Cybersecurity Chronicles | November 13, 2023
Netswitch Technology Management
Gartner "Pioneer" in Managed Detection and Resolution Cybersecurity with our Prevention to Recovery? Proven Process
WEEK IN HEADLINES
HEALTHCARE - Orgs Breached Via Remote Access Solution
Hackers are targeting U.S. healthcare organizations using the ScreenConnect remote access tool, focusing on instances linked to Transaction Data Systems (TDS). The attacks, occurring between October 28 and November 8, 2023, involve similar tactics and payload downloads. Compromised endpoints, using Windows Server 2019, belong to pharmaceutical and healthcare organizations.
NATION STATE - NSA Call Out Hackers’ as Stealthy & "off-limits"
Chinese hackers are deploying advanced malware in U.S. infrastructure, utilizing previously unknown vulnerabilities. The NSA warns of China's long-term goal to infiltrate critical networks. Hackers use techniques like "living off the land" to avoid detection. Traditional indicators of compromise are challenging to provide, and Chinese hackers show persistence.
GOVERNMENT - Entire State's Pop Had Its Data Stolen
Maine suffered a major data breach affecting 1.3 million residents due to a vulnerability in the MOVEit file transfer tool. The breach exposed sensitive personal data, and although access was promptly shut off, the ransomware group Clop, suspected to be responsible, has not released the stolen information.
AEROSPACE - Boeing Data Published by Hacking Gang
Boeing (NYSE: BA ), a major defense and aerospace contractor, has fallen victim to a cyberattack by the Lockbit ransomware gang. The hackers had threatened to release sensitive data unless a ransom was paid, and now internal Boeing data has surfaced online. Boeing confirmed the incident, emphasizing that aircraft and flight safety are not compromised.
FINANCIAL SERVICES - World’s Largest Bank Hit By Ransomware
The Industrial & Commercial Bank of China (ICBC) is suspected to have fallen victim to a ransomware attack orchestrated by the Lockbit hacking group. The attack on ICBC's US unit has led to disruptions in the US Treasury market, causing some transactions to fail and traders to reroute deals.
TRANSPORTATION - Ransom Paid, but Data Released Anyway
Dolly.com , an on-demand moving and delivery platform, allegedly paid the attackers to prevent the publication of stolen customer data, but the attackers complained that the payment was insufficient and proceeded to share the stolen data, including high-level account details, credit card information, customer addresses, names, registration dates, user emails, and system data.?
GOOD NEWS - Ransomed.vc no more!
The Ransomed.vc ransomware gang, recognized for targeting the likes of Sony, the Hawaii state government, and a supplier to Colonial Pipeline, asserts it shut down following the arrest of six affiliates. The group surfaced in August and initially threatened victims with potential European data breach fines. The hackers purportedly sought to sell the entire operation for approximately $10 million. In Telegram messages that were later deleted, the individual attributed the shutdown to the arrests, expressing concern for the lives of the apprehended affiliates.
NATIONAL SECURITY - Gov't Proposes Cyber Check by Auditors
China's finance ministry is proposing new cybersecurity measures for auditors, particularly in cases related to national security. The draft rules, open for public consultation until December 11, highlight the chief partner's responsibility for data security in auditing firms engaged in domestic or cross-border work. This move follows China's ongoing efforts to increase scrutiny on auditors, emphasizing information security checks for state-owned and listed companies.
Join The CyberRisk Governance Group
Ready to enhance your cyber risk management strategies?
Consider joining this exclusive LinkedIn group tailored for executives desiring to gain insights about cyber risks.
The CyberRisk Governance Group is designed for leaders like you — offering a collaborative space where technology experts, risk and compliance managers, and business leaders come together to enhance their understanding and management of CyberRisk.
By joining, you'll gain valuable insights and knowledge from peers in your industry. This group provides a unique opportunity to stay informed about the latest developments in cyber risk governance, ensuring you're well-prepared for the challenges of evolving laws and regulations.
Join us and be part of a community that empowers leaders like you to navigate the complexities of the cyber landscape.
Your participation in the CyberRisk Governance Group will not only deepen your understanding but also position you at the forefront of compliance.
Are you ready to join us?
Here's the link: https://www.dhirubhai.net/groups/13991569
INSIGHTS & EXPERT PERSPECTIVES
GOVERNANCE - No Ransom Payments
The third annual International Counter-Ransomware Initiative (CRI) summit has proposed a pledge to stop ransom payments to cyber criminals. The pledge is awaiting consensus from all 48 CRI members, including governments, their agencies, and departments. There are three main themes for the CRI Summit pledge:?
The pledge is expected to be finalized during the week of the annual meeting. The European Union and Interpol are known to be signing the joint policy statement. The initiative aims to curb the rise in ransomware attacks, which have grown significantly since 2022.
?INSIGHTS: Each organization must ultimately determine its own risk appetite.? It is best to discuss what the organization is prepared to do when the cyber incident affects them.? Make the decision a part of the Incident Response Plan so decisions are not being made while the house is on fire.
The current position of the US Department of Justice and the Federal Bureau of Investigation considers companies that experience cyber incidents as victims.? However, considering the growing federal oversight for proactive cyber risk management and the growing number of laws related to data protection requirements, we expect this perspective to be shifting and some level of victim blaming will start to occur.
We have also seen that even when ransom is paid, data is released (see Dolly.com ).? Reports indicate that <65% of data is recovered by those who pay, and 1/3 of those took more than a month to get their data back.? Just like Crime, Ransom Payments don't Pay.
As a leader in your organization, consider these in your cyber risk planning.
领英推荐
LinkedIn LIVE - Financial Institutions Cybersecurity and Data Privacy Requirements
If you're a risk and compliance pro, this is a must-watch conversation with John Levonick , a seasoned professional with over 20 years of experience in financial services, regulatory compliance, and technology.
Better understand the dynamic future of financial services regulatory compliance and learn more about:
These insights highlight the dynamic nature of the fintech industry and the growing importance of cybersecurity in financial institutions.
SECOPS - The New 80/20 Rule
The report discusses the importance of automation and customization in Security Operations Center (SOC) workflows to increase efficiency and reduce burnout of your staff.?
SOC teams spend about a third of their day on events that don’t pose any threat to their organization, which has accelerated the adoption of automated solutions. These solutions can cover about 80% of threats, which are common across most organizations. However, automation cannot cover all detection and response use cases infallibly.
Automation can free up valuable time for security teams, so they can spend the majority of their time on use cases unique to their organization. The four key phases where automation is being implemented are: Data Ingestion and Normalization, Detection, Investigation, and Response.
The Autonomous Security Operations Center (SOC), “the SOC will not—and should not—be fully autonomous.” There is an increasing demand for solutions that offer automation and customization capabilities to cover bespoke use cases - the remaining 20%.
INSIGHTS: We often speak of automation in security operations (SecOps).? Automation is too good anymore for organizations to not take advantage of it.? The risks are too high, attacks too swift and frequent, and staff skills are too lean - as are the security budgets.? Automation will help.
If you want to know if you're effectively using automation, or if you need to add it, but want to know where to start, try these three things.?
Check your advanced vendor offerings that implement automation across various stages of the SOC workflow.?
Identify your organization’s unique security use cases that cannot be covered by automation.
Then consider investing in customization services and capabilities to address these.? Regularly review and update your SOC workflows to check if they keep pace with your evolving risk posture. This includes updating automated processes and revising customization as your needs change.
And remember - Your SOC should not be fully autonomous. A balance is important for effective cyber risk management.
Humans are still your smartest asset.
Ways We Can Help You Elevate Your Cyber Risk Cognizance
Get a Fast and Comprehensive Risk Assessment
Our fully automated Security And Risk Assessment (SARA) performs as an auditor to provide an unbiased audit of your technical and risk controls.
Contact Netswitch for more info.
Attend a LinkedIn Live Event
We host regular LinkedIn Live Events to provide insights to elevate your cognizance.
Our intent is to facilitate communication and collaboration among stakeholders - Business Executives, Technologists, and Governors – to achieve alignment of technical controls to meet GRC objectives and improve processes to meet both.
Keep up to date about future events by following Netswitch.
Signup for Our "Quick Start" Pilot Program?
Know your risk level in cybersecurity and governance at NO COST.
To find out more just contact Netswitch on LinkedIn for more info. and we'll get a Demo Scheduled
Join Our CyberRisk Governance Group
Consider joining risk professional peers in the fast-growing LinkedIn group specifically about CyberRisk Governance.
The aim of the group is to help technologists, risk & compliance managers, and business leaders better manage their CyberRisk.?
Would you like to join us?
Here's the link:?https://www.dhirubhai.net/groups/13991569
DISCLAIMER: Any articles, information, or links are provided by Netswitch for reference only. While we strive to keep the information and links correct and safe, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability, or availability with respect to the website or the information, articles, or related graphics contained on the destination website. Any reliance you place on such information is therefore strictly at your own risk.