Cyber Risk Governance Insights | November 4, 2024

WEEK IN HEADLINES

NATIONAL SECURITY - US Warns of Threat Actor’s Advanced Cyber Tradecraft

The US and Israel have issued a joint advisory warning about the Iranian state-sponsored threat actor, Cotton Sandstorm , which has adopted new tactics to target networks. This group, is also known as Marnanbridge and Haywire Kitten, has expanded its operations from hack-and-leak activities to broader cyberattacks affecting multiple countries, including the US, France, and Sweden. The group leverages generative AI tools and sophisticated infrastructure management techniques to conduct its operations, posing significant threats to national security and critical infrastructure.

INSIGHT:? Zero Trust Architecture (ZTA) requires strict identity verification for every person and device attempting to access resources on a your network.? Implementing ZTA would significantly reduce your risk of breaches even if you're not in critical infrastructure, and is a key component of continuous monitoring which many regulations and frameworks call for.? Your customers would find peace of mind if you said you had ZTA.

MANUFACTURING - AI-Powered BEC Scams Targets Sector

The manufacturing sector is increasingly targeted by AI-powered Business Email Compromise (BEC) scams , with a notable rise in incidents reported in Q3 2024. According to recent reports, BEC scams now account for 58% of phishing attempts, with 36% of these scams crafted using generative AI. The report highlights that 27% of emails in the manufacturing sector were malicious, the highest among all industries. These attacks often involve impersonation of authority figures to redirect vendor payments to fraudulent accounts, resulting in substantial financial losses.

INSIGHT: M F A

APT - Evasive Group Exploits Cloud Services with New Toolset

Researchers have uncovered a new toolset, CloudScout , used by the China-aligned APT group Evasive Panda. This toolset leverages stolen web session cookies to access and exfiltrate data from cloud services such as Google Drive, Gmail, and Outlook. The attacks, targeting a government entity and a religious organization in Taiwan, highlight the group’s sophisticated cyberespionage capabilities. CloudScout operates as an extension of Evasive Panda’s MgBot malware framework, demonstrating the group’s advanced technical proficiency and persistent threat to national security.

INSIGHT: The preventive measure would be implementing Endpoint Detection and Response (EDR) which provides continuous monitoring and response to advanced threats on endpoints.? This elevated visibility protects sensitive data from being stolen from you.

WEB HOSTING - Massive Ransomware Attack Takes OS Host Panesl Offline

Cybercriminals exploited multiple vulnerabilities in CyberPanel , an open-source web hosting control panel, to deploy ransomware and force tens of thousands of instances offline. The attack leveraged flaws in CyberPanel versions 2.3.6 and possibly 2.3.7, allowing remote code execution and arbitrary system commands. Despite the availability of a decryption key, the attack caused significant disruption, highlighting the critical need for robust security measures in web hosting environments.

INSIGHT: One of the most basic cybersecurity activities is vulnerability assessments and patch management programs. The key to a successful program is prioritizing vulnerabilities in your organization based on their criticality for your company, not the Common Vulnerability Scoring System (CVSS), which is just that—common.

HEALTHCARE - PHI of 1.8M Pathology Patients Compromised

A ransomware attack by the Medusa group has compromised the sensitive information of 1.8 million patients at Summit Pathology Laboratories in Colorado. The breach, initiated by a phishing email, exposed demographic, medical, and financial data. Despite immediate response measures and FBI notification, the lab faces multiple class action lawsuits for alleged negligence in protecting patient information.

INSIGHT: Advanced Email Filtering uses machine learning and heuristic analysis to detect and block phishing emails from getting to your employee inboxes.? Combined with Security Awareness Education is a good basic cyber to strengthen your first line of defense.

INSIGHTS & EXPERT PERSPECTIVES

RISK REDUCTION - A New Plan to Save the World from Hackers

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has introduced its 2025-2026 International Strategic Plan , aiming to bolster global cybersecurity collaboration. The plan addresses the complexity and geographical dispersion of cyber risks, emphasizing the necessity of international cooperation. It outlines three primary goals: minimizing risks to U.S. critical infrastructure, understanding global threats, and promoting unified action within CISA. The strategy aligns with broader U.S. national security and cybersecurity policies, seeking to enhance resilience and reduce risks through coordinated international efforts.

?Highlights:

1. Global Risk Mitigation: The plan focuses on reducing risks to U.S. critical infrastructure by enhancing the resilience of foreign assets, systems, and networks.
2. Unified International Efforts: It emphasizes the importance of collective defense and international cooperation in addressing common global threats.
3. Internal Coordination: The strategy promotes unified action within CISA, ensuring cohesive international activities and partnerships.

?INSIGHT: The goal to achieve global cybersecurity is aspirational, but maybe an over-reliance on international cooperation could expose the U.S. to unintended risk, especially if the balance of cybersecurity varies and priorities may tilt with the windmills of politics. If partners do not maintain equivalent security standards - the weakest link so to speak is sure to put all at risk. The potential is there for a whole new bureaucracy to blossom which again makes global cooperative efforts vulnerable to the political winds with budget allocations.?

Where more efforts need to be made is maybe helping the SMBs, giving them focused basic metrics to meet, because strengthening the weakest links makes a stronger supply chain.?

Or maybe help industries and frameworks work towards streamlined standards.? We see this standard sprawl even in the US with DoD developing CMMC, and DHS looked to adopt the standard for its vendors.? But then decided that it was not enough for DHS.? The Department tasked with manufacturing our national defense tools and its cyber standards was insufficient for another Department in the US Federal Government.?

Netswitch Sharpen Your Cyber Edge with Netswitch

Master Compliance & Minimize Risks:

1. Independent Security Audit: Identify network risks with our automated Security And Risk Assessment (SARA) . Get a clear picture, prioritize improvements, and optimize resource allocation. Contact Netswitch.
2. Free "Quick Start" Program: Gain a free cyber risk and governance health check. Enroll now and start building resilience.

Deepen Your Knowledge:

• Join Our LinkedIn Group: Collaborate with industry leaders in the CyberRisk Governance Community on LinkedIn. Share insights and stay ahead of the curve.
• Live Events: Participate in interactive LinkedIn Live sessions . Explore cyber risk topics with executives, technologists, and governance professionals.

Don't wait.

Contact Netswitch Technology Management today to take control of your cyber risk.

Disclaimer: The information and links provided in this newsletter are for informational purposes only. Netswitch does not warrant the accuracy or completeness of such information and is not liable for any damages arising from its use.