28 July 2023

7 min read

SEC introduces mandatory cyber security disclosure requirements | Cyber Intelligence Briefing: 28 July

July 2023
SEC introduces mandatory cyber security disclosure requirements | Cyber Intelligence Briefing: 28 July placeholder thumbnail

 

Top news stories this week

  1. Tightening up. SEC introduces requirements on listed companies to report cyber incidents.
  2. High treason. Founder of cyber security firm Group-IB sentenced to 14 years in Russia.
  3. Under pressure. Ransomware groups Cl0p and BlackCat make leak site data more accessible.
  4. Password? CISA reports valid credentials used in majority of attacks against government bodies.
  5. Ironic exposure. Australian government department accidentally leaks sensitive third party information.
  6. Lazarus strikes. The North Korean state-backed group targets IIS web servers for malware distribution.
  7. A stitch in time. Apple and Ubuntu release patches for critical vulnerabilities.
 

 

1. SEC introduces mandatory cyber security disclosure requirements

The US Securities and Exchange Commission (SEC) has introduced new rules that require listed companies to publicly disclose cyber security incidents they consider significant within four business days. The new regulations stopped short of making companies appoint a dedicated cyber security executive, but require boards of directors to describe its role in overseeing cyber security risk, and the executive management’s expertise  in managing cyber risks.

So what?

Listed companies should familiarise themselves with the new regulations to avoid any legal or financial consequences.

 

 

2. Founder of cyber security firm Group-IB jailed for treason in Russia

A Russian court has sentenced Ilya Sachkov, the founder of Singapore-headquartered Group-IB, to 14 years in a maximum-security prison for treason. Sachkov, who denies wrongdoing, was convicted for giving the US government information on a Russian hacker group accused of interfering in the 2016 US presidential election.

So what?

The case demonstrates the intersection between cyber security and geopolitics and highlights the challenges cyber experts can face in countries such as Russia.

 


 

3. Cl0p and Blackcat make data on leak sites more accessible

The ransomware group Cl0p has begun leaking data stolen from the recent MOVEit breaches on websites accessible via the clear web. Separately, ALPHV/BlackCat has introduced an API for their data leak site which can be used to receive instant updates about new victims.

So what?

Most threat actors leak data on the dark web, which requires specialist software to access. These new tactics are designed to further pressure victims by making attacks more public.

 

 

 

4. CISA: Legitimate accounts used in majority of cyber attacked against government bodies

According to a report by the US Cybersecurity and Infrastructure Security Agency (CISA), threat actors leveraged valid credentials to compromise user accounts at government organisations in more than half of the cases studied. The cyber attacks used common methods such as phishing and exploiting default credentials to infiltrate the target environments.

So what?

Creating awareness about phishing and implementing strong password policies are simple yet highly effective measures to bolster an organisation's cyber security posture. Multifactor authentication is also a critical control to prevent the compromise of user accounts.

 


 

5. Small companies' data mistakenly exposed by Australian government

The Australian Home Affairs department unintentionally leaked personally identifiable information from 50 small businesses. The data was collected as part of a government initiative to improve cyber security awareness, and included email addresses, names, and phone numbers.

So what?

Human error is a common source of data breaches. Organisations should ensure any data collection is proportionate, and that they have cyber security awareness training for all staff handling sensitive data.

 

 

 

6. Lazarus targets Microsoft IIS web servers to spread malware

The North Korean state-sponsored threat group Lazarus has been actively exploiting vulnerable Microsoft Internet Information Services (IIS) web servers to distribute malware. Breached IIS servers, commonly used to host websites and applications, become a vector for infecting visitors and users of hosted services.

So what?

Organisations hosting IIS should update their software to the latest versions to avoid becoming unwitting facilitators for such attacks.

 


 

7. Patches released for Apple and Ubuntu flaws

Apple has released an emergency update to address a zero-day vulnerability, CVE-2023-38606, used in an exploit chain. The flaw affects both iOS, iPadOS and macOS devices and can enable hackers to execute malicious code.

Two Linux flaws, CVE-2023-32629 and CVE-2023-2640, have been noted to impact around 40% of Ubuntu users, making them vulnerable to attackers gaining elevated privileges and performing code execution.

So what?

Implementing a patch management process is crucial to prevent cyber attacks. Patch these critical vulnerabilities should patch them as soon as possible.

 

 

CRA23_Winner Shield

S-RM is proud to have been voted Cyber Incident Response Team of the Year at Zywave’s 2023 Cyber Risk Awards. Read more here.

 

 

Cyber Intelligence Briefing

The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends, and indicators, curated by our intelligence specialists.

To discuss this briefing or other industry developments, please reach out to one of our experts.

Authors

Kyle Schwaeble
Kyle Schwaeble
Senior Associate, Cyber Security

Kyle Schwaeble is a senior associate on S-RM’s cyber security team, bringing expertise in incident response management and, particularly, the secure restoration and recovery from cyber incidents such as ransomware attacks and business email compromises. In addition to his incident response work, Kyle has also supported multinational clients with their security transformation programmes, advising on the development and implementation of new technological, procedural, and cultural security controls.  

Kyle joined S-RM in 2019, initially working as an analyst in the Corporate Intelligence team, where he supported various corporate and diligence investigations. He holds a BCom(LLB) from Stellenbosch University in South Africa and is GSEC certified. 

James Tytler
James Tytler
Associate, Incident Response

James Tytler is an associate in S-RM’s incident response team. In addition to responding to a wide range of cyber security incidents, he also supports clients with cyber threat intelligence services.

Before joining S-RM’s cyber security team, James worked at a London-based corporate intelligence firm, where he specialised in Middle Eastern subjects.

James has a BA in Arabic and Persian from the University of Cambridge, and an MA in International Security from Sciences Po Paris. He speaks fluent French.

Kyle Schwaeble
Kyle Schwaeble

Senior Associate, Cyber Security

James Tytler
James Tytler

Associate, Incident Response

Share this post

Subscribe to our insights

Get industry news and expert insights straight to your inbox.