MISCELLANEOUS CYBERSECURITY NEWS:

Phishing remains top route to initial access - Tricking individuals to reveal sensitive information or grant access to systems doesn’t require technical expertise. These lures turn human behavior and trust into a weapon. https://www.cybersecuritydive.com/news/phishing-initial-access-cyber-attack/711371/

Review of the FDIC’s Ransomware Readiness - According to the Cybersecurity & Infrastructure Security Agency (CISA), ransomware is an ever-evolving form of malware designed to encrypt files on a device, rendering any files and systems that rely on them unusable. https://www.fdicoig.gov/sites/default/files/reports/2024-03/REV-24-01%20-%20Review%20of%20the%20FDIC%27s%20Ransomware%20Readiness_Redacted%20Sanitized%20Final_0.pdf

Change Healthcare’s drawn-out recovery catches flak from cyber experts - At least 100 services remain offline four weeks after the UnitedHealth Group detected an intrusion in its medical claims clearinghouse. Experts say the impacts are unprecedented. https://www.cybersecuritydive.com/news/change-healthcare-drawn-out-recovery/710995/

Takedowns spark affiliate bidding war among ransomware gangs - Up-and-coming ransomware gangs are on a dark web recruitment drive to attract affiliates looking for work after authorities busted two of the biggest extortion operators: LockBit and ALPHV/BlackCat. https://www.scmagazine.com/news/takedowns-spark-affiliate-bidding-war-among-ransomware-gangs

Change Healthcare cyberattack affecting hospital finances, care access - Nearly 60 percent of responding hospitals said the revenue impact of the Change Healthcare cyberattack is $1 million per day or higher. The majority of hospitals say the Change Healthcare cyberattack is negatively affecting their finances and hindering patient care access, according to a survey from the American Hospital Association (AHA). https://healthitsecurity.com/news/change-healthcare-cyberattack-affecting-hospital-finances-care-access

Apple lawsuit: US officials say iPhone ‘monopoly’ undermines security - Apple is facing a lawsuit brought by the U.S. Department of Justice (DOJ) Antitrust Division alleging the tech giant engaged in anticompetitive conduct in violation of Section 2 of the Sherman Act. https://www.scmagazine.com/news/apple-lawsuit-us-officials-say-iphone-monopoly-undermines-security

Marsh launches group captive insurance firm for cyber - Marsh, a leading global insurance broker, launched a group captive insurance company for cyber on Monday, aiming to provide greater stability for major companies in what has been a highly volatile market. https://www.cybersecuritydive.com/news/marsh-group-captive-cyber-insurance/711246/

Security awareness training meets a new obstacle: Generative AI - For as long as email has existed, it’s been one of the most vulnerable attack vectors for organizations. Cybercriminals know that email systems serve up a goldmine of sensitive data and a gateway into the corporate network. https://www.scmagazine.com/perspective/security-awareness-training-meets-a-new-obstacle-generative-ai

CYBERSECURITY ATTACKS, INTRUSIONS, DATA THEFT & LOSS:

Earth Krahang campaign compromised government servers in 23 countries - A two-year cyberespionage campaign by a previously unknown advanced persistent threat (APT) group linked to China compromised 70 organizations - mainly government entities - in 23 countries. https://www.scmagazine.com/news/earth-krahang-campaign-compromised-government-servers-in-23-countries

Memory leak on Windows Server update causes domain controllers to crash - A memory leak on the Windows Server update for this month’s Patch Tuesday could cause domain controllers to crash, Microsoft noted in a March 20 posting on its site. https://www.scmagazine.com/news/memory-leak-on-windows-server-update-causes-domain-controllers-to-crash

Misconfigured Firebase instances leaked 19 million plaintext passwords - Three cybersecurity researchers discovered close to 19 million plaintext passwords exposed on the public internet by misconfigured instances of Firebase, a Google platform for hosting databases, cloud computing, and app development. https://www.bleepingcomputer.com/news/security/misconfigured-firebase-instances-leaked-19-million-plaintext-passwords/

International freight tech firm isolates Canada operations after cyberattack - An international freight technology company said it has cut off a portion of its business in Canada after a cyberattack. https://therecord.media/radiant-logistics-cyberattack-canada-operations

StrelaStealer malware hits more than 100 EU and US organizations - A wave of StrelaStealer email credential stealer campaigns has impacted more than 100 organizations across the European Union and the United States - attacks that work in the form of spam emails with attachments that eventually launch a dynamic-link library (DLL) payload. https://www.scmagazine.com/news/strelastealer-malware-hits-more-than-100-eu-and-us-organizations

Return to the top of the newsletter

WEB SITE COMPLIANCE - We continue covering some of the issues discussed in the "Risk Management Principles for Electronic Banking" published by the Basel Committee on Bank Supervision.
    
  Board and Management Oversight - Principle 8: Banks should ensure that appropriate measures are in place to protect the data integrity of e-banking transactions, records and information.
    
    Data integrity refers to the assurance that information that is in-transit or in storage is not altered without authorization. Failure to maintain the data integrity of transactions, records and information can expose banks to financial losses as well as to substantial legal and reputational risk.
    
    The inherent nature of straight-through processes for e-banking may make programming errors or fraudulent activities more difficult to detect at an early stage. Therefore, it is important that banks implement straight-through processing in a manner that ensures safety and soundness and data integrity.
    
    As e-banking is transacted over public networks, transactions are exposed to the added threat of data corruption, fraud and the tampering of records. Accordingly, banks should ensure that appropriate measures are in place to ascertain the accuracy, completeness and reliability of e-banking transactions, records and information that is either transmitted over Internet, resident on internal bank databases, or transmitted/stored by third-party service providers on behalf of the bank. Common practices used to maintain data integrity within an e-banking environment include the following:
    
    1)  E-banking transactions should be conducted in a manner that makes them highly resistant to tampering throughout the entire process.
    
    2)  E-banking records should be stored, accessed and modified in a manner that makes them highly resistant to tampering.
    
    3)  E-banking transaction and record-keeping processes should be designed in a manner as to make it virtually impossible to circumvent detection of unauthorized changes.
    
    4)  Adequate change control policies, including monitoring and testing procedures, should be in place to protect against any e-banking system changes that may erroneously or unintentionally compromise controls or data reliability.
    
    5)  Any tampering with e-banking transactions or records should be detected by transaction processing, monitoring and record keeping functions.

Return to the top of the newsletter

FFIEC IT SECURITY - We continue our series on the FFIEC interagency Information Security Booklet.  
   
   SECURITY CONTROLS - IMPLEMENTATION
   
   LOGICAL AND ADMINISTRATIVE ACCESS CONTROL 
   
   AUTHENTICATION - Token Systems (1 of 2)
   
   Token systems typically authenticate the token and assume that the user who was issued the token is the one requesting access. One example is a token that generates dynamic passwords every X seconds. When prompted for a password, the user enters the password generated by the token. The token's password - generating system is identical and synchronized to that in the system, allowing the system to recognize the password as valid. The strength of this system of authentication rests in the frequent changing of the password and the inability of an attacker to guess the seed and password at any point in time.
   
   Another example of a token system uses a challenge/response mechanism. In this case, the user identifies him/herself to the system, and the system returns a code to enter into the password - generating token. The token and the system use identical logic and initial starting points to separately calculate a new password. The user enters that password into the system. If the system's calculated password matches that entered by the user, the user is authenticated. The strengths of this system are the frequency of password change and the difficulty in guessing the challenge, seed, and password.
   
   Other token methods involve multi - factor authentication, or the use of more than one authentication method. For instance, an ATM card is a token. The magnetic strip on the back of the card contains a code that is recognized in the authentication process. However, the user is not authenticated until he or she also provides a PIN, or shared secret. This method is two - factor, using both something the user has and something the user knows. Two - factor authentication is generally stronger than single - factor authentication. This method can allow the institution to authenticate the user as well as the token.

Return to the top of the newsletter

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY - We continue the series on the National Institute of Standards and Technology (NIST) Handbook.
 
 Chapter 8 - SECURITY AND PLANNING IN THE COMPUTER SYSTEM LIFE CYCLE
 
 8.4.5 Disposal
 
 The disposal phase of the computer system life cycle involves the disposition of information, hardware, and software. Information may be moved to another system, archived, discarded, or destroyed. When archiving information, consider the method for retrieving the information in the future. The technology used to create the records may not be readily available in the future.
 
 Hardware and software can be sold, given away, or discarded. There is rarely a need to destroy hardware, except for some storage media containing confidential information that cannot be sanitized without destruction. The disposition of software needs to be in keeping with its license or other agreements with the developer, if applicable. Some licenses are site-specific or contain other agreements that prevent the software from being transferred.
 Measures may also have to be taken for the future use of data that has been encrypted, such as taking appropriate steps to ensure the secure long-term storage of cryptographic keys.
 
 Media Sanitization
 
 Since electronic information is easy to copy and transmit, information that is sensitive to disclosure often needs to be controlled throughout the computer system life cycle so that managers can ensure its proper disposition. The removal of information from a storage medium (such as a hard disk or tape) is called sanitization. Different kinds of sanitization provide different levels of protection. A distinction can be made between clearing information (rendering it unrecoverable by keyboard attack) and purging (rendering information unrecoverable against laboratory attack). There are three general methods of purging media: overwriting, degaussing (for magnetic media only), and destruction.