Information Security News 10-7-2024

Share This Post

Overtaxed State CISOs Struggle with Budgeting, Staffing

Article Link: https://www.darkreading.com/cyber-risk/state-cisos-struggle-budgeting-staffing

  • State CISOs face growing information security duties with limited staff, as 80% manage just 5 to 50 employees, compared to thousands in private sectors per the Deloitte/NASCIO Cybersecurity Study of 50 U.S. state CISOs and the CISO of Washington D.C.
  • Data privacy roles have surged, now handled by 86% of CISO offices (up from 60% in 2022), but most states allocate less than 1% of IT budgets to information security, creating a serious resource gap.
  • Physical security duties have lessened, but CISOs still struggle to secure systems against rising threats with inadequate support.
  • Involving non-security staff, as Texas does by using students in its operations center, can help bridge talent and resource gaps.
  • Link to Deloitte’s Report: https://www2.deloitte.com/us/en/insights/industry/public-sector/2024-deloitte-nascio-cybersecurity-study.html

How Should CISOs Navigate the SEC Cybersecurity and Disclosure Rules?

Article Link: https://www.darkreading.com/cyber-risk/how-to-navigate-sec-cybersecurity-disclosure-rules

  • The U.S. Security and Exchange Commission’s (SEC) new cybersecurity rules require organizations to disclose major incidents via 8-K filings within four business days and provide annual information security plan updates in 10-K filings.
  • A material incident impacts financials, operations, or stakeholder relations, and must be disclosed in an 8-K. A 10-K filing details the company’s cybersecurity strategy and board oversight.
  • Strong information security frameworks, regular audits, and employee training are essential for meeting compliance and managing risks.
  • Legal reviews and SEC readiness assessments help ensure organizations stay compliant with evolving cybersecurity regulations.

Remote ID Verification Tech is Often Biased, Bungling, and No Good on Its Own

Article Link: https://www.theregister.com/2024/09/30/remote_identity_verification_biased/

  • A study by the U.S. General Services Administration (GSA) found only two out of five remote ID verification technologies were equitable across all demographics, with significant bias against Black and Asian American participants.
  • Error rates were high, with the best product failing 10% of the time and worst rejecting 50% of Black users, raising concerns about the technology’s reliability.
  • LexisNexis, one of the vendors, criticized the over-reliance on visual identification and urged for multi-layered approaches to improve accuracy.
  • GSA plan to release further analysis in 2025 to address these equity and reliability issues in government services.
  • Link to the U.S. GSA Study: https://arxiv.org/html/2409.12318v1

FERC Outlines Supply Chain Security Rules for Power Plants

Article Link: https://www.darkreading.com/cyber-risk/ferc-updates-supply-chain-security-power-plants

  • The U.S. Federal Energy Regulatory Commission (FERC) has directed electric utilities to strengthen their supply chain security, following recent high-profile attacks like SolarWinds and MOVEit.
  • FERC asked the North American Electric Reliability Corporation (NERC) to update standards requiring utilities to regularly assess risks, validate vendor data, and monitor cyber assets to protect the U.S. power grid.
  • FERC also proposed expanding internal network security monitoring (INSM) beyond critical infrastructure to detect malicious activity within and outside the security perimeter for more comprehensive threat visibility.

Evil Corp’s LockBit Ties Exposed in Latest Phase of Operation Cronos

Article Link: https://www.infosecurity-magazine.com/news/evil-corp-lockbit-sanctions/

  • The United Kingdom’s National Crime Agency (NCA) sanctioned 6 members of Evil Corp on October 1, 2024, revealing ties to the prolific ransomware group LockBit. This is part of Operation Cronos, which disrupted LockBit’s infrastructure earlier this year.
  • Evil Corp, responsible for $300 million in global ransomware attacks, has shifted from using its own tools to LockBit’s malware after previous sanctions.
  • Europol arrested four LockBit affiliates, and authorities in the UK, France, and Spain seized servers crucial to LockBit’s operations, continuing global efforts to weaken Russian cybercriminal networks.

Man Charged for Selling Forged License Keys for Network Switches

Article Link: https://www.bleepingcomputer.com/news/legal/man-charged-for-selling-forged-license-keys-for-network-switches/

  • Benjamin Paley, 75, co-owner of Minnesota-based GEN8 Services, has been indicted for selling counterfeit software license keys for Brocade network switches, causing estimated losses of $5 million to $363 million.
  • From 2014-2022, Paley and his co-conspirators used specialized software to create forged keys, enabling clients to access features at significantly reduced prices.
  • They sold at least 3,637 fake keys, primarily targeting sectors like government and healthcare, undermining Brocade’s legitimated sales.
  • Facing four access device fraud charges, Paley could receive up to 15 years in prison per count, emphasizing the ongoing threat of software licensing cons, with fines reaching $250,000 each.

Three Hard Truths Hindering Cloud-Native Detection and Response

Article Link: https://www.helpnetsecurity.com/2024/10/03/cloud-native-it/

  • A Gartner report predicts the cloud computing market will hit $675 billion in 2024, up from $561 billion in 2023, reflecting a major shift in cloud-native IT.
  • Cloud-native environments blur lines between applications, workloads, and infrastructure, increasing hidden vulnerabilities, especially in trusted connections.
  • Non-human identities (NHIs), like service accounts and tokens, are highly exposed and often lack multi-factor authentication, making them prime targets for attackers.
  • Security teams face complexity overload, compounded by siloed tools that slow response times, but advancements in AI and more mature security practices are improving cloud defenses.
  • Link to Gartner’s Report: https://www.gartner.com/en/newsroom/press-releases/2024-05-20-gartner-forecasts-worldwide-public-cloud-end-user-spending-to-surpass-675-billion-in-2024

New PyPI Malware Poses as Crypto Wallet Tools to Steal Private Keys

Article Link: https://hackread.com/pypi-malware-crypto-wallet-tools-steal-private-keys/

  • In September 2024, Checkmarx found malicious packages on the Python Package Index (PyPI) that targeted crypto wallets like Metamask, Trust Wallet, and Exodus, designed to steal private keys and recovery phrases.
  • The attackers uploaded packages with names like “AtomicDecoderss” and “WalletDecoderss,” making them look legitimate with polished documentation and fake statistics to increase downloads.
  • The malware stayed hidden until users tried certain features, then it kicked in, stealing sensitive wallet data and sending it to the attackers’ server.
  • To avoid falling for this, developers should double-check PyPI packages, manage dependencies carefully, and provide teams with basic cybersecurity training to spot red flags.
  • Link to Checkmarx’s Report: https://checkmarx.com/blog/crypto-stealing-code-lurking-in-python-package-dependencies/

Cybercriminals Capitalize on Poorly Configured Cloud Environments

Article Link: https://www.helpnetsecurity.com/2024/10/04/cloud-environments-attack-surface/

  • According to Elastic’s 2024 Global Threat Report, which analyzed over 1 billion data points, cybercriminals are misusing security tools, with 54% of malware alerts linked to tools like Cobalt Strike, which accounts for 27.02% of infections.
  • Nearly half of Microsoft Azure and Google Cloud failures stem from misconfigurations, particularly in storage accounts and BigQuery, with 30% of Amazon Web Services failures due to a lack of multi-factor authentication (MFA).
  • Emerging malware-as-a-service (MaaS) lowers barriers for attackers, complicating defenses. Companies must enhance security, enforce MFA, and secure public-facing systems.
  • While a 6% drop in evasion tactics shows progress, skilled threat actors are adapting, so vigilance is crucial.
  • Link to Elastic’s Report Summary: https://www.morningstar.com/news/business-wire/20241001922181/the-2024-elastic-global-threat-report-basic-security-settings-are-easily-exploited-by-adversaries


Reach out to our incident response team for help

More To Explore

Information Security News – 2/3/2025

Phishing Campaign Baits Hook with Malicious Amazon PDFs Article Link: https://www.darkreading.com/cyberattacks-data-breaches/phishing-campaign-malicious-amazon-pdfs Cybersecurity Crisis in Numbers Article Link: https://www.helpnetsecurity.com/2025/01/29/data-breach-notices/ Google Forced to Step Up Phishing Defenses

Information Security News – 1/27/2025

Ransomware Attackers Are “Vishing” Organizations Via Microsoft Teams Article Link: https://www.helpnetsecurity.com/2025/01/21/ransomware-attackers-are-vishing-organizations-via-microsoft-teams-email-bombing/ FTC Orders GM to Stop Collecting and Selling Driver’s Data Article Link: https://www.bleepingcomputer.com/news/legal/ftc-orders-gm-to-stop-collecting-and-selling-drivers-data/ Brave

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.