Category Archives: Cybersecurity

The State of Healthcare Cybersecurity: VMware Security Business Unit Explores the Surge in Cyber Threats

Written by Samantha Mayowa

On the frontline of the pandemic, perhaps no industry was impacted and forced to innovate and transform as quickly as healthcare in 2020. Whether it was the rapid development of COVID-19 testing technology or the explosion of telehealth, healthcare organisations accelerated digital transformation in record time. But with these innovations came new and unprecedented security vulnerabilities that cybercriminals quickly looked to exploit and profit from.

Healthcare in Crisis: A Look Back at 2020

To help understand the state of healthcare cybersecurity, we took a look back at 2020 and found that there were 239.4 million attempted cyberattacks targeting VMware Security Business Unit healthcare customers. We also found an average of 816 attempted attacks per endpoint in 2020, a staggering 9,851% increase from 2019. The surge in attacks began as early as February just as the pandemic started to spread worldwide. From January to February, the number of attempted attacks shot up by 51% as cybercriminals set their sights on vulnerable healthcare organisations that were navigating tremendous changes in the way they operate and treat patients.

In the latter half of the year, we saw the attempted attacks per endpoint peak with an 87% increase from September to October. The timing of this significant spike corresponds with the October alert from the Cybersecurity and Infrastructure Security Agency (CISA), which warned of increased cyberattacks by a Ryuk ransomware gang specifically targeting healthcare organisations.

“Amid the pandemic, cybercriminals now have limitless attack methods,” said Rick McElroy, Principal Cybersecurity Strategist at VMware Security Business Unit. “Whether it is using tried and true malware like EMOTET or using BitLocker to ransom systems, malicious actors continue to gain ground. The FBI, Department of Homeland Security (DHS), and other federal agencies have all issued warnings about the surge in cyberattacks against healthcare organisations.”

We are now also seeing “secondary infections,” which are leveraged to facilitate long-term cyberattack campaigns, happening across the digital healthcare supply chain and have led to a surge of extortions and helped fuel a cybercrime market. Our research found protected health information (PHI) being bought and sold on dark web markets as cybercriminals look for the easiest way to cash in on data.

A Ransomware Pandemic

In 2020, we saw ransomware go mainstream. The wide-reaching impact of ransomware has been assisted largely by way of affiliate programs. Many ransomware groups offering ransomware-as-a-service (RaaS), making the deployment of ransomware easily accessible to millions of cybercriminals who previously did not have the tools to carry out these attacks. Compounding these risks is the adage of affiliate programs for ransomware groups, providing new and unique ways for malware operators to have others deploy their payloads for a cut of the eventual profits.

“As RaaS explodes in popularity on the crimeware forums, cybercriminals are finding new and unique ways to deploy ransomware across organisations,” said Greg Foss, senior cybersecurity strategist at VMware Security Business Unit. “Similar to how spies are recruited for espionage against government agencies, regular everyday people with access to high-value targets can be recruited to deploy malware. Often, they are lured through offers of significant sums of money or even a percentage of the ransomware payout, with some offering hundreds of thousands of dollars per victimised organisation. Affiliate programs and partnerships between ransomware groups have also become a common occurrence alongside the general recruiting of insiders. These affiliate programs look to partner with initial access brokers – criminals that specialise in breaking into organisations and subsequently sell direct access and other ransomware gangs to improve their tradecraft, furthering their reach and overall profitability.

The above image taken from the dark web is a recent example of a recent post by the ransomware group, Darkside, actively looking for affiliates to add to their operation.

Throughout 2020, we have seen expansions in the use of ransomware with some threat actors repurposing ransomware for use as pure wipers, wherein the decryption keys will be able to recover the lost data, and more recently in Denial-of-Service (DoS) attacks, impacting core services that citizens rely on every day. There is no sign of these groups slowing down. We are witnessing the exact opposite, with groups beginning to collaborate at an unprecedented scale, share stolen resources, and even combine forces.

“COVID-19 test results are a hot commodity on the dark web right now, mostly in the form of large data dumps,” said Greg Foss. “An interesting component around today’s ransomware attacks is that underqualified, lesser-known cybercriminal groups are behind them thanks to the rise in RaaS. All it takes is a quick search on the dark web for someone to license out a ransomware payload to infect targets. Today, it’s unfortunately just as easy to sign up for a grocery delivery service as it is to subscribe to ransomware.”

The above image taken from the dark web shows patient data for sale, specifically related to COVID-19 test results, appointments, and other PHI.

The Rise in Secondary Extortion

Ransomware groups have widely adopted double extortion as a core tactic to ensure profitability. By taking time to quietly exfiltrate sensitive information from the organisation, cybercriminals gain incrementally significant leverage on their victim organisations, forcing organisations to not only pay to decrypt their content but also prevent potentially harmful data from being sold or otherwise publicly disclosed. Thus, significantly increasing the impact and damage that ransomware groups can inflict upon their victims and sending a stark warning to others to protect their networks from this ever-evolving threat.

How to Fight Back: Three Security Recommendations for Healthcare CISOs

For healthcare organisations, understanding the evolving threat landscape is half the battle. Now that CISOs have a grasp of what they are up against, there is a key defence that should be in place. Here are three best practices to help CISOs stay one step ahead of attackers:

Next-generation Antivirus (AV): CISOs can start by ensuring their endpoint protection solution incorporates defences for each phase of ransomware attacks: the delivery, propagation, and encryption stages. Today, traditional AV focuses mostly on the delivery stage, but this leaves a security gap with new malware. To detect and stop these attacks from propagating, solutions should also track endpoint activity to root out common behaviours such as privilege escalation and lateral movement, and finally prevent encryption by employing decoys and protecting local files and critical boot sequences.

Endpoint Protection: CISOs need an endpoint protection solution that easily scales and deploys to new users. The inability to rapidly provision new remote endpoints is another vulnerability and break in security postures. Healthcare organisations need the ability to easily provision access to new users while maintaining data privacy, compliance, and security practices. Siloed and on-premises security products increase complexity and delay progress in standing up and securing remote workers. Endpoint cloud helps organisations transform security with cloud-native endpoint protection that eliminates many of the time and resource-consuming barriers that often slow down deployments. The solution also offers security teams the full visibility and control required to help prevent, detect, and respond to endpoint threats.

IT Tracking Tools: For CISOs to understand any area of vulnerability it is important to employ a solution that enables organisations to assess and harden system state. It is much easier to patch and prevent attacks than it is to remediate them. When it comes to helping prevent ransomware attacks, solutions that offer automated reporting to track configuration drift will help ensure environments stay as secure as possible. A cloud audit and remediation solution allows security teams to easily track drift and comes ready with built-in response tools to apply updates or run scripts for full remediation in minutes.

Securing Healthcare Organisations in 2021 and Beyond

The pandemic has brought about not only operational and patient challenges but also new cybersecurity threats and vulnerabilities for healthcare organisations. For CISOs and security leaders, it is time to ensure the proper security controls are in place as new technology is implemented to support remote work, patient care and more.

Healthcare organisations will continue to be extorted by cybercriminals looking for a payday or to monetise medical and patient data. As we move forward, it is critical to pay close attention not only to how these criminals achieve their goals but also to how we respond to these threats. We must continue to leverage organisations like the H-ISAC to bring the industry together and enable real-time collaboration and threat intelligence sharing. Our 2020 findings should serve as a starting point for a discussion between the cybersecurity community and the defenders of the healthcare sector on how to best collaborate and ensure patient care are not disrupted by cyberattacks.

David Grout: 5 Tips to Improve Threat Report Analysis and Action

Written by David Grout, CTO EMEA for FireEye and Yann Le Borgne, Technical Director for ThreatQuotient.

Most organisations have more threat intelligence than they know what to do with, from a variety of sources – commercial, open source, government, industry sharing groups and security vendors. Bombarded by millions of threat data points every day, it can seem impossible to appreciate or realise the full value of third-party data.

Here are five tips they shared.

  1. Select the right sources of threat data for your organisation.

When polled, the audience reported using a well-balanced combination of sources of threat intelligence. They are on the right track, but David explains that it is also important to identify the right sources for your organisation and collect threat reports from several different sources as they provide different levels of content – strategic, operational and tactical. Figure out the who, what and when for consumption and use that for your metric for success when looking at acquisition.

Yann adds that as open-source intelligence (OSINT) is free and easy to access, most organisations use it extensively. But organisations must also consider the trust and reliability of sources. Yann explains that in a classical hierarchy, the highest level of trust comes from the intelligence you generate and receive from your close network and peers, and OSINT information is placed at the lowest level. David recommends using trust models such as the Admiralty System or NATO System which classifies information from A to F for reliability and from 1 to 6 for credibility, particularly for new sources that surface during times of crises or outbreaks. Applying this scale to threat intel helps to determine what to do with the data and reduces false positives and noise generated from non-validated and unconfirmed data.

  1. Determine who will acquire the data.

In response to the next poll question, 25% of respondents said all groups have access to all threat intelligence sources. David explained that while it may be good to provide access to a broad audience, it is probably even better to have one team responsible for acquiring and analysing threat reports and only delivering information that is actionable. Not every stakeholder needs every level of intelligence.

Using the report on the Ryuk ransomware from the French National Agency for the Security of Information Systems (ANSSI) as an example, Yann explained that to do this you need to determine how the same report will impact and be used by various teams across the organisation. Different teams may use different aspects of the same report in different ways to achieve their desired outcomes, for example modifying policy (strategic), launching hunting campaigns (operational) or disseminating technical indicators (tactical). A threat report that is in PDF format requires a lot of work to translate the information it contains into actionable data for different sets of users, which is why it is important to have a dedicated team acquire the data.

  1. Structure the data for analysis.

Yann explained that the three steps for analysis include: understanding the context of report, the relevance of the report, and relating the report to any prior reports, intelligence and incidents. This process allows you to contextualise and prioritise intelligence but requires that the data be structured uniformly. Threat data comes in various formats (e.g., STIX, MITRE ATT&CK techniques, news articles, blogs, tweets, security industry reports, indicators of compromise (IoCs) from threat feeds, GitHub repositories, Yara rules and Snort signatures.) and needs to be normalised. The information you gather, in the Ryuk report for example, is expressed with their own vocabulary and translating it into a machine-readable format is necessary to link it to other related reports and sources of information.

David adds that it isn’t just about format. The volume of information across the threat intel landscape is high and different groups use different names to refer to the same thing. Normalisation compensates for this and enables you to aggregate and organise information quickly. Structuring data so that you can prioritise is critical for triage and ensures you are focusing on the threats that matter most.

  1. Use tools to help with analysis.

Yann explains that the tools you use need to support your desired outcome. According to the poll, 67% of attendees using technical ingestion (SIEM) which indicates that desired outcomes are more technical. And 15% are still handling the acquisition and analysis process manually. This is quite a challenge, particularly during a big event. A threat intelligence platform (TIP) does a good job of extracting context and can help you use the information in various ways for different use cases (e.g., alert triage, threat hunting, spear phishing, incident response) and to support different outcomes.

It is also important that the tool you select works well with frameworks like MITRE ATT&CK. David shared that MITRE is the most used framework to organise the analysis process. Customers are identifying their crown jewels and mapping to MITRE to understand which adversaries might target them, the tactics, techniques and procedures (TTPs) to concentrate on, and what actions to take.

  1. Select the right tools to help make data actionable.

Analysis enables prioritisation so you can determine the appropriate actions to take. There are a variety of tools to help make threat reports and other elements of your threat intelligence program actionable and achieve desired outcomes at the strategic level (executive reporting), operational level (changes in security posture) and tactical level (updating rules and signatures).

In the final polling question, 45% of respondents said they are using a TIP to make the data actionable for detection and protection, but few are using a TIP for forensics. Yann and David agree this is a missed opportunity and a capability teams should explore as their capabilities continue to mature. From a forensics standpoint, MITRE is an important tool to enable analysis of past incidents so organisations can learn and improve.

In closing, our experts recommend that before you start thinking about threat intelligence sources, analysis and actions, you need to understand the desired outcomes and deliverables for each of your constituents. It’s a journey that typically starts at the tactical level and, with maturity, evolves to include operational and strategic intelligence to deliver additional value. When shared the right way with each part of the organisation, key stakeholders will see threat intelligence for the business enabler that it is, and the threat intelligence program will gain support and the budget to grow.

 

 

Pentest People expands and opens Cheltenham office following record year of growth

Leeds cyber security consultancy, Pentest People, has announced that it has opened a new office in the Hub8 innovation space in Cheltenham’s Brewery Quarter. The company expansion follows a record year of growth that generated a 60% revenue increase for the start-up.

Organisations commission Pentest People’s cyber security experts to test their websites, applications and IT systems for any weaknesses that could allow cyber criminals to steal information, damage IT systems, or hold data to ransom. The company has a growing number of CHECK team leaders, who possess qualifications and penetration testing experience approved by the National Cyber Security Centre (NCSC), which has attracted additional clients from the public sector.

Led by sales director, Anthony Harvey and technical director, Gavin Watson, Pentest People has grown to over seventy employees within three years, with ten new members of staff added this year alone. The company has also taken on a number of apprentices to provide them with the professional experience and qualifications to start successful careers in cyber security.

A senior CHECK team leader will work in the new Cheltenham office alongside computer science graduates and apprentices hired from the local area, overseen by Gavin Watson, and company co-founder, Andrew Mason, who also runs another start-up that was accepted onto the NCSC Cyber Incubator in Cheltenham.

Andrew Mason attributes the company’s rapid growth to the innovative solutions offered, including SecureGateway, which was developed by Pentest People at the start of lockdown and enables clients to maintain rigorous testing regimes even when consultants are unable to visit their premises in person.

The development of SecureGateway earned Pentest People inclusion in Leeds’ Digital Enterprise Top 100 list and also won the company two Digital City Awards 2021 for best innovation and best cyber security project of the year.

Commenting on the company’s growth strategy, co-founder, Andrew Mason said, “In March we took a larger office in Leeds to accommodate our growing team in the North. We now want to expand our operations and develop our people in a dedicated cyber security co-working space at the heart of the UK’s national centre for cyber security expertise, where knowledge can be shared and ideas can be cross-pollinated. This will benefit our clients and growing team in Leeds, as well as allowing us to recruit graduates and talented apprentices in the Cheltenham area who have a strong aptitude for cyber security.”

Bruce Gregory, Managing Director of Hub8 commented, “We are delighted to welcome Pentest People to Hub8. Its proximity to GCHQ and links to leading academic centres, Cheltenham, and the wider region continue to attract the most ambitious and innovative companies in the cyber security space. It’s no coincidence that Cheltenham boasts eleven times the national average of cyber security companies. As a new local employer, we look forward to seeing Pentest People continuing to grow and thrive.”

For more information, please visit https://www.pentestpeople.com

Think before you link: Campaign to counter hidden online threat to national security

Think Before You Link is a new government security campaign from CPNI, the UK Government’s National Technical Authority for Physical and Personnel Protective Security. The campaign videos and materials were created by London communications agency AML and highlight the possible dangers of connecting to unknown profiles on professional networking sites. The campaign has been adapted by UK ‘five eyes’ security partners UK, USA, Canada, Australia and New Zealand.

MI5 the security service has assessed that in excess of 10,000 UK nationals across virtually all government departments and key industries have been approached by malicious profiles on behalf of hostile states on a premier professional networking site over the last 5 years.

Ken McCallum, director-general of MI5, said “This campaign, which harnesses the insight derived from our intelligence, behavioural science experts and co-operation of Five Eyes partners, will strengthen the UK’s collective defences against this activity.”

Commenting on the campaign Ian Henderson, CEO, AML Group says “The campaign is designed to raise awareness of the potential dangers, to encourage behavioural change and to help people remember the key steps and actions to follow. Being duped into linking to people online who are not who they say they are is a very real threat – especially to those individuals with access to sensitive information. We’re very proud to be able to support the work of CPNI.”

HelpSystems Acquires Beyond Security to Continue Expansion of Cybersecurity Portfolio

HelpSystems announced today the acquisition of Beyond Security, a global leader in vulnerability assessment and management software. Beyond Security’s cloud-based products enable hundreds of organisations to easily scan their growing, complex environments for network or application vulnerabilities. The team and solutions from Beyond Security will fit into HelpSystems’ popular infrastructure protection portfolio featuring Digital Defense, Core Security, and Cobalt Strike.

“Our global customers trust us to provide them with powerful, reliable security software to protect their data and infrastructure from malicious adversaries,” said Kate Bolseth, CEO, HelpSystems. “Beyond Security meets strong demand from overburdened IT and security professionals whose hybrid environments grow more complex every day. We’re pleased to help customers get control of this and are delighted to welcome the team of vulnerability experts and their well-known solutions to HelpSystems.”

Beyond Security accurately assesses security weaknesses in networks, applications, industrial systems, and networked software. This is critical for IT and security teams managing an increasingly hybrid world where assets are on premise, in the cloud, or tied to IoT and those needing to comply with industry and government security standards.

“Beyond Security’s vulnerability management platform will continue to provide detection across networks, applications, endpoints, and the cloud for our fast-growing customer base as part of HelpSystems,” said Aviram Jenik, Beyond Security co-founder and CEO. “HelpSystems’ global footprint and resources will empower us to continue to advance our vulnerability detection capabilities and afford our customers the opportunity to benefit from HelpSystems’ extensive security and automation solution stack. We are excited by the endless possibilities this combination provides and look forward to working together to help organisations around the world understand and address information security.”

KPMG Corporate Finance LLC acted as the exclusive investment banking advisor to Beyond Security.

 


About HelpSystems

HelpSystems is a software company focused on helping exceptional organisations Build a Better IT™. Our cybersecurity and automation software simplifies critical IT processes to give our customers peace of mind. We know IT transformation is a journey, not a destination. Let’s move forward. Learn more at www.helpsystems.com.

Tom Kellermann – Modern Bank Heists: Financial Institutions Are Being Held Hostage

Written by Tom Kellermann, Head of Cybersecurity Strategy, VMware Security Business Unit, @TAKellermann

The modern bank heist has escalated to a hostage situation over the past year. The new goal of attackers is now to hijack a financial institution’s digital infrastructure and to leverage that infrastructure against a bank’s constituents. As the world shifted to an anywhere workforce amid the pandemic, we witnessed attacker strategy evolve, becoming much more destructive and sophisticated than ever before.

In the fourth annual Modern Bank Heists report, we interviewed 126 CISOs, representing some of the world’s largest financial institutions, regarding their experiences with cybercrime campaigns. Given the nature of its business, the financial sector has established robust security postures and fraud prevention practices. However, they are facing an onslaught of sophisticated cybercrime conspiracies. Attacks against financial institutions more than tripled last year. This stark reality can be attributed to the organized nature of cybercrime cartels and the dramatic increase in sophisticated cyberattacks. The goal of this year’s report was to understand how offense should inform the financial sector’s defense.

Here’s an overview of some key findings:

  • From heist to hostage: 38%* of financial institutions experienced an increase in island hopping, escalating a heist to a hostage situation. Cybercrime cartels understand the interdependencies of the sector and recognize that they can hijack the digital transformation of the financial institution to attack their customers. They use brand trust (often times trust that’s been built up over hundreds of years) against the bank’s constituents by commandeering its assets. *Note: This excludes SolarWinds.

  • Increased geopolitical tension and counter IR triggering destructive attacks: There’s been a 118% increase in destructive attacks as we see geopolitical tension play out in cyberspace. Russia, China and the U.S. underground posed the greatest concern to financial institutions. It is also worth noting that cybercriminals in the financial sector will typically only leverage destructive attacks as an escalation to burn the evidence as part of a counter incident response.
  • The digitization of insider trading: 51% of financial institutions experienced attacks targeting market strategies. This allows for the digitization of insider trading and ability to front-run the market, which aligns with the strategies of economic espionage.
  • Cybercriminals launch Chronos attacks: 41% of financial institutions observed the manipulation of time stamps. This is occurring within a sector that’s incredibly dependent on time given the nature of its business. Because there’s no way to insulate the integrity of time once deployed in a time stamp fashion, this Chronos attack is quite pernicious.

As the threat landscape evolves, so will the tactics, techniques and procedures of cybercrime cartels, as seen in the above findings.

These groups have become national assets for the nation-states who offer them protection and power. In tandem with this, we’ve seen traditional crime groups digitize over the past year as the pandemic hampered them from conducting business as usual. This has popularized the industry of services provided by the dark web, increased collaboration between cybercrime groups, and ensured cyber cartels are now more powerful than their traditional organized crime counterparts.

So, how should the financial industry respond? To start, here are a few strategies for security teams:

  • Conduct weekly threat hunting and normalize it as a best practice to fuel threat intelligence. We were happy to hear from the CISOs we spoke with that 48% already conduct weekly threat hunts.
  • Integrate your network detection and response with your end-point protection platforms.
  • Apply “Just in time” administration.
  • Deploy workload security.

The game has changed, and so must the financial sector’s security strategy. Safety and soundness will only be maintained by empowering the CISO. 2021 should be the year that CISOs report directly to the CEO and be given greater authority and resources.

Bob Parisi, Head of Cyber Solutions – North America, Munich Re, echoed the importance of up leveling the role of the CISO as cyberattacks surge: “The report’s findings around an increased level of destructive attacks and island hopping makes it clear that financial institutions remain in the crosshairs. VMware’s recommendation that CISOs should be elevated to C-level aligns with the fact that cyber risk is an operational risk that needs to be managed across a spectrum of technology, process and people, including the use of financial instruments like cyber insurance.”

It’s no longer a matter of if, but when “the next SolarWinds” will occur. As a result, cybersecurity must be viewed as a functionality of business versus an expense. Trust and confidence in the safety and soundness in the financial sector will depend on it.

To learn more, download the full report.

Experts Issue Warning as Global Chip Shortage Poses Massive Security Threat

Semiconductor shortage could weaken security across the UK with NHS/Healthcare, Education and Fintech Industries all at risk

Experts working in the field of access control and security have warned that the global chip shortage could soon hit the ID and security sector, potentially leaving big business, healthcare and education establishments insecure and liable to security breaches.

Until recently, the automotive industry has been the major casualty of the worldwide crisis, yet tech giants Apple and Samsung have recently flagged production issues and lost revenue. As the back-log mounts, the issue is likely to have a knock-on effect across multiple sectors – including physical security.

Digital ID – which supplies colleges, universities, NHS Trusts and large businesses with access control solutions – has begun to see a huge increase in orders as business leaders learn more about how the crisis could affect ID cards and security, with hundreds of large-scale organisations at risk of supply issues over the coming year.

Digital ID’s managing director and expert in his field, Jonathan Fell commented: “Panic does seem to be setting in, we’ve seen a 70% increase in orders this month. And in the last fortnight alone, we’ve had 150 individual orders totalling more than £250,000.

“Not only that, but we are also seeing companies ordering much more than usually required for a 12-month period, so they have ability to call them off as and when needed. I guess it’s the business version of stockpiling we saw at the beginning of the pandemic but there are some very serious consequences if things continue as they are.

“Right now, we are able to meet demand, but companies should plan ahead to later in the year as nobody can say right now if, come September, that will still be the case.”

“The biggest concern is around healthcare and in particular Digital ID’s NHS Trust customers, where staff use cards to access buildings and computers. Demand has also increased among colleges and universities – which regularly issue thousands of new cards in a single year. Industry experts are urging people to act now in order to avoid being caught short if the crisis deepens later in the year.

Currently experts predict the shortage could last for at least a year.

Jonathan continued: “Access control may not be the most obvious product that people think of where semiconductor microchips play a role. They are used in the production of card readers, the system modules and of course access control cards themselves.

“For establishments like hospitals and universities that operate thousands of cards, this could really prove to be a problem over the next 12 months. For lots of our customers, these cards are the only line of defence alongside a way of entry and exit.

And Jonathan also raised concerns about how the crisis could play out in the coming months:

“We already see lots of businesses using insecure forms of access control such as barcodes, something we certainly wouldn’t recommend should the shortage continue.

“In terms of how the market will be affected by the shortage, there is no doubt prices will rapidly increase as the seriousness of the shortage filters through.

“These cards are the front-line form of security for thousands of businesses and organisations across the country, and the crisis could see us take a huge step backwards in terms of security.”

“For companies planning their return to work, it’ll be yet another hurdle for them to overcome to ensure they can open safely and securely. There are some solutions out there, such as mobile credentials, but they can take a while to implement and the crisis is very much already here, so my advice would be for companies to act now.”

StormWall’s DDoS protection technologies have got a huge recognition in the Middle East

StormWall is a developer of cyberattack protection technologies who has been working on active international expansion for several years. Offering high-end anti-DDoS solutions, the company succeeded to achieve a broad acknowledgement on the Middle East market. In 2016 StormWall came to the Middle East market and only within five years have made a breakthrough establishing cooperation with many local telecommunication companies. The company managed to achieve a significant success in Iraq where it’s services are actively used by 14 leading ISPs and in Lebanon working with 15 large providers. StormWall is currently cooperating with a number of ISPs Bahrain as well. Our clients are such giants as EarthLink, Terranet, Kalaam Telecom and much more.

The issue of protecting against DDoS attacks is one of the most important for Internet providers in the Middle East since the cost of the Internet in the region is quite high. A single ISP can have a bandwidth from several hundred megabits to several gigabits per second, and any attack on the ISP or one of its customers can lead to serious network problems. The company managed to establish itself well in the Middle East due to a number of factors: high-quality filtering of incoming traffic, payment for only legitimate traffic, not for attacks, an unlimited number of protected resources (some companies have hundreds of thousands of IP addresses), 24/7 operational support, free DDoS sensor that automates the activation of protection. The success of StormWall in the Middle East confirms the general trend in the demand for high-quality security solutions in this market.

“We are incredibly excited about our achievements in the Middle East. In the near future we plan to further develop our international expansion. The company plans to enter the markets of the United States, Canada and Latin America.” said Ramil Khantimirov, the CEO and co-founder of StormWall.

Core to Cloud Appoints New CTO, Phil Howe

Core to Cloud hires seasoned technical specialist to lead ambitious growth initiatives

Core to Cloud, an innovative cybersecurity solutions provider that enables secure digital business in a world of growing threats, today announced the recent appointment of Phil Howe as Chief Technology Officer.

Phil Howe joined the business to drive forward several new technology initiatives, working closely with customers to ensure that their needs are met, but more importantly that they stay one step ahead of the cyber-criminals.  Particularly in the current post-pandemic environment, where there has been a significant reported increase in cyberattacks, it is now more important than ever that organisations have the right cybersecurity strategies and solutions in place.

With in-depth industry experience and a strong focus on healthcare, education, compliance, and security, Core to Cloud creates bespoke solutions that effectively help organisations with visibility, validation, governance, compliance and response to cyber threats. Along with its extensive work within the public sector, its unique, consultative approach has positioned the firm as one of the most trusted cybersecurity specialists out there. In the last couple of years, Core to Cloud has quickly gained a reputation for bringing highly disruptive security technologies to market and this was one of the key reasons why Phil took on the new role.

Phil Howe, CTO, Core to Cloud comments: “The tech Core to Cloud has in its product stack is best of breed and very innovative.  I have worked with Core to Cloud for the past five years and have been a customer when I was deputy CTO at Bolton NHS Foundation Trust.  At the Trust, we had a small IT security team and I needed a partner who could work alongside my team, who really understood my needs, who I trusted, who listened and came back with solid recommendations to help overcome some of the challenges we were facing.

“Core to Cloud was an integral part of our team and really hit the mark, bringing innovative solutions to us that were really fit for purpose.  They helped us build out the security for the organisation and I was so impressed with the company culture and ethos, not to mention its growth ambitions, that I decided this was the right place for my next career move and I’m really excited about the opportunity.”

James Cunningham, Founder and Director, Core to Cloud adds: “We are delighted that Phil has joined us. We work with a lot of NHS Trusts and it is great to have someone on the ground, in our team, who can really relate to the challenges that some of these Trusts are grappling with.  Most have relatively small teams, a lack of time and resources, and are being hit daily with requests while also trying to defend against the bad guys, so it is great that Phil can immediately relate to this and has the experience to help remediate.”

Having spent over 18 years working in the NHS, Phil Howe is a highly experienced, multi-skilled senior IT manager with hands-on knowledge of developing new technologies within large and critical IT infrastructures.

Prior to joining Core to Cloud he was Deputy Chief Technology Officer at Bolton NHS Foundation Trust.  Here he led the third line and projects team, focusing on technical strategy and programme management as well as developing, funding and delivering key IT projects and systems to support IT security and the delivery of patient care within a large and complex organisation.   He joined the Trust in 2008 and worked for over a decade in several senior technical roles before being promoted to Deputy Chief Technology Officer.  Prior to joining Bolton NHS, Phil Howe was a senior IT specialist for Ehealth at NHS Dumfries and Galloway.

A Prince2 practitioner, Phil Howe also has extensive experience working in the private sector and spent more than four years at Northgate Information Solutions as a senior technical project specialist and engineer.  Now, as part of the Core to Cloud team, he will help the business grow and move to the next stage in its rapid development.

Looking forward, Core to Cloud is committed to delivering best of breed solutions for its clients and, even in the last six months, has brought several new and emerging technologies to market that exactly meet client requirements.   One specific technology that NHS Trusts have identified a gap in is security for their IoT medical devices.  A number of Trusts reached out to Core to Cloud, who had just partnered with Cylera, who provide a complete asset list of all connected devices.  Phil Howe adds:

“We had multiple customers asking us for an IoT solution that would provide a complete asset list of all their connected devices and provide a clientless way to secure medical devices as well as highlight their vulnerabilities, show granular device information and utilisation as well as provide the information needed for segmentation.  We researched and tested the market and found the best fit was the new Cylera solution, which is custom built for hospitals and provides rich information for IT, IG and Medical Engineering.

There are clear use cases for Cylera.  The product ensures providers regularly patch their devices, (the large majority will not allow client installs to monitor this).  It also provides rich device information to assist around device life and replacement, allowing Trusts to plan this into their capital programmes.  And finally, Cylera reduces security risk and provides key information for segmentation, and for IT and DSPT returns as well.”

Health Trust Gets New Cyber Security System

One of the largest NHS trusts in the Midlands has signed up to an innovative new security system to improve patient safety.
Bosses at the University Hospitals of North Midlands NHS Trust, which runs the Royal Stoke University Hospital, in Stoke-on-Trent, and the County Hospital, in Stafford, say the new security measures will improve safety and bring peace of mind for staff and patients, by reducing the impact of a cyber-attack.
The Trust has linked up with M8 Solutions to have the Ordr Systems Control Engine implemented. It means that all hospital equipment, medical and non-medical, connected to the Trust’s network can be protected and monitored under one umbrella system, which can detect any abnormal activity.
Mark Bostock, information management and technology director at the UHNM Trust, said: “This is a huge step forward in our cyber security capabilities. These are positive steps to give us a level of assurance that our hospitals are as safe as possible for our UHNM team and our patients.”
Dr Zia Din, the Trust’s chief clinical information officer, added: “Saving time for staff and reassuring patients that they and their information are safe is always a priority for us.
“This system is invaluable, allowing our staff to care for our patients safe in the knowledge that cyber security is being taken care of. It is reassuring that we are less likely to have disruption to our systems necessary for delivery of patient care.”
M8 Solutions co-founder and lead consultant Tracy Scriven said dealing with cyber-security is an ever-changing challenge, made more complicated with the increasing number of devices being linked to networks.
Tracy, who has worked with UHNM previously, said a cyber-attack can affect hospitals and GP surgeries, with devastating effect, resulting in cancelled appointments and operations.
“When you compare the risk of fire or flood or disaster, those risks are quantifiable,” she said. “It is easy to understand the causes, how to deal with them and the extent of the damage they can cause. Cyber is not like that; it is constantly changing, and you have no idea how big, small, or sinister the risk might be.
“The increasing number of medical devices in a hospital which are connected to the network present an ever-growing risk. Non-medical devices like CCTV cameras are also connected. This is known as the Internet of Things, or IoT. IoT Security is increasingly complex – and NHS trusts need to be able to discover, secure and monitor the IoT devices that are connected to their networks. 
“For example, when installed, the camera is connected to the trust network. There is a risk that someone could hack into the cameras and the wider network – there have been examples of this happening in other places around the world.”
She said the Ordr system had improved patient safety in many ways.
“The deployment of the Ordr system helps protect the hospital infrastructure from breaches of cyber security which could result in patient information being stolen and/or medical equipment being unavailable due to cyber-attack, ” she said.
“In addition, it can help save time by providing accurate information on what equipment is where on the network. It also helps staff by ensuring that any vulnerability is highlighted in a single dashboard and saves time by automating the mitigation of a cyber-attack. Another benefit that indirectly aids patient care – through saving the hospital money – is the medical device utilisation functionality.This enables the hospital to save money by not having to invest in equipment when it is not needed by utilising under-deployed assets. This feature helps to ensure patient access to medical equipment is available as much as possible.”
Paul Hinchy, Tracy’s fellow M8 Solutions co-founder and lead consultant, added: “Medical devices such as blood infusion pumps, MRI scanners, ultrasound machines as well as estates and facilities devices are great examples of existing critical areas of the day-to-day running of any hospital, that can now be further protected and more efficient.
“Ordr is helping secure the Trust’s network and previous vulnerabilities have been highlighted and remedied. This positively impacts all areas of the hospital as each and every device is now understood.
“It saves time by identifying vulnerable devices; creating a register of assets and giving managers an overview of the devices and their status.”
To find out more, visit https://www.m8solutions.co.uk/