Cyber Risk Governance Insights | September 30, 2024
WEEK IN HEADLINES
ISPs - US Provider Breaches Linked to Nation-State
Salt Typhoon, a China-linked advanced persistent threat (APT) group, breached U.S. ISPs by exploiting vulnerabilities in network infrastructure. The attackers used advanced anti-forensic and anti-analysis techniques, allowing them to remain undetected for extended periods. This breach posed significant risks, including potential data theft, malware distribution, and disruption of internet services.
INSIGHT:? If network segmentation (dividing a network into smaller, isolated segments to limit access and contain potential breaches) had been implemented, the attackers’ ability to move laterally within the network would have been restricted. This containment would have minimized the impact of the breach by isolating compromised segments, preventing the attackers from accessing sensitive data and critical systems across the entire network.
MALWARE - Sophisticated Variant Targets Global Organizations
The SnipBot malware variant, part of the RomCom family, was deployed by threat actors to compromise systems within global organizations. The malware utilized sophisticated evasion techniques, including obfuscation and anti-analysis methods, to avoid detection by traditional security tools. This allowed the attackers to maintain prolonged access to compromised networks, facilitating data theft and potential disruption of operations.
INSIGHT: If Endpoint Detection and Response (EDR) had been implemented, it would have identified the anomalous behaviors and indicators of compromise (IOCs) associated with these types of attacks and ID unusual process executions or network connections.
SOFTWARE - Platform Users Urged to Patch Immediately
TeamViewer has disclosed two critical vulnerabilities, that stem from improper verification of cryptographic signatures during the installation of VPN and printer drivers via the TeamViewer_service.exe component. Attackers with local unprivileged access can exploit these flaws to escalate their privileges and install malicious drivers, gaining complete control over the affected system.
INSIGHT: TeamViewer should also implement stricter code signing verification, if this had been in place earlier, installation processes would have rejected any drivers without a proper cryptographic signature. The measure would have prevented attackers from installing malicious drivers, as the system would not recognize or allow unsigned or improperly signed code.
LOGISTICS - Stealthy Phishing Attacks Target Firms
A sophisticated phishing campaign has targeted transportation and logistics companies in North America. The attackers used business email compromise (BEC) tactics to infiltrate email accounts and distribute malware through hijacked email threads, posing significant risks to operational security.
INSIGHT: Setting up advanced email security solutions, such as Secure Email Gateways (SEGs) and Advanced Threat Protection (ATP), would likely have detected and blocked phishing attempts and malicious attachments.
TRANSPORTATION - Cyberattack on Public Wi-Fi Displays Offensive Messages
An attack involved compromising the Wi-Fi landing pages at multiple United Kingdom train stations, allowing attackers to display offensive messages. This breach highlighted vulnerabilities in the public Wi-Fi infrastructure, particularly in how landing pages are managed and secured.
INSIGHT:? If Secure Wi-Fi Landing Page Management, including regular security audits, encryption, and strict access controls to prevent unauthorized modifications, had been in place, the attackers would have been unable to alter the landing pages to display offensive content.
INSIGHTS & EXPERT PERSPECTIVES
RISK MANAGEMENT - Reduction
领英推荐
Eliminate Ineffective Password Policies to Enhance Security
The National Institute of Standards and Technology (NIST) has proposed new guidelines to eliminate outdated and counterproductive password policies. These changes aim to improve cybersecurity by removing requirements for periodic password changes, specific character compositions, and security questions, which often undermine security rather than enhance it.
?Key Points
INSIGHT: Some security experts argue that periodic password changes and complex composition policies still have a role in high-security environments. Despite their drawbacks, these measures can add a layer of security, especially when combined with multi-factor authentication and regular security training.
However, in less complex environments, like SMBs, advanced password policies are generally discouraged due to user frustration and predictable patterns.
This is why a password manager is highly recommended for SMBs:
Avoid storing passwords in browsers. If an attacker gains access to the browser, they can potentially retrieve all stored passwords. Browsers also lack advanced security features like secure sharing, password auditing, and breach monitoring.
Netswitch Sharpen Your Cyber Edge with Netswitch
Master Compliance & Minimize Risks:
Deepen Your Knowledge:
Don't wait.
Contact Netswitch Technology Management today to take control of your cyber risk.
Disclaimer: The information and links provided in this newsletter are for informational purposes only. Netswitch does not warrant the accuracy or completeness of such information and is not liable for any damages arising from its use.
GRC | IAM|PAM|CSM, Program & Project Mgmt. |Cyber-Law | NIST, ISO, SOX, GDPR | Risk Mgmt. Audit & Compliance | CyberArk, SailPoint
1 个月Wow! I am not surprised at all—this is one of my hot topic and exactly what I’ve been warning about for years. The vulnerabilities within many network infrastructure, especially in ISPs, have always been a prime targets for sophisticated groups like Salt Typhoon. The fact that they could remain undetected for so long using advanced anti-forensic techniques just highlights the urgent need for better security measures, especially at the hardware level. This kind of breach brings serious risks—data theft, malware, and potential disruption to critical internet services.
GRC | IAM|PAM|CSM, Program & Project Mgmt. |Cyber-Law | NIST, ISO, SOX, GDPR | Risk Mgmt. Audit & Compliance | CyberArk, SailPoint
1 个月Here are my top three recommendations: 1. Strengthen Infrastructure Security: It’s crucial for ISPs and other organizations to prioritize patching vulnerabilities in their network infrastructure and regularly conducting thorough security audits. 2. Implement Advanced Threat Detection: Traditional security tools aren’t enough. Leveraging AI-driven threat detection systems will help identify and stop these types of advanced attacks before they can do significant damage. 3. Enhance Incident Response Plans: Every organization should have a well-developed incident response strategy, ensuring quick, coordinated action to mitigate the impact of breaches when they occur.