MISCELLANEOUS CYBERSECURITY NEWS:

SEC proposes four-day rule for public companies to report cyberattacks - A new rule proposed by the US Securities and Exchange Commission (SEC) would force public companies to disclose cyberattacks within four days along with periodic reports about their cyber-risk management plans. https://www.theregister.com/2022/03/09/sec_cyberattack_disclosure/

CISA official: Lower reporting thresholds for cyber incidents and get your CEO and board invested in security - A top official at the Cybersecurity and Infrastructure Security Agency cited increased visibility over cyber intrusions in the private sector, cultivating a stronger digital security workforce and making cybersecurity a top-of-mind issue for corporate board rooms as priorities. https://www.scmagazine.com/analysis/cloud-security/cisa-official-lower-reporting-thresholds-for-cyber-incidents-and-get-your-ceo-and-board-invested-in-security

Managed service providers more often the targets of cyberattacks versus their customers - A new report released Thursday found that managed service providers (MSPs) often find themselves the target for cyberattacks, rather than the organizations they were hired to protect. https://www.scmagazine.com/news/managed-security/managed-service-providers-more-often-the-targets-of-cyberattacks-versus-their-customers

Majority of IT pros view the hybrid cloud as a permanent destination - Monday it was reported that 67% of IT professionals surveyed view a hybrid cloud solution as a permanent destination. https://www.scmagazine.com/news/cloud/majority-of-it-pros-view-the-hybrid-cloud-as-a-permanent-destination

Hit by ransomware or paid a ransom? Now some companies will have to tell the government - Owners and operators of US critical infrastructure will now in some cases be legally required to report cyberattacks and ransomware payments to the Cybersecurity and Infrastructure Security Agency (CISA). https://www.zdnet.com/article/hit-by-ransomware-or-paid-a-ransom-now-some-companies-will-have-to-tell-the-government/

Data centres are still a tempting target for hackers. Here's how to improve your security - Even if cloud computing is on the rise, there are still a lot of corporate data centres around and these are a very tempting target for cyber criminals and malicious hackers. https://www.zdnet.com/article/data-centres-are-still-a-tempting-target-for-hackers-heres-how-to-improve-your-security/

German government warns against using Kaspersky products - Germany’s Office for Information Security (BSI) recommended users find alternatives for Kaspersky products, saying the antivirus software company could be forced to carry out attacks or spy on behalf of the Russian government. https://www.scmagazine.com/news/cyberespionage/german-government-warns-against-using-kaspersky-products

New SEC cybersecurity reporting mandates put more pressure on investment firms - In the wake of ongoing cyber threats from Russia, the U.S. Securities and Exchange Commission (SEC) is proposing new cybersecurity rules to amp up cyber-incident reporting. https://www.scmagazine.com/analysis/regulation/new-sec-cybersecurity-reporting-mandates-put-more-pressure-on-investment-firms

Smaller financial firms face big challenges as cyberattacks increase - In the wake of pandemic lockdowns, with more people working from home and using online services for the most basic activities, cybercriminals have swooped in to take advantage of those customers who are new to digital financial services or those just overwhelmed by changes. https://www.scmagazine.com/analysis/data-security/smaller-financial-firms-face-big-challenges-as-cyberattacks-increase

CYBERSECURITY ATTACKS, INTRUSIONS, DATA THEFT & LOSS:

Cyberattack on Norwood Clinic compromises data tied to 228K patients - Alabama-based Norwood Clinic notified 228,103 patients that their data was potentially accessed or acquired after a cyberattack in October 2021. https://www.scmagazine.com/analysis/breach/cyberattack-on-norwood-clinic-compromises-data-tied-to-228k-patients

New narrative forms on Russia-Ukraine cyberwar as Viasat outage investigated - Global spy agencies are reportedly investigating what appears to be a late-February cyberattack on satellite internet provider Viasat that may change the narrative on whether Russia's Ukrainian invasion was light on cyberwar. https://www.scmagazine.com/analysis/cyberespionage/new-narrative-forms-on-russia-ukraine-cyberwar-as-viasat-outage-investigated

Finnish govt agency warns of unusual aircraft GPS interference - Finland's Transport and Communications Agency, Traficom, has issued a public announcement informing of an unusual spike in GPS interference near the country's eastern border. https://www.bleepingcomputer.com/news/technology/finnish-govt-agency-warns-of-unusual-aircraft-gps-interference/

Cyberattack on Norwood Clinic compromises data tied to 228K patients - Alabama-based Norwood Clinic notified 228,103 patients that their data was potentially accessed or acquired after a cyberattack in October 2021. https://www.scmagazine.com/analysis/breach/cyberattack-on-norwood-clinic-compromises-data-tied-to-228k-patients

The Kronos effect: Addressing mission-critical processes for healthcare continuity - Early this year, healthcare’s frontline workers began reporting disruptions to their paychecks stemming from a cyberattack and outage on HR and payroll vendor Kronos. https://www.scmagazine.com/analysis/business-contunuity/the-kronos-effect-addressing-mission-critical-processes-for-healthcare-continuity

‘Security issue’ at East Tennessee Children’s Hospital disrupts services - East Tennessee Children’s Hospital in Knoxville is currently facing disruptions to several key care services at its downtown location, including email, after a “security issue,” according to multiple social media posts and a website notice. https://www.scmagazine.com/analysis/incident-response/security-issue-at-east-tennessee-childrens-hospital-disrupts-services

Return to the top of the newsletter

WEB SITE COMPLIANCE - We continue our series on the FFIEC interagency Information Security Booklet.  
  
  MALICIOUS CODE
  
  Malicious code is any program that acts in unexpected and potentially damaging ways. Common types of malicious code are viruses, worms, and Trojan horses. The functions of each were once mutually exclusive; however, developers combined functions to create more powerful malicious code. Currently malicious code can replicate itself within a computer and transmit itself between computers. Malicious code also can change, delete, or insert data, transmit data outside the institution, and insert backdoors into institution systems. Malicious code can attack institutions at either the server or the client level. It can also attack routers, switches, and other parts of the institution infrastructure. Malicious code can also monitor users in many ways, such as logging keystrokes, and transmitting screenshots to the attacker.
  
  Typically malicious code is mobile, using e - mail, Instant Messenger, and other peer-to-peer (P2P) applications, or active content attached to Web pages as transmission mechanisms. The code also can be hidden in programs that are downloaded from the Internet or brought into the institution on diskette. At times, the malicious code can be created on the institution's systems either by intruders or by authorized users. The code can also be introduced to a Web server in numerous ways, such as entering the code in a response form on a Web page.
  
  Malicious code does not have to be targeted at the institution to damage the institution's systems or steal the institution's data. Most malicious code is general in application, potentially affecting all Internet users with whatever operating system or application the code needs to function.

Return to the top of the newsletter

FFIEC IT SECURITY - We continue our series on the FFIEC interagency Information Security Booklet.  
  
  SECURITY CONTROLS - IMPLEMENTATION - APPLICATION ACCESS (Part 1 of 2)
  
  Sensitive or mission - critical applications should incorporate appropriate access controls that restrict which application functions are available to users and other applications. The most commonly referenced applications from an examination perspective support the information processing needs of the various business lines. These computer applications allow authorized users or other applications to interface with the related database. Effective application access control can enforce both segregation of duties and dual control. Access rights to sensitive or critical applications and their database should ensure that employees or applications have the minimum level of access required to perform their business functions. Effective application access control involves a partnership between the security administrators, the application programmers (including TSPs and vendors), and the business owners.
  
  Some security software programs will integrate access control for the operating system and some applications. That software is useful when applications do not have their own access controls, and when the institution wants to rely on the security software instead of the application's access controls. Examples of such security software products for mainframe computers include RACF, CA - ACF2, and CA - TopSecret. Institutions should understand the functionality and vulnerabilities of their application access control solutions and consider those issues in their risk assessment process.

Return to the top of the newsletter

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY - We continue the series on the National Institute of Standards and Technology (NIST) Handbook.
 
 Chapter 18 - AUDIT TRAILS
 
 18.2 Audit Trails and Logs
 
 18.2.2.1 System-Level Audit Trails
 
 If a system-level audit capability exists, the audit trail should capture, at a minimum, any attempt to log on (successful or unsuccessful), the log-on ID, date and time of each log-on attempt, date and time of each log-off, the devices used, and the function(s) performed once logged on (e.g., the applications that the user tried, successfully or unsuccessfully, to invoke). System-level logging also typically includes information that is not specifically security-related, such as system operations, cost-accounting charges, and network performance.
 
 A system audit trail should be able to identify failed log-on attempts, especially if the system does not limit the number of failed log-on attempts. Unfortunately, some system-level audit trails cannot detect attempted log-ons, and therefore, cannot log them for later review. These audit trails can only monitor and log successful log-ons and subsequent activity. To effectively detect intrusion, a record of failed log-on attempts is required.