Cyber Risk Governance Insights | November 11, 2024

WEEK IN HEADLINES

NATIONAL SECURITY - Ministry of National Security Breached, Exposing Sensitive Data

Radwan Cyber Pal, an anti-Israel hacker group that operates anonymously, communicates largely in Arabic, and aligns with pro-Palestinian groups, claimed responsibility for a cyberattack on Israel’s Ministry of National Security. The breach exposed the personal data of over 5,000 Israeli settlers and soldiers, along with classified documents. The incident raises significant concerns about the security measures within the Ministry.

INSIGHT: Two comments here.? First, it shows that alignment of opposing political positions can be a threat to nations, it doesn't have to be nation-state v nation-state.? The second is that specifically for government agencies (at all levels) and critical infrastructure, Zero Trust is key.? That does not mean that is of little value to your organization - it places you on a higher level of cognizance of your cyber posture and can be a great investment for your customer base.

FINANCIAL SERVICES - Customers Warned After Credit Card Merchant Breached

A data breach at an unnamed US merchant compromised Mastercard account numbers and financial data between August 2023 and May 2024. Eagle Bank alerted customers to monitor their statements for unauthorized transactions. The breach did not affect Eagle Bank’s internal security, but banks are urging customers to monitor their statements closely and are reissuing debit cards.

INSIGHT: While details are still limited, these types of incidents are best prevented with data-at-rest encryption, as most financial services use Point-to-Point Encryption (P2PE) for data in transit.? As we suggested in another account, API Security Gateway might have been a more comprehensive security layer for this merchant.

SOFTWARE - User Trust Compromised by Fraudulent Invoices

Hackers exploited a vulnerability in DocuSign’s API to send fake invoices, deceiving recipients into making payments to fraudulent accounts. The attack leveraged legitimate DocuSign accounts, bypassing traditional detection methods. This incident underscores the need for enhanced security measures in digital signature services

INSIGHT: API Security Gateway monitors and controls API traffic, processing only legitimate requests. It can detect and block suspicious activities, such as unauthorized access attempts or abnormal usage patterns. In this case, API Security Gateway validates IDs for accessing data. If DocuSign had deployed API SG, it would have spotted the hackers’ behavior and blocked them faster than you can say “fraudulent invoice.” Simple, effective, and no more surprise bills!

GOVERNMENT - City Network Breached in Ransomware Attack

The City of Sheboygan, Wisconsin, is responding to a cyberattack involving unauthorized network access and a ransom demand. Officials detected the breach on November 7, promptly isolating the network and engaging cybersecurity experts and law enforcement. While the full scope of the incident is under investigation, city services remain accessible. Officials assert that no evidence of compromised personal information has been found but commit to notifying affected individuals if such evidence emerges. The city is cooperating with law enforcement regarding the ransom demand and emphasizes its commitment to transparency and public trust (which has been damaged).

INSIGHT: Hopefully, the city leaders in Sheboygan learned lessons from those in Columbus, OH. Transparency would be a good place to start, then accept responsibility for not having protected the data of your citizens, and for those in other cities, find the budget to secure your data so you don't have to deal with same fallout & repercussions

MALWARE - New Malware Evades Detection with Rare Programming Language

The Pronsis Loader malware, utilizing the rare JPHP programming language, has been identified by Trustwave SpiderLabs. This malware evades traditional detection methods by employing advanced obfuscation and encryption techniques. It installs silently, mimicking legitimate processes, and can deploy various payloads, including ransomware and spyware.

INSIGHT: Behavioral analytic systems keep an eye on what programs are doing, rather than just looking for known threats. This means they can spot suspicious activities of users and devices, like weird file changes or unauthorized access, no matter what programming language is used. In the case of Pronsis Loader, a U&DBA system would have noticed the abnormal behavior during installation and operation, stopping the malware before doing any damage.

HEALTHCARE - 2 Doctors’ Offices Leak Patient Medical History, But Hey, Free Credit Monitoring!

South West Family Medicine Associates in Texas and Sango Family Dentistry in Tennessee reported data breaches in August 2024. The breaches exposed sensitive patient information, including Social Security numbers, medical histories, and health insurance details. Both organizations have notified affected individuals and are offering credit monitoring services.

INSIGHT: If these clinics had bothered with Multi-Factor Authentication, the cyber thieves would have been left fumbling outside of their networks, unable to waltz in and grab all the patient info. It’s not rocket science, folks—just an extra step to keep your secret and private data safe.?

INSIGHTS & EXPERT PERSPECTIVES

Cyber Risk Governance Live: From Alert Overload to 90% Faster Response

A Security Automation Success Story?

Join Stanley Li and Sean Mahoney from Netswitch Technology Management alongside Tim MalcomVetter from ?Wirespeed for an exclusive deep-dive into one security team’s transformative journey.?

Discover how they eliminated alert fatigue, improved response times by 90% and saved $655K over three years.?

Learn How To Transform Alert Fatigue into Cost Savings and Operational Efficiency

Event Highlights:

• Proven Financial Impact in 90 Days
• $655K cost reduction over 3 years
• 70% lower operational costs
• $200K saved in analyst hours annually
• 9-month path to ROI

Who Should Attend:?

• Security Leaders
• IT Directors
• Risk & Compliance Officers
• SOC teams
• Executives focused on operational efficiency and ROI

??? Event Details:?

November 26, 2024?@ 10am Pacific / 1pm Eastern?

45 minutes: Live Technical Session

REPORT: Rising Cyber Threats Target Elderly and Youth

The Ministry of Information Communication Technologies (ICT) in Antigua and Barbuda has issued a warning about the increasing frequency of cyberattacks, particularly targeting the elderly and youth. The findings of the ICT Ministry are consistent with trends observed globally. Cybersecurity threats targeting the elderly and youth. Many nations report similar vulnerabilities among these demographics due to factors like varying levels of digital literacy and susceptibility to social engineering tactics.

Recent incidents involving WhatsApp groups highlight the sophisticated social engineering tactics employed by hackers. The Ministry emphasizes the importance of public awareness and proactive measures to safeguard personal information.

Highlights:

1. Targeted Demographics: Elderly and youth are identified as the most vulnerable groups to cyberattacks, due to their varying levels of digital literacy.
2. Sophisticated Tactics: Hackers are using advanced social engineering techniques, such as impersonating group members on WhatsApp, to deceive victims.
3. Preventive Measures: The Ministry advises verifying links before clicking and being cautious of unsolicited messages to protect personal information.

INSIGHT: The elderly face significant challenges with technology. As online tools and services become more integrated into our lives, older adults often struggle to keep informed due to several factors:

• Digital Literacy: Many elderly individuals lack the necessary skills to navigate complex digital environments making them more susceptible to scams and phishing attacks.
• Trust in Technology: The elderly may have a higher level of trust in tech and official-looking emails or texts, making them prime targets for social engineering attacks.

If your organization serves the elderly, you can help protect them by:

1. Design interfaces that are intuitive and simple to navigate, with clear instructions and minimal technical jargon.
2. Establish dedicated helplines or support teams to assist elderly users with technical issues and security concerns.
3. Make it easy for them to report suspicious activities.
4. Verify personal data is encrypted and securely stored.

While we often recommend MFA, it is a bit confusing for some elderly which would then lock them out of their accounts.? As a company that serves the elderly, you need targeted cybersecurity education and protective measures to protect the most vulnerable, but also all age groups.

Netswitch Sharpen Your Cyber Edge with Netswitch

Master Compliance & Minimize Risks:

1. Independent Security Audit: Identify network risks with our automated Security And Risk Assessment (SARA) . Get a clear picture, prioritize improvements, and optimize resource allocation. Contact Netswitch.
2. Free "Quick Start" Program: Gain a free cyber risk and governance health check. Enroll now and start building resilience.

Deepen Your Knowledge:

• Join Our LinkedIn Group: Collaborate with industry leaders in the CyberRisk Governance Community on LinkedIn. Share insights and stay ahead of the curve.
• Live Events: Participate in interactive LinkedIn Live sessions . Explore cyber risk topics with executives, technologists, and governance professionals.

Don't wait.

Contact Netswitch Technology Management today to take control of your cyber risk.

Disclaimer: The information and links provided in this newsletter are for informational purposes only. Netswitch does not warrant the accuracy or completeness of such information and is not liable for any damages arising from its use.