Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label DHS. Show all posts

The Indispensable Role of the CISO in Navigating Cybersecurity Regulations

 

With evolving cyber threats and stringent regulatory requirements, CISOs are tasked with ensuring the confidentiality, integrity, and availability of an organization’s digital systems and data. This article examines the regulatory landscape surrounding cybersecurity and explores effective strategies for CISOs to navigate these requirements. CISOs must stay updated on regulations and implement robust security practices to protect their organizations from legal consequences. 

The SEC has introduced rules to standardize cybersecurity risk management, strategy, governance, and incident disclosures. These rules apply to public companies under the Securities Exchange Act of 1934 and include both domestic and foreign private issuers. Companies are required to promptly disclose material cybersecurity incidents, detailing the cause, scope, impact, and materiality. Public companies must quickly disclose cybersecurity incidents to investors, regulators, and the public to prevent further damage and allow stakeholders to take necessary actions. 

Detailed disclosures must explain the incident's root cause, the affected systems or data, and the impact, whether it resulted in a data breach, financial loss, operational disruption, or reputational harm. Organizations need to assess whether the incident is substantial enough to influence investors’ decisions. Failure to meet SEC disclosure requirements can lead to investigations and penalties. The Cyber Incident Reporting for Critical Infrastructure Act (CIRCA) mandates that companies report significant cyber incidents to the Department of Homeland Security (DHS) within 24 hours of discovery. 

CISOs must ensure their teams can effectively identify, evaluate, validate, prioritize, and mitigate vulnerabilities and exposures, and that security breaches are promptly reported. Reducing the organization’s exposure to cybersecurity and compliance risks is essential to avoid legal implications from inadequate or misleading disclosures. Several strategies can strengthen an organization's security posture and compliance. Regular security tests and assessments proactively identify and address vulnerabilities, ensuring a strong defense against potential threats. Effective risk mitigation strategies and consistent governance practices enhance compliance and reduce legal risks. Employing a combination of skilled personnel, efficient processes, and advanced technologies bolsters an organization's security. Multi-layered technology solutions such as endpoint detection and response (EDR), continuous threat exposure management (CTEM), and security information and event management (SIEM) can be particularly effective. 

Consulting with legal experts specializing in cybersecurity regulations can guide compliance and risk mitigation efforts. Maintaining open and transparent communication with stakeholders, including investors, regulators, and the board, is critical. Clearly articulating cybersecurity efforts and challenges fosters trust and demonstrates a proactive approach to security. CISOs and their security teams lead the battle against cyber threats and must prepare their organizations for greater security transparency. The goal is to ensure effective risk management and incident response, not to evade requirements. 

By prioritizing risk management, governance, and technology adoption while maintaining regulatory compliance, CISOs can protect their organizations from legal consequences. Steadfast adherence to regulations, fostering transparency, and fortifying defenses with robust security tools and best practices are essential for navigating the complexities of cybersecurity compliance. By diligently upholding security standards and regulatory compliance, CISOs can steer their organizations toward a future where cybersecurity resilience and legal compliance go hand in hand, providing protection and peace of mind for all stakeholders.

Are Emergency Services Vulnerable to Cyber Threats?




In recent warnings issued by the Department of Homeland Security (DHS), a concerning trend has emerged: emergency services are increasingly vulnerable to cyber-attacks, particularly ransomware incidents. These attacks pose significant risks not only to operational efficiency but also to public safety and the security of personal information.

Ransomware attacks, for those unfamiliar, involve hackers infiltrating computer systems and encrypting data, demanding payment for its release. Emergency services, including police departments and 911 call centres, have become prime targets for these attacks, leading to severe disruptions in critical operations. Picture a scenario where accessing emergency services during a crisis becomes impossible due to system outages—it's a frightening reality that stresses upon the urgency of addressing cybersecurity vulnerabilities.

The repercussions extend beyond mere operational disruptions. Cybercriminals gain access to highly sensitive personal information and police records, which can be exploited for various illicit activities, including identity theft and extortion. Such breaches not only compromise individuals' privacy but also undermine law enforcement's ability to effectively respond to emergencies, posing a significant threat to public safety.

One of the primary challenges in combating these cyber threats lies in the lack of resources and expertise at the local level. Many state and local governments, responsible for managing emergency service networks, struggle to keep pace with the rapidly expanding aspects of cybersecurity. Outdated technology systems and a shortage of cybersecurity personnel exacerbate the problem, leaving critical infrastructure vulnerable to exploitation by malicious actors.

Recent incidents in Bucks County, Pennsylvania, and Fulton County, Georgia, serve as stark reminders of the vulnerabilities within emergency services. In Bucks County, dispatchers were compelled to resort to manual processes after a cyberattack paralysed the 911 system, while Fulton County endured widespread disruption to government services following a cyber intrusion.

To address these challenges effectively, collaboration and preparedness are the key. Communities must prioritise cybersecurity measures, investing in modern technology systems, and providing comprehensive training for personnel to identify and respond to cyber threats promptly.

As society continues to rely increasingly on digital foundation, safeguarding critical services, particularly emergency response systems, becomes imperative. By remaining vigilant and proactive, we can fortify our communities against cyber threats, ensuring that emergency assistance remains readily accessible, even in the face of malicious cyber activity.


DHS and FBI: Chinese Drones Pose Major Threat to U.S. Security

 

The cybersecurity arm of the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have jointly issued a public service announcement cautioning about the potential risks posed by Chinese-manufactured drones to critical infrastructure and U.S. national security. The advisory, released on Wednesday, emphasizes the likelihood of Chinese drones being used to pilfer American data, citing Chinese laws permitting government access to data held by private entities as a cause for concern.

The document underscores the necessity for careful consideration and potential mitigation when employing Chinese-manufactured Unmanned Aircraft Systems (UAS), as their use may expose sensitive information to Chinese authorities, thereby endangering national security, economic security, and public health and safety. The White House has identified China as the most formidable cyber threat, attributing this to their adept exploitation of data utilized by American consumers.

A 2021 law, according to the agencies, has expanded China's authority over companies and data within its borders, imposing strict penalties for non-compliance. The data collected by these companies is deemed crucial to China's Military-Civil Fusion strategy, aimed at gaining a strategic advantage over the United States by accessing advanced technologies and expertise.

As critical infrastructure sectors increasingly rely on UAS for cost-effective operations, the agencies express concern about the potential exposure of sensitive information due to the use of Chinese-manufactured drones. Chinese drones are noted as capable of receiving and transmitting data, and the potential avenues for exploitation include data transfer, collection through software updates, and the use of docking stations as data collectors.

The consequences of data harvesting by Chinese drones could be severe, including exposing intellectual property, divulging critical infrastructure operations details, compromising cybersecurity and physical security controls, and facilitating easier access for Chinese hackers into systems. To address these risks, CISA and the FBI recommend isolating Chinese-made drones from networks and implementing regular maintenance to uphold adequate security measures.

PUMA Network: Unmasking a Cybercrime Empire

A massive cybercrime URL shortening service known as "Prolific Puma" has been uncovered by security researchers at Infoblox. The service has been used to deliver phishing attacks, scams, and malware for at least four years, and has registered thousands of domains in the U.S. top-level domain (usTLD) to facilitate its activities.

Prolific Puma works by shortening malicious URLs into shorter, more memorable links that are easier to click on. These shortened links are then distributed via email, social media, and other channels to unsuspecting victims. When a victim clicks on a shortened link, they are redirected to the malicious website.

Security researchers were able to track Prolific Puma's activity by analyzing DNS data. DNS is a system that translates domain names into IP addresses, which are the numerical addresses of websites and other devices on the internet. By analyzing DNS data, researchers were able to identify the thousands of domains that Prolific Puma was using to deliver its malicious links.

Prolific Puma's use of the usTLD is particularly noteworthy. The usTLD is one of the most trusted TLDs in the world, and many people do not suspect that a link with a usTLD domain could be malicious. This makes Prolific Puma's shortened links particularly effective at deceiving victims.

The discovery of Prolific Puma is a reminder of the importance of being vigilant when clicking on links, even if they come from seemingly trusted sources. It is also a reminder that cybercriminals are constantly developing new and sophisticated ways to attack their victims.

Here are some tips for staying safe from Prolific Puma and other malicious URL shortening services:

  • Be wary of clicking on links in emails, social media posts, and other messages from unknown senders.
  • If you are unsure whether a link is safe, hover over it with your mouse to see the full URL. If the URL looks suspicious, do not click on it.
  • Use a security solution that can detect and block malicious links.
  • Keep your web browser and operating system up to date with the latest security patches.

The security researchers who discovered Prolific Puma have contacted the United States Computer Emergency Readiness Team (US-CERT) and the Department of Homeland Security (DHS) about the service. Both agencies are working to take down Prolific Puma's infrastructure and prevent it from being used to launch further attacks.

Prolific Puma is not the first malicious URL-shortening service to be discovered. In recent years, there have been a number of other high-profile cases of cybercriminals using URL shortening services to deliver malware and phishing attacks.

The discovery of Prolific Puma is a reminder that URL shortening services can be abused for malicious purposes. Users should be cautious when clicking on shortened links, and should take steps to protect themselves from malware and phishing attacks.

Johnson Controls Breach Allegedly Leaked Sensitive DHS Data

 

A king-sized ransomware attack that targeted Johnson Controls forced certain parts of its IT systems to go offline and disrupted some of its operations. The attack on the renowned manufacturer of industrial control systems is reportedly the work of the Dark Angels hacker group. 

According to BleepingComputer, which broke the story first, the ransomware group is demanding $51 million in exchange for a decryptor and a complete wipeout of stolen data. 

As part of the hack, the company's ESXi servers were allegedly encrypted and some 27 terabytes of data were stolen by the digital hijackers. 

Theft of DHS data? 

The data hoard's potential exposure of private Department of Homeland Security (DHS) information, including physical floor plans of some agency buildings and security details on contracts with third parties, is of particular concern, CNN reported.

According to an internal DHS email reviewed by CNN, uncertainty exists around whether the Dark Angels or other digital hackers have taken control of Johnson Controls' private information. 

“Until further notice, we should assume that [the contractor] stores DHS floor plans and security information tied to contracts on their servers,” the memo stated. “We do not currently know the full extent of the impact on DHS systems or facilities.” 

Researchers believe that the ransomware employed in the attack is essentially an identical RagnarLocker Linux ransomware designed in 2021. In an 8K regulatory filing with the Securities and Exchange Commission (SEC), Johnson Controls stated that while some of its systems had been attacked by ransomware, many of its applications "remain operational." 

In the repair process, Johnson Controls' insurers are collaborating with external cybersecurity experts, perhaps managed security service providers (MSSPs), and possibly forensics experts. The attack commenced at the company's Asia offices and then extended to its subsidiaries. The cyber attackers reportedly launched the infiltration last weekend.

Statement from Johnson Controls 

Johnson Control reported in an 8K filing that the incident is expected to continue to hinder certain parts of the company's business operations: 

"Johnson Controls International plc (the “Company”) has experienced disruptions in portions of its internal information technology infrastructure and applications resulting from a cybersecurity incident. Promptly after detecting the issue, the Company began an investigation with assistance from leading external cybersecurity experts and is also coordinating with its insurers. 

The Company continues to assess what information was impacted and is executing its incident management and protection plan, including implementing remediation measures to mitigate the impact of the incident, and will continue taking additional steps as appropriate. " 

At this time, it's unclear whether Johnson Controls will be able to announce fourth-quarter and full-year fiscal year results, as well as the financial impact of the attack.

Emergency Alert System Bugs Can Help Actors Distribute Fraud Messages

 


The U.S Department of Homeland Security (DHS) has issued a warning of critical vulnerability in the Emergency Alert System (EAS) encoding/decoding devices. If not fixed, the bugs will allow threat actors to send out fraud emergency alerts on cable networks, TV, and radio. 

The advisory came on August 1 from DHS' Federal Emergency Alert Agency (FEMA). Cybersecurity experts Ken Pyle found out about the vulnerabilities. 

FEMA said the EAS national test in 2021 was very similar to regular monthly tests typically originated by state authorities. 

During the test, radios and televisions across the country interrupted normal programming to play the EAS test message in English or Spanish. 

"The EAS national test in 2021 was very similar to regular monthly tests typically originated by state authorities. During the test, radios and televisions across the country interrupted normal programming to play the EAS test message in English or Spanish," reports FEMA.

EAS is a U.S. national public warning system that allows state authorities to send out information in less than 10 minutes if there's an emergency. These warnings can interrupt TV and radio to show emergency alert information. 

Information about the bugs has not been disclosed to prevent threat actors from exploiting them, but we can expect the details publicly soon as a proof-of-concept at the DEF CON conference going to take place in Las Vegas next week. 

Basically, the flaws are public knowledge and will be shown to a large audience in the following weeks. 

To control the vulnerability, users are advised to update the EAS devices to the latest software versions, use a firewall to secure them, and keep an eye on audit and review logs for signs of any suspicious access (unauthorised). 

"The testing process is designed to evaluate the effectiveness of the IPAWS Open Platform for Emergency Networks and assess the operational readiness of the infrastructure for distribution of a national message and determine whether technological improvements are needed," reports FEMA.