Cyber Risk Governance Insights | April 22, 2024

WEEK IN HEADLINES

GOVERNMENT - Stealthy Infiltration of Military and Government

An elite team of Iranian state-sponsored hackers infiltrated hundreds of thousands of employee accounts at US companies and government agencies as part of a multiyear (from 2016 to 2021) cyber espionage campaign aimed at stealing military secrets. The US Departments of Treasury and State, defense contractors, and a New York-based hospitality company were among those compromised.

INFRASTRUCTURE - Hackers Strike Wastewater Treatment Plant

Russian hackers have claimed responsibility for a cyberattack on a wastewater treatment plant in Tipton, Indiana . The attack targeted the Tipton West Wastewater Treatment Plant on the night of Friday, April 19. Despite the attack, the water supply was never compromised and the disruption to the plant’s operation was minimal.

RANSOMWARE - Ransomware Payments Top $1 Billion in 2023

The Ransomware Task Force (RTF) reports that ransomware payments surpassed $1 billion for the first time in 2023. Despite efforts to combat ransomware, the scale and rate of attacks have significantly increased. Of the 48 original recommendations from the RTF, only half have seen significant action, with 20 in preliminary phases and four unaddressed. The report calls for a “doubling down” on efforts, particularly those requiring legislative action

MANUFACTURING - Pharmaceutical Giant Hit by Ransomware Attack

The BlackSuit ransomware gang has claimed responsibility for a cyber-attack on US pharmaceutical company Octapharma Plasma . The attack allegedly compromised donor details, lab data, passports, and personal information. Octapharma Plasma had previously warned of an incident impacting its more than 100 donor centers.

NGO - Nation-State Threat Actor Exploits Zero-Days

MITRE , a not-for-profit non-governmental organization managing federally funded research and development centers, confirmed a breach by a nation-state threat actor exploiting two zero-day vulnerabilities in Ivanti’s Connect Secure VPN devices. The attackers compromised MITRE’s network and VMware infrastructure, despite following best practices and vendor instructions for system hardening.

TRANSPORTATION - Cyber Attack Makes System Unavailable 'until further notice'

Kansas City's highway traffic system went dark Friday due to a cyberattack, leaving drivers unaware. KC Scout shut down its systems as a protective measure. Real-time cameras and info boards remain offline on Saturday. The attack wiped out DOT's signs, crucial for driver safety.

INSIGHTS & EXPERT PERSPECTIVES

COMPLIANCE - New Cyber Reporting Regs: A Deeper Dive

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has released a new proposed change of regulations. This proposed Act - Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) , would mandate reporting requirements for specified cyber incidents and ransom payments.

The CIRCIA is an important piece of legislation aiming to improve the cybersecurity posture of the U.S. by requiring a broad range of organizations, focused on the critical infrastructure sectors, to report cyber incidents and ransom payments. This information is crucial for the government to understand the scale and nature of cyber threats facing the nation, and to respond effectively.? The key components are:

• Covered Entity: Any organization designated as critical infrastructure by CISA includes multiple sectors - energy, healthcare, finance, and transportation.
• Substantial Cyber Incident: Factors like data breaches, operational disruptions, or ransomware attacks may be potential triggers.
• Reporting Timelines: The proposal sets out timelines for reporting incidents (72 hours) and ransom payments (24 hours).

INSIGHTS: The proposed rules are open for public comment and for stakeholders to provide feedback. Surprisingly, for this to be such an important Act, it's only been viewed <8,000 times.

While CIRCIA’s objectives are to improve US cybersecurity, concerns exist.? The broad definition of "substantial cyber incident" may lead to an overload of reports for CISA to manage as the company’s report to cover themselves. And SMEs, that typically lack resources, may face difficulties in complying with these reporting requirements.

On the flip side, the benefits could be significant. Improved data on cyber incidents would allow the government to understand the cyber risk landscape better. These insights may help develop an improved strategic response to attacks and improve national cybersecurity efforts.

Potentials from these regulations:

• Enhanced Intel Gathering: Emerging threats known sooner to alert sectors.
• Accelerated Response: Faster coordinated response to widespread attacks to minimize damage.
• Better Information Sharing: Standardized reporting may encourage collaboration between public and private sectors.

The long-term effectiveness of these Federal regs enhancing long-term cybersecurity remains to be seen and will likely be debated now and in the future.

But, in our perspective, we (collectively as a community) have to change the current state of cybersecurity with a new approach. The continued risks and successful attacks over recent years highlight the need for a collective shift in strategy.

MITIGATION - Defending Against A Rising Tide of Disruption

Netscout Systems’ 2H2023 DDoS Threat Intelligence Report reveals a significant increase in Distributed Denial-of-Service (DDoS) attacks, driven by geopolitical unrest and the evolving agendas of hacktivist groups. The report highlights a 15% rise in DDoS incidents in the second half of 2023, with over 7 million incidents reported across 214 countries and territories. The greatest increase (+553%) was seen in Slow Drip or Water Torture Attacks between 1H23 to 2H23.

DDoS attackers target any organization, regardless of its size or sector. Small and Medium-sized Enterprises (SMEs) and large enterprises, including government and critical infrastructure, are victims of DDoS attacks. There has been an increase in targeted attacks, attributed to political motivations of cyber sophisticated hacktivist groups crossing geopolitical borders.? But opportunistic attacks are also on the rise, particularly against SMEs due to the lack of cybersecurity defenses, making them potentially easy targets.

INSIGHTS: While this Report paints a grim picture as attacks rise, advancements in defensive technologies are also on the rise. Some companies are investing heavily in cyber defensive measures, as governments try to implement stricter regulations to deter cybercriminals.

The rise in attacks might be attributed to improved detection capabilities, an optimistic view is that attacks are being identified and reported, rather than an actual increase in the number of attacks. Regardless, it’s clear that cybercrime remains a significant global challenge, and emphasizes the need to progress resilience as threats evolve.?

Steps you can take to prevent or mitigate the impact of DDoS attacks:

1. Network Enhancements: Leverage software, hardware, and infrastructure upgrades.
2. Patch Management: Verify your IT plan is performing regular patching.
3. Incident Response Plans: Regardless of the type of incident, you should have an IR Plan, including DDOS.
4. Proactive Measuring: Facilitates early threat detection and timely mitigation.

No defense is 100% perfect protection, but these steps can significantly reduce the risk and potential damage of a DDoS attack.

?

Sharpen Your Cyber Edge with Netswitch

Master Compliance & Minimize Risks:

• Independent Security Audit: Identify network risks with our automated Security And Risk Assessment (SARA). Get a clear picture, prioritize improvements, and optimize resource allocation. Contact Netswitch
• Free "Quick Start" Program: Gain a free cyber risk and governance health check. Enroll now and start building resilience.

Deepen Your Knowledge:

• Join Our LinkedIn Group: Collaborate with industry leaders in the CyberRisk Governance Group on LinkedIn. Share insights and stay ahead of the curve.
• Live Events: Participate in interactive LinkedIn Live sessions . Explore cyber risk topics with executives, technologists, and governance professionals.

Don't wait.

Contact Netswitch today to take control of your cyber risk.

Disclaimer: The information and links provided in this newsletter are for informational purposes only. Netswitch does not warrant the accuracy or completeness of such information and is not liable for any damages arising from its use.