Category Archives: Cyber Attacks

Cyber Attacks, SEC, security compliance, Supply Chain Security

The SEC’s New Cyber Rules

Posted on by Or Kadosh
what every ciso needs to know about the new cybersecurity sec rules
12
Sep

What Every Public Company CISO Must Know:

The role of a Chief Information Security Officer (CISO) in public companies has never been more pivotal. With cyber threats escalating in scale and sophistication, the Securities and Exchange Commission (SEC) has rolled out new cyber regulations aimed at safeguarding investors, stakeholders, and the broader market. Given that the amendments took effect on September 5, 2023, it’s crucial for your organization to be informed. While the final rules are quite lengthy, I’ll offer a condensed and digestible version in this blog post to help you understand the key points – so make sure to read on!

The Backdrop:

Back in March 2022, the Commission took the bold step of introducing a suite of regulations. The intent was clear: fortify public company disclosures concerning cybersecurity. This encompassed key areas such as cyber threats, strategic countermeasures, governance structures, and insights into major cyber incidents.

At the time, there were several major trends that led the Commission to take this action. The digital evolution and massive work-from-home shifts, intertwined with the allure of cybercrime monetization and an overarching reliance on third-party tech services like cloud platforms, have stretched cyber risk boundaries. The financial fallout from cyber incidents have also skyrocketed. Given all of this, the Commission’s move to ensure transparency isn’t just timely—it’s imperative.

Though the Commission offered guidance in 2011 and 2018, the standards remained inconsistent. The 2022 regulations were introduced to bring consistency and offer investors clearer insights.

Key Mandates To Be Aware Of:

Skip ahead to 2023, and the SEC’s proposed rules have officially transformed into finalized rules. Here are the essential highlights you should be aware of…

  1. Form 8-K Item 1.05: A pivotal element in the new regulations. Public companies now have the duty to report significant cyber incidents. Reports must, “describe the material aspects of the nature, scope, and timing of the incident, as well as the material impact or reasonably likely material impact of the incident on the registrant, including its financial condition and results of operations.” 

  2. Disclosure Timeline: Post a cyber event, companies need to swiftly gauge its significance. If found consequential, a Form 8-K needs to be filed within four business days. However, exceptions do exist. Should the U.S. Attorney General deem a quick disclosure a threat to national or public safety, delays can ensue.

  3. Regulation S-K Item 106: This regulation delves deep. It mandates firms to shed light on their cyber threat assessment, detection, and management strategies. Past incidents that have or might have considerable ramifications also need to be outlined. Plus, it casts the spotlight on how involved the board is in overseeing cyber risks and the prowess of the management in mitigating them.

  4. International Disclosures: The SEC is highlighting that global transparency is crucial. Modifications to Form 6-K and Form 20-F ensure that foreign private entities aren’t left out. Significant cyber events disclosed overseas or required by foreign issuers need to be detailed.

What Lies Ahead:

The new regulations will be operational a month after their Federal Register appearance. For companies, the compliance timelines are split based on the form:

  • Regulation S-K Item 106 & Form 20-F: Disclosure starts with annual statements for fiscal years ending on or after December 15, 2023.

  • Form 8-K Item 1.05 & Form 6-K: Compliance starts 90 days post Federal Register publication or by December 18, 2023, except for smaller firms. They have until June 15, 2024.

  • Finally, when it comes to structured data mandates, the spotlight is on Inline XBRL. The final rules require the cybersecurity disclosures to be presented in Inline eXtensible Business Reporting Language. Entities must tag their disclosures using this format, a year after the kick-off of initial disclosure duties. To simplify what this filing format is for those who may not be aware, it’s a special language for computers that makes it possible to create a single document that’s human and machine readable. So, instead of making two different documents (one for people to read and one for computers to understand), you just make one using Inline XBRL.

Every day we are reminded how crucial cyber resilience is. For CISOs in public companies, aligning with the SEC’s updated cyber regulations is not just about compliance—it’s a commitment to transparency, investor protection, and long-term business sustainability.



Learn More About Findings
Cyber Attacks, security compliance, Supply Chain Security, Vendor Risk Management

The Top 10 Things Every CISO Should Know

Posted on by Or Kadosh
what every ciso should know about
01
Sep

What Every CISO Should Know in 2023 to Protect Their Business


In our rapidly evolving digital age, the role of a Chief Information Security Officer (CISO) has never been more crucial. As a CISO, your role stretches far beyond traditional IT security measures. You are the protector of your organization’s most valuable assets, from intellectual property to customer data. The following insights delve deeper into what every CISO should know in 2023 to ensure they’re at the forefront of safeguarding their business.


1. Grasping the Business

Understanding your business inside out is paramount. The best CISOs fully comprehend the company’s goals, mission, and operational mechanics. Why is this so vital? Because only with this understanding can you adequately prioritize and champion security initiatives. Furthermore, by aligning security measures with business goals, you ensure that security is not viewed as a roadblock but rather an enabler of growth and success.


2. Emphasizing Effective Risk Management

Risk management isn’t just a box to tick; it’s a continual process. This involves constant vigilance—identifying emerging threats, assessing their potential impact, and implementing controls to counteract them. Today’s cyber threats are dynamic, with cybercriminals using sophisticated techniques that change by the minute. Hence, regular risk assessments and updates are non-negotiable. But, just as crucial is the art of communication. The ability to articulate these risks, along with their potential implications to the board and executives, can make the difference between proactive action and reactive damage control.


3. Moving Beyond Compliance

While regulatory compliance is essential, in 2023, it’s merely a starting point. With the ever-evolving threat landscape, relying solely on regulations and standards can render a business vulnerable. It’s like only installing a front door lock while leaving all the windows open. Instead, a proactive approach, involving continuous assessment and adaptation of security measures to the unique needs and threats faced by your organization, is pivotal.


4. Championing Security Awareness

The human factor can often be the weakest link in any security chain. As such, empowering every single employee with the knowledge and tools to act as the first line of defense is vital. This means ongoing training, regular reminders, and cultivating a culture where security is everyone’s business. Remember, from the receptionist to the CEO, everyone can either be an asset or a vulnerability.


5. Harnessing the Power of Effective Communication

Clear, concise, and compelling communication can be one of the most potent tools in a CISO’s arsenal. It’s essential to translate the often complex world of security into language that everyone—from the tech newbie to the seasoned board member—can grasp. Regularly updating stakeholders about security postures, potential risks, and ongoing initiatives not only fosters trust but also reinforces the importance of collective vigilance.


Expanding the CISO’s Toolkit in 2023:

But let’s push the envelope further. In addition to the critical pointers above, CISOs in 2023 should be aware of:


6. Embracing the Cloud and Zero Trust: 

As businesses transition to cloud infrastructures, understanding cloud security best practices becomes paramount. Moreover, adopting a Zero Trust approach—where every access request is fully authenticated, authorized, and encrypted before granting access—ensures layered defense in a distributed work environment.


7. Machine Learning and AI:

Cybercriminals are leveraging AI; so should you. Incorporating machine learning can help in anomaly detection, identifying potential threats faster than any human could, and enhancing predictive analytics. Findings not only automates assessments and the auditing process for all of your company’s vendors, but we also offer real time updates on your risk posture powered by RiskRecon and Anomali.


8. Regular Penetration Testing:

Gone are the days when an annual penetration test sufficed. Regularly challenging your systems can expose vulnerabilities before cybercriminals exploit them.


9. Incident Response Preparedness:

It’s not about if, but when a breach might occur. Having a well-rehearsed incident response plan ensures rapid containment, minimizing potential damage.


10. Collaborative Security:

Partnering with other businesses, industry groups, and governmental bodies can provide invaluable intelligence and resources. Cybersecurity is a collective endeavor.


In conclusion, being a CISO in 2023 means juggling many balls—compliance, risk management, employee training, effective communication, technological advancements, and more. The threat landscape might be challenging, but with the right approach, tools, and mindset, CISOs can ensure their organizations are robustly defended and primed for growth.


We’re Here To Help

Cyber Attacks, Uncategorized

July Data Breach Roundup

Posted on by Or Kadosh
Findings.co July 2023 cybersecurity and data breaches roundup
04
Aug

As we navigate the relaxing summer season, it’s important to note that just because half the world is on pause, doesn’t mean hackers are too. While those who are relaxing and not paying much attention, these attackers are sweeping their ways into their supply chains and causing damage. Luckily, automation helps, and catching vulnerabilities in your supply chain with our Assessment and Audit AI features will help you stay on track. 


This month’s blog arrives hot on the heels of an important announcement from the SEC. They have mandated that public companies must now report data breaches within 4 days of discovery. This new regulation comes at a critical time as the MOVEIT vulnerability continues to wreak havoc, causing significant disruptions in recent months.


July proved to be a challenging period for cybersecurity, with major players like Deutsche Bank, Genworth Financial, and Maximus falling victim to the consequences of data breaches. While numerous breaches occurred throughout the month, I will focus on the most noteworthy ones to glean valuable insights and lessons from.


Continue reading to discover other prominent names  that experienced security breaches, along with crucial information you should be aware of. Stay informed and learn from these incidents to protect your own data and systems.


  1. HCA Healthcare Experiences Breach


HCA Healthcare, a prominent hospital and clinic operator, recently announced that it has experienced a significant cyberattack, compromising the data of over 11 million patients. This unfortunate breach has raised concerns about the security of sensitive patient information and highlights the urgent need for better data protection measures in the healthcare industry. Just last week, IBM’s Cost of a data breach report came out proving that costs are escalating in healthcare breaches. The average cost of a studied healthcare breach reached nearly $11 million in 2023, a 53% increase since 2020. Cybercriminals targeting healthcare organizations have made stolen data more accessible to downstream victims, making medical records a high-value leverage point.


What Happened?


HCA Healthcare discovered the breach on July 5,2023, when a sample of stolen data was posted online by the suspected hacker. The company believes that the attack targeted an external storage location primarily used for email message formatting. As an immediate containment measure, the company disabled user access to this location.


Who Was Affected? 


Patients from 20 states, including California, Florida, Georgia, and Texas, have been affected by the breach, which ranks among the largest healthcare data breaches in history. The compromised data includes patients’ names, partial addresses, contact information, and upcoming appointment dates. Additionally, information such as email addresses, telephone numbers, date of birth, and gender was accessed by the hackers.


With the scale of this data breach impacting millions of patients, HCA Healthcare faces a significant challenge in safeguarding sensitive information. As investigations continue, it serves as a reminder to healthcare organizations to strengthen their cybersecurity protocols to protect patients’ data and maintain their trust in an increasingly digital world.


  1. Rite Aid Data Breach Exposes Customer Information


Rite Aid, a popular pharmacy chain in America, recently announced a data breach that may have exposed personal information of its customers. The breach, caused by an unknown third party exploiting a software vulnerability, occurred on May 27. Although sensitive data like Social Security numbers and credit card numbers were not accessed, Rite Aid is taking proactive steps to address the situation and notify affected customers.


The Breach Incident:


On May 31, one of Rite Aid’s vendor partners informed the company about the data breach. In response, Rite Aid took swift action by updating its systems and the vendor’s software to prevent further exploitation of the vulnerability. During this process, the company discovered that specific files containing customer information had been accessed during the breach. The information accessed by the unknown party included the following:


  • Patient First and Last Name

  • Date of Birth

  • Address

  • Prescription Information

  • Limited Insurance Information

  • Cardholder ID

  • Plan Name



The Rite Aid data breach serves as a reminder that security assessments are essential for catching vulnerabilities, whether it be your direct company, or your vendors. While the company has taken swift action to address the situation, affected customers should remain vigilant and take appropriate measures to protect their personal information. 



  1. A New Malware is Making Headlines


The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has reported the discovery of a new malware strain known as Submarine, which was used to backdoor Barracuda ESG (Email Security Gateway) appliances on federal agencies’ networks. 

Barracuda provides services and products to over 200,000 organizations worldwide, including prominent entities like Samsung, Delta Airlines, Kraft Heinz, and Mitsubishi.


The attack was carried out by a suspected pro-China hacker group known as UNC4841 and involved exploiting a now-patched zero-day vulnerability.


In May, a series of data-theft attacks was detected on Barracuda ESG appliances, but it was later revealed that the attacks had been active since at least October 2022. The attackers utilized the CVE-2023-2868 remote command injection zero-day to drop previously unknown malware named Saltwater and SeaSpy, as well as a malicious tool called SeaSide. These were used to establish reverse shells for easy remote access.


Barracuda took an unconventional approach last month by offering replacement devices to all affected customers at no charge. The decision came after the company issued a warning that compromised ESG appliances needed immediate replacement, rather than just re-imaging them with new firmware, as they couldn’t guarantee complete malware removal.


Now, CISA has disclosed the existence of the Submarine malware, also known as DepthCharge by Mandiant, the incident response division of FireEye. Submarine is a multi-component backdoor residing in a Structured Query Language (SQL) database on the ESG appliance. It serves various purposes, such as detection evasion, persistence, and data harvesting.CISA’s malware analysis report stated, “SUBMARINE is a novel persistent backdoor that lives in a Structured Query Language (SQL) database on the ESG appliance. SUBMARINE comprises multiple artifacts that, in a multi-step process, enable execution with root privileges, persistence, command and control, and cleanup.” The report also mentioned that sensitive information was found in the compromised SQL database.


In response to Barracuda’s remediation actions, the threat actors employed the Submarine malware as an additional measure to maintain persistent access on customer ESG appliances. Barracuda maintains that the malware was present on a small number of already compromised ESG appliances. Barracuda’s recommendation to customers remains unchanged. Those with compromised ESG appliances should discontinue their use and contact Barracuda support to obtain a new ESG virtual or hardware appliance.


CISA has warned that the Submarine malware poses a significant threat for lateral movement within affected networks. 


  1. Estée Lauder Faces Data Breach and Ransomware Attack


Estée Lauder recently experienced a data breach and ransomware attack, but the company has been tight-lipped about the specifics of the incident. The beauty giant acted proactively by taking down some systems to prevent further expansion of the attack on their network. It appears that the CL0P ransomware gang gained unauthorized access to Estée Lauder by exploiting a vulnerability in the MOVEit Transfer platform used for secure file transfers. The threat actor took advantage of the vulnerability when it was still a zero-day in late May and claimed to have breached numerous companies for the purpose of data theft and extortion.


On their data leak site, the Clop ransomware gang publicly listed Estée Lauder as one of their victims. The gang criticized the company, accusing them of neglecting their customers’ security. They claimed to have over 131GB of Estée Lauder’s data in their possession. Another ransomware group, BlackCat, also added Estée Lauder to their list of victims. However, unlike Clop, BlackCat expressed dissatisfaction with the company’s silence in response to their extortion emails. BlackCat attempted to initiate negotiations with Estée Lauder by reaching out to their corporate and personal email addresses but received no response from the company.


Notably, BlackCat claimed that they did not encrypt any of Estée Lauder’s systems, but they threatened to reveal more details about the stolen data unless negotiations were initiated. The potential exposure of sensitive information could affect customers, company employees, and suppliers. The attack has caused significant disruption to parts of the company’s business operations, as stated in their SEC filing.



  1. Google Cloud Build Vulnerability Raises Supply Chain Attack Concerns


A vulnerability in Google Cloud Build, known as Bad.Build, has raised concerns about potential supply chain attacks for organizations using the Artifact Registry as their primary or secondary image repository. Security researchers from Orca Security and Rhino Security Lab independently reported the issue.


Orca Security researcher Roi Nisimi highlighted that the vulnerability allows attackers to escalate privileges by exploiting the cloudbuild.builds.create permission. This could enable attackers to tamper with Google Kubernetes Engine (GKE) docker images using artifactregistry permissions and run code inside the docker container with root privileges.


After the issue was reported, the Google Security Team implemented a partial fix by revoking the logging.privateLogEntries.list permission from the default Cloud Build Service Account. However, this measure didn’t directly address the underlying vulnerability in the Artifact Registry, leaving the privilege escalation vector and the supply chain risk still intact.


Google Cloud Build customers are advised to modify the default Cloud Build Service Account permissions to match their specific needs and remove entitlement credentials that go against the Principle of Least Privilege (PoLP) to mitigate the privilege escalation risks.


Supply chain attacks have had far-reaching consequences in recent cybersecurity incidents like the SolarWinds, 3CX, and MOVEit attacks. Therefore, organizations using Google Cloud Build need to be vigilant and implement cloud detection and response capabilities to identify anomalies and reduce the risk of potential supply chain attacks.


In response to the discovery, a Google spokesperson expressed appreciation for the researchers’ efforts and confirmed that a fix based on their report had been incorporated in a security bulletin issued in early June. Google also emphasized its commitment to identifying and addressing vulnerabilities through its Vulnerability Rewards Program.



As I wrap up this month’s breach blog, I must address IBM Security’s annual “Cost of a Data Breach Report.” The report reveals that the global average cost of a data breach has reached an all-time high of $4.45 million in 2023, marking a 15% increase over the past three years. Below I’ve outlined key findings. 


Key Highlights From the Report:


AI and Automation Accelerate Breach Identification and Containment: Organizations extensively employing AI and automation experienced a significantly shorter data breach lifecycle, reducing it by 108 days compared to organizations not leveraging these technologies (214 days vs. 322 days). This reduction resulted in nearly $1.8 million in lower data breach costs, making AI and automation the most impactful cost-saving measures identified in the report.


Silence is Costly in Ransomware Attacks:


Ransomware victims who involved law enforcement in their response saved an average of $470,000 in breach costs compared to those who chose not to involve law enforcement. Despite this potential benefit, 37% of the ransomware victims studied did not engage law enforcement during an attack, leading to longer breach lifecycles and increased costs.


Detection Gaps Persist:

Only one-third of the studied breaches were discovered by the organization’s own security team, while 27% were disclosed by the attacker, and 40% were disclosed by neutral third parties like law enforcement. Breaches identified by the organizations themselves incurred nearly $1 million less in breach costs compared to those disclosed by the attackers. This is where conducting regular assessments comes into play. The report emphasizes that early detection and rapid response are crucial in reducing the impact of a breach. Organizations are encouraged to invest in threat detection and response approaches, to bolster their cybersecurity defenses.



While this month’s update is on the longer side, I hope you’ve learned and realized just how important conducting regular security checks is for your business and entire supply chain. Findings automates assessment and audit processes, to help you stay compliant, while ensuring that your supply chain is secure. 


Learn More About Our Solutions


Cyber Attacks, Supply Chain Security

Data Breaches and Cyber Attacks Round Up: June 2023

Posted on by Or Kadosh
Findings.co data breaches and cyber attacks in review june 2023
04
Jul

In a world where technology reigns supreme and cyber crime lurks around every digital corner, organizations find themselves locked in a never-ending battle to protect their precious data. From the daring MOVEit vulnerability that left organizations trembling, to the turbulence in the airline industry caused by data breaches, and even a ransomware attack on a tech titan. Buckle up and get ready to explore these hair-raising incidents that prove cybersecurity is no joke in the fast-paced digital age. It’s time to dive into the data breaches and cyber attacks that organizations faced in June 2023. 



MOVEit:


Recently, a significant incident involving the MOVEit vulnerability and data extortion has had a global impact on numerous organizations. Exploiting a vulnerability in Progress Software’s widely-used MOVEit file transfer application, criminals targeted organizations, particularly those within supply chains utilizing the app, resulting in data breaches and the theft of customer and/or employee data.


In more detail, Progress Software Corporation, a company specializing in software and services for user interface development, devops, and file management, issued a warning to its customers regarding a critical vulnerability called CVE-2023-34362. The vulnerability affects the MOVEit Transfer and MOVEit Cloud products, which provide a secure and convenient way to store and share files within teams, departments, companies, and supply chains. MOVEit Transfer’s web-based front end, designed to simplify file sharing and management through a web browser, was discovered to have a SQL injection vulnerability. This vulnerability occurs when an HTTP request sent to a web server is improperly converted into a database query, leaving the server open to manipulation. Attackers can inject malicious commands through URLs, potentially leading to data loss or unauthorized access. Progress Software released patches for the affected versions of MOVEit, but unauthorized commands may have been injected before the patch, resulting in data compromise. To mitigate the risk, Progress recommends ensuring that all instances of MOVEit software are patched, disabling the web-based interfaces if patching is not immediately possible, monitoring logs for suspicious activities, and adopting secure programming practices such as input sanitization and parameterized queries to prevent SQL injection attacks.



Additional Victims of the MOVEit Hack:


The total number of impacted organizations has come to over 130, affecting over 16 million individuals. Brett Callow, a threat analyst at cybersecurity firm Emsisoft, has so far identified around 138 organizations that have fallen victim to the campaign, resulting in the compromise of personal information for over 15 million people. It is expected that these numbers will rise as more victims come forward. The cybercrime group, believed to have ties to Russia and known for their use of the Cl0p ransomware, has claimed responsibility for the attack. They boast being the sole threat actor aware of the MOVEit zero-day exploit before it was patched. Recently, they have started naming organizations that have refused to pay their ransom demands or engage in negotiations. 


Their list includes notable entities such as Shell, Siemens Energy, Schneider Electric, UCLA, Sony, EY, PwC, Cognizant, AbbVie, Kirkland & Ellis, and K&L Gates. Siemens Energy and Schneider Electric have confirmed being targeted. UCLA acknowledged the exploitation of the vulnerability but clarified that it does not classify the incident as a ransomware attack, likely because no file-encrypting malware was employed and there is no evidence of other system compromises on campus. Government organizations, including the US Department of Energy and the Health Department, have also been affected. The New York City Department of Education, the Oregon DMV, the National Student Clearinghouse, and associated schools have reported being victims as well. The cybercriminals, however, claimed on their website that they have deleted data from over 30 government-related organizations as their focus is purely financial and not interested in such entities. Gen Digital, the parent company of renowned cybersecurity brands including Avast, Avira, AVG, Norton, and LifeLock, has also officially acknowledged that the personal information of its employees was compromised during the recent MOVEit ransomware attack. 


As you can tell, this recent MOVEit data breach has had a domino effect.  The personal information of approximately 769,000 retired members of CalPERS, the California Public Employees’ Retirement System. The breach also affected 415,000 members and beneficiaries of CalSTRS, the California State Teachers’ Retirement System. The breach was reported by CalPERS after their third-party vendor, PBI Research Services, discovered a vulnerability in their MOVEit Transfer Application. The vulnerability allowed unauthorized access to sensitive data such as names, dates of birth, Social Security numbers, and even the names of family members of the affected members. CalPERS is the largest public pension fund in the United States, serving over 2 million members in its retirement system and more than 1.5 million in its health program. CalSTRS, on the other hand, is the second-largest public pension fund in the country and the largest retirement system for teachers, serving more than 947,000 members.


American Airlines:


American Airlines and Southwest Airlines, two major global airlines, have recently reported data breaches resulting from a security incident involving Pilot Credentials, a third-party vendor responsible for managing pilot applications and recruitment portals for multiple airlines. Both airlines were notified about the incident on May 3, clarifying that the breach was limited to the systems of the third-party vendor and did not impact their own networks or systems. The unauthorized individual behind the breach gained access to Pilot Credentials’ systems on April 30 and stole documents containing information submitted by certain applicants during the pilot and cadet hiring process.


American Airlines stated that the breach affected 5,745 pilots and applicants, while Southwest reported a total of 3,009 affected individuals. The compromised data included personal information such as names, Social Security numbers, driver’s license numbers, passport numbers, dates of birth, Airman Certificate numbers, and other government-issued identification numbers. It’s worth noting that American Airlines has experienced previous data breaches, including one in September 2022 resulting from a phishing attack and another in March 2021 due to a breach in SITA’s Passenger Service System, which affected multiple airlines globally.



Taiwan Semiconductor Manufacturing Company (TSMC):


The world’s largest contract chipmaker, has confirmed a data breach after being targeted by the LockBit ransomware gang. The gang, linked to Russia, listed TSMC as a victim and demanded a $70 million ransom. TSMC stated that the breach did not impact its business operations or compromise customer information. The incident originated from a cybersecurity breach at one of TSMC’s IT hardware suppliers, Kinmax Technology. TSMC terminated its data exchange with Kinmax and assured that customer information remains secure. Kinmax also apologized for the incident and indicated that other customers may have been affected. The breach follows recent arrests related to LockBit ransomware attacks. Taiwan Semiconductor Manufacturing Company (TSMC), a major semiconductor supplier for Apple, recently attributed a data breach and subsequent $70 million ransom demand from the LockBit ransomware group to a third-party IT hardware supplier. TSMC confirmed the security incident but refrained from disclosing the specific data accessed or held for ransom by LockBit actors. The company assured that the breach did not impact its business or customer information. TSMC identified the third-party supplier as Kinmax Technology, an Hsinchu-based systems integrator known to collaborate with various technology companies. It remains uncertain if other customers were affected by the attack.


The National Hazard Agency, a subgroup of LockBit, set a deadline of August 6 for TSMC to pay the ransom, threatening to publicly release the stolen data. The threat actors also claimed to possess “points of entry” to TSMC’s network, along with login credentials, which are valuable to cyberattackers. TSMC reported robust financial figures for 2022, making it an enticing target. Following the incident report, TSMC conducted a thorough review of its hardware components and security configurations, discontinuing data exchange with Kinmax and reinforcing security measures. The company emphasized its commitment to raising security awareness among suppliers and ensuring compliance with its security requirements.


Kinmax, the implicated IT supplier, downplayed the breach, stating that the intruder accessed system installation preparation information in the engineering test environment, which was unrelated to customers’ actual applications. Kinmax expressed regret and extended apologies to affected customers, mentioning enhanced security measures implemented to prevent future incidents.


TSMC’s breach highlights the growing trend of third-party compromises leading to data breaches in various organizations. It coincides with reports of organizations falling victim to the Cl0p ransomware gang due to a vulnerability in the widely used MOVEit Transfer app by Progress Software. The Biden administration’s cybersecurity executive order in May 2021 has underscored the significance of securing IT supply chains.


Microsoft:


In early June 2023, Microsoft encountered a surge in traffic that affected the availability of some services. To address this issue, Microsoft promptly launched an investigation and began monitoring ongoing Distributed Denial-of-Service (DDoS) activity conducted by a threat actor known as Storm-1359. These attacks seem to rely on the utilization of multiple virtual private servers (VPS), rented cloud infrastructure, open proxies, and DDoS tools. No evidence suggests that customer data has been accessed or compromised during these recent DDoS attacks. The focus of these DDoS attacks was primarily on layer 7 rather than layer 3 or 4. To enhance customer protection against similar DDoS attacks, Microsoft has fortified its layer 7 defenses by optimizing the Azure Web Application Firewall (WAF). While these measures have proven effective in mitigating most disruptions, Microsoft consistently evaluates the performance of its defenses and incorporates lessons learned to further refine and enhance their effectiveness.


Customers are advised to review the technical details and recommended actions provided in this blog to bolster the resilience of their environments and mitigate the impact of comparable attacks.


Technical Details:

Microsoft’s assessment reveals that Storm-1359 possesses a collection of botnets and tools that enable the threat actor to launch DDoS attacks from various cloud services and open proxy infrastructures. Storm-1359 appears to be primarily focused on causing disruption and gaining publicity.


Storm-1359 has been observed employing different types of layer 7 DDoS attack traffic, including:


HTTP(S) flood attack: This attack exhausts system resources by inundating them with a high volume of SSL/TLS handshakes and HTTP(S) requests. The attacker distributes a large number of HTTP(S) requests from different source IPs across the globe, overwhelming the application’s backend and depleting compute resources (CPU and memory).


Cache bypass: This attack attempts to bypass the Content Delivery Network (CDN) layer, potentially overwhelming the origin servers. The attacker sends a series of queries against generated URLs, causing the frontend layer to forward all requests to the origin instead of serving cached content.


Slowloris: In this attack, the client establishes a connection with a web server, requests a resource (e.g., an image), but intentionally fails to acknowledge or accepts the download slowly. This forces the web server to keep the connection open and retain the requested resource in memory.


Recommendations – Layer 7 DDoS Protection Tips:


To mitigate the impact of layer 7 DDoS attacks, Microsoft recommends that customers consider the following measures:


Utilize layer 7 protection services like Azure Web Application Firewall (WAF) (available with Azure Front Door, Azure Application Gateway) to safeguard web applications.


When using Azure WAF:


Employ the bot protection managed rule set, which provides defense against known malicious bots. For more information, refer to the configuration instructions for bot protection.

Block IP addresses and ranges that you identify as malicious. Examples of how to create and use custom rules can be found in the provided resources.

Consider blocking, rate limiting, or redirecting traffic from outside or within defined geographic regions to a static webpage. Refer to the examples in the provided resources for more information on creating and using custom rules.

Create custom WAF rules that automatically block and rate limit HTTP or HTTPS attacks with known signatures.


DMPS:


Des Moines Public Schools is currently contacting approximately 6,700 individuals to inform them about a data security event that occurred earlier this year. This incident, which occurred in January, involved a cyberattack on the school district and may have led to the potential exposure of personal information belonging to those affected. 


The cyberattack on DMPS also involved a ransom demand. However, in accordance with the advice of cybersecurity experts and considering the best interests of the school district and community, no ransom has been or will be paid in response to this attack.


And speaking of schools, the university of Manchester also recently disclosed a breach. In the week starting on June 6th, the University received news of a cyber incident, where unauthorized individuals gained access to certain systems and likely copied data. Our dedicated team of experts, both internal and external, is diligently working day and night to address this incident and determine the extent of the data accessed. Our main focus is to swiftly resolve this situation and promptly inform those affected. We are allocating all possible resources towards achieving these objectives.



Cybersecurity is Essential:


The incidents surrounding MOVEit, American Airlines, TSMC and Microsoft serve as stark reminders of the importance of cybersecurity in our fast-paced digital age. These incidents underscore the serious and ongoing nature of cybersecurity threats, reminding organizations to remain vigilant, strengthen their defenses, and prioritize the safeguarding of valuable data in the digital landscape. 





Discover How Findings Can Help



Cyber Attacks

The Dark Side of Ransomware Attacks

Posted on by Or Kadosh
The Dark Truth Behind Ransomware
23
Jun


Ransomware attacks have become an alarming threat in our increasingly digital world. As cybercriminals employ sophisticated techniques to exploit vulnerabilities, the consequences are felt by individuals, businesses, and even entire nations. In this blog post, we will delve into the dark side of today’s ransomware attacks, exploring the alarming trends and consequences that accompany these malicious acts.


The Rising Sophistication of Ransomware Attacks


Over time, ransomware attacks have evolved into more intricate and advanced operations. Cybercriminals now employ sophisticated tactics to maximize their impact. Spear-phishing, where attackers carefully craft personalized emails to trick victims into revealing sensitive information or downloading malware, has become a prevalent method. Additionally, zero-day exploits, which target software vulnerabilities unknown to the vendor, provide attackers with an advantage. Encryption algorithms used by ransomware have also become increasingly complex, making it extremely challenging for victims to recover their data without paying a hefty ransom. The complexity and ever-evolving nature of these attacks have made them a formidable menace.


Devastating Impact on Individuals and Businesses


The consequences of ransomware attacks are devastating for both individuals and businesses. Personal files, sensitive data, and intellectual property can be irreversibly encrypted or stolen, leading to significant financial losses and emotional distress for individuals. Businesses, on the other hand, face even more severe repercussions. Operational disruptions caused by ransomware attacks can halt critical processes, leading to significant financial losses. Moreover, the reputational damage resulting from an attack can have long-lasting effects, causing a loss of customer trust and potential bankruptcy.


Here are some notable examples of destructive ransomware strains witnessed in recent years:


CryptoLocker (2013): CryptoLocker emerged in September 2013 and caused widespread havoc until its neutralization in May 2014 by an international cybersecurity task force. Its propagation was facilitated through the extensive Gameover ZeuS botnet.



Petya (2016) & NotPetya (2017): The Petya ransomware family first emerged in 2016, but it was the devastating NotPetya strain that garnered widespread attention in 2017. NotPetya caused more than $10 billion in damages across Europe and the US.


WannaCry (2017): In May 2017, the WannaCry ransomware launched a highly impactful attack, infecting over 230,000 computers in 150 countries within a single day. The resulting damage and cleanup expenses were estimated to reach $4 billion.


DarkSide (2020): DarkSide gained notoriety in 2020 and 2021 for their RaaS model, which resulted in significant ransomware attacks and extortion demands. Although they claimed to avoid targeting government and healthcare entities, the group was responsible for the 2021 Colonial Pipeline attack, which disrupted fuel supplies across the US East Coast.


Nvidia (2022): In 2022, Nvidia, the semiconductor giant, was hit by a ransomware attack. Employee credentials and data were leaked online. The hacking group Lapsus$ claimed responsibility, demanding a $1 million ransom and a percentage of fees.


By highlighting these significant instances of ransomware, it becomes evident that this form of cyber threat has evolved over time, growing in complexity and impact.


Targeting Critical Infrastructure


The dark side of ransomware attacks extends beyond individual targets to critical infrastructure. In recent years, cybercriminals have shown an increased interest in targeting hospitals, energy grids, transportation systems, and government institutions. The motivation behind these attacks is not only to compromise sensitive data but also to put lives at risk and disrupt essential services. The consequences of successful attacks on critical infrastructure can be dire, underscoring the urgent need for robust cybersecurity measures to protect these vital systems.


Ransomware as a Service (RaaS)


The advent of ransomware-as-a-service has further exacerbated the threat landscape. Cybercriminals now offer ready-to-use ransomware kits to aspiring attackers, enabling them to execute sophisticated attacks without advanced technical skills. This commodification of ransomware has significantly contributed to its widespread proliferation and increased the number of potential attackers. The availability of RaaS lowers the entry barrier for cybercriminals and poses a challenge for law enforcement agencies and cybersecurity professionals.


Evolving Payment Methods and Cryptocurrencies


To facilitate ransom payments while maintaining anonymity, cybercriminals have turned to cryptocurrencies like Bitcoin. These decentralized digital currencies allow transactions to occur without being easily traceable. The use of cryptocurrencies complicates law enforcement efforts, as traditional financial institutions have limited visibility into these transactions. The relative anonymity offered by cryptocurrencies enables cybercriminals to operate with a reduced risk of detection and apprehension, adding to the challenges faced by authorities in combating ransomware attacks.


Collateral Damage and Hidden Costs


Beyond the immediate impact of ransomware attacks, there are hidden costs and collateral damage that organizations must face. The financial burden associated with incident response, recovery efforts, and potential legal actions can be significant. Furthermore, the loss of customer trust and diminished market reputation can have long-lasting effects on businesses, amplifying the damage caused by these attacks. Rebuilding trust and restoring operations after an attack can be a lengthy and costly process.


Urgent Need for Cybersecurity Collaboration and Proactive Measures


Today’s sophisticated ransomware attacks pose a severe and escalating threat to individuals, businesses, and critical infrastructure. The dark side of these attacks encompasses the rising sophistication of techniques, the devastating impact on victims, the targeting of critical infrastructure, the accessibility of ransomware-as-a-service, the use of cryptocurrencies, and the hidden costs incurred. To mitigate this menace, it is crucial to prioritize cybersecurity measures, stay informed about emerging threats, and foster collaborations to combat this growing cyber threat landscape. Proactive measures such as regular software updates, employee training on cybersecurity best practices, and robust incident response plans are essential for organizations to defend against these ever-evolving ransomware attacks. By working together, we can make significant strides in protecting ourselves and our digital assets from the dark side of ransomware attacks.




Contact Us

Cyber Attacks, Supply Chain Security

Top Cyber Attacks and Data Breaches: May 2023 Round Up

Posted on by Or Kadosh
May 2023 data breaches
07
Jun

In an era dominated by digital connectivity, the frequency and impact of data breaches continue to escalate, leaving individuals and organizations vulnerable to devastating consequences. From state-sponsored hacking campaigns to opportunistic cybercriminals, the realm of data security is constantly under siege. Recent events have once again thrust data breaches into the spotlight, as major corporations and industry giants grapple with the aftermath of malicious intrusions. In this blog post, I will delve into a series of alarming incidents that have unfolded in May 2023, shedding light on the tactics employed, the extent of compromised information, and the potential ramifications for affected individuals and businesses. Brace yourself for an eye-opening exploration of the evolving threat landscape as we navigate the treacherous waters of data breaches and their far-reaching impact.


  1. On May 24,2023, Microsoft reported that it found targeted malicious activity by Volt Typhoon, a state-sponsored group from China, aiming to access unauthorized credentials and explore critical infrastructure networks in the US. This campaign supposedly  intends to disrupt communication infrastructure between the US and Asia during future crises. Volt Typhoon has been active since mid-2021, primarily targeting critical infrastructure organizations in Guam and other US regions across various sectors. They employ stealth techniques, living-off-the-land methods, and manipulate systems using command line instructions. The threat actor maintains persistent access and attempts to conceal their activities by routing network traffic through compromised SOHO network equipment. 


  1. Sysco, a major U.S. multinational food distribution corporation, recently revealed that approximately 126,243 current and former employees may have had their sensitive data accessed and acquired in a cyberattack that took place in January. According to notification letters sent to affected individuals, Sysco’s systems were initially breached on January 14, but the intrusion was only discovered nearly two months later. The company assured that its operational systems, business functions, and customer services remained unaffected by the breach. While specific details about the data accessed for each individual are yet to be confirmed, Sysco stated that the compromised information may include personal data provided for payroll purposes, such as names, Social Security numbers, account numbers, or similar information. 


  1. On May 26, 2023, Managed Care of North America (MCNA) Dental published a data breach notification on its website, informing approximately 9 million patients that their personal data was compromised. MCNA Dental is one of the largest government-sponsored (Medicaid and CHIP) dental care and oral health insurance providers in the U.S. On March 6, 2023, the insurance provider discovered unauthorized activity in their computer system. They took immediate action to halt the activity and initiated an investigation with the assistance of a specialized team. It was determined that an unauthorized user was able to access and make copies of certain information between February 26, 2023, and March 7, 2023. The potentially compromised information includes contact details such as first and last name, address, date of birth, phone number, and email address. Social Security numbers, driver’s license numbers or other government-issued ID numbers were also accessed. Additionally, health insurance information such as plan details, insurance company information, member numbers, and Medicaid-Medicare ID numbers may have been involved. Specific information related to dental care, including visits, dentist and doctor names, past treatments, x-rays/photos, prescribed medicines, and treatment details, as well as bills and insurance claims, were also potentially exposed. 


  1. NextGen Healthcare, a vendor of cloud-based electronic health records, has been informing over 1 million individuals about a data compromise that involves the unauthorized acquisition of login credentials. This incident marks at least the second alleged data security breach that the company has probed since January. The company explained an unknown third-party gained unauthorized access to a limited set of personal data between March 29, 2023, and April 14, 2023. The accessed information includes names, dates of birth, addresses, and social security numbers. Out of the 198 significant breaches of health data that have been reported on the Department of Health and Human Services’ HIPAA Breach Reporting Tool website in 2023, impacting a total of 17.4 million individuals, it has been disclosed that at least 75 of these incidents affecting 9.8 million individuals were reported to involve business associates. Approximately 38% of the major health data breaches reported on the HIPAA Breach Reporting Tool website in 2023 involved vendors and other business associates. Interestingly, despite accounting for a smaller proportion of breaches, these incidents were responsible for impacting 56% of the individuals affected by breaches in the healthcare sector.


  1. Luxottica, the world’s largest eyewear company known for brands like Ray-Ban, Oakley, and Chanel, has officially confirmed a data breach that occurred in 2021 via BleepingComputer. The breach exposed the personal information of approximately 70 million customers when a database was recently made available for free on hacking forums. Luxottica revealed that one of its partners experienced the breach, involving a security incident that affected a third-party contractor responsible for holding customer data. The exposed data includes sensitive details such as full customer names, email addresses, phone numbers, residential addresses, and dates of birth. Luxottica emphasized that financial information, social security numbers, login credentials, and other critical data that could endanger customer safety were not compromised. The FBI has made an arrest in connection with the incident, resulting in the shutdown of the website where the data was published. 


  1. On May 11, 2023, Brightly informed present and past SchoolDude users that a security incident occurred. SchoolDude is an online platform used by educational institutions for placing and tracking maintenance work orders. Information such as name, email address, account password, phone number, and school district name were potentially breached. 


  1. On May 8, 2023, Dragos, a company specializing in industrial cybersecurity, experienced a failed extortion scheme by a cybercriminal group. The group gained unauthorized access by compromising the personal email of a new sales employee, allowing them to impersonate a Dragos employee and access resources in SharePoint and the contract management system. Although they accessed a report with customer IP addresses, Dragos’ security controls prevented the threat actor from deploying ransomware or making further infrastructure changes. The cybercriminals resorted to extortion attempts, escalating their messages and contacting Dragos executives and known contacts. However, Dragos chose not to engage with the criminals and promptly activated their incident response retainer and involved their third-party MDR provider. The investigation is ongoing, but Dragos has implemented additional verification steps for their onboarding process and emphasizes identity and access management, multi-factor authentication, continuous monitoring, and incident response preparedness.


In other news, in May, it was discovered that Apple banned its employees from using generative AI tools like OpenAI’s ChatGPT and GitHub’s Copilot due to concerns about potential data leaks and disclosure of sensitive information. Apple’s decision is based on the fact that OpenAI stores all user interactions by default, including conversations with ChatGPT, which are used for training and subject to moderation. While OpenAI introduced an option to disable chat history, conversations are retained for 30 days for abuse review before permanent deletion. Apple worries that employees may unintentionally reveal confidential project information within ChatGPT, which could be accessed by OpenAI moderators. Similar restrictions have been implemented by other companies like JP Morgan, Verizon, and Amazon. Despite the ban, OpenAI recently launched an iOS app for ChatGPT, making Apple’s decision notable, considering the app’s availability and future expansion plans. 


As data breaches continue to make headlines, it becomes abundantly clear that the protection of sensitive information is of paramount importance. The incidents highlighted in this blog post serve as a stark reminder that no individual or organization is immune to the persistent and ever-evolving threats posed by cybercriminals. As we move forward, it is imperative for individuals and businesses alike to prioritize robust security measures, including stringent access controls, advanced encryption protocols, and employee education programs. By staying vigilant, proactive, and informed, companies can fortify their defenses and mitigate the risks associated with data breaches. 


Learn More About Findings



Cyber Attacks, Supply Chain Security

How Hackers Are Utilizing Lateral Movements

Posted on by Or Kadosh
Findings.co explores how hackers are utilizing Lateral Movements
11
May

A Hacker’s Playground


In the world of cybersecurity, lateral movement is one of the most commonly used and destructive tactics employed by hackers. It is a technique in which an attacker who has gained access to a compromised device within a network then uses that access to move across the network, compromising other devices and systems. According to a study by VMware Contexa, 44% of intrusions include lateral movement, making it a significant threat to organizations of all sizes.


What is Lateral Movement?


Lateral movement is a technique used by hackers to gain access to additional devices and systems within a network. Once a hacker has successfully breached one device, they can use the access they have gained to move laterally across the network, potentially accessing valuable data, exfiltrating data, or deploying ransomware.


Lateral movement can take many forms, but one of the most common is the use of stolen credentials. Hackers often use phishing or other social engineering tactics to obtain user credentials, such as usernames and passwords, which they can then use to access other devices within the network. Once inside the network, the hacker can use various techniques to evade detection, such as using encryption, tunneling, or other forms of obfuscation to hide their activity.


Another common form of lateral movement is the exploitation of unpatched vulnerabilities. Hackers can use known vulnerabilities in software or systems to gain access to a device, and then use that access to move laterally across the network. In some cases, hackers may even create new vulnerabilities in the software or systems they compromise to make lateral movement easier.


Why is Lateral Movement so Dangerous?


Lateral movement is dangerous because it allows hackers to access multiple devices and systems within a network, potentially compromising valuable data and systems. This can lead to data theft, financial losses, and even system shutdowns. Lateral movement also allows hackers to “island hop” across networks, gaining access to systems in other organizations that are connected to the compromised network.


Once hackers have gained access to a network, they can use lateral movement to maintain persistence, meaning that they can continue to access the network even if some of their access points are detected and removed. This makes it more difficult for organizations to detect and remove the hackers from their networks, increasing the potential damage that can be done.


How Can Organizations Protect Themselves?


Organizations can protect themselves from lateral movement by implementing several cybersecurity best practices. One important step is to implement multi-factor authentication, an extra level of security, which requires users to provide additional forms of identification beyond just a username and password. While it isn’t completely foolproof, it can help prevent hackers from using stolen credentials to access additional devices within the network.


Another important step is to regularly patch software and systems to address known vulnerabilities. When companies stay on top of it, they can prevent hackers from using vulnerabilities to gain access to the network and move laterally across devices. Additionally, organizations should use network segmentation to limit the lateral movement of hackers. In an explanation provided by the Cybersecurity and Infrastructure Security Agency (CISA) they explain that it is “a physical or virtual architectural approach dividing a network into multiple segments, each acting as its own subnetwork providing additional security and control. Creating boundaries between the operational technology (OT) and information technology (IT) networks reduces many risks associated with the IT network, such as threats caused by phishing attacks. Segmentation limits access to devices, data, and applications and restricts communications between networks.” This can help contain the spread of a potential attack and limit the damage that can be done.


Organizations should also regularly monitor their networks for suspicious activity, such as unusual login attempts or data exfiltration. This can help identify potential breaches early on and allow organizations to take action before the damage is done.


Finally, it is important for organizations to provide regular cybersecurity training to their employees. This can help employees recognize and avoid common phishing and social engineering tactics, which are often used by hackers to obtain credentials and gain access to networks.


Key Takeaways:


It’s extremely important for organizations to take lateral movement seriously and take steps to protect themselves against this type of attack. By implementing best practices and staying vigilant, organizations can reduce the risk of a successful lateral movement attack and protect their valuable data and systems. Continuous monitoring is a cybersecurity practice that involves constantly monitoring an organization’s networks and systems for suspicious activity or threats. By implementing continuous monitoring, organizations can detect potential lateral movement attacks early on and take action before any significant damage is done.


Continuous monitoring involves the use of automated tools that can detect and alert security teams of any unusual activity on the network. This can include unexpected login attempts, unauthorized access to sensitive data, and attempts to exploit vulnerabilities in software and systems.


In addition to automated tools, continuous monitoring also involves regular human oversight and analysis. Security teams can review alerts and data logs to identify potential threats and investigate any suspicious activity. This can help identify and stop lateral movement attacks early on, before they can cause significant damage.


Overall, continuous monitoring can be a valuable tool in the fight against lateral movement attacks and other cybersecurity threats. By implementing this practice, organizations can improve their security posture and reduce the risk of a successful attack.




Learn About Our Continuous Monitoring Solution

Cyber Attacks, gdpr, security compliance, Supply Chain Security

Don’t Let Hackers In: Your Company Needs to Enforce 2FA ASAP

Posted on by Or Kadosh
what is two factor authentication? 2fa
05
May

There’s no denying it – 2FA is a game-changer. Two-factor authentication (2FA) is a security process that requires a user to provide two different factors to verify their identity. It adds an extra layer of security beyond passwords and is an important tool for companies to use to protect their sensitive information and prevent unauthorized access. In this blog post, we will explore the benefits of 2FA and look at some real-world examples of cyberattacks that could have been prevented or mitigated if 2FA had been used.


What is Two-Factor Authentication (2FA)?


2FA is a security process that requires a user to provide two different factors to verify their identity. These factors typically include something the user knows, such as a password or PIN, and something the user has, such as a security token or mobile device. By requiring two different factors, 2FA ensures that only authorized users can access systems and data, helping to prevent unauthorized access and protect against phishing attacks.


Benefits of Two-Factor Authentication (2FA):


The importance of 2FA cannot be overstated. In today’s digital landscape, cyberattacks are becoming increasingly sophisticated, and it’s becoming more difficult to protect against them. However, by implementing 2FA, companies can significantly reduce the risk of a breach occurring.


There are many benefits to using 2FA to protect sensitive information and prevent unauthorized access. Some of the key benefits include:


Increased Security:

  • 2FA adds an extra layer of security beyond passwords, making it more difficult for attackers to gain access to systems and data. By requiring two different authentication factors, 2FA ensures that only authorized users can access sensitive information, helping to prevent data breaches and other security incidents.

Protection Against Phishing Attacks: 

  • Phishing attacks are a common tactic used by cybercriminals to trick users into revealing their login credentials. 2FA can help protect against phishing attacks by requiring users to provide a second factor of authentication, making it more difficult for attackers to gain access to sensitive information.

Compliance Requirements: 

  • Many regulatory frameworks require the use of 2FA to protect sensitive information. For example, the Payment Card Industry Data Security Standard (PCI DSS) requires merchants who accept credit card payments to use multi-factor authentication for remote access to the cardholder data environment. In addition, some states have passed laws that require companies to implement 2FA in certain situations. For example, the New York State Department of Financial Services (NYDFS) Cybersecurity Regulation requires covered entities to implement multi-factor authentication for access to sensitive data and systems. Internationally, the European Union’s General Data Protection Regulation (GDPR) does not explicitly require companies to implement 2FA, but it does require companies to implement appropriate technical and organizational measures to ensure the security of personal data. The GDPR also requires companies to notify data subjects in the event of a data breach, and 2FA can be an effective means of preventing unauthorized access to personal data. Overall, while there is no universal requirement for companies to implement 2FA, many industries and regulatory bodies recognize its importance in improving security and protecting sensitive data. By implementing 2FA, companies can ensure that they are in compliance with these requirements, helping to avoid potential fines and other penalties.

Trust:

  • Enforcing 2FA builds trust with customers, who will appreciate the additional security measures in place to protect their data. 


Why 2FA isn’t enough sometimes:


The effectiveness of 2FA lies in its deployment, rather than the security measure itself. If any component of the 2FA process is compromised, it can result in a security breach. Traditional methods like phishing and social engineering are now being used to bypass 2FA more and more. As written by Steven J. Vaughan-Nichols, “In short, 2FA can’t stop human stupidity.” 


We all know that cybersecurity is no joke. That’s why 2FA is a must-have tool in any company’s arsenal to safeguard their sensitive information and prevent unwanted visitors from sneaking in. By requiring not just one, but two authentication factors, companies can ensure that only those with the key to the kingdom are granted access to their systems and data. This helps keep everything locked up tight, safe from the prying eyes of cybercriminals. Time and time again, it’s proven to be the hero we need to foil malicious attacks and protect our valuable data.



FIND OUT MORE

Cyber Attacks, security compliance, Supply Chain Security

How Security Assessments Help Prevent Breaches

Posted on by Or Kadosh
Findings.co explores how security assessments can help prevent data breaches
24
Apr

Data breaches can cause significant damage to a business, both in terms of financial losses and damage to reputation. In recent years, the number of data breaches reported has increased dramatically, with cybercriminals using increasingly sophisticated methods to gain access to sensitive data. One of the most effective ways to prevent data breaches is by conducting regular security assessments.

A security assessment is a comprehensive evaluation of an organization’s security posture. It involves reviewing all aspects of the organization’s security, including policies, procedures, infrastructure, and personnel. The goal of a security assessment is to identify vulnerabilities and weaknesses that could be exploited by an attacker. There are many types of security assessments, including vulnerability assessments, penetration testing, and risk assessments. Each of these assessments has its own unique methodology, but they all aim to achieve the same goal: to identify vulnerabilities and weaknesses in an organization’s security.

By conducting a security assessment, organizations can identify vulnerabilities before they are exploited by attackers. This allows the organization to take proactive steps to mitigate the risk of a data breach. For example, if a security assessment identifies that the organization’s password policies are weak, the organization can implement stronger policies to prevent unauthorized access.

Another benefit of conducting a security assessment is that it can help organizations comply with industry and regulatory requirements. Many industries have specific regulations that organizations must follow to protect sensitive data. By conducting a security assessment, organizations can ensure that they are meeting these requirements and avoid costly fines and legal action.

Additionally, conducting a security assessment can help organizations identify areas where they need to invest in additional security measures. For example, if a security assessment reveals that the organization’s network infrastructure is outdated, the organization can allocate resources to upgrade the infrastructure to better protect against attacks.

It’s important to note that conducting a security assessment is not a one-time event. Security threats and vulnerabilities are constantly evolving, and organizations must regularly review and update their security measures to stay ahead of attackers.

Why are Security Assessments Important?

Security assessments are essential for preventing data breaches because they help organizations identify vulnerabilities before they are exploited by attackers. By conducting a security assessment, organizations can take proactive steps to mitigate the risk of a data breach.

For example, a vulnerability assessment can identify vulnerabilities in an organization’s software or hardware systems. These vulnerabilities could be used by an attacker to gain unauthorized access to sensitive data. By identifying these vulnerabilities, organizations can take steps to patch or fix them before an attacker can exploit them.

Similarly, a penetration test can simulate an attack on an organization’s systems to identify weaknesses that could be exploited by an attacker. By conducting a penetration test, organizations can identify vulnerabilities and weaknesses in their systems and take steps to improve their security.

Security assessments are also important for helping organizations comply with industry and regulatory requirements. Many industries have specific regulations that organizations must follow to protect sensitive data. By conducting a security assessment, organizations can ensure that they are meeting these requirements and avoid costly fines and legal action.

Examples of Security Assessments in Action:

Now that we’ve explored why security assessments are important, let’s take a look at some examples of how they’ve helped organizations prevent data breaches.breaches.

Example 1: Target Data Breach

In 2013, retail giant Target suffered a massive data breach that compromised the personal and financial information of millions of customers. The breach was caused by a vulnerability in Target’s payment system that was exploited by attackers.

Following the breach, Target conducted a security assessment to identify the root cause of the attack and prevent future breaches. The assessment identified a number of vulnerabilities in Target’s systems, including weaknesses in the company’s password policies and network segmentation.

Based on the findings of the assessment, Target implemented a number of security measures, including two-factor authentication for remote access, improved password policies, and increased network segmentation. These measures helped to prevent future data breaches at Target.

Example 2: Equifax Data Breach

In 2017, credit reporting agency Equifax suffered a data breach that exposed the personal and financial information of over 140 million customers. The breach was caused by a vulnerability in Equifax’s web application software that was exploited by attackers.

Following the breach, Equifax conducted a security assessment to identify the root cause of the attack and prevent future breaches. The assessment identified a number of vulnerabilities in Equifax’s systems, including weaknesses in the company’s patch management processes and web application security.

Based on the findings of the assessment, Equifax implemented a number of security measures, including improved patch management processes, enhanced web application security, and increased employee training on cybersecurity best practices. These measures helped to prevent future data breaches at Equifax.

Example 3: University of Virginia Data Breach

In 2014, the University of Virginia suffered a data breach that exposed the personal and financial information of over 18,000 current and former employees. The breach was caused by a vulnerability in the university’s payroll system that was exploited by attackers.

Following the breach, the university conducted a security assessment to identify the root cause of the attack and prevent future breaches. The assessment identified a number of vulnerabilities in the university’s systems, including weaknesses in the company’s patch management processes, access controls, and network security.

Based on the findings of the assessment, the university implemented a number of security measures, including improved patch management processes, enhanced access controls, and increased network security. The university also provided additional cybersecurity training to its employees to help prevent future data breaches.

As we’ve seen in these examples, security assessments can be a powerful tool for preventing data breaches. By identifying vulnerabilities and weaknesses in an organization’s security posture, organizations can take proactive steps to mitigate the risk of a data breach. This can include implementing security measures such as two-factor authentication, improved password policies, enhanced patch management processes, and increased employee training on cybersecurity best practices.

In addition to preventing data breaches, security assessments can also help organizations comply with industry and regulatory requirements. By conducting a security assessment, organizations can ensure that they are meeting these requirements and avoid costly fines and legal action.

Ultimately, conducting regular security assessments is essential for any organization that wants to protect its sensitive data from cybercriminals. By taking proactive steps to identify and address vulnerabilities, organizations can help prevent data breaches and protect the privacy and security of their customers and employees.



Automate Your Assessments Today

Cyber Attacks, Privacy, Supply Chain Security

What is Edge Computing?

Posted on by Or Kadosh
Findings.co explains the positives and negatives of edge computing
19
Apr


Edge computing is a growing trend in the field of network technology that is changing the way data is processed and analyzed. Instead of relying solely on a centralized server to process data, edge computing brings processing capabilities closer to the source of the data, or the “edge” of the network. This allows for more efficient and effective data processing and analysis, as well as increased performance and reduced latency.


Edge computing has become increasingly popular due to the rise of the Internet of Things (IoT) and other connected devices. These devices generate a vast amount of data that needs to be processed and analyzed in real-time, and edge computing provides a way to do this without overburdening centralized servers.


In essence, edge computing enables smart apps and IoT sensors to perform real-time functions by addressing three related challenges:

  • Remote device connectivity to a network

  • Slow data processing caused by network or computing limitations

  • Edge devices that create network bandwidth issues


By processing data closer to the source (at the edge of the network), edge computing can overcome these challenges and improve efficiency, reduce latency, and enhance the overall performance of the system. This allows for faster and more reliable data processing, making real-time functionality possible.


One of the main benefits of edge computing is improved efficiency. By processing data at the edge, devices can perform some of the computing tasks that would otherwise require a more powerful centralized server. This not only reduces the workload on the server but also reduces the amount of data that needs to be transmitted over the network, resulting in faster processing times and lower latency. Microsoft Azure shared a great example of this, writing, “A security camera in a remote warehouse uses AI to identify suspicious activity and only sends that specific data to the main datacenter for immediate processing. So, rather than the camera burdening the network 24 hours per day by constantly transmitting all of its footage, it only sends relevant video clips. This frees up the company’s network bandwidth and compute processing resources for other uses.” 


Of course, however, there are several risks associated with edge computing. One of the most significant risks is security. With data being processed and stored at multiple edge devices, it can be more challenging to secure the network against potential attacks. This is especially true when it comes to securing data in transit between edge devices and central servers.


Another risk is data privacy. Edge computing involves collecting and processing large amounts of data, which can potentially be used to identify individuals or groups. One of the primary concerns is that edge computing may collect and process personal data, such as personally identifiable information (PII), biometric data, or sensitive information related to health, financial, or other personal matters. This raises concerns about the potential for misuse or unauthorized access to personal information. Another data privacy risk associated with edge computing is the potential for data breaches or cyberattacks. Since edge devices are distributed and may not have the same level of security measures as centralized servers, they may be more vulnerable to attacks. Moreover, edge devices may transmit data over insecure networks or unsecured channels, further increasing the risk of interception or data leakage.


Network connectivity is another potential risk. Edge computing relies on stable and fast network connectivity between edge devices and central servers. If the network connection is unreliable or slow, it can negatively impact the performance of the entire system.


Compatibility issues can also arise with edge computing. Edge devices may be running different operating systems and software, which can create compatibility issues when it comes to integrating them with other devices and central servers.


Finally, managing and maintaining edge devices can be challenging. This includes firmware updates, security patches, and troubleshooting issues. This can be especially problematic in large-scale deployments with many devices spread out over a wide area.


Despite these risks, the benefits of edge computing make it an increasingly popular technology for organizations looking to improve their data processing and analysis capabilities. As the technology continues to evolve, it is likely that many of these risks will be mitigated, making edge computing an even more attractive option for businesses and organizations of all sizes. 


Noting the security issues is important to prevent detrimental damages to companies. To mitigate these data privacy risks, organizations must implement privacy-by-design principles in their edge computing solutions. This includes conducting privacy impact assessments (PIAs) to identify potential privacy risks and implementing technical and organizational measures to address them. Additionally, companies must ensure that they obtain valid user consent for collecting and processing personal data and that they adhere to data protection regulations. Encryption and other security measures should also be implemented to protect data both in transit and at rest, and data monitoring and auditing processes should be in place to detect and respond to security incidents.






See How Findings Can Help You Monitor Your Systems

Findings.co
Company
Products
Solutions
Media Room
Guides
Company
About
Privacy Policy
Terms of Use
Contact Us
FAQs
Sitemap
Products
Vendors
Enterprise
Partners
Vendors index
Solutions
Cyber security
ESG
Cloud Monitoring
Continuous Monitoring
Media Room
Blogs
Press Room
Guides
What is vendor risk management?
The Findings CMMC compliance checklist
4 ESG Best Practices for Energy Efficiency
Supply Chain Risk Monitoring as a Service
Join us today
Supply Chain Risk Monitoring as a Service
Join us today
Waitlist signup

Welcome to Findings

Let's go over some details to setup your tailor-made account

Please fill your details below and click "Next" to create your account:

Payment

Feature
Startup
Business
Enterprise
Price
$10 / Month
$10 / Month
$25 / Month
VDPaaS
Alerts
Assessments
Integrated Apps
API
Join today and scan ALL YOUR VENDORS for FREE*
* FREE VENDOR SCAN for all of your vendors during your first month.
Claim your free account Trial
Feature
Startup
Business
Enterprise
Price
$25 / Month
$200 / Month*
Contact Us
Free vendors scan for 1 month
Findings search engine
Rapid security and compliance profile
Profile/showcase engagements per year
5
40
Unlimited
Multi/unlimited showcase use cases
Showcase compliance badge for your website
Best practice self-assessment
1 Findings or 1 BYOC
Assessment response automation
Personalizable, branded security & compliance showcase page
File/evidence repository
OKTA
DKIM
Out-of-the-box TPRM
20 vendors +
20 rating scans
50 vendors +
50 rating scans
Support
Email
Priority via Phone / Email
Internal Workflows (SO/BO)
Onboarding and customization account setup
less
*Price for every 40 engagements
Automate assessment response and showcase your cybersecurity posture
Claim your free account trail
Supply Chain Risk Monitoring as a Service
Join us today
.
.
.
.

Thank you for signing up!

Supply Chain Risk Monitoring as a Service
Join us today
.
.
.
.

Thank you for signing up!