CISO Corner: The NYSE & the SEC; Ransomware Negotiation Tips

  /     /     /  
Publicated : 23/11/2024   Category : security


CISO Corner: The NYSE & the SEC; Ransomware Negotiation Tips


Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps.



Welcome to CISO Corner, Dark Readings weekly digest of articles tailored specifically to security operations readers and security leaders. Every week, well offer articles gleaned from across our news operation, The Edge, DR Technology, DR Global, and our Commentary section. Were committed to bringing you a diverse set of perspectives to support the job of operationalizing cybersecurity strategies, for leaders at organizations of all shapes and sizes.
By Nate Nelson, Contributing Writer, Dark Reading
Wireless service providers prioritize uptime and lag time, occasionally at the cost of security, allowing attackers to take advantage, steal data, and worse.
At the upcoming Black Hat 2024 in Las Vegas, a team of seven Penn State University researchers will describe how hackers can go beyond sniffing your Internet traffic by literally providing your Internet connection to you (over 5G). From there, spying, phishing, and plenty more are all on the table.
The Penn State researchers have reported all the vulnerabilities they discovered to the respective 5G mobile vendors, which have all since deployed patches.
A more permanent solution, however, would have to begin with
securing 5G authentication
. As Hussain says, If you want to ensure the authenticity of these broadcast messages, you need to use public key infrastructure (PKI). And deploying PKI is expensive — you need to update all of the cell towers. And there are some non-technical challenges. For example, who will be the root certificate authority of the public keys?
Read more:
Your Phones 5G Connection Is Vulnerable to Bypass, DoS Attacks
Related:
Black Hat USA 2024 Sessions Agenda
Episode 2: Incident response experts-turned-ransomware negotiators Ed Dubrovsky, COO and managing partner of CYPFER, and Joe Tarraf, chief delivery officer of Surefire Cyber, explain how they interact with cyber threat actors who hold victim organizations systems and data for ransom. Among their fascinating stories: how they negotiated with cybercriminals to restore operations in a hospital NICU where lives were at stake, and how they helped a church, where the attackers themselves got a little religion.
Listen now:
Meet the Ransomware Negotiators
Visit the podcast archive,
available here
.
By Robert Lemos, Contributing Writer, Dark Reading
In the latest breaches, threat groups compromised telecommunications firms in at least two Asian nations, installing backdoors and possibly eavesdropping or pre-positioning for a future attack.
Tools from a trio of China-linked groups — Fireant, Neeedleminer, and Firefly — were used to compromise telecommunications companies in at least two Asian nations, according to an analysis published by technology giant Broadcoms Symantec cybersecurity division. The groups — also known as Mustang Panda, Nomad Panda, and Naikon, respectively — previously have been associated with widespread attacks against a variety of countries in the Asia-Pacific region.
Attackers see telecommunications companies
as a strong launchpad from which to compromise other systems, eavesdrop on communications, or cybercrime
Theres the potential for eavesdropping and surveillance but also, because telecoms is critical infrastructure, you could create significant disruption in your target country, says Dick OBrien, principal threat intelligence analyst for Symantecs threat hunter team. We think that there is a distinct possibility that the motive for these attacks was similar to what the US government has been repeatedly warning about.
Read more:
China-Linked Cyber-Espionage Teams Target Asian Telecoms
Related:
Japan, Philippines & US Forge Cyber Threat Intel-Sharing Alliance
Commentary by Steve Durbin, CEO, Information Security Forum
Knowledge institutions with legacy infrastructure, limited resources, and digitized intellectual property must protect themselves from sophisticated and destructive cyberattacks.
In October 2023, the British Library underwent a crippling cyberattack that cost the library £7 million (US$8.9 million) in recovery costs, or about 40% of its reserve budget. Although the online catalogue was restored in January, full recovery is not expected before the end of the year.
The
British Library ransomware attack
is a wake-up call for all knowledge institutions, libraries, and government-funded organizations that have similar risks in terms of legacy infrastructure, limited resources, and a significant portion of their intellectual property and research existing in a digital format. Such organizations should follow best practices to help protect themselves from sophisticated and destructive cyberattacks.
The institution issued a report outlining details of the attack and sharing valuable lessons, which include:
Assess your technical debt;
Maintain a holistic view of cyber-risk;
Practice good information governance;
And, adopt a defense-in-depth approach.
Read more on the lessons learned:
Key Takeaways From the British Library Cyberattack
Related:
Enhancing Incident Response Playbooks With Machine Learning
Commentary by Jeffrey Wells, Visiting Fellow, National Security Institute at George Mason Universitys Antonin Scalia Law School
The settlement between the SEC and the owner of the New York Stock Exchange is a critical reminder of the vulnerabilities within financial institutions cybersecurity frameworks as well as the importance of regulatory oversight.
In 2018, a severe cyberattack on a subsidiary of Intercontinental Exchange Inc. (ICE), the owner of the New York Stock Exchange (NYSE), exposed highly sensitive information. The SECs subsequent investigation revealed that ICE failed to implement adequate cybersecurity measures, compromising its systems.
As a result, ICE was required to pay a $10 million settlement. This incident is a stark reminder of the
critical need for robust cybersecurity
practices, particularly for entities handling such vital financial data.
The primary accountability lies with ICE, which neglected to enforce stringent cybersecurity protocols. The SECs findings indicate that ICEs subsidiary had multiple vulnerabilities that must be addressed adequately. This lack of preparedness is a significant breach of fiduciary duty to protect sensitive financial information.
However, the $10 million fine, while significant, raises questions about whether it is enough to deter future negligence by major financial institutions.
Read more:
The NYSEs $10M Wake-up Call
Related:  
Dont Forget to Report a Breach: A Cautionary Tale
By DR Techology Staff
CISA outlines how modern cybersecurity relies on network visibility to defend against threats and scams.
The Cybersecurity and Infrastructure Security Agency (CISA), along with the Federal Bureau of Investigation (FBI) and similar entities in New Zealand, has issued guidance on modern approaches to network access security.
With the growing number of breaches and data incidents, organizations need to be thinking about, and planning to adopt, modern firewall and network access management technologies to gain visibility over the network.
CISA lays out three specific approaches its guidance:
zero trust
, secure service edge (SSE), and secure access service edge (SASE).
Read more:
CISA Releases Guidance on Network Access, VPNs
Related:
Attackers Target Check Point VPNs to Access Corporate Networks

Last News

▸ Security Problem Growing for Dairy Queen, UPS & Retailers, Back off ◂
Discovered: 23/12/2024
Category: security

▸ Veritabile Defecte de Proiectare a Securitatii in Software -> Top 10 Software Security Design Flaws ◂
Discovered: 23/12/2024
Category: security

▸ Sony, XBox Targeted by DDoS Attacks, Hacktivist Threats ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
CISO Corner: The NYSE & the SEC; Ransomware Negotiation Tips