|
MISCELLANEOUS CYBERSECURITY NEWS:
Russia Is Taking Over Ukraine’s Internet - WEB PAGES IN the city of
Kherson in south Ukraine stopped loading on people’s devices at 2:43
pm on May 30. For the next 59 minutes, anyone connecting to the
internet with KhersonTelecom, known locally as SkyNet, couldn’t call
loved ones, find out the latest news, or upload images to Instagram.
https://www.wired.com/story/ukraine-russia-internet-takeover/
Cybersecurity Professionals Identify Top Cloud Computing Security
Risks - The Cloud Security Alliance (CSA) released this year’s “Top
Threats to Cloud Computing” report, outlining the most prevalent
security concerns that trouble cybersecurity experts today.
https://healthitsecurity.com/news/cybersecurity-professionals-identify-top-cloud-computing-security-risks
Ban on sale of health data by brokers introduced in Senate ahead of
abortion ruling - Sen. Elizabeth Warren, D-Mass., introduced
legislation this week that would ban data brokers from selling
consumer data, including health and location data.
https://www.scmagazine.com/analysis/application-security/ban-on-sale-of-health-data-by-brokers-introduced-in-senate-ahead-of-abortion-ruling
CISA’s incident and vulnerability response playbooks: What they are,
how to use them - In late 2021, the U.S. Cybersecurity and
Infrastructure Security Agency (CISA) released the Federal
Cybersecurity Incident and Vulnerability Response Playbooks, aimed
at providing a standard set of procedures for responding to
vulnerabilities and incidents impacting federal civilian executive
branch networks.
https://www.scmagazine.com/resource/incident-response/cisas-incident-and-vulnerability-response-playbooks-what-they-are-how-to-use-them
Chainalysis launches stolen cryptocurrency tracking team for
enterprise - Blockchain analysis-firm Chainalysis announced
Wednesday a new investigative team to help recover stolen and
scammed cryptocurrency, its first distinct product for enterprise.
https://www.scmagazine.com/analysis/incident-response/chainalysis-launches-stolen-cryptocurrency-tracking-team-for-enterprise
CYBERSECURITY ATTACKS, INTRUSIONS, DATA THEFT &
LOSS:
Another 1.3M patients added to data breach tally of ransomware
attack on Eye Care Leaders - Approximately 1.29 million patients of
Texas Tech University Health Sciences Center have been added to the
ongoing fallout from the Eye Care Leaders ransomware attack and data
theft from December 2021.
https://www.scmagazine.com/analysis/ransomware/another-1-3m-patients-added-to-data-breach-tally-of-ransomware-attack-on-eye-care-leaders
Latin America governments are prime targets for ransomware due to
lack of resources, analysis argues - Some Latin American countries
may present as easy targets for ransomware attackers due to a
general deficit of cyber resources, specifically education, hygiene
and overall infrastructure.
https://www.cyberscoop.com/latin-america-ransomware-recorded-future/
Jury Convicts Seattle Woman in Massive Capital One Hack - A federal
jury on Friday convicted a former Seattle tech worker of several
charges related to a massive hack of Capital One bank and other
companies in 2019.
https://www.securityweek.com/jury-convicts-seattle-woman-massive-capital-one-hack
Flagstar Bank discloses data breach impacting 1.5 million customers
- Flagstar Bank is notifying 1.5 million customers of a data breach
where hackers accessed personal data during a December cyberattack.
https://www.bleepingcomputer.com/news/security/flagstar-bank-discloses-data-breach-impacting-15-million-customers/
Ransomware attack on Yuma Regional Medical leads to data theft for
700K patients - Yuma Regional Medical Center in Arizona recently
notified 700,000 patients that their personal and health data was
stolen ahead of an April ransomware attack.
https://www.scmagazine.com/analysis/breach/ransomware-attack-on-yuma-regional-medical-leads-to-data-theft-for-700k-patients
Return to the top
of the newsletter
WEB SITE COMPLIANCE -
OCC - Threats from
Fraudulent Bank Web Sites - Risk Mitigation and Response Guidance
for Web Site Spoofing Incidents (Part 3 of 5)
PROCEDURES TO ADDRESS SPOOFING - Information
Gathering
After a bank has determined that it is the target of a spoofing
incident, it should collect available information about the attack
to enable an appropriate response. The information that is
collected will help the bank identify and shut down the fraudulent
Web site, determine whether customer information has been obtained,
and assist law enforcement authorities with any investigation.
Below is a list of useful information that a bank can collect. In
some cases, banks will require the assistance of information
technology specialists or their service providers to obtain this
information.
* The means by which the bank became aware that it was the
target of a spoofing incident (e.g., report received through
Website, fax, telephone, etc.);
* Copies of any e-mails or documentation regarding other forms
of communication (e.g., telephone calls, faxes, etc.) that were used
to direct customers to the spoofed Web sites;
* Internet Protocol (IP) addresses for the spoofed Web sites
along with identification of the companies associated with the IP
addresses;
* Web-site addresses (universal resource locator) and the
registration of the associated domain names for the spoofed site;
and
* The geographic locations of the IP address (city, state, and
country).
Return to
the top of the newsletter
FFIEC IT SECURITY -
We continue our series on the FFIEC
interagency Information Security Booklet.
SYSTEMS DEVELOPMENT, ACQUISITION, AND MAINTENANCE
Financial institution system development, acquisition, and
maintenance functions should incorporate agreed upon security
controls into software prior to development and implementation.
Management should integrate consideration of security controls into
each phase of the system development process. For the purposes of
this section, system development could include the internal
development of customized systems, the creation of database systems,
or the acquisition of third-party developed software. System
development could include long-term projects related to large
mainframe-based software projects with legacy source code or rapid
Web-based software projects using fourth-generation programming. In
all cases, institutions need to prioritize security controls
appropriately.
SOFTWARE DEVELOPMENT AND ACQUISITION
Security Requirements
Financial institutions should develop security control
requirements for new systems, system revisions, or new system
acquisitions. Management will define the security control
requirements based on their risk assessment process evaluating the
value of the information at risk and the potential impact of
unauthorized access or damage. Based on the risks posed by the
system, management may use a defined methodology for determining
security requirements, such as ISO 15408, the Common Criteria.23
Management may also refer to published, widely recognized industry
standards as a baseline for establishing their security
requirements. A member of senior management should document
acceptance of the security requirements for each new system or
system acquisition, acceptance of tests against the requirements,
and approval for implementing in a production environment.
Development projects should consider automated controls for
incorporation into the application and the need to determine
supporting manual controls. Financial institutions can implement
appropriate security controls with greater cost effectiveness by
designing them into the original software rather than making
subsequent changes after implementation. When evaluating purchased
software, financial institutions should consider the availability of
products that have either been independently evaluated or received
security accreditation through financial institution or information
technology-related industry groups.
|
