Cyber Risk Governance Insights | September 16, 2024

WEEK IN HEADLINES

GOOGLE CHROME - Hackers Force Users to Reveal Passwords Using New Technique

Hackers are using StealC malware to lock Chrome users in kiosk mode, forcing them to enter their Google account passwords out of frustration. The malware blocks escape keys, displaying only a Google login window. Once credentials are entered, the StealC malware steals them from the browser’s credential store.

INSIGHT: DO NOT ENTER CREDS!!! If you happen to find yourself with KIOSK MODE on your Chrome, Use hotkey combos like Alt + F4 or Ctrl + Shift + Esc to exit kiosk mode and kill the Chrome browser.

PROFESSIONAL SERVICES - Hacker Steals 20GB of Data from Capgemini

A hacker, alias “grep,” claims to have stolen 20GB of sensitive data from Capgemini, including databases, source code, private keys, and employee information. The hacker has posted samples on a dark web forum, but Capgemini has yet to confirm or deny the breach.

INSIGHT: To prevent this type of claimed attack, you should review your data, verify data is encrypted, and ensure you have access controls.? That means that only those who should have access have it.? Many times, access is granted and never taken away when they no longer need to access the data - this is as common as zombie data floating around for "maybe we'll need it" management - Ask AT&T how former customer data was costly.

SUPPLY CHAIN - 240GB of Customer Information Thru 3rd Party

Toyota [NYSE: TM] has confirmed a significant data breach where hackers leaked 240GB of sensitive customer information, including contact and financial details. The breach poses a substantial security risk, highlighting the need for robust cybersecurity measures.

INSIGHT: There are a few things from Zero Trust Architecture that could prevent this type of incident from occurring for you.? ZTA would have helped by 1) Continuous Access Verification, 2) Least Privilege Access, Micro-Segmentation, 4) Continuous Monitoring With Behavioral Analytic, and 5) MFA.? ZTA can significantly reduce the risk of unauthorized access and data exfiltration for you when you're breached.

CRITICAL INFRASTRUCTURE - Feds Warn About Russian Focus on Sector Attacks

The FBI, NSA, and CISA have issued a joint advisory warning that Russian military cyber actors, specifically Unit 29155, are targeting critical infrastructure sectors. These attacks involve malware like WhisperGate and aim at espionage, sabotage, and reputational damage. Organizations are urged to enhance cybersecurity measures to mitigate these threats.

INSIGHT: Due to the relative importance of the sectors, phish resistant MFA would be recommended.? It may not be what you need, assuming you have MFA to begin with.? We'd recommend app based code generation as opposed to SMS.

MICROSOFT - Sophisticated Excel-Based Attack Targets Multiple Sectors

The article dissects a complex malware campaign leveraging an Excel file to exploit CVE-2017-0199, delivering a fileless Remcos RAT. This attack targets industries like Government, Manufacturing, Technology/IT, and Banking, using encrypted documents and obfuscated scripts to evade detection and maintain persistence.

INSIGHT: The regular cadence of patch management is the best way to address these types of threats.? Updates have to be managed so as to not adversely affect your business operations, but they must be done.? Coordinate amongst your team for when best to do these updates, but do not let them linger and remain uninstalled.

SEO - New Threat Manipulating SEO Rankings

Researchers have uncovered a new threat called DragonRank, a Simplified Chinese-speaking hacking group. They compromise Windows IIS servers to deploy malware like PlugX and BadIIS, manipulating SEO rankings to drive traffic to malicious sites. Their activities span various industries and regions, posing significant risks to online reputations and financial stability.

INSIGHT: Again, implementing a patch management program (this time on your web apps) for your organizations can significantly reduce the risk of cyber-attacks like this.

INSIGHTS & EXPERT PERSPECTIVES

CRG Live Event - TOMORROW SEPTEMBER 17 2024

The Cyber Resilience Blueprint: Lessons Learned From The Patelco Attack

Join us for an insightful Cyber Risk Governance Live Event featuring Steve Walker - a distinguished expert in operational risk and financial IT regulatory compliance.

About the Speaker:

Steven-Paul Walker MBA, CISA, CGEIT, CICA brings over three decades of experience in bank supervision and emerging technology risk integration. As a former National Bank Examiner and Senior Payments Policy Analyst at the Office of the Comptroller of the Currency (OCC), Steve has been at the forefront of developing policy initiatives for innovative technologies within the financial services sector.

How We Met:

We initially connected with Steve Walker at a CRG LinkedIn Community Round Table discussion, where our Cyber Risk Governance goals piqued his interest. Steve’s extensive background in regulatory compliance and analytics makes him an ideal partner for addressing the complex balance between cost and operational needs in the banking sector. After several months of productive conversations, we solidified our collaboration over lunch near the White House. Steve graciously agreed to share his invaluable insights and decades of experience with our community members, particularly focusing on guidance for financial institutions subject to OCC compliance.

Event Overview:

In this live session, Steve will reference the recent Patelco Credit Union cyber attack, extracting crucial lessons to fortify your organization’s cyber resilience. Drawing from his extensive background in operational risk, internal controls, and payment system platforms, Steve will provide actionable insights for financial institutions of all sizes.

Key Topics:

• Unpacking the Patelco Attack:?A Detailed Summary of What We Know
• The Critical Role of Business Impact Analysis (BIA) in Cyber Resilience
• Elevating Your Security and Risk Assessment Strategies
• Aligning Cyber Resilience Efforts with FFIEC and OCC Guidelines
• Emerging Technologies:?Balancing Innovation and Risk in FinTech, AI, and Blockchain

Who Should Attend:

• C-suite executives in credit unions and other financial institutions
• IT and cybersecurity professionals
• Risk management and compliance officers
• FinTech innovators and entrepreneurs
• Regulators and policymakers

Don’t miss this opportunity to gain invaluable insights from a seasoned expert in financial technology risk management. Steve’s unique blend of regulatory knowledge and practical experience promises to deliver a session packed with actionable strategies to enhance your organization’s cyber resilience.

Register now to secure your spot in this exclusive LinkedIn Live Event!

RISK MANAGEMENT

Reduction - 20% of Ransomware Attacks in FinServ Target Banks

The latest research reveals that 20% of ransomware attacks in the financial services sector specifically target banking institutions. The report highlights the growing sophistication of cyber threats and the urgent need for robust security measures to protect against these evolving dangers.

Emerging technologies like deepfakes and cryptocurrencies are being exploited by cybercriminals, adding to the existing challenges of ransomware and phishing. The report underscores the need for adaptive and forward-thinking cyber risk strategies to combat these evolving threats.

Highlights:

• Emerging Threats: Deepfakes and cryptocurrencies are providing new avenues for cybercriminals to target financial institutions.
• Sophisticated Attacks: Cyberattacks are becoming more sophisticated, leveraging advanced technologies and techniques.
• Insider Threats: Organizations often overlook insider threats, which can bypass traditional security measures and pose significant risks.

INSIGHTS: The statistics are not surprising if you follow the sector or ransomware trends in general.? However, the report illustrates that there are 3 basic cyber hygiene layers that companies in and out of the sector can employ to reduce these threats.?However, it starts with a simple deployment - advanced email filtering and phishing detection.

What else can you do?

1. Phishing Detection: Since 49% of attacks against financial institutions originated from phishing, advanced email filtering systems can detect and block phishing emails before they reach employees. These systems use machine learning to identify suspicious patterns and malicious links.
2. Employee Training: The absolutely cheapest (less than a cup of coffee per employee each month) security defense you can put up.? Regular education about how to recognize phishing attempts can reduce the risk. Well-informed staff can avoid falling for phishing scams.
3. Multi-Factor Authentication (MFA): Implementing MFA adds an extra layer of security, making it harder for attackers to gain access even if they obtain login credentials through phishing.

If you combine the 3 measures above, and collectively inexpensive (or as we say LoCo as in Low Cost) any organization will significantly reduce the risk of ransomware attacks.

Netswitch Sharpen Your Cyber Edge with Netswitch

Master Compliance & Minimize Risks:

1. Independent Security Audit: Identify network risks with our automated Security And Risk Assessment (SARA). Get a clear picture, prioritize improvements, and optimize resource allocation. Contact Netswitch.
2. Free "Quick Start" Program: Gain a free cyber risk and governance health check. Enroll now and start building resilience.

Deepen Your Knowledge:

• Join Our LinkedIn Group: Collaborate with industry leaders in the CyberRisk Governance Community on LinkedIn. Share insights and stay ahead of the curve.
• Live Events: Participate in interactive LinkedIn Live sessions. Explore cyber risk topics with executives, technologists, and governance professionals.

Don't wait.

Contact Netswitch Technology Management today to take control of your cyber risk.

Disclaimer: The information and links provided in this newsletter are for informational purposes only. Netswitch does not warrant the accuracy or completeness of such information and is not liable for any damages arising from its use.