Trending headlines in cybersecurity from the week:
State of Industrial Cybersecurity
New Regulations for Financial Services
Hive Ransomware Alert
Why Are CISOs Resigning?
Watch this episode now:
Cyber Attack Statistics from the Industrial Sector
Trend Micro recently released a new State of Industrial Cybersecurity report, to understand the motivations and environmental factors driving cybersecurity improvements for the manufacturing, energy, oil and gas industries. Among the findings: 9 out of 10 organizations have had their production or energy supply impacted by cyberattacks in the last 12 months, and more than half of respondents said the disruptions lasted four or more days, with an average financial damage of $3 million. Additionally, half of respondents reported at least 6 disruptions in the last 12 months, or a cyberattack occurring every 2 months. The primary causes of the attacks: exploitation of a third party or cloud service. Additionally, 40% of the organizations said they could not block the attacks; rather the focus was on detection and response. As for the top driver to strengthen cybersecurity controls, it comes as no surprise the top answer was to prevent future attacks.
Tighter Cybersecurity Regulations for Financial Services
The New York Department of Financial Services recently Proposed Amendments to its Cybersecurity Regulation, representing a significant update to mandated cybersecurity practices. Organizations impacted include financial institutions doing business in New York, including banks, insurance companies and mortgage loan servicers. The Proposed Amendments call for increased controls associated with common attack vectors and additional cybersecurity requirements for larger companies.
While the original NYDFS Cybersecurity Regulation provided organizations freedom in designing their cybersecurity program based on assessed risks, the Proposed Amendments now require the implementation of specific administrative and technical controls to address common vulnerabilities. In addition, consistent with growing regulatory trends, the Proposed Amendments mandate cybersecurity governance practices, moving beyond administrative and technical safeguards to regulate corporate behavior. Finally, the Proposed Amendments subject larger financial services organizations to independent audits and external risk assessments. The comment period for the Proposed Amendments continues until Jan. 8, 2023, and most amendments become effective within 180 days of adoption.
Emerging Threats: VenomSoftX
A Google Chrome extension named “VenomSoftX” is being deployed by Windows malware and is stealing information and cryptocurrency as users browse the web. The malicious browser extension is a new variant of the ViperSoftX malware, which was first discovered in 2020. VenomSoftX masquerades as a “Google Sheets 2.1” productivity app, and installs as an update manager. While VenomSoftX and ViperSoftX have malicious activity overlap, how they perform the end goal, which is cryptocurrency theft, is different. VenomSoftX hooks into an API request on popular crypto exchanges the victims visit, then tampers with the API request to redirect money to the attacker instead. Additionally, the extension modifies the transaction amount to the maximum available, siphoning all available funds. Targeted services include Blockchain.com, Binance, Coinbase, Gate.io, and Kucoin. For reference, Google sheets is not an extension. It can only be installed in Google Chrome as an app under Chrome. If employees do have the extension installed, it should be removed and browser data cleared to ensure the malicious extension is removed.
Hive Ransomware Alert
The FBI, CISA and the Department of Health and Human Services have issued a new alert for the Hive ransomware. As of November 2022, Hive ransomware has victimized over 1,300 companies worldwide, capturing an estimated $100 million in ransom payments. Hive ransomware is a ransomware-as-a-service (RaaS) model, in which developers create, maintain, and update the malware and affiliates launch the attacks. The method of intrusion will depend on which affiliate targets the network, although initial access is typically gained through single factor logins using Remote Desktop Protocol (RDP), virtual private networks (VPNs) and other remote network connection protocols, or bypassing multifactor authentications (MFAs) in known vulnerabilities in FortiOS servers. Threat actors commonly leverage phishing emails, exploiting Microsoft Exchange Server flaws. What makes the Hive group so successful is their ability to evade detection before deploying the ransomware payload. And even more concerning— bad actors will also reinfect the victim’s network, particularly those who restore their systems without making a payment. Healthcare has been a primary target although other impacted industries include government facilities, communications, manufacturing, and IT.
Why CISOs Are Resigning
Finally, we close by asking the question, “Why are CISOs resigning?” In the span of just 8 days last month, state CISOs from Oklahoma, Georgia, Pennsylvania, and North Dakota all resigned. And many CISOs in private and public sectors are choosing to move on, too, reducing the average tenure of a CISO to just two years. Why is that? SC Media sat down with CyberGRX CISO, Dave Stapleton, to get his thoughts. It turns out, CISOs aren’t just resigning for negative reasons or the stress of the job, although there is certainly a significant weight of responsibility on their shoulders. Because CISOs have technical expertise, business acumen and crisis management skills, they are being recruited for roles outside of Infosec. How can organizations stop the churn? Much of it points back to the support and recognition of the role cybersecurity plays in an organization– giving the CISO a seat at the table and a voice in enterprise planning and decision making. Supporting the CISO with process transformation and embracing change. And most importantly, being empathetic to the pressures facing CISOs. Or as Dave shared, “Serving as a CISO can offer great rewards when an organization appreciates and respects that person, giving them the tools they need to succeed.”
All information is current as of November 21, 2022. Subscribe to receive future episodes as they are released.
Get Cyber Risk Intel delivered to your inbox each week: