[04:08] Report violations, yes. Frame someone for HIPAA violations and you go to prison. Prison Time for Scheme to Frame Nurse for HIPAA Violations
In October 2019, Jeffrey Parker of Rincon, GA contacted a local news station claiming to be a whistleblower alleging a nurse had violated HIPAA privacy laws by emailing graphic images to him and others. The news station contacted the law enforcement and a case was opened. Turns out the investigation found that the nurse, who apparently was an ex-lover, did NOT send any images to anyone and that Jeffrey Parker made it all up. He went as far as to create several fake emails to make it look like these images were sent to several people.
The US Department of Justice charged Jeff with one count of making false statements and faced a maximum sentence of 5 years in prison and a $250,000 fine. He decided to plead guilty, so the Department of Justice sentenced him to 6 months in prison and fined him $1,200.
Little Things Matter
Browser Extensions as Botnet Back Doors
[12:03] Recently there have been reports of how browser extensions have been found to be botnet back doors. KrebsOnSecurity published an article, Is Your Browser Extension a Botnet Backdoor? that explains the threat.
We’ve talked before about the danger of allowing staff to download and install software on their PCs. But do you monitor whether folks are loading browser extensions? The article states that 53.21% of all Chrome extensions have not been updated in the past two years. And, in the past 30 days, only 5.21% of extensions have been updated.
So, browser extensions are tiny little programs you can run inside a browser (like Google Chrome, Microsoft Edge, Brave, Firefox, etc). Think of them as skills that you can add to a browser or little pieces of software that allow you to do some cool stuff in your browser. They have become so popular that the criminals are now trying to find ways to use them to attack us.[23:32] Browser extensions are little programs… little things… they matter because they can cause very big problems. They are different from traditional programs where the user can be prompted to enter an administrative password in order to install a program. Extensions don’t go through that process because the browser is controlling everything to do with it. So it’s actually an activity running within the software. Think of it as I’m going to turn on new settings and I’m going to do all this without installing software on the computer. You’re installing software inside the browser. These extensions can be opening a backdoor into your network. So, it’s very important to understand how this works and determine what safeguards IT can put in place.
You should have policies and procedures that address whether staff can load and use whatever browsers and browser extensions that they want. Determine if IT can monitor these things and make some rules to include in your security policies and procedures.
QuickBooks Data Files Theft Attacks
[31:29] Many organizations use Quickbooks as their accounts payable software and even their payroll platform. But believe it or not, maybe organizations don’t think to include Quickbooks in their list of critical business applications. Often they don’t know IF their Quickbooks files are being backed up or who should be responsible for doing it or even including it in their disaster recovery plans. It might seem like a little thing, but it quickly becomes a big thing when something goes wrong and you can’t access the date or pay staff.
New research has uncovered a significant increase in QuickBooks file data theft using social engineering tricks, like spear phishing, to deliver malware and exploit the accounting software.
Experts Warns of Notable Increase in QuickBooks Data Files Theft Attacks – The Hacker News
“When a user has access to the Quickbooks database, a piece of malware or weaponized PowerShell is capable of reading the user’s file from the file server regardless of whether they are an administrator or not,” the researchers said.
“Furthermore, the attack surface increases exponentially in the event QuickBooks file permissions are set to the “Everyone” group, as an attacker can target any individual in the company, as opposed to a specific person with the right privileges.”
“That’s not all. Besides selling the stolen data on the dark web, the researchers say they found instances where the operators behind the attacks resorted to bait-and-switch tactics to lure customers into making fraudulent bank transfers by posing as suppliers or partners.”
Check the permissions on your data files. Make sure you are securing the files, not just installing the software and making sure it works properly. Get IT involved and don’t assume you can handle it yourself.