MISCELLANEOUS CYBERSECURITY NEWS:

Key cyber insurance stakeholders urge government to help close $900B in uncovered risk - Marsh McLennan and Zurich Insurance Group issued a white paper urging a public-private partnership to help tackle a growing coverage gap. The White House is working on a plan. https://www.cybersecuritydive.com/news/cyber-insurance-government-900b/726305/

Security biz Verkada to pay $3M penalty under deal that also enforces infosec upgrade - Physical security biz Verkada has agreed to cough up $2.95 million following an investigation by the US Federal Trade Commission (FTC) – but the payment won’t make good its past security failings, including a blunder that led to CCTV footage being snooped on by miscreants. Instead, the fine is about spam. https://www.theregister.com/2024/09/05/verkada_ftc_settlement/

White House launches cybersecurity hiring sprint to help fill 500,000 job openings - National Cyber Director Harry Coker Jr. unveiled the program as part of an effort to fill a continued gap in cyber, technology and AI positions. https://www.cybersecuritydive.com/news/white-house-cybersecurity-500000-job/726162/

Schools, colleges faced record-breaking year of ransomware attacks in 2023 - There were 121 incidents found last year alone, according to an analysis by Comparitech, but researchers noted their findings “only scratch the surface.” https://www.cybersecuritydive.com/news/ransomware-schools-2023/725808/

Man used AI to bilk $10 million-plus from music-streaming services - A man from North Carolina was charged with fraud for allegedly using artificial intelligence tools to cheat music-streaming services. https://www.scmagazine.com/news/man-used-ai-to-bilk-10-million-plus-from-music-streaming-services

One million US Kaspersky customers to be migrated to this lesser-known alternative - Kaspersky customers in the US can continue their existing subscriptions with a replacement product from the company's 'trusted partner'. Here's what to know. https://www.zdnet.com/article/one-million-us-kaspersky-customers-to-be-migrated-to-this-lesser-known-alternative/

Critical SonicWall Vulnerability Possibly Exploited in Ransomware Attacks - The critical flaw, disclosed on August 22, impacts SonicOS on Gen 5, Gen 6 and Gen 7 firewalls. The vulnerability, an improper access control issue in the SonicOS management access and SSLVPN, can lead to unauthorized resource access or a firewall crash. https://www.securityweek.com/critical-sonicwall-vulnerability-possibly-exploited-in-ransomware-attacks/

CYBERSECURITY ATTACKS, INTRUSIONS, DATA THEFT & LOSS:

Planned Parenthood confirms Montana cyberattack claimed by RansomHub - Planned Parenthood on Sept. 5 confirmed it was the target of a cyberattack on IT systems at its Montana organization that forced the women’s health advocacy non-profit to take parts of it technology infrastructure offline. https://www.scmagazine.com/news/planned-parenthood-confirms-montana-cyberattack-claimed-by-ransomhub

Transport for London confirms cyberattack, assures us all is well - Transport for London (TfL) – responsible for much of the public network carrying people around England's capital – is battling to stay on top of an unfolding "cyber security incident." https://www.theregister.com/2024/09/03/tfl_cyberattack/

Services disrupted as local council near GCHQ’s headquarters hit by cyberattack - Tewkesbury Borough Council in Gloucestershire, England, warned residents on Wednesday it had discovered being targeted by a cyberattack, and assumed that the perpetrators had been able to penetrate its systems. https://therecord.media/tewkesbury-borough-council-near-gchq-cyberattack

Halliburton Confirms Data Stolen in Cyberattack - The US oil giant updated an SEC filing to confirm malicious hackers “accessed and exfiltrated information” from its corporate systems. In an updated SEC filing, Halliburton stopped short of confirming a ransomware extortion scheme but said the cyberattack caused significant disruptions and limitation of access to portions of its IT systems. https://www.securityweek.com/halliburton-data-theft/

Microchip Technology Confirms Personal Information Stolen in Ransomware Attack - The company disclosed the incident on August 20, when it informed the US Securities and Exchange Commission that certain servers and business operations had been disrupted. The company isolated the impacted systems to contain the attack. https://www.securityweek.com/microchip-technology-confirms-personal-information-stolen-in-ransomware-attack/

Electronic payment firm Slim CD notifies 1.7M customers of data breach - Slim CD, a company that provides processing services for electronic payments, has notified nearly 1.7 million credit card holders that their data may have been stolen in a June breach. https://www.scmagazine.com/news/electronic-payment-firm-slim-cd-notifies-17m-customers-of-data-breach

Ransomware attack forces high school in London to close and send students home - A high school in south London has announced it will be closed for the first half of this week due to a ransomware attack, leaving approximately 1,300 students in the lurch. https://therecord.media/ransomware-attack-forces-london-high-school-to-close

Planned Parenthood confirms Montana cyberattack claimed by RansomHub - Planned Parenthood on Sept. 5 confirmed it was the target of a cyberattack on IT systems at its Montana organization that forced the women’s health advocacy non-profit to take parts of it technology infrastructure offline. https://www.scmagazine.com/news/planned-parenthood-confirms-montana-cyberattack-claimed-by-ransomhub

Return to the top of the newsletter

WEB SITE COMPLIANCE - We continue the series regarding FDIC Supervisory Insights regarding Incident Response Programs.  (10 of 12)
 
 Test affected systems or procedures prior to implementation.
 
 Testing is an important function in the incident response process. It helps ensure that reconfigured systems, updated procedures, or new technologies implemented in response to an incident are fully effective and performing as expected. Testing can also identify whether any adjustments are necessary prior to implementing the updated system, process, or procedure.
 
 Follow-up
 
 During the follow-up process, an institution has the opportunity to regroup after the incident and strengthen its control structure by learning from the incident. A number of institutions have included the following best practice in their IRPs.
 
 Conduct a "lessons-learned" meeting.
 
 1) Successful organizations can use the incident and build from the experience. Organizations can use a lessons-learned meeting to
 2) discuss whether affected controls or procedures need to be strengthened beyond what was implemented during the recovery phase;
 3) discuss whether significant problems were encountered during the incident response process and how they can be addressed;
 4) determine if updated written policies or procedures are needed for the customer information security risk assessment and information security program;
 5) determine if updated training is necessary regarding any new procedures or updated policies that have been implemented; and
 6) determine if the bank needs additional personnel or technical resources to be better prepared going forward.


Return to the top of the newsletter

FFIEC IT SECURITY - We continue our series on the FFIEC interagency Information Security Booklet.  
  
  SECURITY CONTROLS - IMPLEMENTATION - NETWORK ACCESS
  
  Firewall Policy (Part 2 of 3)
  
  Firewalls are an essential control for a financial institution with an Internet connection and provide a means of protection against a variety of attacks. Firewalls should not be relied upon, however, to provide full protection from attacks. Institutions should complement firewalls with strong security policies and a range of other controls. In fact, firewalls are potentially vulnerable to attacks including:
  
  ! Spoofing trusted IP addresses;
  ! Denial of service by overloading the firewall with excessive requests or malformed packets;
  ! Sniffing of data that is being transmitted outside the network;
  ! Hostile code embedded in legitimate HTTP, SMTP, or other traffic that meet all firewall rules;
  ! Attacks on unpatched vulnerabilities in the firewall hardware or software;
  ! Attacks through flaws in the firewall design providing relatively easy access to data or services residing on firewall or proxy servers; and
  ! Attacks against machines and communications used for remote administration.

Return to the top of the newsletter

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY - We continue the series on the National Institute of Standards and Technology (NIST) Handbook.
 
 Section III. Operational Controls - Chapter 10
 
 10.2.5 Termination
 
 Termination of a user's system access generally can be characterized as either "friendly" or "unfriendly." Friendly termination may occur when an employee is voluntarily transferred, resigns to accept a better position, or retires. Unfriendly termination may include situations when the user is being fired for cause, "RIFed,"82 or involuntarily transferred. Fortunately, the former situation is more common, but security issues have to be addressed in both situations.
 
 10.2.5.1 Friendly Termination
 
 Friendly termination refers to the removal of an employee from the organization when there is no reason to believe that the termination is other than mutually acceptable. Since terminations can be expected regularly, this is usually accomplished by implementing a standard set of procedures for outgoing or transferring employees. These are part of the standard employee "out-processing," and are put in place, for example, to ensure that system accounts are removed in a timely manner. Out-processing often involves a sign-out form initialed by each functional manager with an interest in the separation. This normally includes the group(s) managing access controls, the control of keys, the briefing on the responsibilities for confidentiality and privacy, the library, the property clerk, and several other functions not necessarily related to information security.
 
 In addition, other issues should be examined as well. The continued availability of data, for example, must often be assured. In both the manual and the electronic worlds, this may involve documenting procedures or filing schemes, such as how documents are stored on the hard disk, and how are they backed up. Employees should be instructed whether or not to "clean up" their PC before leaving. If cryptography is used to protect data, the availability of cryptographic keys to management personnel must be ensured. Authentication tokens must be collected.
 
 Confidentiality of data can also be an issue. For example, do employees know what information they are allowed to share with their immediate organizational colleagues? Does this differ from the information they may share with the public? These and other organizational-specific issues should be addressed throughout an organization to ensure continued access to data and to provide continued confidentiality and integrity during personnel transitions. (Many of these issues should be addressed on an ongoing basis, not just during personnel transitions.) The training and awareness program normally should address such issues.