Daily News Digest

Stay current on the global cyber threat landscape and industry developments with CCOE’s daily digest and library of cybersecurity news and articles.

  • Business leaders must learn lessons from recent cyber attacks

    • “Although some top executives continue to view cybersecurity as a second-tier priority, business leaders are doing increasingly well in developing a basic technical understanding of cyber risk and recognizing the importance of robust cyber risk management,” says Eric Rosenbach
    • As a former Pentagon Chief of Staff [July 2015-January 2017], Rosenbach is familiar with the challenge of building an effective cybersecurity culture.
    • Building a strong culture involves showing why and how cybersecurity is essential to an organization’s mission.
    • 5 key principles: transparency; accountability, appropriate system knowledge, compliance with policy and procedure, and formal communication channels.
    • Identifying your most valuable digital assets is crucial.
    • The December 2020 attack on US software company SolarWinds highlights an important lesson: organizations cannot rely on ‘front door’ preventive security measures alone, but must also embed measures of detection, neutralization, and recovery into their cyber risk strategies.
    | March 24, 2021
  • (hak-iq.us20.list-manage.com)
  • All aboard the CMMC bandwagon!

    • Cybersecurity Maturity Model Certification (CMMC) is a program established by the US Department of Defense (DoD) to secure and protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) by requiring the certification of external contractors across 17 different domains.
    • The majority of the defense industry will likely require Level 3 certification for the IA domain, where MFA is a must-have. Requirements for Level 4 and 5 certification are still being defined. So, if you haven’t already adopted MFA for your workforce, you will need a solution that can be deployed quickly and effectively.
    • While the DoD was the catalyst for CMMC, it is now gaining traction across the Defense Industrial Base (DIB) including the Department of Homeland Security and other federal government departments and agencies across the US, especially since the SolarWinds attack.
    - Jenn Markey | March 24, 2021
  • (hak-iq.us20.list-manage.com)
  • Polk County Schools says student information may have been exposed in data breach

    • If you have a student who goes to school in Polk County you might have gotten a letter from a company called PCS Revenue Control Systems, Inc. about a data breach. 
    • Don't throw that letter away. The Polk County School District says it's legitimate and you might need the instructions that come on it for free identity monitoring.
    • The letter says your child's name, student identification number and date of birth were potentially exposed to unauthorized access during a data breach in December 2019, according to a post on the school district's social media page.
    • The letter says there is no evidence that any personal information has been used for malicious purposes.
    | March 24, 2021
  • (hak-iq.us20.list-manage.com)
  • Recent Cyber Attacks Show Increased Nation State Activity, Says Former NSA Director

    • Cyber attacks launched by nation states are becoming more proficient and more aggressive. This was the message from Admiral (ret.) Michael S. Rogers.
    • “We went through a period between about 2011 and 2017, during which nation states increased levels of activity. This includes the NotPetya hits in the summer of 2017, probably the largest global event we've ever seen. And after that, given its repercussions, there seems to have been a bit of a step back.”
    • “You're seeing criminal groups share tools, and you're seeing the lines between nation state and criminal group blur a little bit. The Russians in particular, often tend to use criminal groups to engage in state-associated activity. This proliferation of tools is creating a challenging environment.”
    • Regarding WFH - “We're not all sitting behind a central security stack right now. Now we're dispersed,” he explained. “We've blurred the lines between what is ‘business infrastructure’ and what is ‘personal infrastructure’. The bottom line is the attack surface is just proliferated as a result.”
    | March 23, 2021
  • (hak-iq.us20.list-manage.com)
  • This is some of the worst news that a bank customer can get after a hack

    • Earlier this month, the Michigan-based bank Flagstar disclosed that a security incident had occurred, following the hack by a group of ransomware attackers who exploited a bank vendor’s zero-day software vulnerability.
    • Personal information, including social security numbers of customers, bank employees, and even people with tenuous connections to the bank, were accessed as part of this data breach. That’s according to letters and communications from the bank that angry social media users have been sharing on Twitter.
    • The hackers exploited a flaw in the Fire Transfer Application software from Accellion that Flagstar was using to secure sensitive data.
    • Even though it was a third party with lax security that was taken advantage of, banks still have a first-party obligation to make sure their customers’ data isn’t being handled carelessly.
    - Andy Meek | March 23, 2021
  • (hak-iq.us20.list-manage.com)
  • Oil giant Shell discloses data breach linked to Accellion FTA vulnerability

    • The oil and gas company said an unknown threat actor managed to gain access to "various files" during the time of intrusion which included personal data and information "from Shell companies and some of their stakeholders."
    • The firm added that it does not appear core IT systems have been compromised, as the route of access was isolated from the rest of Shell's central infrastructure.
    • However, the data breach has been connected to Accellion's File Transfer Appliance (FTA), enterprise software used to transfer large files -- and a solution linked to a string of security incidents in December 2020 and January 2021.
    - Charlie Osborne | March 23, 2021
  • (hak-iq.us20.list-manage.com)
  • Sponsors Should Have a Plan in the Event of a Cyberattack

    • While the Department of Labor (DOL) hasn’t issued formal guidance on the responsibilities of retirement plan sponsors to protect against cybersecurity threats, there are commonsensical protections plan sponsors can put in place nonetheless, according to Employee Retirement Income Security Act (ERISA) attorneys.
    • Any party that could be impacted by a cybersecurity breach must have an incident response plan.
    • Should a breach actually occur, the plan sponsor “needs to find out which participants were impacted, which data elements were compromised, when the breach occurred and what steps have or will be taken to mitigate the impact of the breach.
    • The sponsor should determine if any of the company’s insurance policies cover cybersecurity breaches, and, if so, the next step is notifying these insurers that a breach has occurred.
    • Sponsors need to invest in cybersecurity protections and nurture a culture of privacy and security—from the mailroom to the boardroom. They need to hire qualified IT [information technology] staff, use the most up-to-date security software, train employees to recognize the telltale signs of phishing and other suspicious behavior, have a robust cyber-incident insurance policy in place and use secure methods to transmit sensitive information and data. Finally, they need to vet and continuously monitor their vendors.
    - Lee Barney | March 22, 2021
  • (hak-iq.us20.list-manage.com)
  • On the Road to Good Cloud Security: Are We There Yet?

    • In early 2020, the "Verizon Data Breach Investigations Report" noted that the second-most common cause of data breaches behind hacking was errors such as misconfigurations.
    • Big breaches due to customer misconfiguration errors (like the CapitalOne breach in 2019) get plenty of attention in the press, keeping IT security executives up at night.
    • Learning how to better secure cloud usage is a work in progress. Understanding in theory how the shared responsibility model works flies out the door in practice when a systems engineer or developer accidentally configures an AWS S3 bucket so that it is open to public access.
    • IT security teams responsible for securing their organization's cloud usage should also advocate for more and better training of those who will ultimately create those cloud workloads or accounts to ensure they understand how to avoid potentially costly misconfiguration mistakes.
    - Paula Musich | March 22, 2021
  • (hak-iq.us20.list-manage.com)
  • Energy giant Shell discloses data breach after Accellion hack

    • Energy giant Shell has disclosed a data breach after attackers compromised the company's secure file-sharing system powered by Accellion's File Transfer Appliance (FTA).
    • According to the company, some of the data accessed during the attack belongs to stakeholders and Shell subsidiaries.
    • Cyber security and personal data privacy are important for Shell and we work continuously to improve our information risk management practices. We will continue to monitor our IT systems and improve our security. We regret the concern and inconvenience this may cause affected parties. — Shell
    • While the attackers' identity was not disclosed in Shell's statement, a joint statement published by Accellion and Mandiant last month shed more light on the attacks, linking them to the FIN11 cybercrime group.
    • The Clop ransomware gang has also been using an Accellion FTA zero-day vulnerability (disclosed in mid-December 2020) to compromise and steal data from multiple companies.
    - Sergiu Gatlan | March 22, 2021
  • (hak-iq.us20.list-manage.com)
  • Tesla cars banned by China military on concerns over cameras

    • The order, issued by the military, advises Tesla owners to park their cars outside of military property.
    • The ban, relayed to residents of military housing and others this week, was triggered by concerns that the world’s biggest maker of electric vehicles is collecting sensitive data via the cars’ in-built cameras in a way the Chinese government can’t see or control.
    • Tesla, like many other automakers including General Motors, uses several small cameras, mainly located on the outside of the vehicle, to help guide parking, autopilot and self-driving functions. Most Tesla models also have an interior camera mounted above the rear view mirror that can be used to detect whether a driver is looking at the road, looking down at their lap, wearing sunglasses, or looking at something else entirely.
    • Elon Musk, appearing on Saturday at the China Development Forum, a conference organised by a unit of the country’s State Council, in a session titled: The Next Disruptive Innovation?, said the carmaker would be “shut down everywhere” if it used the technology in its cars for spying.
    | March 22, 2021
  • (hak-iq.us20.list-manage.com)