Framework Discloses Data Breach After Accountant Gets Phished
Article Link: https://www.bleepingcomputer.com/news/security/framework-discloses-data-breach-after-accountant-gets-phished/
- Recently, Framework Computer disclosed that their accounting service provider caused a data breach exposing the personal information of an undisclosed number of customers. The incident stems from the company’s vendor receiving a phishing email impersonating the Framework CEO and requesting accounts receivable information be sent out via email.
- As the article notes, the sent information primarily included customers who have open pre-orders with Framework. Framework’s Head of Finance notified the accounting firm 30 minutes after the incident had occurred and impacted individuals have already been notified of the incident.
- Due to the incident, Framework is requiring all employees at the accounting firm who access Framework customer information to receive mandatory phishing and social engineering awareness training. Likewise, Framework is reviewing the vendor’s information request procedures.
Akira Ransomware Attackers are Wiping NAS and Tape Backups
Article Link: https://www.helpnetsecurity.com/2024/01/12/finland-akira-ransomware/
- According to the Finnish National Cybersecurity Center (NCSC-FI), there have been numerous reports of the Akira family ransomware being leveraged by bad actors. The NCSC-FI noted that in December alone, six out of seven ransomware cases reported involved Akira ransomware.
- The article explains that the attackers pinpoint vulnerable internet-facing Cisco ASA or FTD firewall devices, and gain access to system accounts that lacked multi-factor authentication via leaked credentials or brute force. From there, the attackers scan the network, delete backups, and begin encrypting physical and virtual servers to include NAS servers.
- Overall, the Finnish government recommends upgrading the impacted Cisco devices to available fixed versions, implementing MFA to secure login credentials, and establishing offline and offsite backups.
APIs are Increasingly Becoming Attractive Targets
Article Link: https://www.helpnetsecurity.com/2024/01/11/apis-attack-volume-rise/
- APIs are a technology that are baked into many of the websites and apps leveraged by organizations. As businesses have adopted APIs, so too have bad actors adopted targeting APIs.
- The article references a Cloudflare report that highlights the growth of API usage and how the increase in APIs has inadvertently increased the attack surfaces for many organizations. Specifically, Cloudflare assessed that APIs accounted for 57% of dynamic Internet traffic in 2023.
- Additionally, Cloudflare stated that they found 31% more APIs than what surveyed organizations had informed them of, suggesting that organizations lack a full inventory of their APIs.
- Link to Cloudflare’s Report: https://blog.cloudflare.com/2024-api-security-report
- Link to Possible / Example of an API Governance Tool (Teejlab – has free services): https://apidiscovery.teejlab.com/
Uncle Sam Tells Hospitals: Meet Security Standards or No Federal Dollars for You
Article Link: https://www.theregister.com/2024/01/10/us_hospitals_security_rules/
- According to reports citing the US Department of Health and Human Services (HHS) Centers for Medicare and Medicaid Services (CMS) division, the HHS has begun developing rules tying hospital IT security to federal funding.
- As the article states, a CMS spokesperson highlighted that HHS’ cybersecurity strategy discusses the development of additional cybersecurity requirements. Specifically, HHS officials intend to propose new and enforceable security standards and then work with Congress to administer financial support and incentives for hospitals to implement the new cybersecurity practices.
- This move is the result of an increase in cybersecurity incidents at medical facilities. The article cites the security company Emsisosft, which noted that within the last year at least 46 US hospital corporations with a total of 141 facilities under their watch were hit by ransomware.
- Link to HHS’ Cybersecurity Strategy: https://aspr.hhs.gov/cyber/Documents/Health-Care-Sector-Cybersecurity-Dec2023-508.pdf
It’s Time to Close the Curtain on Security Theater
Article Link: https://www.darkreading.com/cyberattacks-data-breaches/time-to-close-curtain-on-security-theater
- Security theater is the practice of implementing public, superficial policies and measures intended to give the perception of heightened security or make people feel like an organization is improving their security, according to the article.
- Security theater hurts organizations by spending money on resources that don’t reduce risk, providing a false sense of security, and opening up a larger attack surface. As the article notes, security theater thrives when leaders don’t know better, have limited resources, or consider the job done when baseline controls are put in place.
- The shift towards actually mitigating risk includes taking an inventory of your entire environment – assets, controls, and programs. The next step is conducting a risk assessment with specific results for your environment. From there, organizations should prioritize security enhancements that reduce the greatest amount of risk.
The Risks of Excessive Data Retention and Tips for Information Security
Article Link: https://www.natlawreview.com/article/risks-excessive-data-retention-and-tips-information-security
- The article discusses the risk attributed to retaining too much data and for too long on individuals. Likewise, the value of a data retention policy is emphasized.
- Several key issues arise when too much data is kept. First, more data makes your organization a larger target for bad actors and your organization responsible for notifying more impacted users.
- Beyond the cyberattack threat, there is a greater risk for privacy violations and overarching legal liability related to how data is present.
- Last, the more data that is retained, the more resources are required to store and secure the data.
A Guide to Getting the Right Cyber Insurance
Article Link: https://www.scmagazine.com/resource/a-guide-to-getting-the-right-cybersecurity-insurance
- The number of organizations applying for cyber insurance has drastically increased since cyber insurance services were first offered. As the demand has grown, the number of options available for organizations to choose from has as well.
- The article references a Sophos report that notes that beyond just acquiring cyber insurance, it is imperative that organizations obtain the right coverage for them. It was noted that one-in-ten organizations with cyber coverage were not insured for ransomware for example.
- The Sophos report offers up several tips as organizations work to find the right cyber insurance provider for them. These include understanding the basics of cyber insurance, assessing your coverage needs, evaluating the policy terms, investing in cybersecurity, considering market conditions, working with insurance panels, reviewing insurance payout history, and implementing any required controls.
- Link to Sophos’ Report: https://www.sophos.com/en-us/whitepaper/sophos-guide-to-cyber-insurance
Personal Security Considerations Action Guide
Article Link: https://www.cisa.gov/resources-tools/resources/personal-security-considerations-action-guide
- This resource from CISA offers up information for critical infrastructure workers to assess their personal security posture outside of just the workplace. While the guide is focused on critical infrastructure workers, the information is valuable to everyone.
- In addition to other topics, the guide reviews physical security considerations for when you’re at home and the workplace. Likewise, there are tips for situational awareness, properly handling sensitive documents, the use of electronic devices and social media, and more.
