Tag Archives: malicious insiders

How to remove malware from a Windows PC

We provide software security, threat modeling and threat mediation in the medical device and healthcare space working with technology developers in Israel.

How does this work?

We evaluate your healthcare software system or medical device from an attacker point of view, then from the management team point of view, and then recommend specific detailed action steps to close the gap between your product and HIPAA security and privacy requirements. We then train your product development team based on these recommendations.

Many medical devices still run on Microsoft Windows; variants of Windows XP, Windows XP embedded and Windows server systems are not uncommon.

Being a commodity operating system, primarily designed for ease of use by end-users and application development by programmers using Visual Studio, it is not uncommon to see malware attack medical devices and healthcare information systems.

If your’e a medical device or healthtech developer using Windows platforms, one of the first action steps we recommend is to setup a security ERT (emergency response team) with a clear response plan and division of responsibilities.

The security ERT will be your first responders in the case of a data leak or malware infection.

The ERT should have a clear, well-thought and debugged procedure for removing malware.  See this excellent malware removal guide for an example.

 

 

Tell your friends and colleagues about us. Thanks!
Share this

Learning about change and changing your security

Reading through the trade press, DLP vendor marketing collateral and various forums on information security,  the conventional wisdom is that the key threat to an organization is trusted insiders. This is arguable – since it depends on your organization, the size of the business and type of operation.   However –

This is certainly true at a national security level where trusted insiders that committed espionage have caused considerable damage.  MITRE Corporation – Detecting Insider Threat Behavior

There are three core and interrelated problem in modern data security:

  1. Systems are focussed on rule-breaking (IDS, DLP, firewalls, procedures) – yet malicious insider can engage in data theft and espionage without breaking one of the IDS/IPS/DLP rules.
  2. The rules are static (standards such as ISO 27001 or PCI DSS 1.x) or slow-moving at best (yearly IT Governance audit)
  3. Ignore collusion between insiders and malicious outsiders whether for espionage purposes (a handler who manipulates an employee) or for criminal purposes (stealing customer data for resale).

You may say – fine, let’s spend more time observing employee behavior and educate supervisors for tell-tale signs of change that may indicate impending involvement in a crime.

However – malicious outsiders (criminals, competitors, terrorists…) that may exploit employees in order to obtain confidential data is just another vulnerability in a whole line of business vulnerabilities.  Any vulnerability must be considered within the context of a threat model – the organization has assets that are damaged by threats that exploit vulnerabilities that are mitigated by countermeasures.   The organization needs to think literally  outside the box and at least attempt to identify new threats and vulnerabilities.

The issue is not that employees can be bought or manipulated, the issue is that government and other hierarchical organizations use a fixed system of security controls.  In reducing the organization’s security to passive executives of defense rules in their procedures and firewalls, we ignore the extreme ways in which attack patterns change over time. Any control policy that is presumed optimal today is likely to be obsolete tomorrow.  It is a fair assumption that an organization that doesn’t change data security procedures frequently – will provide an insider with  enough means, opportunity and social connectivity to game the system and once he or she has motivation – you have a crime.

Learning about change and changing your security systems must be at the heart of day-to-day security management.

Tell your friends and colleagues about us. Thanks!
Share this