Cyber Risk Governance Insights | July 15, 2024

WEEK IN HEADLINES

FINANCIAL SERVICES - Banking Trojan Preys on Latin American Institutions

A sophisticated banking trojan dubbed "Coyote" has emerged, targeting Latin American financial institutions, particularly in Brazil. This malware employs advanced evasion techniques, including process hollowing and anti-analysis methods. Coyote steals sensitive financial data, intercepts SMS messages, and can perform fraudulent transactions. The trojan's modular structure and use of legitimate tools for malicious purposes make it a significant threat to the banking sector in the region.

INSIGHT: To prevent trojan infections, one of the most effective actions To prevent trojan infections is to implement strict application whitelisting policies. This would likely prevent unauthorized executables, including installers used by attackers, from running on systems, significantly reducing the risk of infection.

SOFTWARE - Provider Finds $25M in Couch Cushions, Pays Ransom & Avoids Bankruptcy

CDK Global, a major software provider for US car dealerships, fallout continues as it has reportedly paid a $25 million ransom in bitcoin to hackers using the BlackSuit ransomware. The payment, made on June 21, coincided with the restoration of services to affected dealerships.

INSIGHT: CDK Global's incident response plan was lacking in details and preparedness.  It appears that CDK did not have a centralized way to keep customers and employees informed about the status of the attack and recovery efforts.  Further, a better-prepared plans to prevent and mitigate the impact of the ransomware if they had implemented more robust backup and data protection strategies. As a critical supply chain provider for the automotive industry, CDK should have ensured they maintained comprehensive, regularly tested data backups that would enable them to quickly restore operations in the event of a security incident.

AEROSPACE - Space Agency Battles Zero-Day Attacks

The Japanese Space Exploration Agency (JAXA) discovered it was under attack using zero-day exploits while investigating a 2023 breach of its Microsoft 365 systems. The attackers gained unauthorized access to JAXA's networks and personal data, but the agency says sensitive information related to launch vehicles and satellite operations was not compromised. JAXA has implemented stronger monitoring and security measures to address the multiple malware strains used in the attacks.

INSIGHT: Deploying an appropriate EDR solution and ensuring it is properly configured and maintained, JAXA could have significantly reduced the risk of its endpoints being compromised and used as an entry point for attackers. EDR provides a strong last line of defense against threats that bypass other security controls.

GOVERNMENT - CISA: US Fed Agency Breached, No One Noticed For 5 Months

CISA's Red Team, in a SILENTSHIELD assessment, successfully exploited an unpatched vulnerability in the target agency's Oracle Solaris environment, gaining full access for 5 months without detection. The exercise revealed a series of security failures, including weak passwords, inadequate logging and monitoring, and over-reliance on known indicators of compromise. The report highlights the need for defense-in-depth, secure software design, and improved cybersecurity practices across federal agencies.

INSIGHT: Effective log collection and analysis is critical for a comprehensive cybersecurity strategy. By collecting and analyzing logs from various sources, including host-based logs, network logs, and authentication logs, along with behavioral analytics allows your organization to gain valuable insights about potential security incidents and detect malicious activity.

ENTERTAINMENT - Dev Team Slack Hacked: Massive 1.1 TB Data Leak

Hacktivist group NullBulge claims to have breached Disney's internal Slack, leaking 1.1 TiB of sensitive data including messages, files, and code from nearly 10,000 channels. The alleged hack announced on Breach Forums and social media, exposes unreleased projects and internal communications.

INSIGHT: Implement strict multi-factor authentication (MFA) for all users accessing sensitive systems like Slack. This measure provides a strong defense against unauthorized access, even if credentials are compromised. It significantly reduces the risk of breaches by requiring an additional form of verification beyond just a password.

INSIGHTS & EXPERT PERSPECTIVES

RISK MITIGATION - 22 Minutes, Hackers Use PoC Exploits in Attacks

The 2024 Application Security Report reveals that hackers are rapidly weaponizing proof-of-concept (PoC) exploits, sometimes within as little as 22 minutes after they are made publicly available. This speed of exploitation outpaces defense and patch development, leaving organizations vulnerable to attacks.

The report highlights the need for swift and proactive cybersecurity measures to counter these threats. 

• Rapid Exploitation: PoC exploits are being used in attacks just 22 minutes after their release, demonstrating the speed and agility of threat actors.

• DDoS Attacks on the Rise: The report found that 6.8% of daily internet traffic is caused by distributed denial of service (DDoS) attacks, which is a significant increase from the previous year.

• Bots and Malicious Traffic: The study revealed that 93% of bots are potentially malicious, and they are becoming increasingly effective in launching DDoS attacks.

INSIGHTS: We have been proponents of proactive cyber risk prevention and incident response strategies. This approach involves continuously monitoring networks for suspicious activity and having tested response plans in place to quickly contain and remediate threats, rather than solely relying on patching and defense measures. To properly prepare your organization, you can consider how well you're prepared in these 5 areas..

1. Vulnerability Management: How quickly are you identifying and mitigating/patching known vulnerabilities before they're exploited?

2. Endpoint Protection: Have you deployed advanced endpoint security tools with real-time threat detection and response capabilities?

3. Network Monitoring: Continuous monitoring with behavioral analytics identifies threat activity and indicators of compromise allowing you to rapidly detect and respond to PoC exploits.

4. Threat Intelligence: Stay informed, and have access to quality threat intel.

5. Employee Awareness: The least expensive cybersecurity action is educating employees.  Educated employees about cyber risks is a proactive measure to reduce overall cyber risks.

Do you have effective and cost-efficient cyber software? If unsure, partner with a trusted expert to conduct a comprehensive cyber risk assessment. An objective evaluation will provide a clear understanding of your cybersecurity posture, helping identify strengths and weaknesses. This will verify your investments align with your organization's objectives and risk appetite, avoiding overspending on unnecessary software or tools that may not provide the desired protection.

The Netswitch team of experienced cyber risk governance pros can walk you through this Security And Risk Assessment (SARA) process, providing thorough and actionable recommendations tailored to your organization's unique journey.

LINKEDIN LIVE EVENT - Cyber Risk Governance

5 Critical Questions Boards Must Ask

We're excited to invite you to our upcoming LinkedIn Live event, "Top 5 Questions for the Board to Ask," featuring special guest Alex Sharpe.

 Alex is a well-known figure in the cybersecurity industry, with an impressive track record of success. He has built two startups, including one with a successful IPO exit. Alex has also developed strategic plans for over 10 global companies, with clients spanning more than 20 countries across six continents.

Importantly, Alex is an advisor to Netswitch, providing strategic guidance for the company and our product development. He and our host, Sean, have been discussing cybersecurity topics for over five years. 

Alex has been one of our early contributors, sharing his insights at our virtual studio and providing valuable recommendations over the years. In fact, you can check out our last discussion when the SEC Cyber Rule was introduced: [https://youtu.be/eCiPUMNyKkg](https://youtu.be/eCiPUMNyKkg) 

This upcoming event will be a sequel, focusing on the critical topic of Board 'readiness.' Alex will share his insights on the following key questions board members should be asking:

1. How are we ensuring alignment between the business strategy, the security strategy, and operations?

2. How are you integrating cyber into our Risk Management practices?

3. What do you want from us?

4. What do you want us to be asking you?

5. What is the plan for moving towards resilience?

Don't miss this opportunity to gain valuable insights from one of the industry's top experts. Join us for an engaging discussion on board readiness and cybersecurity best practices.

Date: Tuesday, July 30th 📅

Time: 1 pm ET 🕐

Register to Attend: 5 Critical Questions Boards Must Ask ✔️

Netswitch Sharpen Your Cyber Edge with Netswitch

Master Compliance & Minimize Risks:

1. Independent Security Audit: Identify network risks with our automated Security And Risk Assessment (SARA). Get a clear picture, prioritize improvements, and optimize resource allocation. Contact Netswitch.

2. Free "Quick Start" Program: Gain a free cyber risk and governance health check. Enroll now and start building resilience.

Deepen Your Knowledge:

• Join Our LinkedIn Group: Collaborate with industry leaders in the CyberRisk Governance Group on LinkedIn. Share insights and stay ahead of the curve.

• Live Events: Participate in interactive LinkedIn Live sessions. Explore cyber risk topics with executives, technologists, and governance professionals.

Don't wait.

Contact Netswitch today to take control of your cyber risk.

Disclaimer: The information and links provided in this newsletter are for informational purposes only. Netswitch does not warrant the accuracy or completeness of such information and is not liable for any damages arising from its use.