FCC PROPOSES UPDATED DATA BREACH REPORTING TO ADDRESS SECURITY BREACHES IN TELECOM INDUSTRY
The Federal Communications Commission launched a proceeding to strengthen the Commission’s rules for notifying customers and federal law enforcement of breaches of customer proprietary network information (CPNI). The changes in the law enforcement would mean fresh look at the data breach reporting rules to better protect consumers, increase security, and reduce the impact of future breaches. The Commission is aligning these regulatory rules with the federal and state data breach laws covering other sectors.
CMS cyber chief puts focus on ‘soft skills’ in the cybersecurity field | Federal News Network
In summary, the article is about soft skills needed in the field of cybersecurity. Soft skills are for example, good communication, working collaboratively in teams, and building relationships. It’s discussed in the article how the reputation of cyber security professionals is that they have the hard skills, the technical skills to perform their cyber position, but they lack the soft skills. The reason the soft skills are important for cyber professionals to have is because they will need to be able to effectively communicate with other departments. This will become more prevalent as the SEC reporting requirements moves to incorporate cyber regulations. When the incorporation happens, the cyber department will need to be able to work with and communicate with internal auditors, external auditors, and board of directors.
In the article, Robert Woods, the CISO at the Centers for Medicare and Medicaid Services, along with a colleague are publishing guidance through “Soft Side of Cyber” initiative and launched the website in December.
Zacks Investment Research data breach affects 820,000 clients
The company Zacks Investment Research (Zacks) was infiltrated by hackers last year, allowing them access to 820,000 clients’ sensitive and personal data.
The 1978-founded business uses cutting-edge financial data analytics systems to assist stock buyers.
Zacks learned that some client details had been accessed without permission at the end of the previous year. A threat actor entered the network somewhere between November 2021 and August 2022, according to an internal examination into the incident.
On a hacking forum, threat actors revealed the location of over 400GB of sensitive data stolen from the CRM platform’s servers. Files from large restaurant clients, promo codes, payment reports, and API keys were among the data. However, it appears that the compromised servers did not store any customer payment information.
New Mimic ransomware abuses ‘Everything’ Windows search tool
Security researchers discovered a new ransomware strain they named Mimic that leverages the APIs of the ‘Everything’ file search tool for Windows to look for files targeted for encryption. Mimic ransomware attacks begin with the victim receiving an executable, presumably via email, which extracts four files on the target system, including the main payload, ancillary files, and tools to disable Windows Defender.
It kills processes and services aiming to disable system’s protections and then encrypts the files. Files encrypted by Mimic get the “.QUIETPLACE” extension. A ransom note is also dropped, informing of the attacker’s demands and how the data can be recovered after by paying a ransom in Bitcoin.
OpenEMR, an open-source program for managing medical practices and electronic health data, has been found to contain three distinct vulnerabilities.
On Wednesday, clean code specialists at Sonar released a warning regarding the security holes found by Dennis Brinkrolf.
“We uncovered many code vulnerabilities in OpenEMR during our security analysis of popular online applications,” Brinkrolf noted.
“A combination of these flaws enables remote attackers to steal sensitive patient data from any OpenEMR server and execute arbitrary system instructions. They may, in the worst instance, damage the entire essential infrastructure.
The company’s static application security testing (SAST) engine found that when two of these three vulnerabilities were coupled, they may result in unauthenticated remote code execution, according to the security expert (RCE).
The websites of German airports, public administration bodies and financial sector organizations have been hit by cyberattacks instigated by a Russian “hacker group” called Killnet took responsibility for the attack. The attackers used a distributed denial-of-service (DDoS) attack which is designed to overwhelm the target with a flood of internet traffic, preventing the system from functioning normally. However, the attack was largely repelled with no serious impacts.
A Change in Mindset: From a Threat-based to Risk-based Approach to Security
A threat-based approach to security often focuses on a checklist to meet industry requirements but overlooked the key component of security: reducing risk.
As cybersecurity professionals, we constantly find ourselves fighting an uphill battle. The growth of cloud computing, remote employees, and Software-as-a-Service applications continues to expand the attack surface, providing bad actors with increasing opportunities. Malicious hackers have the advantage of surprise that will only grow as networks become more complex.
The threat landscape continues to expand, and security teams must change their approach from a threat-based to a risk-based mindset. This is a substantial change in how to approach security, moving away from a structure based on compliance and regulations to one that looks to reduce overall risk.
As technology leaders pivot to ask themselves, “what’s the worst thing that could happen,” the answers to that question can help guide a risk-based approach as it highlights the worst-case scenario and what it would take to recover.
Since June 2021, the Hive ransomware group attacked more than 1,500 victims around the world and received over $100 million in ransom payments. The ransomware is delivered in a ransomware-as-a-service (RaaS) model and is commonly used to target organizations in the healthcare industry as well as other critical infrastructures. The Hive branch gained initial access to the targets network through a variety of methods, including single-factor login to remote network connection protocols via Remote Desktop Protocol (RDP), Virtual Private Networks (VPNs), and other methods; exploiting the FortiToken vulnerability; and sending phishing emails with malicious attachments. The Hive ransomware operation has been shut down as part of a major law enforcement operation involving agencies in many different countries. In addition to confiscating the domain names associated with the Hive-compromised website, law enforcement has shut down servers used by cybercriminals to store the data. The shutdown of Hive is a significant development in the ongoing fight against ransomware and cybercrime. It demonstrates the capabilities of law enforcement and the importance of international cooperation in the pursuit of cybercriminals.
A Honeypot is a security tool that creates a fake target to attract attackers. It’s a purposely vulnerable computer system that permits attackers to take advantage of its weaknesses.
Types:
1. Pure honeypots: Secures full production system, simple approach.
2. Low-interaction honeypots: Imitates services/systems, attracting malicious actors. Honeypot gathers data from unsuspecting attackers, e.g., worms, malware, botnets.
3. High-interaction honeypots: Complex setup mimicking real infrastructure. They do not restrict the activity level, which provides extensive cybersecurity. Requires high maintenance and tech expertise, incl. virtual machines. This protects real system from attacker access.
Security teams deploy these traps for their network defense strategy. They use honeypots to study the behavior of attack or threat actors.
Some benefits of Honeypots:
– Distracts cybercriminals such that they cannot target legit system.
– Collects data for threat intelligence
– Helps to improve the security posture of the organization.
JD Sports has identified a cyber attack that hit the company between 2018 and 2020 that may have compromised the data of 10 million customers.
The incident was caused by unauthorized access to historical customer data related to some online orders placed between November 2018 and October 2020. The leaked data includes full names, shipping and billing addresses, email addresses, phone numbers, and the last four digits of payment cards and/or order details.
New Report Reveals NikoWiper Malware That Targeted Ukraine Energy Sector
The article I have chosen to highlight speaks to the war between Russia and Ukraine. Specifically, the article speaks about a strand of wiper malware dubbed “NikoWiper”. The malware was used back in October of 2022 to try and cripple Ukraine’s energy infrastructure. The attack was “based on SDelete, a command line utility from Microsoft that is used for securely deleting files”. The group being identified for these attacks are the Russia-affiliated Sandworm.
The article I chose for this week speaks about a popular chain of convenience stores and gas stations called Circle K. On January 12, 2023, the Cybernews research team discovered an open Circle K US dataset with tons of sensitive information: partial payment card numbers, full customer loyalty card numbers, purchase data, employee email addresses, phone numbers, and zip codes, among other data. Circle K managed to fix this issue as soon as they were notified about this matter. However if a cybercriminal were to tamper with this dataset, a massive damaged could have occurred. It could have caused identity theft, financial fraud, and targeted phishing campaigns. This goes on to show that no place is safe and every organization must hire experienced security professionals and those who are eager to learn and invest in them so that the company’s assets are protected and stay out of the news.
ManageEngine, the enterprise IT management division of the software company Zoho Corporation recently announced results from its study dubbed Cloud Security Outlook 2023. In the process, ManageEngine tasked an independent market research agency called Censuswide to study the cloud landscape and the market demand for cloud security tools. They surveyed around 500 IT professionals in the US spanning various industries, including healthcare, financial services, manufacturing, and government. The key findings were:
1)Compliance proves to be challenging for enterprises.
2) A lack of staffing and orchestration makes the security process complicated.
3) The three most common and impactful cloud security threats are identity-based.
Rather than approach security from a reactive perspective, we should always be planning for the future by asking the question: What could go wrong? IN order to increase security, organizations are moving things to the cloud instead of having a disaster recovery plan. We need to look at how we can run our systems reliably if we had sever connections with the rest of the world. Building out strategies to reduce risk and increase our security resilience will go a long way to help address the clear and present dangers we face in this modern age.
FCC PROPOSES UPDATED DATA BREACH REPORTING TO ADDRESS SECURITY BREACHES IN TELECOM INDUSTRY
The Federal Communications Commission launched a proceeding to strengthen the Commission’s rules for notifying customers and federal law enforcement of breaches of customer proprietary network information (CPNI). The changes in the law enforcement would mean fresh look at the data breach reporting rules to better protect consumers, increase security, and reduce the impact of future breaches. The Commission is aligning these regulatory rules with the federal and state data breach laws covering other sectors.
https://www.fcc.gov/document/fcc-proposes-updated-data-breach-reporting-requirements
CMS cyber chief puts focus on ‘soft skills’ in the cybersecurity field | Federal News Network
In summary, the article is about soft skills needed in the field of cybersecurity. Soft skills are for example, good communication, working collaboratively in teams, and building relationships. It’s discussed in the article how the reputation of cyber security professionals is that they have the hard skills, the technical skills to perform their cyber position, but they lack the soft skills. The reason the soft skills are important for cyber professionals to have is because they will need to be able to effectively communicate with other departments. This will become more prevalent as the SEC reporting requirements moves to incorporate cyber regulations. When the incorporation happens, the cyber department will need to be able to work with and communicate with internal auditors, external auditors, and board of directors.
In the article, Robert Woods, the CISO at the Centers for Medicare and Medicaid Services, along with a colleague are publishing guidance through “Soft Side of Cyber” initiative and launched the website in December.
Zacks Investment Research data breach affects 820,000 clients
The company Zacks Investment Research (Zacks) was infiltrated by hackers last year, allowing them access to 820,000 clients’ sensitive and personal data.
The 1978-founded business uses cutting-edge financial data analytics systems to assist stock buyers.
Zacks learned that some client details had been accessed without permission at the end of the previous year. A threat actor entered the network somewhere between November 2021 and August 2022, according to an internal examination into the incident.
https://www.bleepingcomputer.com/news/security/zacks-investment-research-data-breach-affects-820-000-clients/
On a hacking forum, threat actors revealed the location of over 400GB of sensitive data stolen from the CRM platform’s servers. Files from large restaurant clients, promo codes, payment reports, and API keys were among the data. However, it appears that the compromised servers did not store any customer payment information.
https://tech.co/news/sevenrooms-crm-data-breach
New Mimic ransomware abuses ‘Everything’ Windows search tool
Security researchers discovered a new ransomware strain they named Mimic that leverages the APIs of the ‘Everything’ file search tool for Windows to look for files targeted for encryption. Mimic ransomware attacks begin with the victim receiving an executable, presumably via email, which extracts four files on the target system, including the main payload, ancillary files, and tools to disable Windows Defender.
It kills processes and services aiming to disable system’s protections and then encrypts the files. Files encrypted by Mimic get the “.QUIETPLACE” extension. A ransom note is also dropped, informing of the attacker’s demands and how the data can be recovered after by paying a ransom in Bitcoin.
https://www.bleepingcomputer.com/news/security/new-mimic-ransomware-abuses-everything-windows-search-tool/
Multiple Vulnerabilities Found In Healthcare Software OpenEMR
https://www.infosecurity-magazine.com/news/vulnerabilities-healthcare/
OpenEMR, an open-source program for managing medical practices and electronic health data, has been found to contain three distinct vulnerabilities.
On Wednesday, clean code specialists at Sonar released a warning regarding the security holes found by Dennis Brinkrolf.
“We uncovered many code vulnerabilities in OpenEMR during our security analysis of popular online applications,” Brinkrolf noted.
“A combination of these flaws enables remote attackers to steal sensitive patient data from any OpenEMR server and execute arbitrary system instructions. They may, in the worst instance, damage the entire essential infrastructure.
The company’s static application security testing (SAST) engine found that when two of these three vulnerabilities were coupled, they may result in unauthenticated remote code execution, according to the security expert (RCE).
Cyberattacks Target Websites of German Airports.
The websites of German airports, public administration bodies and financial sector organizations have been hit by cyberattacks instigated by a Russian “hacker group” called Killnet took responsibility for the attack. The attackers used a distributed denial-of-service (DDoS) attack which is designed to overwhelm the target with a flood of internet traffic, preventing the system from functioning normally. However, the attack was largely repelled with no serious impacts.
https://www.securityweek.com/cyberattacks-target-websites-of-german-airports-admin/
A Change in Mindset: From a Threat-based to Risk-based Approach to Security
A threat-based approach to security often focuses on a checklist to meet industry requirements but overlooked the key component of security: reducing risk.
As cybersecurity professionals, we constantly find ourselves fighting an uphill battle. The growth of cloud computing, remote employees, and Software-as-a-Service applications continues to expand the attack surface, providing bad actors with increasing opportunities. Malicious hackers have the advantage of surprise that will only grow as networks become more complex.
The threat landscape continues to expand, and security teams must change their approach from a threat-based to a risk-based mindset. This is a substantial change in how to approach security, moving away from a structure based on compliance and regulations to one that looks to reduce overall risk.
As technology leaders pivot to ask themselves, “what’s the worst thing that could happen,” the answers to that question can help guide a risk-based approach as it highlights the worst-case scenario and what it would take to recover.
https://www.securityweek.com/a-change-in-mindset-from-a-threat-based-to-risk-based-approach-to-security/
Since June 2021, the Hive ransomware group attacked more than 1,500 victims around the world and received over $100 million in ransom payments. The ransomware is delivered in a ransomware-as-a-service (RaaS) model and is commonly used to target organizations in the healthcare industry as well as other critical infrastructures. The Hive branch gained initial access to the targets network through a variety of methods, including single-factor login to remote network connection protocols via Remote Desktop Protocol (RDP), Virtual Private Networks (VPNs), and other methods; exploiting the FortiToken vulnerability; and sending phishing emails with malicious attachments. The Hive ransomware operation has been shut down as part of a major law enforcement operation involving agencies in many different countries. In addition to confiscating the domain names associated with the Hive-compromised website, law enforcement has shut down servers used by cybercriminals to store the data. The shutdown of Hive is a significant development in the ongoing fight against ransomware and cybercrime. It demonstrates the capabilities of law enforcement and the importance of international cooperation in the pursuit of cybercriminals.
https://www.justice.gov/opa/pr/us-department-justice-disrupts-hive-ransomware-variant
Honeypot.
https://cybersecuritynews.com/what-is-a-honeypot/
A Honeypot is a security tool that creates a fake target to attract attackers. It’s a purposely vulnerable computer system that permits attackers to take advantage of its weaknesses.
Types:
1. Pure honeypots: Secures full production system, simple approach.
2. Low-interaction honeypots: Imitates services/systems, attracting malicious actors. Honeypot gathers data from unsuspecting attackers, e.g., worms, malware, botnets.
3. High-interaction honeypots: Complex setup mimicking real infrastructure. They do not restrict the activity level, which provides extensive cybersecurity. Requires high maintenance and tech expertise, incl. virtual machines. This protects real system from attacker access.
Security teams deploy these traps for their network defense strategy. They use honeypots to study the behavior of attack or threat actors.
Some benefits of Honeypots:
– Distracts cybercriminals such that they cannot target legit system.
– Collects data for threat intelligence
– Helps to improve the security posture of the organization.
JD Sports has identified a cyber attack that hit the company between 2018 and 2020 that may have compromised the data of 10 million customers.
The incident was caused by unauthorized access to historical customer data related to some online orders placed between November 2018 and October 2020. The leaked data includes full names, shipping and billing addresses, email addresses, phone numbers, and the last four digits of payment cards and/or order details.
https://www.infosecurity-magazine.com/news/jd-sports-breach-affected-10/
New Report Reveals NikoWiper Malware That Targeted Ukraine Energy Sector
The article I have chosen to highlight speaks to the war between Russia and Ukraine. Specifically, the article speaks about a strand of wiper malware dubbed “NikoWiper”. The malware was used back in October of 2022 to try and cripple Ukraine’s energy infrastructure. The attack was “based on SDelete, a command line utility from Microsoft that is used for securely deleting files”. The group being identified for these attacks are the Russia-affiliated Sandworm.
https://thehackernews.com/2023/01/new-report-reveals-nikowiper-malware.html
The article I chose for this week speaks about a popular chain of convenience stores and gas stations called Circle K. On January 12, 2023, the Cybernews research team discovered an open Circle K US dataset with tons of sensitive information: partial payment card numbers, full customer loyalty card numbers, purchase data, employee email addresses, phone numbers, and zip codes, among other data. Circle K managed to fix this issue as soon as they were notified about this matter. However if a cybercriminal were to tamper with this dataset, a massive damaged could have occurred. It could have caused identity theft, financial fraud, and targeted phishing campaigns. This goes on to show that no place is safe and every organization must hire experienced security professionals and those who are eager to learn and invest in them so that the company’s assets are protected and stay out of the news.
https://cybernews.com/security/circlek-leak-credit-card-exposed/
ManageEngine, the enterprise IT management division of the software company Zoho Corporation recently announced results from its study dubbed Cloud Security Outlook 2023. In the process, ManageEngine tasked an independent market research agency called Censuswide to study the cloud landscape and the market demand for cloud security tools. They surveyed around 500 IT professionals in the US spanning various industries, including healthcare, financial services, manufacturing, and government. The key findings were:
1)Compliance proves to be challenging for enterprises.
2) A lack of staffing and orchestration makes the security process complicated.
3) The three most common and impactful cloud security threats are identity-based.
Reference
https://www.businesswire.com/news/home/20230131005067/en/ManageEngine-Study-Finds-United-States-Enterprises-Hit-by-Short-staffed-Security-Operations-Centers
https://www.darkreading.com/edge-articles/security-planning-ask-what-could-go-wrong
Rather than approach security from a reactive perspective, we should always be planning for the future by asking the question: What could go wrong? IN order to increase security, organizations are moving things to the cloud instead of having a disaster recovery plan. We need to look at how we can run our systems reliably if we had sever connections with the rest of the world. Building out strategies to reduce risk and increase our security resilience will go a long way to help address the clear and present dangers we face in this modern age.