CISO Corner: The NYSE & the SEC; Ransomware Negotiation Tips
Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps.
June 28, 2024
At a Glance
- Your Phone's 5G Connection Is Vulnerable to Bypass, DoS Attacks; Podcast: Meet the Ransomware Negotiators
- China-Linked Cyber-Espionage Teams Target Asian Telecoms; Key Takeaways From the British Library Cyberattack
- The NYSE's $10M Wake-up Call; CISA Releases Guidance on Network Access, VPNs
Welcome to CISO Corner, Dark Reading's weekly digest of articles tailored specifically to security operations readers and security leaders. Every week, we'll offer articles gleaned from across our news operation, The Edge, DR Technology, DR Global, and our Commentary section. We're committed to bringing you a diverse set of perspectives to support the job of operationalizing cybersecurity strategies, for leaders at organizations of all shapes and sizes.
Your Phone's 5G Connection Is Vulnerable to Bypass, DoS Attacks
By Nate Nelson, Contributing Writer, Dark Reading
Wireless service providers prioritize uptime and lag time, occasionally at the cost of security, allowing attackers to take advantage, steal data, and worse.
At the upcoming Black Hat 2024 in Las Vegas, a team of seven Penn State University researchers will describe how hackers can go beyond sniffing your Internet traffic by literally providing your Internet connection to you (over 5G). From there, spying, phishing, and plenty more are all on the table.
The Penn State researchers have reported all the vulnerabilities they discovered to the respective 5G mobile vendors, which have all since deployed patches.
A more permanent solution, however, would have to begin with securing 5G authentication. As Hussain says, "If you want to ensure the authenticity of these broadcast messages, you need to use public key infrastructure (PKI). And deploying PKI is expensive — you need to update all of the cell towers. And there are some non-technical challenges. For example, who will be the root certificate authority of the public keys?"
Read more: Your Phone's 5G Connection Is Vulnerable to Bypass, DoS Attacks
Related: Black Hat USA 2024 Sessions Agenda
Dark Reading Confidential: Meet the Ransomware Negotiators
Episode 2: Incident response experts-turned-ransomware negotiators Ed Dubrovsky, COO and managing partner of CYPFER, and Joe Tarraf, chief delivery officer of Surefire Cyber, explain how they interact with cyber threat actors who hold victim organizations' systems and data for ransom. Among their fascinating stories: how they negotiated with cybercriminals to restore operations in a hospital NICU where lives were at stake, and how they helped a church, where the attackers themselves "got a little religion."
Listen now: Meet the Ransomware Negotiators
Visit the podcast archive, available here.
DR Global: China-Linked Cyber-Espionage Teams Target Asian Telecoms
By Robert Lemos, Contributing Writer, Dark Reading
In the latest breaches, threat groups compromised telecommunications firms in at least two Asian nations, installing backdoors and possibly eavesdropping or pre-positioning for a future attack.
Tools from a trio of China-linked groups — Fireant, Neeedleminer, and Firefly — were used to compromise telecommunications companies in at least two Asian nations, according to an analysis published by technology giant Broadcom's Symantec cybersecurity division. The groups — also known as Mustang Panda, Nomad Panda, and Naikon, respectively — previously have been associated with widespread attacks against a variety of countries in the Asia-Pacific region.
Attackers see telecommunications companies as a strong launchpad from which to compromise other systems, eavesdrop on communications, or cybercrime
"There's the potential for eavesdropping and surveillance but also, because telecoms is critical infrastructure, you could create significant disruption in your target country," says Dick O'Brien, principal threat intelligence analyst for Symantec's threat hunter team. "We think that there is a distinct possibility that the motive for these attacks was similar to what the US government has been repeatedly warning about."
Read more: China-Linked Cyber-Espionage Teams Target Asian Telecoms
Related: Japan, Philippines & US Forge Cyber Threat Intel-Sharing Alliance
Key Takeaways From the British Library Cyberattack
Commentary by Steve Durbin, CEO, Information Security Forum
Knowledge institutions with legacy infrastructure, limited resources, and digitized intellectual property must protect themselves from sophisticated and destructive cyberattacks.
In October 2023, the British Library underwent a crippling cyberattack that cost the library £7 million (US$8.9 million) in recovery costs, or about 40% of its reserve budget. Although the online catalogue was restored in January, full recovery is not expected before the end of the year.
The British Library ransomware attack is a wake-up call for all knowledge institutions, libraries, and government-funded organizations that have similar risks in terms of legacy infrastructure, limited resources, and a significant portion of their intellectual property and research existing in a digital format. Such organizations should follow best practices to help protect themselves from sophisticated and destructive cyberattacks.
The institution issued a report outlining details of the attack and sharing valuable lessons, which include:
Assess your technical debt;
Maintain a holistic view of cyber-risk;
Practice good information governance;
And, adopt a defense-in-depth approach.
Read more on the lessons learned: Key Takeaways From the British Library Cyberattack
Related: Enhancing Incident Response Playbooks With Machine Learning
The NYSE's $10M Wake-up Call
Commentary by Jeffrey Wells, Visiting Fellow, National Security Institute at George Mason University's Antonin Scalia Law School
The settlement between the SEC and the owner of the New York Stock Exchange is a critical reminder of the vulnerabilities within financial institutions' cybersecurity frameworks as well as the importance of regulatory oversight.
In 2018, a severe cyberattack on a subsidiary of Intercontinental Exchange Inc. (ICE), the owner of the New York Stock Exchange (NYSE), exposed highly sensitive information. The SEC's subsequent investigation revealed that ICE failed to implement adequate cybersecurity measures, compromising its systems.
As a result, ICE was required to pay a $10 million settlement. This incident is a stark reminder of the critical need for robust cybersecurity practices, particularly for entities handling such vital financial data.
The primary accountability lies with ICE, which neglected to enforce stringent cybersecurity protocols. The SEC's findings indicate that ICE's subsidiary had multiple vulnerabilities that must be addressed adequately. This lack of preparedness is a significant breach of fiduciary duty to protect sensitive financial information.
However, the $10 million fine, while significant, raises questions about whether it is enough to deter future negligence by major financial institutions.
Read more: The NYSE's $10M Wake-up Call
CISA Releases Guidance on Network Access, VPNs
By DR Techology Staff
CISA outlines how modern cybersecurity relies on network visibility to defend against threats and scams.
The Cybersecurity and Infrastructure Security Agency (CISA), along with the Federal Bureau of Investigation (FBI) and similar entities in New Zealand, has issued guidance on modern approaches to network access security.
With the growing number of breaches and data incidents, organizations need to be thinking about, and planning to adopt, modern firewall and network access management technologies to gain visibility over the network.
CISA lays out three specific approaches its guidance: zero trust, secure service edge (SSE), and secure access service edge (SASE).
Read more: CISA Releases Guidance on Network Access, VPNs
Related: Attackers Target Check Point VPNs to Access Corporate Networks
You May Also Like