Much of this week’s reading focused on risk management through planning and policy objectives, including meeting compliance requirements. Information security compliance and regulatory requirement often have a reporting component. For example, GDPR has a 72-hour reporting requirement. In this article from Dark Reading, starting April 2022, U.S. banks will now be required to notify federal regulators within 36 hours when discovering any cybersecurity incident that is defined as anything impacting the CIA triad. Banks must inform an FDIC-designated officer; however, a complete root cause analysis is not necessary within the 36 hours and can be provided at a later point.
HI Kelly, thanks for your post. This is so important since many organizations do not even report major breaches (traditionally). Compliance enforces this best practice, turning it into a mandate. This really indicates the changing culture organizations view cybersecurity and overall incident management.
I think this is an interesting event as historically many organizations are so concerned with reputational consequences that will affect their customers and quarterly financial statements that they do anything and everything possible to avoid announcing breaches unless when they are otherwise required. Mandating it at a mere 36 hours for banks in the context of a CIA breach appears to be a significant step in the right direction as banks contain information that can not only lead to financial information being stolen and sold, but also identity theft, which may have longer term consequences. With this in mind, perhaps a bank quickly announcing a breach would be seen as beneficial to its customers.
With all of the latest hacks going around in Europe, and Europol cracking down on and seizing dark web domains (like VPNLab, a domain that provides a tool to spread ransomware and facilitate cybercrime), and actively hunting cybercriminals with extra determination in light of recent attack increases, the most common dark web services are shutting down and/or changing hands. The latest noteworthy huge dark web player to close down is UniCC, the dark web’s largest stolen credit card purchasing center. The operators of the site / service have issued a warning on the homepage which announces that he/she is old and is “retiring” so to speak, after amassing roughly $350 million in cryptocurrency payments since 2013, when it was passed the torch of being the premier stolen credit card marketplace after its predecessor, Joker’s Stash announced its closure in late 2020. The link below has a graph showing the amount of money obtained through selling stolen credit cards by the 2 sites across the past decade or so.
Teen Tesla Hacker Accessed Owners’ Email Addresses To Warn Them (1/24/2022)
In the spirit of last weeks class on Jeep vehicle compromise, I thought this would be helpful to the class:
The 19-year-old cybersecurity researcher remotely accessed dozens of Tesla Inc. vehicles through a third-party flaw also proceeded with hacking the car owners’ email addresses to notify them that they were at risk. Earlier this month, David Colombo discovered a defect in a piece of third-party open-source software that let him remotely hijack some functions on about two dozen Teslas, including opening and closing the doors or honking the horn.
In trying to notify the affected car owners, he found a flaw in Tesla’s software for the digital car key that allowed him to learn their email addresses. The teenager from Germany stated that he had shared the additional vulnerability with Tesla. As a result, the car company’s engineers have written a fix to prevent it from happening in the future. The link below is the whole story.
The creators behind the “Big Daddy Ape Club” NFT collection swiped $1.3 million of Solona Cryptocurrency from would-be collectors, marking the biggest “rug pull” in the solana blockchain’s history. NFT Rug Pulls is a type of scam in which creators quickly cash out their gains after launching what appears to be a legitimate crypto project.
January 11, when the NFTs were supposed to be minted, the creators just vanished. The 2,222 ape-themed tokens were also never created. Similar to other rug pulls, their Twitter account, Discord server, and the official website of the collection all shut down. Protection of cryptocurrency is a relatively new issue that is going to significantly increase. As the world becomes more comfortable with utilizing cryptocurrency. As of right now there are no protection/recovery methods against cryptocurrency theft. Once your virtual currency has been stolen it is incredibly unlikely that you will be able to recover it. … Even if you successfully use public ledgers to trace the currency, since most cryptocurrency is decentralized there aren’t many routes you can follow to get it back. This raises a new concern for organizations and individuals who utilize crypto currently.
“Crypto money laundering rises 30%, report finds”
A report by blockchain data firm Chainalysis says criminals laundered $8.6 billion (£6.4 billion) of cryptocurrency in 2021, a 30 percent increase over the previous year. “While billions of dollars worth of cryptocurrency are transferred from illicit addresses each year, much of it ends up in a surprisingly small number of services, many of which appear to be specifically designed for money laundering,” the report states. It added: “Law enforcement can deal a huge blow to cryptocurrency-based crime and significantly impede criminals’ ability to access their digital assets by disrupting these services.”
There are major issues with securing cyptocurreny. As of right now there are no protection/recovery methods against cryptocurrency theft. Once your virtual currency has been stolen it is incredibly unlikely that you will be able to recover it.
“North Korean Hackers Using Windows Update Service to Infect PCs with Malware”
The notorious Lazarus Group has launched a new campaign that uses the Windows Update service to execute its malicious loads, expanding the library of off-the-ground (LotL) technologies that the APT group exploits to achieve its goals. The latest spear phishing attack, detected by Malwarebytes on January 18, stems from a job-themed decoy impersonating weaponized documents from U.S. global security and aerospace company Lockheed Martin. Researchers note that this is an interesting technique used by Lazarus, which uses Windows Update clients to run its malicious DLLs to bypass security detection mechanisms. The evidence links them to past attacks by the same participants, including infrastructure overlaps, document metadata, and the use of job offer templates to select victims.
In the start of the semester, we watched a video on how attackers can hack into an individual’s car. Tesla had to recall almost 54,000 cars and SUV because of the full self driving software. The software allows the Tesla to roll right through a stop sign. The article states there are no known injuries with the effected software. Additionally, “the firmware release to disable the rolling stop is expected to be sent out in early February.”
The talks about information assets, including data and information systems, need to be safeguard from security threats. To safeguard their information assets, chemical, biological, radiological, and nuclear (CBRN) facilities must be designed, implement, and maintain an information security program. The article further explains that instructions stated in this document is based on international standards, best practices, and the experience of the information security, cyber security, and physical security experts on the document writing team. https://www.pnnl.gov/main/publications/external/technical_reports/PNNL-25112.pdf
How To Develop & Implement A Network Security Plan
“Protecting your business and its data from today’s threats and adversaries is a challenging endeavor requiring expertise and professionally managed resources.You also need a strategic security plan that outlines how to protect your network from cyber attacks.The end users in your organization require guidance on the appropriate use of email, mobile devices, the internet, and other aspects of your company’s network.This plan should support the business model and not be too restrictive, but somewhat painless for your employees to adopt and follow… Due to the growing threat of hackers continuously probing the Internet for networks to exploit, a Network Security Plan is important to protect the infrastructure from unauthorized access, misuse, destruction, or loss of corporate reputation.”
Kelly Sharadin says
Much of this week’s reading focused on risk management through planning and policy objectives, including meeting compliance requirements. Information security compliance and regulatory requirement often have a reporting component. For example, GDPR has a 72-hour reporting requirement. In this article from Dark Reading, starting April 2022, U.S. banks will now be required to notify federal regulators within 36 hours when discovering any cybersecurity incident that is defined as anything impacting the CIA triad. Banks must inform an FDIC-designated officer; however, a complete root cause analysis is not necessary within the 36 hours and can be provided at a later point.
https://www.darkreading.com/risk/u-s-banks-will-be-required-to-report-cyberattacks-within-36-hours
Lauren Deinhardt says
HI Kelly, thanks for your post. This is so important since many organizations do not even report major breaches (traditionally). Compliance enforces this best practice, turning it into a mandate. This really indicates the changing culture organizations view cybersecurity and overall incident management.
Antonio Cozza says
I think this is an interesting event as historically many organizations are so concerned with reputational consequences that will affect their customers and quarterly financial statements that they do anything and everything possible to avoid announcing breaches unless when they are otherwise required. Mandating it at a mere 36 hours for banks in the context of a CIA breach appears to be a significant step in the right direction as banks contain information that can not only lead to financial information being stolen and sold, but also identity theft, which may have longer term consequences. With this in mind, perhaps a bank quickly announcing a breach would be seen as beneficial to its customers.
Antonio Cozza says
With all of the latest hacks going around in Europe, and Europol cracking down on and seizing dark web domains (like VPNLab, a domain that provides a tool to spread ransomware and facilitate cybercrime), and actively hunting cybercriminals with extra determination in light of recent attack increases, the most common dark web services are shutting down and/or changing hands. The latest noteworthy huge dark web player to close down is UniCC, the dark web’s largest stolen credit card purchasing center. The operators of the site / service have issued a warning on the homepage which announces that he/she is old and is “retiring” so to speak, after amassing roughly $350 million in cryptocurrency payments since 2013, when it was passed the torch of being the premier stolen credit card marketplace after its predecessor, Joker’s Stash announced its closure in late 2020. The link below has a graph showing the amount of money obtained through selling stolen credit cards by the 2 sites across the past decade or so.
https://thehackernews.com/2022/01/dark-webs-largest-marketplace-for.html
Olayinka Lucas says
Teen Tesla Hacker Accessed Owners’ Email Addresses To Warn Them (1/24/2022)
In the spirit of last weeks class on Jeep vehicle compromise, I thought this would be helpful to the class:
The 19-year-old cybersecurity researcher remotely accessed dozens of Tesla Inc. vehicles through a third-party flaw also proceeded with hacking the car owners’ email addresses to notify them that they were at risk. Earlier this month, David Colombo discovered a defect in a piece of third-party open-source software that let him remotely hijack some functions on about two dozen Teslas, including opening and closing the doors or honking the horn.
In trying to notify the affected car owners, he found a flaw in Tesla’s software for the digital car key that allowed him to learn their email addresses. The teenager from Germany stated that he had shared the additional vulnerability with Tesla. As a result, the car company’s engineers have written a fix to prevent it from happening in the future. The link below is the whole story.
Source:
https://www.bloombergquint.com/business/teen-tesla-hacker-accessed-owners-email-addresses-to-warn-them
Kyuande Johnson says
The creators behind the “Big Daddy Ape Club” NFT collection swiped $1.3 million of Solona Cryptocurrency from would-be collectors, marking the biggest “rug pull” in the solana blockchain’s history. NFT Rug Pulls is a type of scam in which creators quickly cash out their gains after launching what appears to be a legitimate crypto project.
January 11, when the NFTs were supposed to be minted, the creators just vanished. The 2,222 ape-themed tokens were also never created. Similar to other rug pulls, their Twitter account, Discord server, and the official website of the collection all shut down. Protection of cryptocurrency is a relatively new issue that is going to significantly increase. As the world becomes more comfortable with utilizing cryptocurrency. As of right now there are no protection/recovery methods against cryptocurrency theft. Once your virtual currency has been stolen it is incredibly unlikely that you will be able to recover it. … Even if you successfully use public ledgers to trace the currency, since most cryptocurrency is decentralized there aren’t many routes you can follow to get it back. This raises a new concern for organizations and individuals who utilize crypto currently.
https://markets.businessinsider.com/news/currencies/nft-scam-solana-big-daddy-ape-club-rug-pull-civic-2022-1
zijian ou says
“Crypto money laundering rises 30%, report finds”
A report by blockchain data firm Chainalysis says criminals laundered $8.6 billion (£6.4 billion) of cryptocurrency in 2021, a 30 percent increase over the previous year. “While billions of dollars worth of cryptocurrency are transferred from illicit addresses each year, much of it ends up in a surprisingly small number of services, many of which appear to be specifically designed for money laundering,” the report states. It added: “Law enforcement can deal a huge blow to cryptocurrency-based crime and significantly impede criminals’ ability to access their digital assets by disrupting these services.”
https://www.bbc.co.uk/news/technology-60072195
Kyuande Johnson says
Great Article Zijian,
There are major issues with securing cyptocurreny. As of right now there are no protection/recovery methods against cryptocurrency theft. Once your virtual currency has been stolen it is incredibly unlikely that you will be able to recover it.
Dan Xu says
“North Korean Hackers Using Windows Update Service to Infect PCs with Malware”
The notorious Lazarus Group has launched a new campaign that uses the Windows Update service to execute its malicious loads, expanding the library of off-the-ground (LotL) technologies that the APT group exploits to achieve its goals. The latest spear phishing attack, detected by Malwarebytes on January 18, stems from a job-themed decoy impersonating weaponized documents from U.S. global security and aerospace company Lockheed Martin. Researchers note that this is an interesting technique used by Lazarus, which uses Windows Update clients to run its malicious DLLs to bypass security detection mechanisms. The evidence links them to past attacks by the same participants, including infrastructure overlaps, document metadata, and the use of job offer templates to select victims.
Source: https://thehackernews.com/2022/01/north-korean-hackers-using-windows.html
Victoria Zak says
“Tesla recall: “Full Self-Driving” Software Runs Stop Signs”
In the start of the semester, we watched a video on how attackers can hack into an individual’s car. Tesla had to recall almost 54,000 cars and SUV because of the full self driving software. The software allows the Tesla to roll right through a stop sign. The article states there are no known injuries with the effected software. Additionally, “the firmware release to disable the rolling stop is expected to be sent out in early February.”
Resource:
https://www.usatoday.com/story/money/cars/2022/02/01/tesla-recall-full-self-driving/9296448002/
kofi bonsu says
The talks about information assets, including data and information systems, need to be safeguard from security threats. To safeguard their information assets, chemical, biological, radiological, and nuclear (CBRN) facilities must be designed, implement, and maintain an information security program. The article further explains that instructions stated in this document is based on international standards, best practices, and the experience of the information security, cyber security, and physical security experts on the document writing team.
https://www.pnnl.gov/main/publications/external/technical_reports/PNNL-25112.pdf
Bernard Antwi says
How To Develop & Implement A Network Security Plan
“Protecting your business and its data from today’s threats and adversaries is a challenging endeavor requiring expertise and professionally managed resources.You also need a strategic security plan that outlines how to protect your network from cyber attacks.The end users in your organization require guidance on the appropriate use of email, mobile devices, the internet, and other aspects of your company’s network.This plan should support the business model and not be too restrictive, but somewhat painless for your employees to adopt and follow… Due to the growing threat of hackers continuously probing the Internet for networks to exploit, a Network Security Plan is important to protect the infrastructure from unauthorized access, misuse, destruction, or loss of corporate reputation.”
https://purplesec.us/network-security-plan/