Top news stories this week
- Tightening up. SEC introduces requirements on listed companies to report cyber incidents.
- High treason. Founder of cyber security firm Group-IB sentenced to 14 years in Russia.
- Under pressure. Ransomware groups Cl0p and BlackCat make leak site data more accessible.
- Password? CISA reports valid credentials used in majority of attacks against government bodies.
- Ironic exposure. Australian government department accidentally leaks sensitive third party information.
- Lazarus strikes. The North Korean state-backed group targets IIS web servers for malware distribution.
- A stitch in time. Apple and Ubuntu release patches for critical vulnerabilities.
1. SEC introduces mandatory cyber security disclosure requirements
The US Securities and Exchange Commission (SEC) has introduced new rules that require listed companies to publicly disclose cyber security incidents they consider significant within four business days. The new regulations stopped short of making companies appoint a dedicated cyber security executive, but require boards of directors to describe its role in overseeing cyber security risk, and the executive management’s expertise in managing cyber risks.
Listed companies should familiarise themselves with the new regulations to avoid any legal or financial consequences.
2. Founder of cyber security firm Group-IB jailed for treason in Russia
A Russian court has sentenced Ilya Sachkov, the founder of Singapore-headquartered Group-IB, to 14 years in a maximum-security prison for treason. Sachkov, who denies wrongdoing, was convicted for giving the US government information on a Russian hacker group accused of interfering in the 2016 US presidential election.
The case demonstrates the intersection between cyber security and geopolitics and highlights the challenges cyber experts can face in countries such as Russia.
3. Cl0p and Blackcat make data on leak sites more accessible
The ransomware group Cl0p has begun leaking data stolen from the recent MOVEit breaches on websites accessible via the clear web. Separately, ALPHV/BlackCat has introduced an API for their data leak site which can be used to receive instant updates about new victims.
Most threat actors leak data on the dark web, which requires specialist software to access. These new tactics are designed to further pressure victims by making attacks more public.
4. CISA: Legitimate accounts used in majority of cyber attacked against government bodies
According to a report by the US Cybersecurity and Infrastructure Security Agency (CISA), threat actors leveraged valid credentials to compromise user accounts at government organisations in more than half of the cases studied. The cyber attacks used common methods such as phishing and exploiting default credentials to infiltrate the target environments.
Creating awareness about phishing and implementing strong password policies are simple yet highly effective measures to bolster an organisation's cyber security posture. Multifactor authentication is also a critical control to prevent the compromise of user accounts.
5. Small companies' data mistakenly exposed by Australian government
The Australian Home Affairs department unintentionally leaked personally identifiable information from 50 small businesses. The data was collected as part of a government initiative to improve cyber security awareness, and included email addresses, names, and phone numbers.
Human error is a common source of data breaches. Organisations should ensure any data collection is proportionate, and that they have cyber security awareness training for all staff handling sensitive data.
6. Lazarus targets Microsoft IIS web servers to spread malware
The North Korean state-sponsored threat group Lazarus has been actively exploiting vulnerable Microsoft Internet Information Services (IIS) web servers to distribute malware. Breached IIS servers, commonly used to host websites and applications, become a vector for infecting visitors and users of hosted services.
Organisations hosting IIS should update their software to the latest versions to avoid becoming unwitting facilitators for such attacks.
7. Patches released for Apple and Ubuntu flaws
Apple has released an emergency update to address a zero-day vulnerability, CVE-2023-38606, used in an exploit chain. The flaw affects both iOS, iPadOS and macOS devices and can enable hackers to execute malicious code.
Two Linux flaws, CVE-2023-32629 and CVE-2023-2640, have been noted to impact around 40% of Ubuntu users, making them vulnerable to attackers gaining elevated privileges and performing code execution.
Implementing a patch management process is crucial to prevent cyber attacks. Patch these critical vulnerabilities should patch them as soon as possible.
S-RM is proud to have been voted Cyber Incident Response Team of the Year at Zywave’s 2023 Cyber Risk Awards. Read more here.