Cyber Risk Governance Insights | July 8, 2024

WEEK IN HEADLINES

FINANCIAL SERVICES - Banking Trojan Targets Latin America

Mekotio is a banking trojan that targets financial institutions in Latin America. It steals banking credentials through phishing emails and fake pop-ups. It can also capture screenshots, log keystrokes, and steal clipboard data.

INSIGHT: Protect yourself by being skeptical of unsolicited messages, and avoiding suspicious links and attachments.

SECURITY - Hackers Exploit Authy MFA Service

Hackers exploited a vulnerability in Twilio's Authy multi-factor authentication (MFA) service, allowing them to verify millions of phone numbers associated with Authy accounts. Attackers abused an API to check if phone numbers were linked to Authy accounts, potentially compromising user privacy and security.

INSIGHT: While many industries rely on MFA, regarding this particular target & attack doesn't mean you should abandon MFA altogether. Update your apps and be mindful of phishing attacks.

STATE SPONSORED - Hackers Target Corp Users in Phishing Campaign

Chinese attackers have launched three novel credential-phishing campaigns, compromising at least 40,000 corporate users, including high-level executives, over 90 days. Their deployment uses highly evasive and adaptive threat (HEAT) attack techniques that can circumvent controls such as multifactor authentication (MFA) and URL filtering.

INSIGHT: Enforce MFA, train staff on security awareness, and continuously monitor for suspicious login activities.

TELECOMMUNICATIONS - Massive Phishing Attack Targets iPhones

A new attack is targeting Apple's 1.4 billion iPhone users through SMS phishing techniques. Scammers impersonate Apple, sending messages about an "important request" regarding iCloud. These messages lead to fake websites designed to steal Apple ID credentials.

INSIGHT: Enable 2FA on your Apple ID, and be wary of unexpected messages claiming to be from Apple.

PRO SPORTS - Phishing Attacks Target Sporting Bodies

Fans who attended Euro 2024 are having their stolen credentials linked to the tournament sold on underground markets, potentially compromising ticket purchases, fan accounts, and personal information.

Organizations: The Fédération Internationale de l'Automobile (FIA), the governing body for Formula 1, fell victim to a phishing attack. Implement email security filters with anti-phishing tools and prioritize regular cybersecurity training for employees.

INSIGHT: Use unique strong passwords, enable 2FA, watch out for phishing attempts, and implement email filters with anti-phishing tools along with regular employee cybersecurity training.

HEALTHCARE - Data Breach at Children's Hospital Exposes 800,000

Between January 26-31, Lurie Children's Hospital in Chicago suffered a severe cyberattack, compromising the personal data of nearly 800,000 individuals, and exposing Social Security numbers, medical diagnoses, addresses, and prescription details. LCH's entire network was shut down for weeks, disrupting patient care and communication.

INSIGHT: If you're notified of data compromise, monitor credit reports, watch for signs of identity theft, and consider a credit freeze.

GOVERNMENT - Town Paralyzed by Ransomware Attack

Apex, North Carolina, faces a ransomware incident that has knocked the town's network offline since July 2. Emergency services remain operational, but residents can't access online bill payments or permit applications.

INSIGHT: This highlights the cyber vulnerability of municipalities, residents should monitor their credit reports, look for phishing attempts, and use alternative methods for town services.

INSIGHTS & EXPERT PERSPECTIVES

RISK MITIGATION - Data Breaches Surge

Healthcare Records Exposed as SaaS Adoption Increases Risks

According to the HIPAA Journal, the healthcare industry in 2023 faced a rise in data breaches, with 725 incidents exposing over 133 million records. This surge coincides with increased adoption of SaaS (Software as a Service) applications, which, while offering valuable benefits, also expand the attack surface and introduce new vulnerabilities.

The trend underscores the urgent need for enhanced cybersecurity measures within healthcare organizations to protect sensitive patient information in an increasingly digital landscape.

SaaS (Software as a Service) plays a significant role in the increase of data breaches in healthcare for several reasons:

• Expanded attack surface: providing more potential entry points for cybercriminals.

• Sensitive data concentration: making SaaS providers attractive targets for hackers.

• Shared responsibility model: deployments and security responsibilities create confusion and gaps in security if roles are not clearly defined or understood.

• Phishing vulnerabilities: SaaS Apps are accessed via web interfaces - 45% of attacks on the healthcare industry begin with phishing.

• Integration complexities: multiple SaaS applications can create security vulnerabilities if not properly managed.

• Third-party access: often involves third-party vendors introducing more security risks if not properly vetted.

INSIGHTS - Some may say that the increase in reported incidents may partly reflect improved detection and reporting mechanisms rather than solely an increase in cyberattacks.  However, suggestions of higher reported numbers, due to increased vigilance in identifying and reporting breaches may be a bit overstated.

There are regulatory oversight issues regarding the liability of SaaS and enhanced regulatory requirements and better awareness might better secure healthcare organizations.

If healthcare organizations are serious about staying ahead of cyber risks, they'll need to get a better game.

They need to make it tougher for the bad guys to get in. How?

They should consider improvements or implementation of certain Technical and Governance Controls:

• Multi-factor or two-factor authentication (MFA or 2FA) - more than just a password to log in.

• Single sign-on (SSO) - maybe consider making it easier for staff.

• Identity threat detection systems - approach to safeguard an organization's identity infrastructure and detect threats related to user identities and access.

• Least Privilege Control - the practice of limiting user account privileges or access rights to only what is strictly required to perform authorized tasks.

• SaaS Security Posture Management platforms - a tool that continuously assesses security risks and manages the security posture.

• Security and Risk Check-ups - regular assessments and audits.

• Security Awareness Education - educate the staff to make sure they know what to look out for.

If they can tackle all this, healthcare organizations would be in a much better position to keep patient data safe while still enjoying all the perks of these fancy SaaS applications.

Netswitch Sharpen Your Cyber Edge with Netswitch

Master Compliance & Minimize Risks:

1. Independent Security Audit: Identify network risks with our automated Security And Risk Assessment (SARA). Get a clear picture, prioritize improvements, and optimize resource allocation. Contact Netswitch.

2. Free "Quick Start" Program: Gain a free cyber risk and governance health check. Enroll now and start building resilience.

Deepen Your Knowledge:

• Join Our LinkedIn Group: Collaborate with industry leaders in the CyberRisk Governance Group on LinkedIn. Share insights and stay ahead of the curve.

• Live Events: Participate in interactive LinkedIn Live sessions. Explore cyber risk topics with executives, technologists, and governance professionals.

Don't wait.

Contact Netswitch today to take control of your cyber risk.

Disclaimer: The information and links provided in this newsletter are for informational purposes only. Netswitch does not warrant the accuracy or completeness of such information and is not liable for any damages arising from its use.