Daily Archives: December 17, 2019

Norsk Hydro responds to ransomware attack with transparency

Last March, aluminum supplier Norsk Hydro was attacked by LockerGoga, a form of ransomware. The attack began with an infected email and locked the files on thousands of servers and PCs. All 35,000 Norsk Hydro employees across 40 countries were affected. In the throes of this crisis, executives made three swift decisions:

  • Pay no ransom.
  • Summon Microsoft’s cybersecurity team to help restore operations.
  • Communicate openly about the breach.

Read Hackers hit Norsk Hydro with ransomware to learn why this approach helped the company recover and get back to business as usual.

The post Norsk Hydro responds to ransomware attack with transparency appeared first on Microsoft Security.

This Bug Could Have Let Anyone Crash WhatsApp Of All Group Members

WhatsApp, the world's most popular end-to-end encrypted messaging application, patched an incredibly frustrating software bug that could have allowed a malicious group member to crash the messaging app for all members of the same group, The Hacker News learned. Just by sending a maliciously crafted message to a targeted group, an attacker can trigger a fully-destructive WhatsApp crash-loop,

Nuclear Bot Author Arrested in Sextortion Case

Last summer, a wave of sextortion emails began flooding inboxes around the world. The spammers behind this scheme claimed they’d hacked your computer and recorded videos of you watching porn, and promised to release the embarrassing footage to all your contacts unless a bitcoin demand was paid. Now, French authorities say they’ve charged two men they believe are responsible for masterminding this scam. One of them is a 21-year-old hacker interviewed by KrebsOnSecurity in 2017 who openly admitted to authoring a banking trojan called “Nuclear Bot.”

On Dec. 15, the French news daily Le Parisien published a report stating that French authorities had arrested and charged two men in the sextortion scheme. The story doesn’t name either individual, but rather refers to one of the accused only by the pseudonym “Antoine I.,” noting that his first had been changed (presumably to protect his identity because he hasn’t yet been convicted of a crime).

“According to sources close to the investigation, Antoine I. surrendered to the French authorities at the beginning of the month, after being hunted down all over Europe,” the story notes. “The young Frenchman, who lived between Ukraine, Poland and the Baltic countries, was indicted on 6 December for ‘extortion by organized gang, fraudulent access to a data processing system and money laundering.’ He was placed in pre-trial detention.”

According to Le Parisien, Antoine I. admitted to being the inventor of the initial 2018 sextortion scam, which was subsequently imitated by countless other ne’er-do-wells. The story says the two men deployed malware to compromise at least 2,000 computers that were used to blast out the sextortion emails.

While that story is light on details about the identities of the accused, an earlier version of it published Dec. 14 includes more helpful clues. The Dec. 14 piece said Antoine I. had been interviewed by KrebsOnSecurity in April 2017, where he boasted about having created Nuclear Bot, a malware strain designed to steal banking credentials from victims.

My April 2017 exposé featured an interview with Augustin Inzirillo, a young man who came across as deeply conflicted about his chosen career path. That path became traceable after he released the computer code for Nuclear Bot on GitHub. Inzirillo outed himself by defending the sophistication of his malware after it was ridiculed by both security researchers and denizens of the cybercrime underground, where copies of the code wound up for sale. From that story:

“It was a big mistake, because now I know people will reuse my code to steal money from other people,” Inzirillo told KrebsOnSecurity in an online chat.

Inzirillo released the code on GitHub with a short note explaining his motivations, and included a contact email address at a domain (inzirillo.com) set up long ago by his father, Daniel Inzirillo.

KrebsOnSecurity also reached out to Daniel, and heard back from him roughly an hour before Augustin replied to requests for an interview. Inzirillo the elder said his son used the family domain name in his source code release as part of a misguided attempt to impress him.

“He didn’t do it for money,” said Daniel Inzirillo, whose CV shows he has built an impressive career in computer programming and working for various financial institutions. “He did it to spite all the cyber shitheads. The idea was that they wouldn’t be able to sell his software anymore because it was now free for grabs.”

If Augustin Inzirillo ever did truly desire to change his ways, it wasn’t clear from his apparent actions last summer: The Le Parisien story says the sextortion scams netted the Frenchman and his co-conspirator at least a million Euros.

In August 2018, KrebsOnSecurity was contacted by a researcher working with French authorities on the investigation who said he suspected the young man was bragging on Twitter that he used a custom version of Nuclear Bot dubbed “TinyNuke” to steal funds from customers of French and Polish banks.

The source said this individual used the now-defunct Twitter account @tiny_gang1 to taunt French authorities, while showing off a fan of 100-Euro notes allegedly gained from his illicit activities (see image above). It seemed to the source that Inzirillo wanted to get caught, because at one point @tiny_gang1 even privately shared a copy of Inzirillo’s French passport to prove his identity and accomplishments to the researcher.

“He modified the Tinynuke’s config several times, and we saw numerous modifications in the malware code too,” the source said. “We tried to compare his samples with the leaked code available on GitHub and we noticed that the guy actually was using a more advanced version with features that don’t exist in the publicly available repositories. As an example, custom samples have video recording functionality, socks proxy and other features. So the guy clearly improved the source code and recompiled a new version for every new campaign.”

The source said the person behind the @tiny_gang Twitter account attacked French targets with custom versions of TinyNuke in one to three campaigns per week earlier this year, harvesting French bank accounts and laundering the stolen funds via a money mule network based mostly in the United Kingdom.

“If the guy behind this campaign is the malware author, it could easily explain the modifications happening with the malware, and his French is pretty good,” the researcher told KrebsOnSecurity. “He’s really provocative and I think he wants to be arrested in France because it could be a good way to become famous and maybe prove that his malware works (to resell it after?).”

The source said the TinyNuke author threatened him with physical harm after the researcher insulted his intelligence while trying to goad him into disclosing more details about his cybercrime activities.

“The guy has a serious ego problem,” the researcher said. “He likes when we talk about him and he hates when we mock him. He got really angry as time went by and started personally threatening me. In the last [TinyNuke malware configuration file] targeting Poland we found a long message dedicated to me with clear physical threats.”

All of the above is consistent with the findings detailed in the Le Parisien report, which quoted French investigators saying Antoine I. in October 2019 used a now-deleted Twitter account to taunt the authorities into looking for him. In one such post, he included a picture of himself holding a beer, saying: “On the train to Naples. You should send me a registered letter instead of threatening guys informally.”

The Le Parisien story also said Antoine I. threatened a researcher working with French authorities on the investigation (the researcher is referred to pseudonymously as “Marc”).

“I make a lot more money than you, I am younger, more intelligent,” Antoine I. reportedly wrote in July 2018 to Marc. “If you do not stop playing with me, I will put a bullet in your head. ”

French authorities say the defendant managed his extortion operations while traveling throughout Ukraine and other parts of Eastern Europe. But at some point he decided to return home to France, despite knowing investigators there were hunting him. According to Le Parisien, he told the French authorities he wanted to cooperate in the investigation and that he no longer wished to live like a fugitive.

Protecting programmatic access to user data with Binary Authorization for Borg


At Google, the safety of user data is our paramount concern and we strive to protect it comprehensively. That includes protection from insider risk, which is the possible risk that employees could use their organizational knowledge or access to perform malicious acts. Insider risk also covers the scenario where an attacker has compromised the credentials of someone at Google to facilitate their attack. There are times when it’s necessary for our services and personnel to access user data as part of fulfilling our contractual obligations to you: as part of their role, such as user support; and programmatically, as part of a service. Today, we’re releasing a whitepaper, “Binary Authorization for Borg: how Google verifies code provenance and implements code identity,” that explains one of the mechanisms we use to protect user data from insider risks on Google's cluster management system Borg.

Binary Authorization for Borg is a deploy-time enforcement check

Binary Authorization for Borg, or BAB, is an internal deploy-time enforcement check that reduces insider risk by ensuring that production software and configuration deployed at Google is properly reviewed and authorized, especially when that code has the ability to access user data. BAB ensures that code and configuration deployments meet certain standards prior to being deployed. BAB includes both a deploy-time enforcement service to prevent unauthorized jobs from starting, and an audit trail of the code and configuration used in BAB-enabled jobs.

BAB ensures that Google's official software supply chain process is followed. First, a code change is reviewed and approved before being checked into Google's central source code repository. Next, the code is verifiably built and packaged using Google's central build system. This is done by creating the build in a secure sandbox and recording the package's origin in metadata for verification purposes. Finally, the job is deployed to Borg, with a job-specific identity. BAB rejects any package that lacks proper metadata, that did not follow the proper supply chain process, or that otherwise does not match the identity’s predefined policy.

Binary Authorization for Borg allows for several kinds of security checks

BAB can be used for many kinds of deploy-time security checks. Some examples include:
  • Is the binary built from checked in code?
  • Is the binary built verifiably?
  • Is the binary built from tested code?
  • Is the binary built from code intended to be used in the deployment?
After deployment, a job is continuously verified for its lifetime, to check that jobs that were started (and any that may still be running) conform to updates to their policies.

Binary Authorization for Borg provides other security benefits
Though the primary purpose of BAB is to limit the ability of a potentially malicious insider to run an unauthorized job that could access user data, BAB has other security benefits. BAB provides robust code identity for jobs in Google’s infrastructure, tying a job’s identity to specific code, and ensuring that only the specified code can be used to exercise the job identity’s privileges. This allows for a transition from a job identity—trusting an identity and any of its privileged human users transitively—to a code identity—trusting a specific piece of reviewed code to have specific semantics and which cannot be modified without an approval process.

BAB also dictates a common language for data protection, so that multiple teams can understand and meet the same requirements. Certain processes, such as those for financial reporting, need to meet certain change management requirements for compliance purposes. Using BAB, these checks can be automated, saving time and increasing the scope of coverage.

Binary Authorization for Borg is part of the BeyondProd model
BAB is one of several technologies used at Google to mitigate insider risk, and one piece of how we secure containers and microservices in production. By using containerized systems and verifying their BAB requirements prior to deployment, our systems are easier to debug, more reliable, and have a clearer change management process. More details on how Google has adopted a cloud-native security model are available in another whitepaper we are releasing today, “BeyondProd: A new approach to cloud-native security.”

In summary, implementing BAB, a deploy-time enforcement check, as part of Google’s containerized infrastructure and continuous integration and deployment (CI/CD) process has enabled us to verify that the code and configuration we deploy meet certain standards for security. Adopting BAB has allowed Google to reduce insider risk, prevent possible attacks, and also support the uniformity of our production systems. For more information about BAB, read our whitepaper, “Binary Authorization for Borg: how Google verifies code provenance and implements code identity.”

Additional contributors to this whitepaper include Kevin Chen, Software Engineer; Tim Dierks, Engineering Director; Maya Kaczorowski, Product Manager; Gary O’Connor, Technical Writing; Umesh Shankar, Principal Engineer; Adam Stubblefield, Distinguished Engineer; and Wilfried Teiken, Software Engineer; with special recognition to the entire Binary Authorization for Borg team for their ideation, engineering, and leadership

AppSec Themes to Watch in 2020

Contributors:

Paul Farrington, Veracode EMEA CTO

Pejman Pourmousa, Veracode VP of Services

Chris Wysopal, Veracode CTO and co-founder

As we said in the introduction to our 10th anniversary State of Software Security report this year, the last 10 years in AppSec saw both enormous change, and a fair amount of stagnation. Part of the reason for the stagnation is that software development is increasing at unprecedented rates, and security is often struggling to keep up. So as we shift our focus from reflection to prediction, we think application security in 2020 will be all about new solutions and best practices to keep up with the pace of development and empower developers to code both quickly and securely. A few AppSec themes we expect to see renewed focus on in 2020 include:

Security champions

With a security skills shortage, and an explosion of software development, it’s time to get creative to spread security skills and know-how across development teams. A security champions program is becoming a popular way to do this, and we expect to see more of these programs in 2020. In a recently released report, Building an Enterprise DevSecOps Program, security analyst Adrian Lane notes, “I spoke with three midsized firms this week — their development personnel ranged from 800-2000 people, while their security teams ranged from 12 to 25.” In the same report, he says of assigning security champions to development teams, “Regardless of how you do it, this is an excellent way to scale security without scaling headcount, and we recommend you set aside some budget and resources — it returns far more benefits than it costs.”

A security champion is a developer with an interest in security who helps amplify the security message at the team level. Security champions don’t need to be security pros; they just need to act as the security conscience of the team, keeping their eyes and ears open for potential issues. Once the team is aware of these issues, it can then either fix the issues in development or call in your organization’s security experts to provide guidance.

With a security champion, an organization can make up for a lack of security coverage or skills by empowering a member of the development team to act as a force multiplier who can pass on security best practices, answer questions, and raise security awareness.

Metrics that make sense

Metrics — or perhaps more accurately, the right metrics — are crucial for understanding what’s really happening in your AppSec program. They serve a dual purpose: They demonstrate your organization’s current state, and also show what progress it’s making in achieving its objectives. 

On the flip side, focusing on the wrong metrics can lead to frustration, disengagement, and a stalled program. If you’ve got an overly stringent AppSec policy – for instance, “fix all flaws found within two weeks” – your metrics will not paint a pretty picture, and your developers will give up before they’ve begun. We think 2020 will be the year of getting AppSec metrics right with smart, achievable, sensible AppSec policies.

We will increasingly see a focus on providing developers with simple cues to encourage the right behavior, but in a realistic way. For example, teams start by classifying those security bugs that are highest priority, those that are important but not showstoppers, and those that, although not ideal, are acceptable to exist. Especially for the first two categories, they then track the average time to fix a security bug, baseline, and then negotiate targets so that engineers and product owners can buy-in. These metrics may ultimately help to determine compensation, but perhaps initially are linked to softer benefits for the team.

Security across the pipeline

We’re seeing organizations start to build security into each phase of the development pipeline, and expect to see more of this shift in 2020. From pre-commit scans in the the IDE (my code), to build scans in the CI pipeline (our code), to deployment scans in the CD pipeline (production code), security testing will cover code from inception to production.

Scaling

DevSecOps is no longer niche—organizations are moving faster and producing more software than ever before. Scaling is the name of the AppSec game in 2020. AppSec programs that are cumbersome or slow to scale will not last in this new decade. What are the keys to scaling AppSec?

A SaaS-based solution: The time and budget required to quickly scale an on-premises AppSec solution make it ill equipped for a modern DevSecOps environment.

Expert help: Outside AppSec expertise can be useful in helping to establish your security program’s goals and roadmap. More importantly, it can help keep your roadmap on track by guiding developers through the fixing of flaws your scans find.

Security champions: As we discussed in the section above, security champions will be key to doing more with less security staff.

Regulations

More and more security regulations are specifically calling out the need for application security – from NIST, to PCI, NY DFS, and GDPR. In turn, the need for a documented application security processes will become paramount in the new year. The Financial Services Sector Cybersecurity Profile from the FSSCC is an example of how FinTech firms are trying to unify reporting standards for the various regulatory frameworks.

Demand for secure software

IT buyers are increasingly questioning the security of software they are purchasing. If you can’t answer questions about your security practices or can’t address your customers’ audit requirements, you’re likely to experience lost or delayed sales opportunities. In some cases, prospects will turn elsewhere. However, vendors that can address these security concerns quickly and effectively stand out among suppliers and leverage security as a competitive advantage. A recent survey report we conducted with IDG found that 96 percent of respondents are more likely to consider doing business with a vendor or partner whose software has been independently verified as “secure.”

In addition, thanks to the speed of modern software delivery, we will see the methods for attesting to the security of software change. For example, we anticipate a shift to process-based attestations, such as proof of the security of an application’s development process (as with Veracode Verified), rather than point-in-time third-party pen tests. Point-in-time tests will carry less and less weight as the speed of software updates and changes increase.

What’s behind this demand for proof of security? It stems in part from new, more dire impacts from security breaches. When Target was breached in 2013, it created headlines for a few weeks, but it didn’t really affect its bottom line. Today, that has changed. Now we are seeing acquisitions fail, CEOs lose jobs, and stock values take hits because of breaches. Proving your software is secure will give companies an advantage in 2020.  

Learn more

Continue the conversation – join our upcoming discussion on AppSec in 2020 in our upcoming webinar, AppSec in 2020: What’s on the Horizon.

The 2020 State of Breach Protection Survey – Call for Participation

2010-2019 decade will be remembered as the time in which cybersecurity became acknowledged as a critical concern for all organizations. With rapidly growing security needs and respective budgets, it is now more essential than ever for security decision-makers to zoom out of the 'products' mindset and assess their security stack in light of the overall breach protection value that their

5 Promising vendors focusing on Cyber Security for Medical IoT (IoMT)

Medical IoT devices operate in care facility environments that encompass care giving, case management, customer service, and clinic management. As such, the risk of data gathered and managed by medical devices extends beyond the device itself. A compromise of clinic management services can propagate to IoT device command and control, allowing compromise of devices in attacks that do not directly touch the device at all. This is clearly the major driver for the emerging category of “Medical IoT (IoMT) Cyber Security ”

A large hospital for examples could be home to as many as 85,000 connected devices. While each of these devices has a significant role in the delivery of care and operational efficiency, each connected device also opens the door to a malicious cyberattack. A recent report from Irdeto,  found that 82 percent of healthcare organizations’ IoT devices have been targeted with a cyberattack within the last year.

Going over the players in this industry, it is clear that the Medical IoT security category includes a number of different approaches with the common target to provide the customer with a clear assets discovery and timely alerting on security breaches and attacks on its Medical environment.

Although many large security players are addressing this niche too, CyberDB identified a number of emerging players that are focusing on this industry and as such we expect them to benefit from the growth in this market. These players are (in alphabetical order):

Due to the clear use case and the growing awareness and need in this market, we can see general-purpose IoT security players moving towards the Medical IoT security market.

According a recent report by BisResearch, the overall Medical IoT Cyber security market has been witnessing a steady growth. The market is expected to continue to grow with a double digit CAGR of 41.38% during the forecast period 2019-2028.

 

 

 

 

 

 

CyberMDX

CyberMDX is a pioneer in medical cyber security, delivering visibility, threat prevention and analytics for medical and IoT devices and clinical assets. It is a best of breed product built from the ground up for healthcare delivery organizations. CyberMDX is established in 2017, acts globally and raised so far $10M of funds. Its headquarters reside in Tel Aviv & New York City

 CyberMDX counters and prevents growing cyber-threats against hospitals, ensuring its critical assets operational continuity as well as patient and data safety. CyberMDX  delivers endpoint visibility, network threat prevention and operational analytics for medical, IoT, and OT devices. The agentless solution automates the most granular, context-aware device profiling available on the market and combines it with healthcare tailored risk assessment and remediation capabilities.

Using CyberMDX, healthcare teams can easily:

  • Audit devices for software vulnerabilities and prioritize patching
  • Detect malicious activity and behavioral anomalies, triggering responses accordingly
  • Manage risks proactively via smart micro-segmentation planning and automation
  • Streamline clinical compliancy programs
  • Report device-relevant FDA recalls
  • Optimize device allocation and procurement decision based on usage insights
  • Track and manage medical asset lifecycles
  • Provide rich reports in support of HIPAA and corporate compliance efforts
  • Seamlessly integrate with existing cyber and IT solutions to enrich data sets, enhance workflows, and enable operational excellence

Differentiators

  1. Interdepartmental HDO functionality and true workflow enablement: CyberMDX takes a holistic, 360° view of healthcare organizations and understands that only by building a common frame of reference and cross-departmental synergies can wholesale progress be achieved. Beyond mere security, CyberMDX provides security, IT, clinical engineering and compliance teams with a platform for data-driven workflow enablement and collaboration.
  2. Unmatched, context-aware visibility: CyberMDX delivers deep visibility into medical devices, protocols, and connected things of all sorts — along with a clear-eyed view of their clinical context. This deep and contextual visibility drives prevention, incident response, risk mitigation, and lifecycle management (including patch availability notifications). The solution covers medical devices, IoT, and OT across the entire network — providing a single pane of glass from which to view all connected healthcare assets.
  3. Superior depth and breadth of risk reporting around clinical and critical assets: CyberMDX has a dedicated research team focused solely on connected healthcare and IoMT. The team works with medical device manufactures and regulatory bodies such as CISA, ECRI, MITRE and the FDA to spot and lock down cybersecurity hazards and vulnerabilities before they can be exploited by malicious actors.

Back

 

 

Cynerio

Cynerio was established in 2017 by a versatile team with expertise in cybersecurity, medical devices, and healthcare IT. Headquartered in New York City, Cynerio works with leading Healthcare Delivery Organizations (HDOs) worldwide and delivers the only medical-first cybersecurity solution clinical ecosystems require to stay secure and operate with the peace of mind they need to put their focus where it’s needed most: on patient care.

The Problem

The IoT is an emerging space with a broad sphere of challenges that gets even more complicated when placed in the healthcare context. Hospitals and other HDOs have limited visibility into which devices exist on their networks, device behavior, and vulnerabilities. This limited visibility and understanding impairs IT personnel’s ability to remediate without interrupting patient care.

Securing the healthcare IoT poses the multifold challenge of securing medical devices developed without security in mind. Many of these devices run on outdated operating systems and can’t be patched. Hospital staff often has limited knowledge of the scope of security risks and vulnerabilities introduced to the network by unprotected devices. This is further complicated by traditional security solutions that are ineffective in dealing with connected devices in general.

Hospitals also rely on various non-traditional medical devices to help deliver essential care, such as elevators used to transport patients and smart refrigerators used to store sensitive biological material and medications. These devices are connected to the clinical ecosystem and are involved in medical workflows but are often not given the proper priority when evaluating the security strategy.

The Solution

Cynerio’s holistic medical-first approach to healthcare  / Medical IoT cybersecurity management provides HDOs with a one-stop shop they can rely on by prioritizing patient care and privacy above all else while contextualizing risk and remediation within the framework of healthcare business goals. This approach to security allows HDOs to gain control over their clinical assets and helps achieve immediate security goals and meet strategic, long-term objectives.

Cynerio’s agentless and nonintrusive solution analyzes device communications and behavior to provide ongoing, accurate, and contextual assessments of risk and security posture. This enables swift remediation without impacting operations.

Back

 

 

Medigate

 

Medigate is a comprehensive platform for IoT cybersecurity. Distinguished by powerful capabilities driving use-cases that have revolutionized expectations around what clinical visibility can mean, Medigate is successfully partnering with health systems across the world to monetize risk reduction practice.

Not unlike other industries, Healthcare’s vaunted digital transformation is based on unprecedented, new levels of visibility. Although having the ability to identify connected endpoints represents a step forward, it is not the game-changer. Rather, it’s the device-specific, detailed attribution and utilization metrics passively captured by Medigate that competitively separates its offering. Made even more real by meaningful and fully operationalized integrations to the systems that can naturally benefit (e.g. NAC, firewalls, SIEM, CMMS and emerging applications in supply chain, procurement and finance), Medigate’s excellent track record with some of the nation’s largest health systems is easily verified.

It is not “magic” and Medigate’s engineering-heavy company profile reflects it. Medigate has done the heavy lift required to passively fingerprint all connected assets, including serially connected modules and/or devices “hidden” behind legacy and modern integration points. The approach is known as deep packet inspection (DPI).  Having invested in the engineering talent required to effectively parse the transmission flows between devices, nested modules, integration points and their payload destinations (e.g. EMRs), Medigate delivers the most detailed and accurate baselines available, while also providing continuously monitored, dynamic views of the entire connected ecosystem.

Emboldened by widely publicized and successful attacks, the FDA’s changing guidance, Joint Commission directives and the recognition by acute care providers that ultimately, it’s a patient safety issue, risk capital has poured into the problem space. Validating Medigate’s approach, competitors use deep packet inspection (DPI) when they can and rely on probabilistic methods (i.e. behavioral models promoted as AI) when they cannot. For DICOM and other protocols packaged in the HL7 framework, all vendors use DPI, but that’s as far as they go, and that’s a seminal difference. Solution evaluators should investigate that difference and make up their own minds.

Medigate’s deterministic approach relies on its proven ability to resolve more than one hundred unique medical device protocols encompassing thousands of common devices that would otherwise go uncovered. The skillsets required to do that, and the resulting superior data quality, have fueled far more meaningful system integrations, non-traditional cross functional collaborations and numerous new use-cases that are turning risk reduction into a more strategically diverse, revenue creation practice. In terms of clinical network visibility, Medigate-powered “views” of what’s now possible are strengthening IT’s ROI mission to the enterprise.

Back

 

 

 

Sternum

Sternum, the multilayered cybersecurity solution offering real-time, embedded protection for IoT devices, was founded in 2018 in Tel Aviv by a team of highly experienced R&D and business leaders. Sternum has a profound understanding of embedded systems and deep insights into the dynamics of today’s threats, offering a new standard of cybersecurity for medical IoT devices. In accordance with the FDA’s pre-market cybersecurity guidelines (which included our commentary), and with unique technology that is ensuring the security of all connected medical devices, Sternum is protecting patients’ lives.

The result: Robust defense of lifesaving devices such as pacemakers and insulin pumps by mitigating known threats while simultaneously adapting to and combating new ones.

 

The company has developed two holistic solutions:

  • Sternum’s Embedded Integrity Verification (EIV) identifies and blocks cyberattacks in real time. This integrity-based attack prevention can be deployed to any medical device, including distributed and unmanaged IoT devices. EIV operates like an on-device firewall, validating each operation within the device. EIV only needs to be deployed once. Once EIV is installed, every new piece of code (including 3rd party) receives protection automatically, fitting into the low resource environment of medical devices and providing security throughout the device’s lifecycle.
  • Sternum’s Real-time IoT Event Monitoring System (RIEMS) provides first-of-its-kind visibility from within IoT devices (including operating systems and other 3rd party components) so that OEMs who manufacture the devices, enterprises who implement them, and consumers who use them are immediately alerted to indications of any cyber breach, including prevented attack attempts. RIEMS also continuously monitors devices outside managed networks, enabling OEMs to maintain control of product security for all distributed devices.

How is Sternum’s software-only product suite revolutionary in the medical IoT world?

  • Sternum, as a high-diversity and platform-agnostic solution, is the only on-device, real-time cybersecurity solution supporting all types of real-time operating systems (RTOS) and homegrown OS.
  • Sternum’s solution operates during runtime with exceptionally low overhead of 3%.
  • Because it operates in real time, the solution thwarts zero-day attacks.
  • While network security solutions fail to adequately secure today’s distributed medical devices, Sternum provides real-time monitoring of devices outside managed networks.
  • Cyberattack prevention is near-perfect when utilizing Sternum’s EIV solution; for over 170 cyberattacks, 96.5% were prevented when benchmarked with RIPE (Runtime Intrusion Prevention Evaluator).

Sternum’s unique, flexible cyber security solution for the Internet of Medical Things (IoMT) can be seamlessly integrated with any medical device’s operating system and development process.

Back

 

 

 

 

VDOO

Founded in 2017 by serial cybersecurity entrepreneurs Netanel Davidi and Uri Alter, VDOO has raised $45 million from top-tier investors including 83North, Dell Technology Capital, WRVI Capital, GGV Capital, NTT DOCOMO Ventures and MS&AD ventures. The company currently has more than 65 employees at our offices in the US, Japan and Israel, and dozens of well-known customers around the globe including Medtronic, Stanley Healthcare, NTT and MS&AD.

With device security quickly becoming a strategic imperative for the healthcare market, product security teams that work on medical devices cannot keep making long-term decisions based on a partial picture of possible vulnerabilities at a single stage of the device lifecycle. In order to scale their ability to provide optimal security, they must replace the time- and resource-intensive point solutions they are using today with a single integrated platform.

This is where VDOO comes in. Our Product Security Platform for Connected Devices is the only automated security solution that is integrated across the entire medical device lifecycle – from design and development all the way to deployment, post-deployment and legacy. The end-to-end platform includes modules for security analysis, gap resolution, regulatory compliance, embedded protection, operations monitoring, executive insights and threat intelligence.

VDOO’s unique approach to providing optimal security for medical devices is based on the combination of our patented technology with advanced binary analysis and highly sophisticated machine learning capabilities. This is augmented by our research team, which includes some of the world’s leading embedded security experts, that has built the most comprehensive device security database available today based on the thorough analysis of hundreds of millions of binaries and tens of thousands of connected products.

The VDOO platform’s key differentiators and benefits:

  1. Contextual and focused device-specific security – Speed up time-to-market and reduce the risk of attacks by cutting out the noise and focusing on the right threats
  2. Automated security processes for the entire device lifecycle – Improve the efficiency of SDLC processes, reducing operational resource requirements across the board
  3. Verified compliance with leading standards and regulations – Increase product sales while improving customer adoption by ensuring that all devices are compliant
  4. Full visibility into the software supply chain – Reduce dependency on third parties by owning your security, thus lowering legal, monetary and reputational risks
  5. Comprehensive end-point security visibility and analytics – Monetize security as a business model by offering monitoring and protection services to end-users

Back

 

 

The post 5 Promising vendors focusing on Cyber Security for Medical IoT (IoMT) appeared first on CyberDB.