CISO Corner: The NYSE & the SEC; Ransomware Negotiation Tips

Welcome to CISO Corner, Dark Reading's weekly digest of articles tailored specifically to security operations readers and security leaders. Every week, we'll offer articles gleaned from across our news operation, The Edge, DR Technology, DR Global, and our Commentary section. We're committed to bringing you a diverse set of perspectives to support the job of operationalizing cybersecurity strategies, for leaders at organizations of all shapes and sizes.

By Nate Nelson, Contributing Writer, Dark Reading

Wireless service providers prioritize uptime and lag time, occasionally at the cost of security, allowing attackers to take advantage, steal data, and worse.

At the upcoming Black Hat 2024 in Las Vegas, a team of seven Penn State University researchers will describe how hackers can go beyond sniffing your Internet traffic by literally providing your Internet connection to you (over 5G). From there, spying, phishing, and plenty more are all on the table.

The Penn State researchers have reported all the vulnerabilities they discovered to the respective 5G mobile vendors, which have all since deployed patches.

A more permanent solution, however, would have to begin with securing 5G authentication. As Hussain says, "If you want to ensure the authenticity of these broadcast messages, you need to use public key infrastructure (PKI). And deploying PKI is expensive — you need to update all of the cell towers. And there are some non-technical challenges. For example, who will be the root certificate authority of the public keys?"

Read more: Your Phone's 5G Connection Is Vulnerable to Bypass, DoS Attacks

Related: Black Hat USA 2024 Sessions Agenda

Episode 2: Incident response experts-turned-ransomware negotiators Ed Dubrovsky, COO and managing partner of CYPFER, and Joe Tarraf, chief delivery officer of Surefire Cyber, explain how they interact with cyber threat actors who hold victim organizations' systems and data for ransom. Among their fascinating stories: how they negotiated with cybercriminals to restore operations in a hospital NICU where lives were at stake, and how they helped a church, where the attackers themselves "got a little religion."

Listen now: Meet the Ransomware Negotiators

Visit the podcast archive, available here.

By Robert Lemos, Contributing Writer, Dark Reading

In the latest breaches, threat groups compromised telecommunications firms in at least two Asian nations, installing backdoors and possibly eavesdropping or pre-positioning for a future attack.

Tools from a trio of China-linked groups — Fireant, Neeedleminer, and Firefly — were used to compromise telecommunications companies in at least two Asian nations, according to an analysis published by technology giant Broadcom's Symantec cybersecurity division. The groups — also known as Mustang Panda, Nomad Panda, and Naikon, respectively — previously have been associated with widespread attacks against a variety of countries in the Asia-Pacific region.

Attackers see telecommunications companies as a strong launchpad from which to compromise other systems, eavesdrop on communications, or cybercrime

"There's the potential for eavesdropping and surveillance but also, because telecoms is critical infrastructure, you could create significant disruption in your target country," says Dick O'Brien, principal threat intelligence analyst for Symantec's threat hunter team. "We think that there is a distinct possibility that the motive for these attacks was similar to what the US government has been repeatedly warning about."

Read more: China-Linked Cyber-Espionage Teams Target Asian Telecoms

Related: Japan, Philippines & US Forge Cyber Threat Intel-Sharing Alliance

Commentary by Steve Durbin, CEO, Information Security Forum

Knowledge institutions with legacy infrastructure, limited resources, and digitized intellectual property must protect themselves from sophisticated and destructive cyberattacks.

In October 2023, the British Library underwent a crippling cyberattack that cost the library £7 million (US$8.9 million) in recovery costs, or about 40% of its reserve budget. Although the online catalogue was restored in January, full recovery is not expected before the end of the year.

The British Library ransomware attack is a wake-up call for all knowledge institutions, libraries, and government-funded organizations that have similar risks in terms of legacy infrastructure, limited resources, and a significant portion of their intellectual property and research existing in a digital format. Such organizations should follow best practices to help protect themselves from sophisticated and destructive cyberattacks.

The institution issued a report outlining details of the attack and sharing valuable lessons, which include:

Read more on the lessons learned: Key Takeaways From the British Library Cyberattack

Related: Enhancing Incident Response Playbooks With Machine Learning

Commentary by Jeffrey Wells, Visiting Fellow, National Security Institute at George Mason University's Antonin Scalia Law School

The settlement between the SEC and the owner of the New York Stock Exchange is a critical reminder of the vulnerabilities within financial institutions' cybersecurity frameworks as well as the importance of regulatory oversight.

In 2018, a severe cyberattack on a subsidiary of Intercontinental Exchange Inc. (ICE), the owner of the New York Stock Exchange (NYSE), exposed highly sensitive information. The SEC's subsequent investigation revealed that ICE failed to implement adequate cybersecurity measures, compromising its systems.

As a result, ICE was required to pay a $10 million settlement. This incident is a stark reminder of the critical need for robust cybersecurity practices, particularly for entities handling such vital financial data.

The primary accountability lies with ICE, which neglected to enforce stringent cybersecurity protocols. The SEC's findings indicate that ICE's subsidiary had multiple vulnerabilities that must be addressed adequately. This lack of preparedness is a significant breach of fiduciary duty to protect sensitive financial information.

However, the $10 million fine, while significant, raises questions about whether it is enough to deter future negligence by major financial institutions.

Read more: The NYSE's $10M Wake-up Call

Related:  Don't Forget to Report a Breach: A Cautionary Tale

By DR Techology Staff

CISA outlines how modern cybersecurity relies on network visibility to defend against threats and scams.

The Cybersecurity and Infrastructure Security Agency (CISA), along with the Federal Bureau of Investigation (FBI) and similar entities in New Zealand, has issued guidance on modern approaches to network access security.

With the growing number of breaches and data incidents, organizations need to be thinking about, and planning to adopt, modern firewall and network access management technologies to gain visibility over the network.

CISA lays out three specific approaches its guidance: zero trust, secure service edge (SSE), and secure access service edge (SASE).

Read more: CISA Releases Guidance on Network Access, VPNs

Related: Attackers Target Check Point VPNs to Access Corporate Networks