved only to have the servers crash within the following hour. Without inside information, two hypotheticals exist to explain the heat map and the disruption. First, it is possible that DYN .. read more

The Categorical Threat Landscape to Consider When Reading NASS’ Open Letter to Congress

Authored By: James Scott, Sr. Fellow, ICIT & Drew Spaniel, Researcher, ICIT On September 26, 2016, the National Association of Secretaries of State (NASS) released an Open Letter to Congress that urged for the informed communication of facts about the security of election systems with the American public. This communique builds upon the NASS letter .. read more

ICIT Brief – Your Life, Repackaged and Resold: The Deep Web Exploitation of Health Sector Breach Victims

Despite being the most at-risk and perpetually breached critical infrastructure sector in the Nation, virtually all health sector organizations refuse to evolve their layered security to combat a hyper evolving threat landscape. As a result, when a healthcare system is breached and patient records are stolen, the entire brutal impact of the incident that resulted from .. read more

ICIT Brief: Combatting the Ransomware Blitzkrieg with Endpoint Security

Ransomware, the weaponization of encryption, has struck fear and confusion into the hearts of PC users and critical infrastructure communities alike. While it is impossible for organizations to prevent malware from infecting their networks, those who deploy a multi-layered security strategy and teach proper cybersecurity hygiene to their employees have a strong chance of defending against these .. read more

The ICIT Ransomware Report: 2016 Will Be the Year Ransomware Holds America Hostage

Institute note: during our non-public soft distribution, we discovered that an incorrect, pre-edited version of this document was distributed. We have since corrected this error.  Our Ransomware Report is available for download below. 2016 is the year ransomware will wreak havoc on America’s critical infrastructure community. The resurgence of these attacks is driven by a growing attack surface .. read more

ICIT Bulletin: Anonsec

This Bulletin is an analysis of the hacktivist group Anonsec, which claimed to have exfiltrated data from NASA servers and drones on January 31, 2016.   On January 31, 2016, Default Virusa, an administrator of the hacktivist group Anonsec, contacted journalist Mikael Thalen, claiming to have exfiltrated between 100-276GB of data from NASA servers and .. read more

On February 5th, 2016, posted in: Latest Posts by Tags: , , , , , , , , ,

ICIT Brief: Hacking Healthcare IT in 2016: Lessons the Healthcare Industry can Learn from the OPM Breach

Among all of America’s critical infrastructures, the healthcare sector is the most targeted and plagued by perpetual persistent attacks from numerous unknown malicious hackers. The goal of these threat actors is to exploit vulnerabilities in insecure and antiquated networks in order to exfiltrate patient data for financial or geopolitical gain. In order to protect patient .. read more

Legislative Brief “Moving Forward: How Victims Can Regain Control & Mitigate Threats in the Wake of the OPM Breach”

In June 2015, the Nation learned that the personnel records of 21.5 million United States citizens had been exfiltrated by an unknown adversary from the Office of Personnel Management, one of the largest known breaches in the history of the U.S. Government.  The immediate public outcry included congressional hearings attributing the breach to OPM administrators and .. read more

OPM Data Breach Interview: Federal News Radio Interviews Dan Waddell, Institute for Critical Infrastructure Technology Fellow

  The OPM Data Breach that has affected millions of current and former federal employees wasn’t about acquiring bank records or credit card information. Instead, signs point to cyber espionage. Dan Waddell, ICIT Fellow and director of government affairs at (ISC)2 joined Emily Kopp on the Federal Drive to discuss the magnitude of the breach. Click HERE .. read more

HHS, ICIT Fellows Collaborate on Privacy and Data in Healthcare

              Thursday, March 26, the Institute for Critical Infrastructure Technology (ICIT) hosted their monthly Fellow Meeting, with featured thought leaders Dr. Kafi Wilson, MHA (ICIT Fellow and CEO, KWMD) and Laura Elizabeth Rosas (Lead Public Health Advisor, Health IT Team, Substance Abuse and Mental Health Services Administration [SAMHSA], U.S. .. read more