Cyber Risk Governance Insights | September 30, 2024
Netswitch, Inc.

Cyber Risk Governance Insights | September 30, 2024

WEEK IN HEADLINES

ISPs - US Provider Breaches Linked to Nation-State

Salt Typhoon, a China-linked advanced persistent threat (APT) group, breached U.S. ISPs by exploiting vulnerabilities in network infrastructure. The attackers used advanced anti-forensic and anti-analysis techniques, allowing them to remain undetected for extended periods. This breach posed significant risks, including potential data theft, malware distribution, and disruption of internet services.

INSIGHT:? If network segmentation (dividing a network into smaller, isolated segments to limit access and contain potential breaches) had been implemented, the attackers’ ability to move laterally within the network would have been restricted. This containment would have minimized the impact of the breach by isolating compromised segments, preventing the attackers from accessing sensitive data and critical systems across the entire network.

MALWARE - Sophisticated Variant Targets Global Organizations

The SnipBot malware variant, part of the RomCom family, was deployed by threat actors to compromise systems within global organizations. The malware utilized sophisticated evasion techniques, including obfuscation and anti-analysis methods, to avoid detection by traditional security tools. This allowed the attackers to maintain prolonged access to compromised networks, facilitating data theft and potential disruption of operations.

INSIGHT: If Endpoint Detection and Response (EDR) had been implemented, it would have identified the anomalous behaviors and indicators of compromise (IOCs) associated with these types of attacks and ID unusual process executions or network connections.

SOFTWARE - Platform Users Urged to Patch Immediately

TeamViewer has disclosed two critical vulnerabilities, that stem from improper verification of cryptographic signatures during the installation of VPN and printer drivers via the TeamViewer_service.exe component. Attackers with local unprivileged access can exploit these flaws to escalate their privileges and install malicious drivers, gaining complete control over the affected system.

INSIGHT: TeamViewer should also implement stricter code signing verification, if this had been in place earlier, installation processes would have rejected any drivers without a proper cryptographic signature. The measure would have prevented attackers from installing malicious drivers, as the system would not recognize or allow unsigned or improperly signed code.

LOGISTICS - Stealthy Phishing Attacks Target Firms

A sophisticated phishing campaign has targeted transportation and logistics companies in North America. The attackers used business email compromise (BEC) tactics to infiltrate email accounts and distribute malware through hijacked email threads, posing significant risks to operational security.

INSIGHT: Setting up advanced email security solutions, such as Secure Email Gateways (SEGs) and Advanced Threat Protection (ATP), would likely have detected and blocked phishing attempts and malicious attachments.

TRANSPORTATION - Cyberattack on Public Wi-Fi Displays Offensive Messages

An attack involved compromising the Wi-Fi landing pages at multiple United Kingdom train stations, allowing attackers to display offensive messages. This breach highlighted vulnerabilities in the public Wi-Fi infrastructure, particularly in how landing pages are managed and secured.

INSIGHT:? If Secure Wi-Fi Landing Page Management, including regular security audits, encryption, and strict access controls to prevent unauthorized modifications, had been in place, the attackers would have been unable to alter the landing pages to display offensive content.


INSIGHTS & EXPERT PERSPECTIVES

RISK MANAGEMENT - Reduction

Eliminate Ineffective Password Policies to Enhance Security

The National Institute of Standards and Technology (NIST) has proposed new guidelines to eliminate outdated and counterproductive password policies. These changes aim to improve cybersecurity by removing requirements for periodic password changes, specific character compositions, and security questions, which often undermine security rather than enhance it.

?Key Points

  • Periodic Password Changes: NIST recommends against mandatory periodic password changes, as they often lead to weaker passwords that are easier to remember but less secure.
  • Character Composition Rules: The guidelines advise against enforcing specific character composition rules, such as requiring a mix of uppercase, lowercase, numbers, and special characters, which can result in predictable patterns.
  • Security Questions: NIST suggests eliminating the use of security questions for password recovery, as they are often easily guessed or found through social engineering.

INSIGHT: Some security experts argue that periodic password changes and complex composition policies still have a role in high-security environments. Despite their drawbacks, these measures can add a layer of security, especially when combined with multi-factor authentication and regular security training.

However, in less complex environments, like SMBs, advanced password policies are generally discouraged due to user frustration and predictable patterns.

This is why a password manager is highly recommended for SMBs:

  • Generate Strong Passwords: Automatically create complex, unique passwords for each account.
  • Secure Storage: Store passwords securely, reducing the risk of them being forgotten or written down.
  • Ease of Use: Simplify the process of managing multiple passwords, improving overall security practices.

Avoid storing passwords in browsers. If an attacker gains access to the browser, they can potentially retrieve all stored passwords. Browsers also lack advanced security features like secure sharing, password auditing, and breach monitoring.


Netswitch Sharpen Your Cyber Edge with Netswitch

Master Compliance & Minimize Risks:

  1. Independent Security Audit: Identify network risks with our automated Security And Risk Assessment (SARA). Get a clear picture, prioritize improvements, and optimize resource allocation. Contact Netswitch.
  2. Free "Quick Start" Program: Gain a free cyber risk and governance health check. Enroll now and start building resilience.

Deepen Your Knowledge:

  • Join Our LinkedIn Group: Collaborate with industry leaders in the CyberRisk Governance Community on LinkedIn. Share insights and stay ahead of the curve.
  • Live Events: Participate in interactive LinkedIn Live sessions. Explore cyber risk topics with executives, technologists, and governance professionals.

Don't wait.

Contact Netswitch Technology Management today to take control of your cyber risk.


Disclaimer: The information and links provided in this newsletter are for informational purposes only. Netswitch does not warrant the accuracy or completeness of such information and is not liable for any damages arising from its use.


COREEN WRIGHT - MBA, MSL, CSM Cybersecurity - Information Technology

GRC | IAM|PAM|CSM, Program & Project Mgmt. |Cyber-Law | NIST, ISO, SOX, GDPR | Risk Mgmt. Audit & Compliance | CyberArk, SailPoint

1 个月

Wow! I am not surprised at all—this is one of my hot topic and exactly what I’ve been warning about for years. The vulnerabilities within many network infrastructure, especially in ISPs, have always been a prime targets for sophisticated groups like Salt Typhoon. The fact that they could remain undetected for so long using advanced anti-forensic techniques just highlights the urgent need for better security measures, especially at the hardware level. This kind of breach brings serious risks—data theft, malware, and potential disruption to critical internet services.

回复
COREEN WRIGHT - MBA, MSL, CSM Cybersecurity - Information Technology

GRC | IAM|PAM|CSM, Program & Project Mgmt. |Cyber-Law | NIST, ISO, SOX, GDPR | Risk Mgmt. Audit & Compliance | CyberArk, SailPoint

1 个月

Here are my top three recommendations: 1. Strengthen Infrastructure Security: It’s crucial for ISPs and other organizations to prioritize patching vulnerabilities in their network infrastructure and regularly conducting thorough security audits. 2. Implement Advanced Threat Detection: Traditional security tools aren’t enough. Leveraging AI-driven threat detection systems will help identify and stop these types of advanced attacks before they can do significant damage. 3. Enhance Incident Response Plans: Every organization should have a well-developed incident response strategy, ensuring quick, coordinated action to mitigate the impact of breaches when they occur.

回复

要查看或添加评论,请登录

社区洞察

其他会员也浏览了