|
MISCELLANEOUS CYBERSECURITY NEWS:
OCC Announces Office of Financial Technology - The Office of the
Comptroller of the Currency today announced it will establish an
Office of Financial Technology early next year to bolster the
agency’s expertise and ability to adapt to a rapidly changing
banking landscape.
www.occ.gov/news-issuances/news-releases/2022/nr-occ-2022-133.html
White House rallies industry support for Internet of Things labeling
effort - White House officials convened industry leaders, policy
experts and government leaders on Wednesday to discuss plans for
security and privacy standards on connected devices.
https://www.cyberscoop.com/white-house-iot-labeling-program/
CISA Encourages Orgs To Go Further Than MFA, Adopt FIDO
Authentication - Enabling multi-factor authentication (MFA) is “the
single most important thing Americans can do to stay safe online,”
Cybersecurity and Infrastructure Security Agency (CISA) Director Jen
Easterly wrote in a CISA blog post.
https://healthitsecurity.com/news/cisa-encourages-orgs-to-go-further-than-mfa-adopt-fido-authentication
New TSA Directive Aims to Further Enhance Railway Cybersecurity -
The Transportation Security Administration (TSA) has issued a new
directive whose goal is to improve the cybersecurity of railroad
operations in the United States.
https://www.securityweek.com/new-tsa-directive-aims-further-enhance-railway-cybersecurity
IBM awards $5 million in grants to bolster cybersecurity in public
schools - IBM on Monday announced the first eight recipients of the
2022 IBM Education Security Preparedness Grants, a package that
totals $5 million to schools in six U.S. states, Ireland, and the
United Arab Emirates.
https://www.scmagazine.com/news/leadership/ibm-awards-5-million-in-grants-to-bolster-cybersecurity-in-public-schools
Commercial building owners fretting over cyber risk should check the
fine print on their insurance - While many commercial building
owners may believe their properties are covered from cybercrime
through general commercial property insurance policies, security
professionals are highlighting an urgent need to address that
misconception and help owners qualify for cyber insurance.
https://www.scmagazine.com/analysis/business-continuity/commercial-building-owners-fretting-over-cyber-risk-should-check-the-fine-print-on-their-insurance
CHIME urges FTC to hold health apps, data brokers accountable for
illegal disclosures - The College of Healthcare Information
Management Executives (CHIME) is urging the Federal Trade Commission
to utilize its enforcement authority to hold third-party vendors
responsible for the illegal disclosure of consumer health data, even
if the act was unintentional.
https://www.scmagazine.com/analysis/privacy/chime-urges-ftc-to-hold-health-apps-data-brokers-accountable-for-illegal-disclosures
CrowdStrike, Ernst & Young to offer cloud security and observability
services - CrowdStrike and Ernst & Young on Tuesday announced that
the companies have formed an alliance to deliver cloud security and
observability services globally that will run on the CrowdStrike
Falcon platform.
https://www.scmagazine.com/news/cloud-security/crowdstrike-ernst-young-to-offer-cloud-security-and-observability-services
Experts on securing the public cloud - Cloud computing can have a
transformative effect on the ability to deliver services at scale.
But without the right safeguards in place, organizations can easily
find themselves treading water when it comes to securing IT assets
in the public cloud.
https://www.scmagazine.com/resource/cloud-security/experts-on-securing-the-public-cloud
CYBERSECURITY ATTACKS, INTRUSIONS, DATA THEFT &
LOSS:
Health insurer's infosec incident diagnosis goes from 'take a chill
pill' to emergency ward - Australian health insurer Medibank has
revealed it's been contacted by a group that claims to have its
customers' data and is threatening to distribute it.
https://www.theregister.com/2022/10/20/medibank_data_breach_worsens/
Cost of a health insurance security breach? NY watchdogs say it's $4.5m
- Hundreds of thousands of people's sensitive info poorly protected
- New York regulators continue turning the screws on organizations
with slapdash computer security.
https://www.theregister.com/2022/10/19/eyemed_data_breach_settlement/
https://www.scmagazine.com/analysis/privacy/new-york-fines-eyemed-4-5-million-for-2020-email-hack-data-breach
Urgent alert warns Daixan ransomware group hit multiple healthcare
providers - The Daixin ransomware group is actively, and
successfully, targeting the healthcare sector in force, with
multiple provider organizations facing extortion claims after
falling victim to the actors’ tactics since June, according to an
urgent joint alert from multiple federal agencies.
https://www.scmagazine.com/analysis/ransomware/urgent-alert-warns-daixan-ransomware-group-hit-multiple-healthcare-providers
Hackers exploit critical VMware flaw to drop ransomware, miners -
One Access to deliver various malware, including the RAR1Ransom tool
that locks files in password-protected archives.
https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-vmware-flaw-to-drop-ransomware-miners/
Outsourcer Interserve fined £4.4m for failing to stop cyber-attack -
Britain’s data watchdog has fined the construction group Interserve
£4.4m after a cyber-attack that enabled hackers to steal the
personal and financial information of up to 113,000 employees.
https://www.theguardian.com/business/2022/oct/24/outsourcer-interserve-fined-4-point-4m-cyber-attack-failings-data-breach-personal-information
Researchers uncover cryptojacking campaign targeting Docker,
Kubernetes cloud servers - Researchers at CrowdStrike have
discovered a new hacking campaign that targets cloud infrastructure
around the world in service of a cryptojacking scheme.
https://www.scmagazine.com/analysis/cloud-security/researchers-uncover-cryptojacking-campaign-targeting-docker-kubernetes-cloud-servers
Return to the top
of the newsletter
WEB SITE COMPLIANCE -
Risk Management of
Outsourced Technology Services
Due Diligence in Selecting a Service Provider - Contract
Issues
Dispute Resolution
The institution should consider including in the contract a
provision for a dispute resolution process that attempts to resolve
problems in an expeditious manner as well as provide for
continuation of services during the dispute resolution period.
Indemnification
Indemnification provisions generally require the financial
institution to hold the service provider harmless from liability for
the negligence of the institution, and vice versa. These provisions
should be reviewed to reduce the likelihood of potential situations
in which the institution may be liable for claims arising as a
result of the negligence of the service provider.
Limitation of Liability
Some service provider standard contracts may contain clauses
limiting the amount of liability that can be incurred by the service
provider. If the institution is considering such a contract,
consideration should be given to whether the damage limitation bears
an adequate relationship to the amount of loss the financial
institution might reasonably experience as a result of the service
provider’s failure to perform its obligations.
Return to
the top of the newsletter
FFIEC IT SECURITY -
We continue our series on the FFIEC
interagency Information Security Booklet.
INTRUSION DETECTION AND RESPONSE
Automated Intrusion Detection Systems (IDS) (Part 3 of 4)
Some network IDS units allow the IP addresses
associated with certain signatures to be automatically blocked.
Financial institutions that use that capability run the risk of an
attacker sending attack packets that falsely report the sending IP
addresses as that of service providers and others that the
institution needs to continue offering service, thereby creating a
denial - of - service situation. To avoid such a situation, the
institution also may implement a list of IP addresses that should
not be blocked by the IDS.
Hosts also use a signature-based method. One such method creates
a hash of key binaries, and periodically compares a newly generated
hash against the original hash. Any mismatch signals a change to the
binary, a change that could be the result of an intrusion.
Successful operation of this method involves protection of the
original binaries from change or deletion, and protection of the
host that compares the hashes. If attackers can substitute a new
hash for the original, an attack may not be identified. Similarly,
if an attacker can alter the host performing the comparison so that
it will report no change in the hash, an attack may not be
identified.
An additional host-based signature method monitors the
application program interfaces for unexpected or unwanted behavior,
such as a Web server calling a command line interface.
Attackers can defeat host-based IDS systems using loadable
kernel modules, or LKMs. A LKM is software that attaches itself to
the operating system kernel. From there, it can redirect and alter
communications and processing. With the proper LKM, an attacker can
force a comparison of hashes to always report a match and provide
the same cryptographic fingerprint of a file, even after the source
file was altered. LKMs can also hide the use of the application
program interfaces. Detection of LKMs is extremely difficult and is
typically done through another LKM.
Return to the top of the newsletter
NATIONAL INSTITUTE OF STANDARDS
AND TECHNOLOGY -
We continue
the series on the National Institute of Standards and Technology
(NIST) Handbook.
Chapter 20 -
ASSESSING AND MITIGATING THE RISKS TO A HYPOTHETICAL COMPUTER SYSTEM
(HGA)20.4.3
Protection Against Interruption of Operations (1 of 2)
HGA's policies
regarding continuity of operations are derived from requirements
stated in OMB Circular A-130. HGA requires various organizations
within it to develop contingency plans, test them annually, and
establish appropriate administrative and operational procedures for
supporting them. The plans must identify the facilities, equipment,
supplies, procedures, and personnel needed to ensure reasonable
continuity of operations under a broad range of adverse
circumstances.
COG Contingency
Planning
COG (Computer
Operations Group) is responsible for developing and maintaining a
contingency plan that sets forth the procedures and facilities to be
used when physical plant failures, natural disasters, or major
equipment malfunctions occur sufficient to disrupt the normal use of
HGA's PCs, LAN, server, router, printers, and other associated
equipment.
The plan prioritizes
applications that rely on these resources, indicating those that
should be suspended if available automated functions or capacities
are temporarily degraded. COG personnel have identified system
software and hardware components that are compatible with those used
by two nearby agencies. HGA has signed an agreement with those
agencies, whereby they have committed to reserving spare
computational and storage capacities sufficient to support HGA's
system-based operations for a few days during an emergency.
No communication
devices or network interfaces may be connected to HGA's systems
without written approval of the COG Manager. The COG staff is
responsible for installing all known security-related software
patches in a timely manner and for maintaining spare or redundant
PCs, servers, storage devices, and LAN interfaces to ensure that at
least 100 people can simultaneously perform word processing tasks at
all times.
To protect against
accidental corruption or loss of data, COG personnel back up the LAN
server's disks onto magnetic tape every night and transport the
tapes weekly to a sister agency for storage. HGA's policies also
stipulate that all PC users are responsible for backing up weekly
any significant data stored on their PC's local hard disks. For the
past several years, COG has issued a yearly memorandum reminding PC
users of this responsibility. COG also strongly encourages them to
store significant data on the LAN server instead of on their PC's
hard disk so that such data will be backed up automatically during
COG's LAN server backups.
To prevent more limited
computer equipment malfunctions from interrupting routine business
operations; COG maintains an inventory of approximately ten fully
equipped spare PC's, a spare LAN server, and several spare disk
drives for the server. COG also keeps thousands of feet of LAN cable
on hand. If a segment of the LAN cable that runs through the
ceilings and walls of HGA's buildings fails or is accidentally
severed, COG technicians will run temporary LAN cabling along the
floors of hallways and offices, typically restoring service within a
few hours for as long as needed until the cable failure is located
and repaired.
To protect against PC
virus contamination, HGA authorizes only System Administrators
approved by the COG Manager to install licensed, Copyright 2015ed PC
software packages that appear on the COG-approved list. PC software
applications are generally installed only on the server. (These
stipulations are part of an HGA assurance strategy that relies on
the quality of the engineering practices of vendors to provide
software that is adequately robust and trustworthy.) Only the COG
Manager is authorized to add packages to the approved list. COG
procedures also stipulate that every month System Administrators
should run virus-detection and other security-configuration
validation utilities on the server and, on a spot-check basis, on a
number of PCs. If they find a virus, they must immediately notify
the agency team that handles computer security incidents.
COG is also responsible
for reviewing audit logs generated by the server, identifying audit
records indicative of security violations, and reporting such
indications to the Incident-Handling Team. The COG Manager assigns
these duties to specific members of the staff and ensures that they
are implemented as intended.
The COG Manager is
responsible for assessing adverse circumstances and for providing
recommendations to HGA's Director. Based on these and other sources
of input, the Director will determine whether the circumstances are
dire enough to merit activating various sets of procedures called
for in the contingency plan.
|
