Plaintext: We Need Transparency Around Cyberattacks

Welcome to Dark Reading in Plaintext, brought to your inbox this week by Deloitte . In this issue of Plaintext, we look at why reporting cyberattacks is so important, and why holding information back benefits the attackers. We also consider the prospect of a supply chain attack as a result of a ransomware attack against a hardware manufacturer. If you enjoy the Plaintext newsletter, please share with your friends!

Defenders Benefit When Victims Speak Out. An organization that has been the victim of an attack may be reluctant to report it because they don't want to deal with possible reputational damage and negative publicity if the attack becomes public knowledge. In actuality, transparency is a good thing . Open discussion means victims get access to support and advice, and other organizations can improve their awareness of the threat . Defenders can learn what clues to look for, how to shore up their defenses, and how to respond .

"Keeping your cyber incident a secret doesn't help anyone except the criminals," Eleanor Fairford, deputy director of incident management at the United Kingdom National Cyber Security Centre (NCSC), and Mihaela Jembei, director of regulatory cyber at the UK Information Commissioner's Office, wrote in a joint article this week . Fairford and Jembei addressed six common misconceptions that may lead to organizations avoid reporting an attack, such as hoping that paying off the attackers (as in an ransomware attack, for example) may be enough to make them go away. They may also think that they don't have to say anything if they haven't uncovered evidence of a data breach because existing regulations focus only on exposed consumer data.

There are many regulations and laws requiring organizations to report data breaches, but in a recent Bitdefender survey , 42% of the more than 400 IT and security professionals surveyed — and 71% of those in the United States — said they were instructed to keep a data breach confidential . Keeping quiet about breaches is not new. A similar survey in 2018 found that?84% of cybersecurity professionals ?expected timely notification of a breach, but only 37% of the same group emphasized speed when it came to notifying their own customers of a breach.

BROUGHT TO YOU By Deloitte

Move Forward Fast

“But we are increasingly concerned about what happens behind the scenes of the attacks we don’t hear about, particularly the ransomware ones. They are the attacks that aren’t reported to us and pass quietly by, pushed to one side, the ransoms paid to make them go away. And if attacks are covered up, the criminals enjoy greater success, and more attacks take place. We know how damaging this is.” (UK NCSC’s Eleanor Fairford and UK ICO’s Mihaela Jembei)

Supply Chain Attack Targeting MSI Firmware? A ransomware attack against hardware manufacturer Micro-Star International (MSI) may have exposed private encryption keys used to sign MSI firmware updates and the keys for the Intel BootGuard firmware-verification technology. Binarly researchers discovered the private firmware signing keys for 57 separate MSI products and Intel BootGuard keys for 116 products. These keys, if in the wrong hands, could be used to sign malicious software to make it seem as if they are legitimate MSI firmware updates. ?This kind of supply chain attack could cause widespread damage as users will not realize they are installing malicious code on their machines. Consider what happened when attackers compromised the software build and distribution for SolarWinds and distributed malicious software – more than 18,000 customers are believed to have been infected. More recently, telephony company 3CX disclosed a breach of its build system, which was the result of a supply chain attack on a financial trading program used by 3CX and made by Trading Technologies. While there are no reports of a supply chain attack targeting MSI customers at the moment, addressing this leak would be a challenge because MSI doesn’t have an automated firmware update mechanism or a key revocation process.

What We Are Reading

• Retired hardware and forgotten cloud virtual machines are a trove of insecure confidential data. Making Sure Lost Data Stays Lost
• At Hack the Capitol this week, US Transportation Security Agency (TSA) administrator reflects on how the Colonial Pipeline incident moved the needle in public-private cooperation and improved cybersecurity response.
• Varun Badhwar, founder of Endor Labs, discusses innovation and how to find the “next big thing” in cybersecurity .
• Vendors and operators are focused on power in high-performance computing, making security a second-class citizen .

What We Heard On-Air

?Tune in to our on-demand webinar?“How Supply Chain Attacks Work " for insights and recommendations for harnessing user and machine identities in the cloud and among hybrid environments.

"I can't stress this enough — all security starts with knowing what you have." (Jeffrey Martin, VP of product management, Mend)

From Our Library

Check out some of the latest reports from our?Dark Reading Library .

• [From Deloitte] To stay ahead of cybersecurity threats
• Tech Insights?Successfully Managing Identity in Modern Cloud and Hybrid Environments
• Dark Reading Research:?How Enterprises Plan to Address Endpoint Security Threats in a Post-Pandemic World

On That Note

• Have you submitted your cybersecurity caption for the this month's Edge Cartoon Contest yet? There are four ways to send us your submission for a chance to win a $25 gift card: via Twitter ,?Facebook , LinkedIn , or email [email protected]?with the subject line "The Edge May 2023 Toon." Contest ends May 26!