|
MISCELLANEOUS CYBERSECURITY NEWS:
|
FBI, CISA, NSA Warn of Iranian Cyberattacks on Critical
Infrastructure - In a significant cybersecurity alert,
multiple agencies, including the FBI, CISA, NSA, and
international partners, have issued a joint advisory warning
of increasing cyber activity targeting critical
infrastructure by Iranian cyber actors.
https://securityonline.info/fbi-cisa-nsa-warn-of-iranian-cyberattacks-on-critical-infrastructure/
Are cybersecurity professionals OK? - Absorbing the impacts
of cyberattacks takes a personal toll on defenders.
Separating the evil they see from all that’s good in the
world doesn’t always come easy.
https://www.cybersecuritydive.com/news/cyber-security-burnout-stress-anxiety/723470/
CISA, FBI Seek Public Comment on Software Security Bad
Practices Guidance - The guidance urges the makers of
software and services for the critical infrastructure or
national critical functions (NCFs) to prioritize security
throughout the development process and reduce customer
security risks.
https://www.securityweek.com/cisa-fbi-seek-public-comment-on-software-security-bad-practices-guidance/
Pentagon shares new cybersecurity rules for government
contractors - The U.S. Department of Defense introduced new
cybersecurity requirements for companies that contract with
the federal government.
https://www.scworld.com/news/pentagon-shares-new-cybersecurity-rules-for-government-contractors
Majority of global CISOs want to split roles as regulatory
burdens grow - More than 4 in 5 CISOs believe their role
needs to be split into two separate positions, as regulatory
and financial risks consume a greater part of their job
responsibilities.
https://www.cybersecuritydive.com/news/global-cisos-want-split-roles-regulatory/729871/
Where organizations invest after a data breach - Asking
customers to foot the bill for data breach remediation will
not prevent future data breaches or address the issues that
cause costs to increase.
https://www.cybersecuritydive.com/news/data-breach-recovery-investments/728825/
SEC settles charges with 4 firms it says downplayed
SolarWinds hack exposure - The agency alleged Unisys, Avaya,
Check Point Software and Mimecast misled investors about the
extent of their respective cyber risks.
https://www.cybersecuritydive.com/news/sec-settles-charges-4-companies-solarwinds/730668/
Cloud vs. datacenter: Decoding the security trade-offs - One
of the first concepts that every student of economics learns
about is trade-offs – if an IT department allocates more of
its budget to cybersecurity, it may have less to spend on
software development or hardware upgrades.
https://www.scworld.com/perspective/cloud-vs-datacenter-decoding-the-security-trade-offs
CYBERSECURITY ATTACKS,
INTRUSIONS, DATA THEFT & LOSS:
Microsoft confirms partial loss of security log data on
multiple platforms - The company previously expanded free
access to security logs on several platforms, including
Purview, following the 2023 state-linked hack of Exchange
Online.
https://www.cybersecuritydive.com/news/microsoft-loss-security-log-data/730285/
Cisco confirms breach of public-facing DevHub site - Cisco
confirmed Oct. 18 that it experienced a breach on its
public-facing DevHub environment, but that no internal
systems were compromised.
https://www.scworld.com/news/cisco-confirms-breach-of-public-facing-devhub-site
Troubled US insurance giant hit by extortion after data leak
- insurance provider Globe Life, already grappling with
legal troubles, now faces a fresh headache: an extortion
attempt involving stolen customer data.
https://www.theregister.com/2024/10/17/us_insurance_giant_with_a/
ESET Distributor’s Systems Abused to Deliver Wiper Malware -
T has launched an investigation after the systems of its
official product distributor in Israel were abused to send
out emails delivering wiper malware.
https://www.securityweek.com/eset-distributors-systems-abused-to-deliver-wiper-malware/
Microsoft said it lost weeks of security logs for its
customers’ cloud products - Microsoft has notified customers
that it’s missing more than two weeks of security logs for
some of its cloud products, leaving network defenders
without critical data for detecting possible intrusions.
https://techcrunch.com/2024/10/17/microsoft-said-it-lost-weeks-of-security-logs-for-its-customers-cloud-products/
Japanese watchmaker Casio warns of delivery delays after
ransomware attack - Product delivery delays at Japanese
watchmaker Casio will continue into November, the company
said Monday, as it continues to recover from a ransomware
attack.
https://therecord.media/japan-casio-delays-watchmaker-ransomware
Spate of ransomware attacks on German-speaking schools hits
another in Switzerland - The growing menace of cyberattacks
impacting German-speaking educational institutions in Europe
has hit a vocational school in Switzerland whose specialisms
include nursing and construction.
https://therecord.media/ransomware-attack-german-speaking-school-switzerland-bbz-schaffhausen
Return to the top of the newsletter
WEB SITE COMPLIANCE
- OCC - Threats from Fraudulent Bank Web Sites -
Risk Mitigation and Response Guidance for Web Site Spoofing
Incidents (Part 4 of 5)
PROCEDURES TO ADDRESS
SPOOFING -
Spoofing Incident Response
To respond to spoofing incidents
effectively, bank management should establish structured and
consistent procedures. These procedures should be
designed to close fraudulent Web sites, obtain identifying
information from the spoofed Web site to protect customers,
and preserve evidence that may be helpful in connection with
any subsequent law enforcement investigations.
Banks can take the following steps
to disable a spoofed Web site and recover customer
information. Some of these steps will require the
assistance of legal counsel.
* Communicate promptly,
including through written communications, with the Internet
service provider (ISP) responsible for hosting the
fraudulent Web site and demand that the suspect Web site be
shutdown;
* Contact the domain name
registrars promptly, for any domain name involved in the
scheme, and demand the disablement of the domain names;
* Obtain a subpoena from the
clerk of a U.S. District Court directing the ISP to identify
the owners of the spoofed Web site and to recover customer
information in accordance with the Digital Millennium
Copyright Act;
* Work with law enforcement;
and
* Use other existing
mechanisms to report suspected spoofing activity.
The following are other actions
and types of legal documents that banks can use to respond
to a spoofing incident:
* Banks can write letters to
domain name registrars demanding that the incorrect use of
their names or trademarks cease immediately;
* If these demand letters
are not effective, companies with registered Internet names
can use the Uniform Domain Name Dispute Resolution Process (UDRP)
to resolve disputes in which they suspect that their names
or trademarks have been illegally infringed upon. This
process allows banks to take action against domain name
registrars to stop a spoofing incident. However, banks
must bear in mind that the UDRP can be relatively
time-consuming. For more details on this process see http://www.icann.org/udrp/udrp-policy-24oct99.htm;
and
* Additional remedies may be available under the
federal Anti-Cybersquatting Consumer Protection Act (ACCPA)
allowing thebank to initiate immediate action in federal
district court under section 43(d) of the Lanham Act, 15 USC
1125(d). Specifically, the ACCPA can provide for rapid
injunctive relief without the need to demonstrate a
similarity or likelihood of confusion between the goods or
services of the parties.
Return to the top of the newsletter
FFIEC IT
SECURITY - We
continue our series on the FFIEC interagency Information
Security Booklet.
SECURITY CONTROLS -
IMPLEMENTATION - REMOTE
ACCESS
Many financial institutions use
modems, remote - access servers (RAS), and VPNs to provide
remote access into their systems or to allow remote access
out of their systems. Remote access can support mobile users
through wireless, Internet, or dial-in capabilities. In some
cases, modem access is required periodically by vendors to
make emergency program fixes or to support a system.
Remote access to a financial
institution's systems provides an attacker with the
opportunity to remotely attack the systems either
individually or in groups. Accordingly, management should
establish policies restricting remote access and be aware of
all remote access devices attached to their systems. These
devices should be strictly controlled. Good controls for
remote access include the following actions:
! Disallow remote access by policy
and practice unless a compelling business justification
exists.
! Disable remote access at the
operating system level if a business need for such access
does not exist.
! Require management approval for
remote access.
! Require an operator to leave the
modems unplugged or disabled by default, to enable modems
only for specific, authorized external requests, and disable
the modem immediately when the requested purpose is
completed.
! Configure modems not to answer
inbound calls, if modems are for outbound use only.
! Use automated callback features so
the modems only call one number (although this is subject to
call forwarding schemes).
! Install a modem bank where the
outside number to the modems uses a different prefix than
internal numbers and does not respond to incoming calls.
! Log and monitor the date, time,
user, user location, duration, and purpose for all remote
access.
! Require a two-factor
authentication process for all remote access (e.g.,
PIN-based token card with a one-time random password
generator).
! Implement controls consistent with
the sensitivity of remote use (e.g., remote system
administration requires strict controls and oversight
including encrypting the authentication and log-in process).
! Appropriately patch and maintain
all remote access software.
! Use trusted, secure access
devices.
! Use remote-access servers (RAS) to centralize modem and
Internet access, to provide a consistent authentication
process, and to subject the inbound and outbound network
traffic to firewalls.
Return to the
top of the newsletter
NATIONAL INSTITUTE OF STANDARDS
AND TECHNOLOGY -
We continue the series on the National
Institute of Standards and Technology (NIST) Handbook.
Chapter 11 - PREPARING FOR CONTINGENCIES AND DISASTERS
11.2 Step 2: Identifying the Resources That Support
Critical Functions
Resources
That Support Critical Functions:
! Human Resources
! Processing Capability
! Computer-Based Services
! Data and Applications
! Physical Infrastructure
! Documents and Papers
11.2.1
Human Resources
People are perhaps an organization's most obvious resource.
Some functions require the effort of specific individuals,
some require specialized expertise, and some only require
individuals who can be trained to perform a specific task.
Within the information technology field, human resources
include both operators (such as technicians or system
programmers) and users (such as data entry clerks or
information analysts).
11.2.2 Processing Capability
Contingency Planning Teams - To
understand what resources are needed from each of the six
resource categories and to understand how the resources
support critical functions, it is often necessary to
establish a contingency planning team. A typical team
contains representatives from various organizational
elements, and is often headed by a contingency planning
coordinator. It has representatives from the following three
groups:
1) business-oriented groups , such as representatives
from functional areas;
2) facilities management; and
3) technology management.
Various other groups are called on as needed including
financial management, personnel, training, safety, computer
security, physical security, and public affairs.
Traditionally contingency planning has focused on
processing power (i.e., if the data center is down, how can
applications dependent on it continue to be processed?).
Although the need for data center backup remains vital,
today's other processing alternatives are also important.
Local area networks (LANs), minicomputers, workstations, and
personal computers in all forms of centralized and
distributed processing may be performing critical tasks.
|
|
