Daily News Digest

Stay current on the global cyber threat landscape and industry developments with CCOE’s daily digest and library of cybersecurity news and articles.

  • Are Businesses at Risk of Litigation in the Event of a Cybersecurity Breach?

    • A cybersecurity attack that results in a data breach exposes businesses to customer distrust and, potentially, litigation.
    • In October 2020, Wilmington Surgical Associates in North Carolina was victim to a ransomware attack carried out by the NetWalker cybercriminals that resulted in a 13 GB data breach.
    • Now, as of February 2021, Wilmington Surgical Associates is being sued for cybersecurity negligence. The data breach enacted by the NetWalker group resulted in highly sensitive data being breached: patient names, birth dates, social security numbers, and health records. Patients have joined together in a class action lawsuit filed by Rhine Law Firm, with the intention of forcing the practice to strengthen its data security systems and submit to annual audits and provide credit monitoring services.
    • In the aftermath of a cybersecurity breach either large or small, claimants with sufficient evidence can seek to hold the breached business responsible for the ensuing damage. Whether the attack resulted in huge quantities of personal data being revealed, as in the Wilmington Surgical Associates case, or was targeted at a single victim, as in the Abbott Laboratories case, businesses whose systems have suffered breaches may still be liable in court. 
    • Each case is different and the damages incurred will always depend on the evidence presented.
    - Claire Hughes | March 4, 2021
  • (hak-iq.us20.list-manage.com)
  • Qualys Data Breach: Ransomware Gang Leaks Customer Invoices, Tax Documents

    • Cybersecurity company Qualys appears to have suffered a data breach after hackers exploited a zero-day flaw in its Accellion FTA server.
    • The company said on Wednesday that the security incident did not have any "operational impact," but "unauthorized access" had been obtained to an Accellion FTA server used by the company.
    • While Qualys hasn’t yet revealed any further details about the incident, Clop ransomware operators claimed to have stolen data from Qualys and shared screenshots of stolen files on its leak site as proof of the hack. The leaked data includes invoices, purchase orders, tax documents, and scan reports.
    • Qualys said it has “notified the limited number of customers impacted by this unauthorized access.”
    - Carly Page | March 4, 2021
  • (hak-iq.us20.list-manage.com)
  • Mitigate Microsoft Exchange On-Premises Product Vulnerabilities

    • CISA partners have observed active exploitation of vulnerabilities in Microsoft Exchange on-premises products. Neither the vulnerabilities nor the identified exploit activity is currently known to affect Microsoft 365 or Azure Cloud deployments. Successful exploitation of these vulnerabilities allows an attacker to access on-premises Exchange Servers, enabling them to gain persistent system access and control of an enterprise network.
    • CISA will continue to work with our partners to monitor for active exploitation associated with these vulnerabilities.
    • CISA will release additional indicators of compromise as they become available.
    • CISA will provide technical assistance to agencies without internal capabilities to comply with this directive.
    • CISA will provide additional guidance to agencies via the CISA website, through an emergency directive issuance coordination call, and through individual engagements upon request (via [email protected]).
    • By April 5, 2021, CISA will provide a report to the Secretary of Homeland Security and the Director of the Office of Management and Budget (OMB) identifying cross-agency status and outstanding issues.
    CISA Emergency Directive 21-02 | March 3, 2021
  • (hak-iq.us20.list-manage.com)
  • Reasons Why the Security Industry is Protecting the Wrong Thing

    • They're called data breaches, not network breaches for a reason.
    • Looking back on some of the biggest data breaches the world has ever seen, it’s clear that cyber hackers always seem to be one step ahead of organisations that seemingly have sufficient protection and technology in place.
    • Current approaches mean it is simply not possible to implement the level of security that sensitive data demands as it is in transit without compromising network performance. Facing an either/or decision, companies have blindly followed the same old path of attempting to secure the network perimeter and hoping that they won’t suffer the same fate as so many before them.
    • Consider separating data security from the network through an encryption-based information assurance overlay. Meaning that organisations can seamlessly ensure that even when malicious actors enter the network, the data will still be unattainable and unreadable, keeping the integrity, authentication and confidentiality of the data intact without impacting the overall performance of the underlying infrastructure.
    • Will this solution protect my data as it travels throughout the network? Will this technology enable data to be kept safe, even if hackers are able to infiltrate the network? Will this strategy ensure the business is compliant with regulations regarding data security, and that if a network breach does occur, the business won’t risk facing any fines? The answer to these questions must be yes in order for any CISO to trust that their data is safe and that their IT security policy is effective.
    - Paul German | March 3, 2021
  • (hak-iq.us20.list-manage.com)
  • Why Global Power Grids Are Still Vulnerable to Cyber Attacks

    • As utilities turn to sources of renewable energy and add millions of other components like smart meters, they’re rapidly multiplying the number of connections and sensors along their networks, widening the potential for intrusions.
    • Over the past four decades, power plants and substations have been moving from manual to automatic controls, and are increasingly being connected to public and private networks for remote access, leaving them exposed to attacks. Producers and distributors have also often been reluctant to spend on protecting themselves against low-probability attacks.
    • “Essential state infrastructures like power grids and nuclear reactors have been and will continue to be a target of cyber attacks because modernization allows internet connectivity, which makes them vulnerable,” said Kim Seungjoo, a professor at Korea University’s School of Cybersecurity. “It’s almost a natural instinct of hackers, especially the state-sponsored ones, to attack energy infrastructure because they can easily disrupt national security.”
    - David Stringer and Heesu Lee | March 3, 2021
  • (hak-iq.us20.list-manage.com)
  • Microsoft warns customers against new China cyber attack on exchange email

    • Microsoft has warned its customers against a new sophisticated nation-state cyber attack that has its origin in China and is primarily targeting on-premises 'Exchange Server' software of the tech giant.
    • Called "Hafnium," it operates from China and is attacking infectious disease researchers, law firms, higher education institutions, defence contractors, policy think tanks and NGOs in the US for the purpose of exfiltrating information.
    • The Microsoft Threat Intelligence Center (MSTIC) found that "Hafnium" would first gain access to an Exchange Server either with stolen passwords or by using the previously undiscovered vulnerabilities to disguise itself as someone who should have access.
    • The company has released security updates to protect customers running Exchange Server, and encourages all Exchange Server customers to apply these updates immediately.
    | March 3, 2021
  • (hak-iq.us20.list-manage.com)
  • We cannot allow China to dominate: US Lawmaker on India cyberattack report

    • A top American lawmaker on Monday urged the Biden administration to stand by India in view of the Chinese cyber attack on India's power grid system.
    • "The US must stand by our strategic partner and condemn China's dangerous cyber-attack on India's grid, which forced hospitals to go on generators in the midst of a pandemic," Congressman Frank Pallone said in a tweet on Monday.
    • "We cannot allow China to dominate the region through force and intimidation," tweeted Pallone, a day after Recorded Future, a Massachusetts-based company which studies the use of the internet by state actors, said Chinese government-linked group of hackers targeted India's critical power grid system through malware, amidst the tense border tension between the two nations.
    | March 2, 2021
  • (hak-iq.us20.list-manage.com)
  • National Security Agency unveils zero-trust security model guidance: 5 guidelines

    • The zero-trust security model is a coordinated system strategy that assumes breaches are inevitable or have already occurred.
    • Five guidelines for implementing the zero-trust model:
      1. The zero-trust system relies on network users to never trust any user, device or application and to always verify authenticity.
      2. Users should assume that the adversary already has a presence in the network.
      3. Apply security policies across all domains (mobile, LAN, WAN, etc.).
      4. Embrace multi-factor authentication for users to make stealing credentials more difficult.
      5. Incorporate zero-trust architecture incrementally in a strategic plan to avoid increased vulnerabilities during the transition.
    - Hannah Mitchell | March 2, 2021
  • (hak-iq.us20.list-manage.com)
  • Malaysia Airlines suffers data security 'incident' spanning nine years

    • The breach is purported to have occurred at some point during a period that spans almost a decade and involves a third-party IT service provider. 
    • The airline had sent out an emailer to Enrich members this week, stating it was notified of a "data security incident" at the third-party IT supplier.
    • At press time, Malaysia Airlines had yet to make a public statement on the security breach or post a notice on its website. It did, however, appear to confirm the incident on Twitter in its replies to customers. 
    • In one of several such responses, the national carrier said: "The data security incident occurred at our third-party IT service provider and not Malaysia Airlines' computer systems. However, the airline is monitoring any suspicious activity concerning its members' accounts and in constant contact with the affected IT service provider to secure Enrich members' data and investigate the incident's scope and causes."
    - Eileen Yu | March 2, 2021
  • (hak-iq.us20.list-manage.com)
  • States look to fight back against cybercrime as hackers leverage pandemic to their advantage

    • COVID-19 made its U.S. debut in Washington state, but the virus was only the first of several intruders to attack the state in the past year.
    • Rocked by the massive SolarWinds hack, unemployment system breaches and other attacks, several states are trying to bolster their cybersecurity in the midst of the public health crisis.
    • Alerts from the federal Cybersecurity and Infrastructure Security Agency warned that the SolarWinds campaign posed “a grave risk” to federal, state and local governments, and private companies. The hackers had the “resources, patience, and expertise to gain access to and privileges over highly sensitive information if left unchecked,” the agency cautioned.
    • The SolarWinds attack wasn’t Washington state’s only cyber crisis this past year.
    • In late spring, Washington was one of more than a half-dozen states victimized in a massive fraud scheme in which cybercriminals struck unemployment systems, which already were overburdened with a huge influx of claims.
    • A cybersecurity company linked the attacks to a Nigerian crime ring it nicknamed Scattered Canary. Washington state officials say they were scammed out of hundreds of millions of dollars in fraudulent claims.
    • In response to the attacks, a group of Washington state senators in February introduced a measure to bolster cybersecurity, at the request of Democratic Gov. Jay Inslee.
    • The bill would create an Office of Cybersecurity by statute within the office of the state chief information officer. The office would set standards and policies for safely storing sensitive data and develop a centralized cyber protocol for all state agencies, including those run by independently elected officials, such as the state auditor.
    - Jenni Bergal | March 1, 2021
  • (hak-iq.us20.list-manage.com)