FYI - The Empire State Lays Down the Marker on Cybersecurity - The New York Department of Financial Services 23 NYCRR 500 Cybersecurity Requirements for Financial Companies went into effect on March 1st of this year. While the requirements are New York based, given the state's concentration of financial services firms, the regulation reaches far beyond the Hudson River. https://www.scmagazine.com/the-empire-state-lays-down-the-marker-on-cybersecurity/article/682038/

Top 10 Security Challenges for 2017 - The first half of 2017 has not exactly been a ride in the park for cybersecurity professionals. https://www.scmagazine.com/top-10-security-challenges-for-2017/article/682314/

How Cybersecurity Became 2017’s Hot New Major - If recent headlines about attacks on our privacy make one thing clear, it’s that there is a lot of work to do in the world of cybersecurity. https://www.villagevoice.com/2017/08/15/how-cybersecurity-became-2017s-hot-new-major/

Over the past year or so, there’s been an explosion of interest in vulnerability disclosure policy - the question of what to do about flaws in software found by security researchers that need patching lest they get used by hackers. https://www.cyberscoop.com/carnegie-mellon-sei-cert-vulnerability-disclosure/

NIST Releases Updated Cyber and Privacy Guidance Draft - The government’s cybersecurity standards agency published a draft version of a major revision to its guidance on security and privacy controls for government and industry Tuesday. http://www.nextgov.com/cybersecurity/2017/08/nist-releases-updated-cyber-and-privacy-guidance-draft/140265/

Cyber Command elevated to Unified Combatant Command - United States Cyber Command will become one of 10 Unified Combatant Commands that will focus on cyberspace operations. https://www.scmagazine.com/cyber-command-elevated-to-unified-combatant-command/article/682924/

Sinopec's Shengli Oilfield cuts Internet for some offices after cyber attack - Sinopec's (600028.SS) Shengli Oilfield said it will cut its Internet connection for some of its offices after a malicious ransom software attacked of 21 of its Internet terminals, the company said on its official website on Monday. http://www.reuters.com/article/us-china-cyberattack-idUSKCN1B11AM

10 ways to improve your employee notification system - Today, many organizations view mass notification systems through the lens of emergency and disaster events, such as evacuations, severe weather, terrorist incidents or active shooter situations when the ability to deliver real-time alerts to employees, customers, partners and consumers is critical. https://www.scmagazine.com/10-ways-to-improve-your-employee-notification-system/article/682951/

Navy probe of warship collision will consider cyberattacks - It has all the makings of intrigue or a conspiracy theory – the U.S. Navy will add cyber incident to the scope of its investigation of the collision, the second in recent months, between a warship and another vessel. https://www.scmagazine.com/navy-probe-of-warship-collision-will-consider-cyberattacks/article/683728/

ATTACKS, INTRUSIONS, DATA THEFT & LOSS

FYI - HBO hacked again, this time on Facebook, Twitter - Hackers are refusing to give HBO a break as the cable TV network's social media channels have been breached in yet another incident. https://www.scmagazine.com/hbos-facebook-and-twitter-pages-hacked-by-gray-hats/article/682423/

Google Chrome under attack: Have you used one of these hijacked extensions? - Recent versions of several Chrome extensions have been compromised to spread malicious ads. http://www.zdnet.com/article/google-chrome-under-attack-have-you-used-one-of-these-hijacked-extensions/

Voter data on 1.8M Chicagoans left exposed on online storage service - Personal data on more than 1.8 million Chicagoan voters was found exposed on a cloud-based storage site, available to anyone for downloading. https://www.scmagazine.com/voter-data-on-18m-chicagoans-left-exposed-on-online-storage-service/article/682933/

Hackers steal nearly $500K from Enigma virtual currency platform's ICO investors - Hackers on Sunday stole close to $500,000 in Ethereum from Enigma, a cryptocurrency trading platform provider, after compromising the company's digital assets in order to advertise a fraudulent crypto wallet address where users could buy tokens for an Initial Coin Offering. https://www.scmagazine.com/hackers-steal-nearly-500k-from-enigma-virtual-currency-platforms-ico-investors/article/683070/

State Department experiences email outage - State Department email service has been restored after a nearly 12-hour worldwide outage hit its entire unclassified system. https://www.washingtonpost.com/world/national-security/officials-state-dept-suffers-worldwide-email-outage/2017/08/18/0a024ac2-8429-11e7-9e7a-20fa8d7a0db6_story.html?utm_term=.99efbcdb8cdc

Online role-playing games on unofficial websites caught dispensing 'Joao' downloader - Attackers have been compromising popular online role-playing games from Aeria Games on unofficial websites, in order to infect players with a newly discovered malware downloader called Joao. https://www.scmagazine.com/online-role-playing-games-on-unofficial-websites-caught-dispensing-joao-downloader/article/683573/

Fuze fixes security lapses in portal site that could have exposed sensitive user data, credentials - Cloud-based unified communications services provider Fuze earlier this year repaired three vulnerabilities in a customer web portal that, if exploited, could have exposed sensitive user data and credentials. https://www.scmagazine.com/fuze-fixes-security-lapses-in-portal-site-that-could-have-exposed-sensitive-user-data-credentials/article/683390/

Latest leak of hacked celebrity photos includes images of Tiger Woods and Lindsay Vonn - A website known for publishing images stolen from celebrity's hacked accounts has struck again, according to multiple reports. https://www.scmagazine.com/latest-leak-of-hacked-celebrity-photos-includes-images-of-tiger-woods-and-lindsay-vonn/article/683590/

Business Email Compromise phishing scam found targeting diverse array of industries - An organized phishing scam operation likely based out of West Africa has been attempting to steal the business email credentials of users across a broad spectrum of industries, in hopes of compromising their accounts and leveraging them for even more targeted spear phishing scams. https://www.scmagazine.com/business-email-compromise-phishing-scam-found-targeting-diverse-array-of-industries/article/683908/

Return to the top of the newsletter

WEB SITE COMPLIANCE - OCC - Threats from Fraudulent Bank Web Sites - Risk Mitigation and Response Guidance for Web Site Spoofing Incidents (Part 2 of 5)
 
 PROCEDURES TO ADDRESS SPOOFING - Detection
 
 Banks can improve their ability to detect spoofing by monitoring appropriate information available inside the bank and by searching the Internet for illegal or unauthorized use of bank names and trademarks.  The following is a list of possible indicators of Web-site spoofing:
 
 *  E-mail messages returned to bank mail servers that were not originally sent by the bank.  In some cases, these e-mails may contain links to spoofed Web sites;
 *  Reviews of Web-server logs can reveal links to suspect Web addresses indicating that the bank's Web site is being copied or that other malicious activity is taking place;
 *  An increase in customer calls to call centers or other bank personnel, or direct communications from consumer reporting spoofing activity.
 
 Banks can also detect spoofing by searching the Internet for identifiers associated with the bank such as the name of a company or bank.  Banks can use available search engines and other tools to monitor Web sites, bulletin boards, news reports, chat rooms, newsgroups, and other forums to identify usage of a specific company or bank name.  The searches may uncover recent registrations of domain names similar to the bank's domain name before they are used to spoof the bank's Web site.  Banks can conduct this monitoring in-house or can contract with third parties who provide monitoring services.
 
 Banks can encourage customers and consumers to assist in the identification process by providing prominent links on their Web pages or telephone contact numbers through which customers and consumers can report phishing or other fraudulent activities.
 
 Banks can also train customer-service personnel to identify and report customer calls that may stem from potential Web-site attacks.

Return to the top of the newsletter

FFIEC IT SECURITY - We continue our series on the FFIEC interagency Information Security Booklet.
 
 BUSINESS CONTINUITY CONSIDERATIONS
 
 Events that trigger the implementation of a business continuity plan may have significant security considerations. Depending on the event, some or all of the elements of the security environment may change. Different people may be involved in operations, at a different physical location, using similar but different machines and software which may communicate over different communications lines. Depending on the event, different tradeoffs may exist between availability, integrity, confidentiality, and accountability, with a different appetite for risk on the part of management.
 
 Business continuity plans should be reviewed as an integral part of the security process. Risk assessments should consider the changing risks that appear in business continuity scenarios and the different security posture that may be established. Strategies should consider the different risk environment and the degree of risk mitigation necessary to protect the institution in the event the continuity plans must be implemented. The implementation should consider the training of appropriate personnel in their security roles, and the implementation and updating of technologies and plans for back - up sites and communications networks. Testing these security considerations should be integrated with the testing of business continuity plan implementations.

Return to the top of the newsletter

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY - We continue the series on the National Institute of Standards and Technology (NIST) Handbook.
 
 Chapter 12 - COMPUTER SECURITY INCIDENT HANDLING
 
 12.1.2 Preventing Future Damage
 
 An incident handling capability also assists an organization in preventing (or at least minimizing) damage from future incidents. Incidents can be studied internally to gain a better understanding of the organization's threats and vulnerabilities so more effective safeguards can be implemented. Additionally, through outside contacts (established by the incident handling capability) early warnings of threats and vulnerabilities can be provided. Mechanisms will already be in place to warn users of these risks.
 
 The incident handling capability allows an organization to learn from the incidents that it has experienced. Data about past incidents (and the corrective measures taken) can be collected. The data can be analyzed for patterns -- for example, which viruses are most prevalent, which corrective actions are most successful, and which systems and information are being targeted by hackers. Vulnerabilities can also be identified in this process -- for example, whether damage is occurring to systems when a new software package or patch is used. Knowledge about the types of threats that are occurring and the presence of vulnerabilities can aid in identifying security solutions. This information will also prove useful in creating a more effective training and awareness program -- and thus help reduce the potential for losses. The incident handling capability assists the training and awareness program by providing information to users as to (1) measures that can help avoid incidents (e.g., virus scanning) and (2) what should be done in case an incident does occur.
 
 Of course, the organization's attempts to prevent future losses does not occur in a vacuum. With a sound incident handling capability, contacts will have been established with counterparts outside the organization. This allows for early warning of threats and vulnerabilities that the organization may have not yet experienced. Early preventative measures (generally more cost-effective than repairing damage) can then be taken to reduce future losses. Data is also shared outside the organization to allow others to learn from the organization's experiences.
 
 The sharing of incident data among organizations can help at both the national and the international levels to prevent and respond to breaches of security in a timely, coordinated manner.