Cybersecurity Chronicles | November 6, 2023

Week in Headlines

GOVERNMENT - Election Integrity at Risk, Voter Data Exposed

A concerning security breach has occurred, as hackers are suspected to have gained access to the entire voter roll in Washington, D.C. This breach raises significant concerns about the security of voter information and election integrity, prompting investigations and calls for enhanced cybersecurity measures to protect sensitive electoral data.?

MANUFACTURING - Ransom Negotiations Fail - 35TB at Risk

Henry Schein, (NASDAQ: HSIC) a major global distributor of healthcare products, is undergoing what appears to be intense negotiations after being breached by the ALPHV/BlackCat ransom group in October. The gang says it will begin publishing portions of its trove by Friday.

JUDICIARY - Courts Paralyzed in Weeks-Long Computer Outage

Kansas' electronic court records have been severely affected by a security incident in mid-October. Various systems, including case files and marriage licenses, are disrupted. While Johnson County remains unaffected, the statewide court computer system is offline with no clear timeline for recovery.

FINANCIAL SERVICES - Cyber Attack Blocks Access for Lender

Major U.S. mortgage lender Mr. Cooper (NASDAQ: COOP) experienced a significant cyberattack, resulting in the temporary shutdown of crucial systems. This incident, which was disclosed on October 31, left customers unable to make mortgage and loan payments. As of November 3, the systems remain locked down, and efforts to resolve the issue are ongoing.

MEDIA - Product Review Site Bricked Due to Hacking

A popular Lego marketplace might have been hacked. Bricklink is currently under maintenance, and Jay’s Brick Blog reports that it may be because of a suspected hacking or cybersecurity incident.

UNIONS - Airlines Pilots Downed by Ransomware

The American Airlines pilot union is working to recover from a ransomware attack that affected their systems and encrypted some data, including member data.

HEALTHCARE - Health Network Hit by Ransom Attack

Summit Health, (NASDAQ: SMIHW) a U.S. healthcare network, has reportedly been targeted by LockBit 3.0. The ransomware group has threatened to publish sensitive data unless negotiations begin by November 8.

Join The CyberRisk Governance Group

Consider joining your risk professional peers in the fast-growing LinkedIn group specifically about CyberRisk Governance.

This curated group aims to help technologists, risk & compliance managers, and business leaders better understand and manage their CyberRisk.

Would you like to join us?

Here's the link: https://www.dhirubhai.net/groups/13991569

Insights & Expert Perspectives

SEC Cracks Down on Cybersecurity Violations - Are You Next?

The SEC (Security Exchange Commission) has recently issued a new cyber rule that could affect your business and expose you to serious legal risks. The rule requires companies to disclose any material cybersecurity risks or incidents that could impact their operations, financial condition, or reputation. Failure to comply could result in hefty fines, lawsuits, or even criminal charges.

But how do you know if your company is at risk?

How do you comply with the SEC’s cyber rule and avoid becoming a target of enforcement actions?

And what are the best practices to protect your company from cyber threats and mitigate potential damages?

To answer these questions and more, watch this previously recorded LinkedIn Live Event featuring J.P. Wilson, CEO of GCRA Corp, a boutique cyber risk management firm, and former staff attorney for the SEC division of enforcement. JP will share his insights and expertise on the SEC’s cyber rule, its background and implications, and how to prepare for it. He will also reveal the common mistakes and pitfalls that companies make when dealing with cybersecurity issues, and how to avoid them.

Watch Here - https://www.youtube.com/watch?v=Yd2ePhnoCNE&ab_channel=NetswitchInc

MANAGEMENT - Sad List of Passwords Used by IT Administrators

A recent study by cybersecurity researchers has unveiled a shocking finding: among more than 1.8 million admin portals analyzed, "admin" was the most commonly used password, posing a significant security risk. Default passwords and easily guessable options like "123456" were also prevalent. The research highlights the grave danger posed by organized cybercriminal groups targeting privileged users.

?INSIGHTS: The wide use of of weak passwords among IT administrators is concerning but can be attributed to several factors including laziness and convenience, a lack of awareness, legacy systems, human error, and organizational password culture.

In some organizations, a lax or inadequate approach to information security contributes to the use of weak passwords or allows the use of the same passwords across multiple accounts, and it's more likely that weak passwords will be used in one or more places.? Employees in general, and not only IT administrators, make mistakes. They may inadvertently use weak passwords due to oversight or lack of security awareness, or they might underestimate the risk of a security breach.?

Simple steps you can take to improve your cyber risk posture are what we call loco/noco - low cost or no cost.??

1. Create a Password Policy - Require complex, unique passwords for admin accounts, with a mix of characters, and enforce regular password updates. Educate users against password reuse.
2. Implement Two Factor Authentication (2FA) - All Admin Accounts should have this, and if you're interested in securing your company, all users should require it.
3. Measure and Monitor - Invest in advanced security solutions that can detect device or user abnormal behavior, helping to identify potential breaches before they escalate.?
4. Security Awareness Education - Provide training for all employees, based on roles and responsibilities, to raise awareness about the risks associated with their work.

CYBER HYGIENE - New Intricate Malware and Steps to Prevent It

StripedFly is a complex and long-undetected (5 years) malware infecting a million devices worldwide. It's a modular framework targeting Linux and Windows, using the EternalBlue exploit. StripedFly is highly sophisticated, with an unknown purpose. The article emphasizes the need for proactive cybersecurity measures in organizations.

INSIGHTS: With the use of EternalBlue, identification of the StripedFly should have been faster because it exploits that known vulnerability. Most basic cybersecurity measures and solutions often look for signs of such.? However, the security team described it as an intricate modular framework supporting both Linux and Windows, and because it employs various techniques and capabilities it is a multifaceted threat and complex and likely from a sophisticated APT Group, but the origin remains unclear.

Could companies have detected this sooner or even prevented it? We believe so.

Several low-cost or even no-cost measures could have been implemented.?

1. Patch Management Program: Regularly patching systems can prevent known vulnerabilities from being exploited.

2. Security Awareness and Education: Training all staff on basic cybersecurity measures can help identify threats early.

3. Data Segmentation and Backups: Segregating and backing up critical data can prevent widespread damage.

For those capable of investing a bit more, there are advanced measures that have proven effective in managing cyber risks.

1. Behavioral Analytics: Monitoring user and device behavior can help detect anomalies and potential threats.

2. Endpoint Security: Protecting network endpoints can prevent unauthorized access and detect malicious codes.

3. Regular Security and Risk Assessments: Regular vulnerability assessments and penetration testing can help identify potential weaknesses.

These advanced solutions often include automation capabilities, reducing resource inefficiencies, and maximizing the efforts of your IT staff. We have been facilitating our clients' efforts and have delivered an 80+% improvement in Mean Time To Detection (MTTD) and Resolution (MTTR) for them across various verticals.

By implementing measures aligning with your resources, you can enhance your company's cyber risk posture, improve your resilience, and better protect your digital assets.

Elevate Your Cyber Risk Cognizance

Get a Fast and Comprehensive Risk Assessment

Our fully automated Security And Risk Assessment (SARA) performs as an auditor to provide an unbiased audit of your technical and risk controls.

• Identify Gaps
• Reorient Resources
• Prioritized For Network

Contact Netswitch for more info.

Attend a LinkedIn Live Event

We host regular LinkedIn Live Events to provide insights to elevate your cognizance.

We intend to facilitate communication and collaboration among stakeholders - Business Executives, Technologists, and Governors – to achieve alignment of technical controls to meet GRC objectives and improve processes to meet both.

Keep up to date about future events by following Netswitch.

https://www.dhirubhai.net/company/netswitch-technology-management/events/

Signup for Our "Quick Start" Pilot Program

• Reduce Control Misalignment
• Meet GRC Requirements
• Improve Cyber Resilience

Know your risk level in cybersecurity and governance at NO COST.

To find out more contact Netswitch on LinkedIn for more info. and we'll get a Demo Scheduled

DISCLAIMER: Any articles, information, or links are provided by Netswitch for reference only. While we strive to keep the information and links correct and safe, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability, or availability with respect to the website or the information, articles, or related graphics contained on the destination website. Any reliance you place on such information is therefore strictly at your own risk.