Cyber Risk Update 3 MAR 23

Cyber Risk Update for 3 MAR 2023.

Cybersecurity Advisory

• Stop Ransomware: Royal Ransomware https://www.cisa.gov/sites/default/files/2023-03/aa23-061a-stopransomware-royal-ransomware.pdf

Governance

• The cyberattack on Suffolk County, NY (A-/Stable) highlights increased risks to U.S. state and local governments as such attacks become more common, according to Fitch Ratings. Under Fitch's U.S. Tax-Supported Rating Criteria, management quality, including its capacity to manage the impacts of cyberattacks, could be considered an asymmetric risk factor that would negatively affect the county's credit rating. https://www.fitchratings.com/research/us-public-finance/suffolk-county-ny-cyberattack-highlights-growing-risks-to-state-local-governments-05-10-2022

News

• Friday, CISA retired US-CERT and ICS-CERT, integrating CISA’s operational content into a new CISA.gov website that better unifies CISA's mission. https://www.cisa.gov/news-events/alerts/2023/02/24/us-cert-and-ics-cert-transition-cisa

Guidance

• The fourth installment of cybersecurity recommendations from the National Security Telecommunications Advisory Committee calls for a strengthening of the U.S. communication industry’s cybersecurity posture in the face of increasing digital attacks. https://www.nextgov.com/cybersecurity/2023/02/white-house-committee-advocates-collaboration-consensus-cybersecurity-standards/383209/

• Highlights from the New U.S. Cybersecurity Strategy https://krebsonsecurity.com/2023/03/highlights-from-the-new-u-s-cybersecurity-strategy/

More on TikTok

• TikTok: Why is it being banned from government devices? (Here is a non-answer article) https://www.zdnet.com/article/tiktok-why-is-it-being-banned-from-government-devices/

• A House committee on Tuesday took up legislation that would effectively ban TikTok in the U.S., but postponed a vote on the measure until Wednesday. https://www.wsj.com/articles/tiktok-ban-set-to-be-taken-up-by-house-lawmakers-ca643ea2

• New guidance from the Office of Management and Budget finalizes a congressional push to ban the popular Chinese social networking app from all government devices amid privacy and security concerns. https://www.nextgov.com/cxo-briefing/2023/02/white-house-officially-ban-tiktok-government-devices-within-30-days/383429/

Nation States

• Chinese Hackers Use New Custom Backdoor to Evade Detection https://www.bleepingcomputer.com/news/security/chinese-hackers-use-new-custom-backdoor-to-evade-detection/

Data Breaches

• Stanford University Discloses Data Breach Affecting PhD Applicants https://www.bleepingcomputer.com/news/security/stanford-university-discloses-data-breach-affecting-phd-applicants/

• Hackers Breach U.S. Marshals System With Sensitive Personal Data https://www.nytimes.com/2023/02/27/us/politics/us-marshals-ransomware-hack.html

• Media giant NewsCorp has disclosed that hackers were dwelling on its network for two years. https://www.infosecurity-magazine.com/news/news-corp-reveals-breach/

Trends

• Social Engineering Attacks Skyrocket https://www.darkreading.com/endpoint/as-social-engineering-attacks-skyrocket-evaluate-your-security-education-plan

• A new CrowdStrike report found that hackers and digital adversaries are relying less on malware, and more on unpatched vulnerabilities and data weaponization. https://www.nextgov.com/cybersecurity/2023/02/cyber-criminals-are-increasingly-exploiting-cloud-environments-report-finds/383414/

• The majority of organizations, 84%, experienced at least one successful phishing attack in 2022, Proofpoint research found. https://www.cybersecuritydive.com/news/phishing-financial-impact/643737/

Vulnerabilities

• Your Biggest Cybersecurity Risks Could Be Inside Your Organization https://hbr.org/2023/03/your-biggest-cybersecurity-risks-could-be-inside-your-organization

Cybersecurity Maxim

• Cloud Security Isn’t Just on Your Provider; It’s Your Job, Too https://www.corporatecomplianceinsights.com/cloud-security-responsibility/