MISCELLANEOUS CYBERSECURITY NEWS:

US healthcare organizations warned of cyber threats related to Russian invasion of Ukraine - The American Hospital Association believes there are three areas of concerns for the U.S. healthcare sector, in light of the Russian invasion on Ukraine: hospitals and health systems may be directly targeted, or become incidental victims of Russian-backed threat actors, and could see operational disruptions brought on by a cyberattack. https://www.scmagazine.com/analysis/cyberespionage/us-healthcare-organizations-warned-of-cyber-threats-related-to-russian-invasion-of-ukraine

How company culture can help, rather than hurt, security programs - Cybersecurity professionals can get further in changing the mindset at their organizations by embracing the company’s culture rather than forcing security requirements. https://www.scmagazine.com/podcast/leadership/how-company-culture-can-help-rather-than-hurt-security-programs

Why critical infrastructure leaders should heed CISA’s latest ransomware advisory - Despite the incessant headlines and mainstream attention over the last year, we’re very far from seeing the end of the ransomware epidemic. https://www.scmagazine.com/perspective/cybercrime/why-critical-infrastructure-leaders-should-heed-cisas-latest-ransomware-advisory%EF%BF%BC

New training program looks to draw more women to the cyber community - Twenty women are preparing for careers in cybersecurity through a new training program offered by the Canadian-based Women CyberSecurity Society (WCS2), and CompTIA, the nonprofit association that specializes in training programs and certifications for tech workers. https://www.scmagazine.com/news/training/new-training-program-looks-to-draw-more-women-to-the-cyber-community

What happens during a ransomware attack: Understanding stages of targeting and response - To prepare for and respond to ransomware attacks, it helps to understand the anatomy of a ransomware attack – that is, the sequence of events that typically occur, and what steps organizations should take for both responsible and effective response. https://www.scmagazine.com/research-article/ransomware/what-happens-during-a-ransomware-attack-understanding-stages-of-attack-and-response

Only 23% of board members consider ransomware their top priority - Research from Egress on Wednesday found that only 23% of board members consider ransomware their top priority. https://www.scmagazine.com/news/phishing/only-23-of-board-members-consider-ransomware-their-top-priority%EF%BF%BC

CYBERSECURITY ATTACKS, INTRUSIONS, DATA THEFT & LOSS:

'Hundreds of computers' in Ukraine hit with wiper malware as conflict continues - Of course you realize, this means war - Hundreds of computers in Ukraine have been infected with data-wiping Windows malware, say researchers at ESET. https://www.theregister.com/2022/02/23/ukraine_wiper_malware/

HSE cyber-attack cost hits €43m, could rise to €100m - The cost of the response to, and recovery from the cyber-attack on the Health Service Executive in May last year has reached almost €43 million and could rise to €100 million. https://www.rte.ie/news/ireland/2022/0223/1282617-cyber-attack-cost/

Police Seize $22 Million From Online Safe and USB Sticks - Following recovery of $22.25 million in cryptocurrency on USB sticks and in an "online safe," 23 victims of a cryptocurrency scam have received $5.4 million that was stolen from them, according to the U.K. Greater Manchester Police. https://www.govinfosecurity.com/police-seize-22-million-from-online-safe-usb-sticks-a-18591

Popular banking trojan reemerges in major bank attacks - The TrickBot malware has reemerged in recent weeks, hitting customers of at least 60 major U.S. financial firms, including Bank of America and Wells Fargo & Co., with phishing attacks through web injections. https://www.scmagazine.com/analysis/malware/popular-banking-trojan-reemerges-in-major-bank-attacks

Viasat says 'cyber event' is causing broadband outages across Europe - Satellite communications giant Viasat said a cyberattack was causing network outages impacting internet service for fixed broadband customers in Ukraine and elsewhere on its European KA-SAT network. https://www.zdnet.com/article/viasat-confirms-cyberattack-causing-outages-across-europe/

Toyota halts production after reported cyberattack on supplier - Giant Japanese automaker Toyota Motors has announced that it stopped car production operations. The outage was forced by a system failure at one of its suppliers of vital parts, Kojima Industries, which reportedly suffered a cyberattack. https://www.bleepingcomputer.com/news/security/toyota-halts-production-after-reported-cyberattack-on-supplier/

Code vulnerability failures in manufacturing on display in Toyota supply chain attack - In the aftermath of a suspected cyberattack on a Toyota parts supplier which caused the carmaker to suspend domestic operations in Japan Tuesday, researchers point to the need for greater focus on unchecked software vulnerabilities throughout any manufactured product’s lifecycle. https://www.scmagazine.com/analysis/cyberespionage/code-vulnerability-failures-in-manufacturing-on-display-in-toyota-supply-chain-attack

Ransomware group leaks Nvidia information after cyberattack on chip maker - Nvidia confirmed employee credentials and proprietary information for the U.S. chip maker was leaked online Tuesday after a breach, Reuters reported, though the company saw no evidence that ransomware was deployed on its systems. https://www.scmagazine.com/news/breach/ransomware-group-leaks-nvidia-information-after-cyberattack-on-chip-maker

Logan Health cyberattack, server hack leads to data access of 214K people - Logan Health Medical Center recently notified 213,543 patients, employees and business associates that their personal and health data was possibly accessed, after a sophisticated cyberattack on its IT systems led to the hack of a file server containing protected health information. https://www.scmagazine.com/analysis/breach/logan-health-cyberattack-server-hack-leads-to-data-access-of-214k-people

Android banking trojan TeaBot levels up, spreads to more countries - The TeaBot banking malware that steals the credentials of Android device users is evolving and spreading to other applications and countries, researchers said in a March 1 blog post. https://www.scmagazine.com/news/application-security/android-banking-trojan-teabot-levels-up-spreads-to-more-countries

Return to the top of the newsletter

WEB SITE COMPLIANCE - We continue covering some of the issues discussed in the "Risk Management Principles for Electronic Banking" published by the Basel Committee on Bank Supervision.
  
  Sound Practices to Help Maintain the Privacy of Customer E-Banking Information
  
  1. Banks should employ appropriate cryptographic techniques, specific protocols or other security controls to ensure the confidentiality of customer e-banking data.
  
  2. Banks should develop appropriate procedures and controls to periodically assess its customer security infrastructure and protocols for e-banking.
  
  3. Banks should ensure that its third-party service providers have confidentiality and privacy policies that are consistent with their own.
  
  4. Banks should take appropriate steps to inform e-banking customers about the confidentiality and privacy of their information. These steps may include:
  
  a)   Informing customers of the bank's privacy policy, possibly on the bank's website. Clear, concise language in such statements is essential to assure that the customer fully understands the privacy policy. Lengthy legal descriptions, while accurate, are likely to go unread by the majority of customers.
  
  b)   Instructing customers on the need to protect their passwords, personal identification numbers (PINs) and other banking and/or personal data. 
  
  c)   Providing customers with information regarding the general security of their personal computer, including the benefits of using virus protection software, physical access controls and personal firewalls for static Internet connections.

Return to the top of the newsletter

FFIEC IT SECURITY - We continue our series on the FFIEC interagency Information Security Booklet.  
  
  SECURITY CONTROLS - IMPLEMENTATION - OPERATING SYSTEM ACCESS (Part 1 of 2)
  
  Financial institutions must control access to system software within the various network clients and servers as well as stand-alone systems. System software includes the operating system and system utilities. The computer operating system manages all of the other applications running on the computer. Common operating systems include IBM OS/400 and AIX, LINUX, various versions of Microsoft Windows, and Sun Solaris. Security administrators and IT auditors need to understand the common vulnerabilities and appropriate mitigation strategies for their operating systems. Application programs and data files interface through the operating system. System utilities are programs that perform repetitive functions such as creating, deleting, changing, or copying files. System utilities also could include numerous types of system management software that can supplement operating system functionality by supporting common system tasks such as security, system monitoring, or transaction processing.
  
  System software can provide high-level access to data and data processing. Unauthorized access could result in significant financial and operational losses. Financial institutions must restrict privileged access to sensitive operating systems. While many operating systems have integrated access control software, third - party security software is available for most operating systems. In the case of many mainframe systems, these programs are essential to ensure effective access control and can often integrate the security management of both the operating system and the applications. Network security software can allow institutions to improve the effectiveness of the administration and security policy compliance for a large number of servers often spanning multiple operating system environments. The critical aspects for access control software, whether included in the operating system or additional security software, are that management has the capability to:
  
  ! Restrict access to sensitive or critical system resources or processes and have the capability, depending on the sensitivity to extend protection at the program, file, record, or field level;
  ! Log user or program access to sensitive system resources including files, programs, processes, or operating system parameters; and
  ! Filter logs for potential security events and provide adequate reporting and alerting capabilities.

Return to the top of the newsletter

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY - We continue the series on the National Institute of Standards and Technology (NIST) Handbook.
 
 Chapter 18 - AUDIT TRAILS
 
 18.1 Benefits and Objectives
 
 18.1.4 Problem Analysis
 
 Audit trails may also be used as on-line tools to help identify problems other than intrusions as they occur. This is often referred to as real-time auditing or monitoring. If a system or application is deemed to be critical to an organization's business or mission, real-time auditing may be implemented to monitor the status of these processes (although, as noted above, there can be difficulties with real-time analysis). An analysis of the audit trails may be able to verify that the system operated normally (i.e., that an error may have resulted from operator error, as opposed to a system-originated error). Such use of audit trails may be complemented by system performance logs. For example, a significant increase in the use of system resources (e.g., disk file space or outgoing modem use) could indicate a security problem.
 
 18.2 Audit Trails and Logs
 
 A system can maintain several different audit trails concurrently. There are typically two kinds of audit records, (1) an event-oriented log and (2) a record of every keystroke, often called keystroke monitoring. Event-based logs usually contain records describing system events, application events, or user events.
 
 An audit trail should include sufficient information to establish what events occurred and who (or what) caused them. In general, an event record should specify when the event occurred, the user ID associated with the event, the program or command used to initiate the event, and the result. Date and time can help determine if the user was a masquerader or the actual person specified.