|
Why email attacks still loom as a major threat to critical
infrastructure sectors - While every organization across
every vertical faces the risk of experiencing a cyberattack,
certain industries are particularly susceptible to being
targeted by threat actors—especially those in critical
infrastructure sectors.
https://www.scmagazine.com/perspective/why-email-attacks-still-loom-as-a-major-threat-to-critical-infrastructure-sectors
U.S. Dismantles World's Largest 911 S5 Botnet with 19
Million Infected Devices - The U.S. Department of Justice (DoJ)
on Wednesday said it dismantled what it described as "likely
the world's largest botnet ever," which consisted of an army
of 19 million infected devices that was leased to other
threat actors to commit a wide array of offenses.
https://thehackernews.com/2024/05/us-dismantles-worlds-largest-911-s5.html
Seven best practices for managing non-human identities - The
concept of identity and access management (IAM) has
undergone a remarkable transformation in recent years.
Traditionally focused on managing human identities, IAM now
extends to a wide range of non-human identities (NHI) – from
applications and service accounts to virtual machines, cloud
resources, and even IoT devices.
https://www.scmagazine.com/perspective/seven-best-practices-for-managing-non-human-identities
Cyber risk is rising for poorly configured OT devices -
Since late last year, researchers have identified more
politically motivated groups targeting water and other key
critical infrastructure systems.
https://www.cybersecuritydive.com/news/cyber-risk-ot-devices/717873/
Securing your call centers: Best practices for cybersecurity
protection - All call centers face cybersecurity threats
because they handle information like credit card numbers,
health records, and personal purchase history.
https://www.cybersecuritydive.com/spons/securing-your-call-centers-best-practices-for-cybersecurity-protection/717175/
Cox fixed an API auth bypass exposing millions of modems to
attacks - Cox Communications has fixed an authorization
bypass vulnerability that enabled remote attackers to abuse
exposed backend APIs to reset millions of Cox-supplied
modems' settings and steal customers' sensitive personal
information.
https://www.bleepingcomputer.com/news/security/cox-fixed-an-api-auth-bypass-exposing-millions-of-modems-to-attacks/
HHS reverses course, allows Change Healthcare to file breach
notifications for others - Change Healthcare to file breach
notifications on behalf of the thousands of organizations
impacted by February’s ransomware attack.
https://therecord.media/hhs-changes-course-change-healthcare-breach-notifications-customers
Top 2024 SaaS Concerns: Data breaches, AI and insider risks
- Heading into the rest of 2024 it’s clear that protecting
SaaS data from data breaches, corruption by new AI tools,
and insider risk, remain important challenges for security
pros.
https://www.scmagazine.com/feature/data-breaches-impact-of-ai-and-insider-risk-top-the-list-of-saas-security-concerns
Ransomware report finds 43% of data unrecoverable after
attack - Ransomware victims permanently lose 43% of the data
affected by an attack on average, according to a report.
https://www.scmagazine.com/news/ransomware-report-finds-43-of-data-unrecoverable-after-attack
State of CISO Leadership: 2024 - A CISO’s job in 2024 is in
flux. It has evolved from technical, to strategic, to
business leadership and sometimes being the legal fall guy.
Those takeaways are from keynotes, roundtables and
conversations with chief information security officers at
the recent RSA Conference.
https://www.scmagazine.com/feature/state-of-ciso-leadership-2024
CYBERSECURITY ATTACKS, INTRUSIONS, DATA THEFT &
LOSS:
First American says personal data of 44K breached in
December cyberattack - The company previously said the
attack had a material impact on Q4 operations, but would not
have a significant long-term impact on results.
https://www.cybersecuritydive.com/news/first-american-44k-breached-cyberattack/717377/
Multi-day DDoS storm batters Internet Archive - The Internet
Archive has been under a distributed-denial-of-service (DDoS)
attack since Sunday, and is trying to keep services going.
https://www.theregister.com/2024/05/29/ddos_internet_archive/
Ransomware attack forces Seattle Public Library systems
offline - A ransomware attack over the weekend forced
administrators of the Seattle Public Library system to take
their systems offline.
https://statescoop.com/ransomware-seattle-public-library/
Christie's ransomware data breach - Christie’s website went
offline earlier this month due to what the company described
at the time as a “technology security incident”. The
cyberattack was launched just as th
e auction house was attempting to sell high-value items
worth an estimated $840 million.
https://www.securityweek.com/christies-confirms-data-breach-after-ransomware-group-claims-attack/
2.8M US folks learn their personal info was swiped months
ago in Sav-Rx IT heist - Sav-Rx has started notifying about
2.8 million people that their personal information was
likely stolen during an IT intrusion that happened more than
seven months ago.
https://www.theregister.com/2024/05/28/savrx_data_theft/
BBC suffers data breach impacting current, former employees
- The BBC has disclosed a data security incident that
occurred on May 21, involving unauthorized access to files
hosted on a cloud-based service, compromising the personal
information of BBC Pension Scheme members.
https://www.bleepingcomputer.com/news/security/bbc-suffers-data-breach-impacting-current-former-employees/
Snowflake customers caught in identity-based attack spree -
Cyber authorities and researchers warn many major companies
could be compromised by the targeted attacks against
Snowflake customer environments.
https://www.cybersecuritydive.com/news/snowflake-customer-databases-breached/717801/
Live Nation confirms jumbo breach, Ticketmaster customer
data exposed - The live concert and entertainment giant
disclosed the compromise days after reports began surfacing
of a data breach. The company said it detected the intrusion
on May 20.
https://www.cybersecuritydive.com/news/live-nation-ticketmaster-cyberattack/717787/
AI firm Hugging Face discloses leak of secrets on its Spaces
platform - Artificial intelligence company Hugging Face
disclosed that secrets from its Spaces platform may have
been accessed without proper authorization last week.
https://www.scmagazine.com/news/ai-firm-hugging-face-discloses-leak-of-secrets-on-its-spaces-platform
Snowflake Data Breach Impacts Ticketmaster, Other
Organizations - Ticketmaster and multiple other
organizations have had significant amounts of information
stolen in a data breach at cloud storage company Snowflake,
security researchers report.
https://www.securityweek.com/snowflake-hack-impacts-ticketmaster-other-organizations/
Return to
the top of the newsletter
WEB SITE COMPLIANCE -
We
continue covering some of the issues discussed in the "Risk
Management Principles for Electronic Banking" published by
the Basel Committee on Bank Supervision.
Sound Practices for Managing
Outsourced E-Banking Systems and Services (Part
3 of 3)
4. Banks should ensure that
periodic independent internal and/or external audits are
conducted of outsourced operations to at least the same
scope required if such operations were conducted in-house.
a) For outsourced relationships
involving critical or technologically complex e-banking
services/applications, banks may need to arrange for other
periodic reviews to be performed by independent third
parties with sufficient technical expertise.
5. Banks should develop appropriate
contingency plans for outsourced e-banking activities.
a) Banks need to develop and
periodically test their contingency plans for all critical
e-banking systems and services that have been outsourced to
third parties.
b) Contingency plans should
address credible worst-case scenarios for providing
continuity of e-banking services in the event of a
disruption affecting outsourced operations.
c) Banks should have an
identified team that is responsible for managing recovery
and assessing the financial impact of a disruption in
outsourced e-banking services.
6. Banks that provide e-banking
services to third parties should ensure that their
operations, responsibilities, and liabilities are
sufficiently clear so that serviced institutions can
adequately carry out their own effective due diligence
reviews and ongoing oversight of the relationship.
a) Banks have a responsibility to provide serviced
institutions with information necessary to identify, control
and monitor any risks associated with the e-banking service
arrangement.
Return to the top of the newsletter
FFIEC IT
SECURITY - We continue our series on the FFIEC
interagency Information Security Booklet.
SECURITY CONTROLS -
IMPLEMENTATION - NETWORK
ACCESS
Network security requires effective
implementation of several control mechanisms to adequately
secure access to systems and data. Financial institutions
must evaluate and appropriately implement those controls
relative to the complexity of their network. Many
institutions have increasingly complex and dynamic networks
stemming from the growth of distributed computing.
Security personnel and network
administrators have related but distinct responsibilities
for ensuring secure network access across a diverse
deployment of interconnecting network servers, file servers,
routers, gateways, and local and remote client workstations.
Security personnel typically lead or assist in the
development of policies, standards, and procedures, and
monitor compliance. They also lead or assist in
incident-response efforts. Network administrators implement
the policies, standards, and procedures in their day-to-day
operational role.
Internally, networks can host or provide centralized
access to mission-critical applications and information,
making secure access an organizational priority. Externally,
networks integrate institution and third-party applications
that grant customers and insiders access to their financial
information and Web-based services. Financial institutions
that fail to restrict access properly expose themselves to
increased transaction, reputation, and compliance risk from
threats including the theft of customer information, data
alteration, system misuse, or denial-of-service attacks.
Return to the
top of the newsletter
NATIONAL INSTITUTE OF STANDARDS
AND TECHNOLOGY -
We continue the series on the National
Institute of Standards and Technology (NIST) Handbook.
Chapter 9 - Assurance
9.4 Operational Assurance
Design and implementation assurance addresses the quality
of security features built into systems. Operational
assurance addresses whether the system's technical features
are being bypassed or have vulnerabilities and whether
required procedures are being followed. It does not address
changes in the system's security requirements, which could
be caused by changes to the system and its operating or
threat environment.
Security tends to degrade during the operational phase of
the system life cycle. System users and operators discover
new ways to intentionally or unintentionally bypass or
subvert security (especially if there is a perception that
bypassing security improves functionality). Users and
administrators often think that nothing will happen to them
or their system, so they shortcut security. Strict adherence
to procedures is rare, and they become outdated, and errors
in the system's administration commonly occur.
Organizations use two basic methods to maintain operational
assurance:
! A system audit -- a one-time or periodic event to
evaluate security. An audit can vary widely in scope: it may
examine an entire system for the purpose of reaccreditation
or it may investigate a single anomalous event.
! Monitoring -- an ongoing activity that checks on the
system, its users, or the environment.
In general, the more "real-time" an activity is, the more
it falls into the category of monitoring. This distinction
can create some unnecessary linguistic hairsplitting,
especially concerning system-generated audit trails. Daily
or weekly reviewing of the audit trail (for unauthorized
access attempts) is generally monitoring, while an
historical review of several months' worth of the trail
(tracing the actions of a specific user) is probably an
audit.
|
