Cyber Risk Governance Insights | September 2, 2024
WEEK IN HEADLINES
GOVERNMENT - Malware in Espionage Campaign
Researchers identified a sophisticated malware campaign named “Voldemort,” targeting over 70 organizations globally. The malware uses advanced techniques, including Google Sheets for command and control, and impersonates tax authorities to lure victims. The campaign is likely espionage-focused, aiming at intelligence gathering rather than financial gain.
INSIGHT: Restricting access to external file-sharing services to only known, safe listed servers is a good general security measure that can help prevent various types of malwares, not just the “Voldemort” malware.
JOINT ADVISORY - Iran-Based Actors Target U.S. Orgs For Sensitive Data
The FBI, CISA, and DC3 warn that Iran-based cyber actors are exploiting U.S. and foreign organizations, including those in education, finance, healthcare, and defense sectors. These actors collaborate with ransomware affiliates to deploy ransomware, aiming to steal sensitive data and extort victims.
INSIGHT: Wash Rinse Repeat - MFA to secure network access.
SERVICES - Data Aggregator Finally Fesses Up
Months and a Class Action Lawsuit later, National Public Data (NPD) confirmed a massive data breach affecting millions of consumers in the US, UK, and Canada. The breach, attributed to a third-party bad actor, exposed names, email addresses, phone numbers, Social Security numbers, and mailing addresses. The incident highlights the urgent need for stronger data protection measures and reconsideration of using SSNs as primary identifiers.
INSIGHT: If you're a company, implement data encryption and verify access controls for all sensitive data and SaaS platforms.
SOFTWARE - Malicious npm Packages Unleashed
North Korean hackers are targeting software developers with malicious npm packages to steal cryptocurrency assets. The campaign, known as ‘Contagious Interview,’ involves tricking developers into downloading fake packages or installers, leading to the deployment of malware that exfiltrates sensitive data from cryptocurrency wallets. INSIGHT: Avoid downloading and installing npm packages (or any software, apps, extensions) from unverified or suspicious sources.
MANUFACTURING - Microchip Maker Downed by Missing Basic Control
The Play ransomware gang has claimed responsibility for a cyberattack on Microchip Technology [NASDAQ: MCHP], disrupting servers and business operations. The group threatens to release stolen data unless a ransom is paid. Microchip Technology is investigating the incident with cybersecurity experts, while their stock remains unchanged. INSIGHT: We're starting to sound like our Dad…. If we've said it once, we've said it a thousand times. MFA.
RETAIL - Email Shut Down and Employee Accounts Locked
DICK’S Sporting Goods [NYSE: DKS] experienced a cyberattack on August 21, 2024, leading to unauthorized access to confidential information. The company shut down email systems and locked employee accounts to contain the breach. External cybersecurity experts were engaged, and federal law enforcement was notified. The incident did not disrupt business operations. INSIGHT: Conduct regular security assessments to identify and address vulnerabilities and misconfigurations in the system.
FINANCIAL SERVICES - Alert: Credit Union Seeing Surge in Scam Texts
ESL Federal Credit Union warns members of increased phishing attempts. Scammers are sending fraudulent text messages and phone calls to steal sensitive information. ESL advises members to avoid clicking on links in unsolicited messages and to contact them directly for verification.
INSIGHT: Trust no text and do not click on any links in unsolicited text messages.
MANUFACTURING - Oops! They Did It Again
Deja vu AMD [NASDAQ: AMD] has suffered another data breach, with cybercriminal groups IntelBroker and EnergyWeaponUser claiming responsibility. The stolen data, including sensitive employee information, is being sold on Breach Forums. AMD is assisting with law enforcement to investigate the breach and assess the data’s significance. Maybe should have been better prepared after the first one. INSIGHT: Data encryption throughout the data set, better layers of security to have seen the 2nd time coming, and perhaps data exfiltration prevention or monitors. The real shame is the accessibility to steal IP from such an advanced company like this - unfortunately, they are not alone.
INTERNET - Hackers Exploit ISPs to Steal Credentials from You
Malicious hackers, likely backed by the Chinese government, exploited a zero-day vulnerability in Versa Director, infecting at least four US-based ISPs with malware that steals customer credentials. The vulnerability, CVE-2024-39717, allowed attackers to install a web shell named VersaMem, granting remote administrative control and capturing credentials before they were hashed. Versa patched the vulnerability, but the attacks are ongoing.
INSIGHT: Consider system hardening and firewall guidelines to secure management ports. Organizations that secure their walls and monitor them for hackers looking for holes can more proactively defend against attacks. And just because someone is selling you SASE does not mean that you are SAFE.
INSIGHTS & EXPERT PERSPECTIVES
LEADERSHIP: Boards Must Evolve to Navigate the New Landscapes
As cyber threats escalate, the role of boards in overseeing cybersecurity is undergoing significant transformation. Sheryl Root pointed us to the "10 Questions Boards Should Ask About Cybersecurity" episode from McKinsey & Co's podcast which explores the evolving responsibilities of boards, emphasizing the need for a proactive, risk-based approach to cybersecurity.
They highlight the importance of regulatory compliance, investment in cybersecurity, and the necessity for boards to actively engage in cybersecurity strategy and incident response.
Key Highlights:
Regulatory Changes: Boards must stay updated with evolving regulations like CIRCIA and the SEC cyber-disclosure rule, which demand greater cybersecurity expertise and proactive measures.
Investment in Cybersecurity: Companies often underfund cybersecurity, leaving them vulnerable. Boards should ensure adequate resources are allocated to mitigate risks effectively.
Proactive Engagement: Boards should actively participate in cybersecurity exercises and simulations to understand their organization’s preparedness and response capabilities.
INSIGHT: Corporate boards’ responsibilities in cybersecurity are evolving rapidly. As McKinsey highlights, the rise in cyber breaches and technological advancements demands a proactive and informed approach from board members.
We emphasize an adaptive strategy and offer a complementary conversation we recently had when we hosted an event Cyber Risk Governance: 5 Critical Questions Boards Must Ask where we were joined by Alex Sharpe to discuss the latest strategies and insights on cyber resilience, offering a comprehensive view of how organizations can fortify their defenses.
Executives should consider listening to both, as they provide compelling narratives on the critical role of board oversight in navigating the complexities of modern cybersecurity threats and ensuring organizational resilience.
Recent regulations have significantly increased the focus on C-suite executives and boards regarding cybersecurity and overall corporate governance. These regulations often require enhanced financial and non-financial reporting, which means that boards and executives must be more involved in evaluating and improving their organization’s governance controls, processes, and policies.
For example, the introduction of stricter disclosure requirements and director liabilities has made it imperative for boards to stay updated on critical developments and ensure that their organizations are resilient against various risks, including cyber threats.
This shift is driven by the need for greater transparency and accountability, ensuring that top executives are actively engaged in risk management and strategic decision-making.
Further, there is growing emphasis on the personal liability of executives when it comes to data privacy and cyber failures. To protect yourself, an important question to ask yourself and your key management…
"What do we have in so far as Legally Defensible Evidence of our Governance and Technical Controls?"
If you get the deer in the headlight look - message us.
Netswitch Sharpen Your Cyber Edge with Netswitch
Master Compliance & Minimize Risks:
Independent Security Audit: Identify network risks with our automated Security And Risk Assessment (SARA). Get a clear picture, prioritize improvements, and optimize resource allocation. Contact Netswitch.
Free "Quick Start" Program: Gain a free cyber risk and governance health check. Enroll now and start building resilience.
Deepen Your Knowledge:
Join Our LinkedIn Group: Collaborate with industry leaders in the CyberRisk Governance Community on LinkedIn. Share insights and stay ahead of the curve.
Live Events: Participate in interactive LinkedIn Live sessions. Explore cyber risk topics with executives, technologists, and governance professionals.
Don't wait.
Contact Netswitch Technology Management today to take control of your cyber risk.
Disclaimer: The information and links provided in this newsletter are for informational purposes only. Netswitch does not warrant the accuracy or completeness of such information and is not liable for any damages arising from its use.