Information Security News 8-7-2023

Ransomware Attacks Cost Manufacturing Sector $46 Billion in Downtime Since 2018, Report Claims

Article Link: https://www.tripwire.com/state-of-security/ransomware-attacks-cost-manufacturing-sector-46-billion-downtime-2018-report

• According to a report by Comparitech, who reviewed 478 confirmed ransomware attacks on manufacturing organizations between 2018 and July 2023, downtime from ransomware caused an estimated loss of $46.2 billion.
• While many focus on the ransom demands of attackers, the Comparitech report looks at the aftermath. Specifically, the report looked at the downtime attributed to attacks and how this financially impacted organizations.
• In addition to a variety of other conclusions, Comparitech observed that the average downtime from attacks rose from 6.4 days in 2021 to 12.2 days in 2022.
• Link to Comparitech’s Report: https://www.comparitech.com/blog/information-security/ransomware-manufacturing-companies/
• Link to FRSecure’s IR Plan and Playbook Resources: https://frsecure.com/resources/

Colorado Department of Higher Education Warns of Massive Data Breach

Article Link: https://www.bleepingcomputer.com/news/security/colorado-department-of-higher-education-warns-of-massive-data-breach/

• The Colorado Department of Higher Education (CDHE) disclosed a massive data breach impacting students, past students, and teachers after suffering a ransomware attack in June. The attackers had system access between June 11^th and June 19^th of this year.
• The CDHE didn’t say how many people were affected but did outline several impacted groups.
• These groups include those that attended a public institution of higher education in Colorado between 2007-2020, attended a Colorado public high school between 2004-2020, had a Colorado K-12 public school educator license between 2010-2014, participated in the Dependent Tuition Assistance Program from 2009-2013, participated in Colorado Department of Education’s Adult Education Initiatives programs between 2013-2017, or obtained a GED between 2007-2011.
• Link to CDHE’s Breach Notification: https://cdhe.colorado.gov/notice-of-data-incident

Decommissioned Medical Infusion Pumps Sold on Secondary Market Could Reveal Wi-Fi Configuration Settings

Article Link: https://securityaffairs.com/149130/hacking/decommissioned-medical-infusion-pumps-wi-fi-leak.html

• A report from researchers at Rapid7 suggests that medical devices sold on secondary markets, such as eBay, allow for Wi-Fi configuration settings and other data to be gathered.
• The researchers reviewed 13 infusion pumps with the prices of devices ranging from $75 to $500.
• Link to Rapid7’s Report: https://www.rapid7.com/blog/post/2023/08/02/security-implications-improper-deacquisition-medical-infusion-pumps/

Top 12 Vulnerabilities Routinely Exploited in 2022

Article Link: https://www.helpnetsecurity.com/2023/08/04/2022-exploited-vulnerabilities/

• Intelligence agencies from the Five Eyes nations, including CISA, released a joint advisory that outlined the top 12 exploited vulnerabilities in 2022. Likewise, a number of additional popular vulnerabilities still regularly exploited date back to 2017 and 2018.
• While there are a variety of vulnerabilities listed, many were attributed to Microsoft and half were remote code execution (RCE) vulnerabilities.
• Link to CISA’s Report: https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-215a

Microsoft Flags Growing Cybersecurity Concerns for Major Sporting Events

Article Link: https://thehackernews.com/2023/08/microsoft-flags-growing-cybersecurity.html

• Amid the Women’s World Cup, Microsoft is warning of the threat malicious cyber actors pose to stadium operations, warning that the cyber risk surface of live sporting events is “rapidly expanding.”
• Several steps to reduce risk that Microsoft highlighted include disabling unnecessary ports, ensuring point-of-sales (PoS) systems are up to date and segmented, and developing network segmentations between IT and OT within stadium networks.
• Link to Microsoft’s Report: https://www.microsoft.com/en-us/security/business/security-insider/reports/cyber-signals/cyber-signals-issue-5-cyberthreats-increasingly-target-the-worlds-biggest-event-stages/

Piles of Unpatched IoT, OT Devices Attract ICS Cyberattacks

Article Link: https://www.darkreading.com/ics-ot/unpatched-iot-ot-devices-pile-up-ics-cyberattacks

• A recent report from Nozomi Networks reviewed public IoT and OT cyber incidents over the last six months. It was noted that manufacturing, water treatment, food, and agriculture were frequently targeted in this timespan.
• The article highlighted that while patches often exist for OT systems, they aren’t implemented for months or years due to a need for constant uptime and high upgrade costs.
• While OT is a prime target, the article highlighted that OT and IoT security are improving; asset discovery, vulnerability remediation, and other risk mitigation steps are becoming more common.
• Link to Nozomi Networks’ Report: https://www.nozominetworks.com/blog/new-nozomi-networks-labs-report-august-2023/

Coverage Challenges in Ransomware Claims: Cyber Insurance Policies and Trends in Denials

Article Link: https://www.jdsupra.com/legalnews/coverage-challenges-in-ransomware-9062193/

• The terms of cyber insurance are often specific and limited in scope. As such, many insurers may reject insurance claims for a variety of reasons.
• The article highlights an instance that impacted an Ohio medical billing company in December 2022. The cyber insurance company declined to pay for damages associated with the medical company’s recent ransomware incident, citing that there wasn’t any physical harm or damage to computers housing data, despite data being inaccessible.
• Overall, the article emphasizes the importance of conducting a comprehensive review of the language of cyber and non-cyber insurance policies to ensure that the policies cover what is expected, should they be needed.

How to Create an Effective GRC Program: 3 Phases

Article Link: https://www.darkreading.com/risk/how-to-create-an-effective-grc-program-3-phases

• The world of risk management and compliance is evolving as risks become more complex and challenging to manage. As a result, effective risk management can’t stop at simply having a governance, risk, and compliance (GRC) program.
• The article outlines a “crawl, walk, run” process for organizations to enhance and mature their risk management and GRC processes. With each phase the risk management process should move from a focus on risk management “heroes” and organizational silos to an environment of addressing risks collaboratively and effectively across the organization.
• A key component of the process is recognizing that maturing the GRC program is a long-term goal. The article encourages taking one or two small steps, such as developing policies and educating leaders on risk, before trying to mature too quickly.