FDIC cyber risk improvements, high-risk containers, record crypto hacks
Watchdog calls for improved bank cyber testing
The FDIC’s Office of Inspector General issued a report, spelling out major deficits in the agency’s InTREx program, which looks at IT and cyber risk at banks. And the OIG found some of this due to information used in InTREx outdated. In other cases, agency staff did not complete some tests. The report also found FDIC staff not up to date on the latest cyber threats and lacked sufficient training. The OIG issued 19 steps needed to improve the situation. The FDIC said it will carry out 14 of these by the end of 2023.?
Containers hold high-risk vulnerabilities
Researchers at Sysdig looked into the security of container images, finding that 87% analyzed included high or critical vulnerabilities. Overall these containers don’t hold a threat surface for very long, with 72% lasting less than five minutes. But these containers often have a lot of infrastructure access, with 90% of all granted permissions connected to unused containers. And Sysdig also found evidence of overall container inefficiency. 59% of containers it looked at defined no CPU limits, and 69% of all requested CPU resources remained unused on average. It found overall container adoption maturing, but that misconfigurations and active vulnerabilities remained a challenge for organizations.
2022 set a record for crypto hacks
A new report from Chainalysis detailed the scope of cyberattacks on the cryptocurrency industry. It found overall that the value hacked hit $3.8 billion in the year, up 15% from last year. Attack volume varied throughout the year. October proved the single biggest month ever for cryptocurrency hacks, with $775.7 million stolen in 32 attacks. In the year, DeFi protocols accounts for 82% of all stolen cryptocurrency. Within that category, 64% of stolen funds came from cross-chain bridge protocols. Chainalysis estimates North Korean-backed attackers stole $1.65 billion in cryptocurrency, shattering the previous 2018 record of $522.3 million.
DDoS attacks on the rise
According to a report from the Financial Services Information Sharing and Analysis Center, distributed denial-of-service attacks targeting the global financial sector increased 22% on the year in 2022 as of November. Europe experienced a more troubling rise, up 73%. The report cited political aims as a reason for the increase, with threat groups operating DDoS campaigns as a result of situations in Ukraine, China, and Taiwan. FS-ISAC specifically cited the work of the Russian-linked KillNet threat group, which operated DDoS campaigns targeting several European countries over the last year.?
领英推荐
And now a word from our sponsor, Hunters
Eufy cleans up its encryption
OVer the past few months, the Verge disclosed security findings on Eufy security cameras. It found the cameras sent images to cloud servers and streamed unencrypted video feeds. Eufy claimed it kept all data locally. In a response to inquiries from the outlet, Anker confirmed the its findings that Eufy security cameras produced unencrypted video streams for the service’s web portal. Anker said all video streams to the web portal are now end-to-end encrypted, and it is in the process of updating all Eufy cameras to use WebRTC, which is encrypted by default. It also said it will create an official bug bounty program for Eufy and bring in outside security auditors.?
Cisco industrial gear hit with command-injection bug
Researchers at Trellix disclosed two vulnerabilities in Cisco networking gear. One bug allowed for remote code execution, but the code was pre-production, limiting the risk of exploitation. The other was a command-injection vulnerability that could allow for root-level access and remote code execution with persistence when rebooting or updating the device. This flaw impacted networking devices used at industrial sites and critical infrastructure, including some industrial gateways and routers, access points, and ISRs. Trellix noted that Cisco’s shift to adding more compute capacity to networking equipment, enabling running containers and virtual machines, opened the door to vulnerabilities in their advanced application hosting environment.?
CISA hopes to help K-12 cyber security
Last week the Cybersecurity and Infrastructure Security Agency released recommendations and toolkit to help K-12 school districts address the rise in cybersecurity attacks against these institutions. CISA estimates that K-12 cyber incidents increased four-fold from 2018 to 2021. This comes as two school districts in the US, in Tucson, Arizona and Nantucket, Massachusetts, both experienced cyber attacks in early 2023. The latter of the two was forced to cancel classes two days this week as a result.?
DDoS-as-a-Service a “Passion” project for pro-Russian actors
The security firm Radware discovered a DDoS-as-a-Service platform named Passion, used by pro-Russian actors to target medical organizations in Western countries. The DDoS network was used on January 27th in seeming retaliation against several countries for sending tanks and other support to Ukraine. Radware reports the Passion platform shows ties with other Russian threat groups. Passion appears to be a relatively new operator, first promoting services in January 2023.?