MISCELLANEOUS CYBERSECURITY NEWS:

FDIC Issues Final Rule Regarding False Advertising, Misrepresentations About Insured Status, and Misuse of the FDIC’s Name or Logo. 
www.fdic.gov/news/press-releases/2022/pr22041.html
https://www.occ.treas.gov/news-issuances/news-releases/2022/nr-occ-2022-53.html

Coast Guard wants to model cyber specialist trainings after agency’s diving program - The United States Coast Guard wants to model its new cybersecurity-specific positions after the agency’s diving program, with officials saying they would rather take their time to select the best people for the job than invest hundreds of thousands of dollars on the wrong candidate. https://www.scmagazine.com/analysis/careers/coast-guard-wants-to-model-cyber-specialist-trainings-after-agencys-diving-program

How cloud network security differs from legacy security in a data center - Legacy network security designs leveraged data center and campus network architectures that had few well-known traffic ingress and egress points through which traffic had to flow. https://www.scmagazine.com/perspective/cloud-security/how-cloud-network-security-differs-from-legacy-security-in-a-data-center%EF%BF%BC

US-EU expand access to cybersecurity tools for small businesses - The U.S.-EU Trade and Technology Council (TTC) on Monday announced that they are deepening U.S.-EU cooperation by expanding access to cybersecurity tools for small- and medium-sized businesses and securing critical supply chains, such as semiconductors. https://www.scmagazine.com/news/third-party-risk/us-eu-expand-access-to-cybersecurity-tools-for-small-businesses

White House joins OpenSSF and the Linux Foundation in securing open-source software - Open-source software supply chain security is now a vital issue of national security. https://www.zdnet.com/article/white-house-joins-openssf-and-the-linux-foundation-in-securing-open-source-software/

Microsoft’s May Patch Tuesday Updates Cause Windows AD Authentication Errors - Microsoft is alerting customers that its May Patch Tuesday update is causing authentications errors and failures tied to Windows Active Directory Domain Services. In a Friday update, Microsoft said it was investigating the issue. https://threatpost.com/microsofts-may-patch-tuesday-updates-cause-windows-ad-authentication-errors/179631/

CISA calls VMWare vulnerabilities ‘unacceptable risk’ in emergency order to feds - The Cybersecurity and Infrastructure Security Agency is ordering federal agencies and contractors to fix a series of vulnerabilities affecting multiple VMWare products, some of which the agency says are being actively exploited on unpatched systems in the wild. https://www.scmagazine.com/analysis/vulnerability-management/cisa-calls-vmware-vulnerabilities-unacceptable-risk-in-emergency-order-to-feds

CYBERSECURITY ATTACKS, INTRUSIONS, DATA THEFT & LOSS:

US, Europe formally blame Russia for data wiper attacks against Ukraine, Viasat - The US and the European Union have officially blamed Russia for a series of destructive data-wiping malware infections in Ukrainian government and private-sector networks - and said they will "take steps" to defend against and respond to Kremlin-orchestrated attacks. https://www.theregister.com/2022/05/10/us_eu_russia/

DEA Investigating Breach of Law Enforcement Data Portal - The U.S. Drug Enforcement Administration (DEA) says it is investigating reports that hackers gained unauthorized access to an agency portal that taps into 16 different federal law enforcement databases. https://krebsonsecurity.com/2022/05/dea-investigating-breach-of-law-enforcement-data-portal/

Conti ransomware gang calls for Costa Rican citizens to revolt if government doesn’t pay - Conti is escalating its rhetoric to force Costa Rica to pay a ransom after the nation was breached last month, including calls for potential regime change from its newly elected president to assemble a government more willing to pay. https://www.scmagazine.com/analysis/ransomware/conti-ransomware-gang-calls-for-costa-rican-citizens-to-revolt-if-government-doesnt-pay

RefuahHealth informs 261K patients of May 2021 network data theft - RefuahHealth is notifying 260,740 patients that their personal and protected health information was stolen during a two-day network hack nearly a year ago in May 2021. https://www.scmagazine.com/analysis/ransomware/refuahhealth-informs-261k-patients-of-may-2021-network-data-theft

Iranian Cyberspy Group Launching Ransomware Attacks Against US - Over the past several months, Iran-linked cyberespionage group Charming Kitten has been engaging in financially-motivated activities, the Secureworks Counter Threat Unit (CTU) reports. https://www.securityweek.com/iranian-cyberspy-group-launching-ransomware-attacks-against-us

Oklahoma City Indian Clinic Data Breach Affects 40,000 Individuals - Oklahoma City Indian Clinic (OKCIC) this week announced that it experienced a data breach exposing personally identifiable information (PII) of nearly 40,000 individuals. https://www.infosecurity-magazine.com/news/oklahoma-city-indian-clinic-data/

RefuahHealth informs 261K patients of May 2021 network data theft - RefuahHealth is notifying 260,740 patients that their personal and protected health information was stolen during a two-day network hack nearly a year ago in May 2021. https://www.scmagazine.com/analysis/ransomware/refuahhealth-informs-261k-patients-of-may-2021-network-data-theft

Conti ransomware gang calls for Costa Rican citizens to revolt if government doesn’t pay - Conti is escalating its rhetoric to force Costa Rica to pay a ransom after the nation was breached last month, including calls for potential regime change from its newly elected president to assemble a government more willing to pay. https://www.scmagazine.com/analysis/ransomware/conti-ransomware-gang-calls-for-costa-rican-citizens-to-revolt-if-government-doesnt-pay
 

Return to the top of the newsletter

WEB SITE COMPLIANCE - We continue the series regarding FDIC Supervisory Insights regarding Incident Response Programs.  (10 of 12)
 
 Test affected systems or procedures prior to implementation.
 
 Testing is an important function in the incident response process. It helps ensure that reconfigured systems, updated procedures, or new technologies implemented in response to an incident are fully effective and performing as expected. Testing can also identify whether any adjustments are necessary prior to implementing the updated system, process, or procedure.
 
 Follow-up
 
 During the follow-up process, an institution has the opportunity to regroup after the incident and strengthen its control structure by learning from the incident. A number of institutions have included the following best practice in their IRPs.
 
 Conduct a "lessons-learned" meeting.
 
 1) Successful organizations can use the incident and build from the experience. Organizations can use a lessons-learned meeting to
 2) discuss whether affected controls or procedures need to be strengthened beyond what was implemented during the recovery phase;
 3) discuss whether significant problems were encountered during the incident response process and how they can be addressed;
 4) determine if updated written policies or procedures are needed for the customer information security risk assessment and information security program;
 5) determine if updated training is necessary regarding any new procedures or updated policies that have been implemented; and
 6) determine if the bank needs additional personnel or technical resources to be better prepared going forward.

Return to the top of the newsletter

FFIEC IT SECURITY - We continue our series on the FFIEC interagency Information Security Booklet.  
  
  ENCRYPTION KEY MANAGEMENT
  
  Since security is primarily based on the encryption keys, effective key management is crucial. Effective key management systems are based on an agreed set of standards, procedures, and secure methods that address
  
  ! Generating keys for different cryptographic systems and different applications;
  ! Generating and obtaining public keys;
  ! Distributing keys to intended users, including how keys should be activated when received;
  ! Storing keys, including how authorized users obtain access to keys;
  ! Changing or updating keys including rules on when keys should be changed and how this will be done;
  ! Dealing with compromised keys;
  ! Revoking keys and specifying how keys should be withdrawn or deactivated;
  ! Recovering keys that are lost or corrupted as part of business continuity management;
  ! Archiving keys;
  ! Destroying keys;
  ! Logging the auditing of key management - related activities; and
  ! Instituting defined activation and deactivation dates, limiting the usage period of keys.
  
  Secure key management systems are characterized by the following precautions.
  
  ! Key management is fully automated (e.g. personnel do not have the opportunity to expose a key or influence the key creation).
  ! No key ever appears unencrypted.
  ! Keys are randomly chosen from the entire key space, preferably by hardware.
  ! Key - encrypting keys are separate from data keys. No data ever appears in clear text that was encrypted using a key - encrypting key. (A key - encrypting key is used to encrypt other keys, securing them from disclosure.)
  ! All patterns in clear text are disguised before encrypting.
  ! Keys with a long life are sparsely used. The more a key is used, the greater the opportunity for an attacker to discover the key.
  ! Keys are changed frequently. The cost of changing keys rises linearly while the cost of attacking the keys rises exponentially. Therefore, all other factors being equal, changing keys increases the effective key length of an algorithm.
  ! Keys that are transmitted are sent securely to well - authenticated parties.
  ! Key generating equipment is physically and logically secure from construction through receipt, installation, operation, and removal from service.

Return to the top of the newsletter

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY - We continue the series on the National Institute of Standards and Technology (NIST) Handbook.

Chapter 19 - CRYPTOGRAPHY

19.1 Basic Cryptographic Technologies

Cryptography relies upon two basic components: an algorithm (or cryptographic methodology) and a key. In modern cryptographic systems, algorithms are complex mathematical formulae and keys are strings of bits. For two parties to communicate, they must use the same algorithm (or algorithms that are designed to work together). In some cases, they must also use the same key. Many cryptographic keys must be kept secret; sometimes algorithms are also kept secret.

There are two basic types of cryptography: secret key systems (also called symmetric systems) and public key systems (also called asymmetric systems). The table compares some of the distinct features of secret and public key systems. Both types of systems offer advantages and disadvantages. Often, the two are combined to form a hybrid system to exploit the strengths of each type. To determine which type of cryptography best meets its needs, an organization first has to identify its security requirements and operating environment.