- NIST develops guidelines for dealing with ransomware recovery -
The National Cybersecurity Center of Excellence (NCCoE) at the
National Institute of Standards and Technology (NIST) along with
vendors and businesses within the cybersecurity community teamed up
to develop a recovery guide for firms hit with ransomware attacks.
Three Equifax Managers Sold Stock Before Cyber Hack Revealed - Three
Equifax Inc. senior executives sold shares worth almost $1.8 million
in the days after the company discovered a security breach that may
have compromised information on about 143 million U.S. consumers.
Where Equifax falls among the top recent data breaches - Equifax's
data breach exposing 143 million customer records is certainly a
massive number, but it only falls more or less in the middle of the
pack when it comes to some of the larger breaches experienced over
the last several years.
GAO - Health Insurance Marketplaces: Centers for Medicare & Medicaid
Services Need to Improve Its Oversight of State IT Systems'
Sustainability and Performance
Energy Dept. to invest up to $50M in infrastructure cybersecurity,
resilience - The U.S. Energy Department will sink up to $50 million
in multiple projects, 20 of them cybersecurity-related, under the
umbrella of its National Laboratories to boost the resilience and
security of the U.S. critical energy infrastructure.
FA readies players for inhospitable cyber World Cup cyber
environment - British World Cup team members may have more to worry
about than what happens on the football pitch in host country Russia
as the Football Association (FA) is already expressing concerns
about hackers going after the team's players and staff.
Bluetooth ache: Protocol's security not sufficiently researched,
experts claim after 'BlueBorne' disclosure - The recently disclosed
collection of "BlueBorne" vulnerabilities that were found to affect
at least 5.3 billion Bluetooth-enabled devices has revealed several
inconvenient truths about the short-range communications protocol,
experts are saying.
U.S. bans use of Kaspersky Labs software on government systems -
Acting on concerns that Russian company Kaspersky Lab has
connections to cyberespionage activities, the U.S. government has
banned the use of Kaspersky Lab security software, according to a
binding order released Wednesday by Department of Homeland Security
(DHS) Acting Secretary Elaine Duke.
ATTACKS, INTRUSIONS, DATA THEFT & LOSS
- Equifax breach could affect 143 million U.S. consumers -
Cybercriminals gained unauthorized access to Equifax files in a
breach that could affect as many as 143 million consumers in the
U.S., the company said Thursday.
Hackers breach AXA Insurance Singapore's Health Portal, stealing
data on 5,400 customers - The Singapore division of life insurance
firm AXA Insurance has reportedly suffered a data breach, after
hackers stole roughly 5,400 customers' personal information from its
Data breach exposes about 4 million Time Warner Cable customer
records - Time Warner Cable, now known as Spectrum, became the
latest company to realize exactly how vulnerable its data is when a
third-party vendor entrusted with its safety made an error exposing
millions of records.
Alaska Office of Children's Services hit with data breach - The
Alaska Office of Children's Services (OCS) filed an HIPPA breach
notification that states two of its computers may have been breached
possibly affecting 500 individuals.
Rural New York sheriff's department hacked - The Schuyler County
(New York) Sheriff's Department's 911 emergency contact system was
temporarily knocked offline by what local officials said was an
attack by a foreign country.
Minnesota park computers infected with malware - Minnesota's
Department of Natural Resources has warned anyone who paid for
purchases at Tettegouche State Park between Aug. 22-25 to look for
suspicious activity on their credit card accounts after malware was
discovered on the park's computers.
LinkedIn Premium accounts being used in phishing scam - LinkedIn and
Wells Fargo have found themselves once again at the center of a
cyber issue, but this time hackers are using the business-oriented
social media site to send phishing InMails posing as a Wells Fargo
Return to the top
of the newsletter
WEB SITE COMPLIANCE -
OCC - Threats from
Fraudulent Bank Web Sites - Risk Mitigation and Response Guidance
for Web Site Spoofing Incidents (Part 5 of 5) Next week we will
begin our series on the Guidance on Safeguarding Customers
Against E-Mail and Internet-Related Fraudulent Schemes.
PROCEDURES TO ADDRESS SPOOFING - Contact the
OCC and Law Enforcement Authorities
If a bank is the target of a spoofing incident, it should promptly
notify its OCC supervisory office and report the incident to the FBI
and appropriate state and local law enforcement authorities. Banks
can also file complaints with the Internet Fraud Complaint Center
(see http://www.ic3.gov), a
partnership of the FBI and the National White Collar Crime Center.
In order for law enforcement authorities to respond effectively to
spoofing attacks, they must be provided with information necessary
to identify and shut down the fraudulent Web site and to investigate
and apprehend the persons responsible for the attack. The data
discussed under the "Information Gathering" section should meet this
In addition to reporting to the bank's supervisory office and law
enforcement authorities, there are other less formal mechanisms that
a bank can use to report these incidents and help combat fraudulent
activities. For example, banks can use "Digital Phishnet" (http://www.digitalphishnet.com/),
which is a joint initiative of industry and law enforcement designed
to support apprehension of perpetrators of phishing-related crimes,
including spoofing. Members of Digital Phishnet include ISPs,
online auction services, financial institutions, and financial
service providers. The members work closely with the FBI, Secret
Service, U.S. Postal Inspection Service, Federal Trade Commission
(FTC), and several electronic crimes task forces around the country
to assist in identifying persons involved in phishing-type crimes.
the top of the newsletter
FFIEC IT SECURITY -
We continue our series on the FFIEC
interagency Information Security Booklet.
Information security is an integrated process that reduces
information security risks to acceptable levels. The entire process,
including testing, is driven by an assessment of risks. The greater
the risk, the greater the need for the assurance and validation
provided by effective information security testing.
In general, risk increases with system accessibility and the
sensitivity of data and processes. For example, a high-risk system
is one that is remotely accessible and allows direct access to
funds, fund transfer mechanisms, or sensitive customer data.
Information only Web sites that are not connected to any internal
institution system or transaction capable service are lower-risk
systems. Information systems that exhibit high risks should be
subject to more frequent and rigorous testing than low-risk systems.
Because tests only measure the security posture at a point in time,
frequent testing provides increased assurance that the processes
that are in place to maintain security over time are functioning.
A wide range of tests exists. Some address only discrete controls,
such as password strength. Others address only technical
configuration, or may consist of audits against standards. Some
tests are overt studies to locate vulnerabilities. Other tests can
be designed to mimic the actions of attackers. In many situations,
management may decide to perform a range of tests to give a complete
picture of the effectiveness of the institution's security
processes. Management is responsible for selecting and designing
tests so that the test results, in total, support conclusions about
whether the security control objectives are being met.
Return to the top of
NATIONAL INSTITUTE OF STANDARDS
AND TECHNOLOGY -
the series on the National Institute of Standards and Technology
Chapter 12 - COMPUTER
SECURITY INCIDENT HANDLING
12.2.4 Technical Platform and Communications Expertise
The technical staff members who comprise the incident handling
capability need specific knowledge, skills, and abilities. Desirable
qualifications for technical staff members may include the ability
1) work expertly with some or all of the constituency's core
2) work in a group environment;
3) communicate effectively with different types of users, who
will range from system administrators to unskilled users to
management to law-enforcement officials;
4) be on-call 24 hours as needed; and
5) travel on short notice (of course, this depends upon the
physical location of the constituency to be served).
12.2.5 Liaison With Other Organizations
Due to increasing computer connectivity, intruder activity on
networks can affect many organizations, sometimes including those in
foreign countries. Therefore, an organization's incident handling
team may need to work with other teams or security groups to
effectively handle incidents that range beyond its constituency.
Additionally, the team may need to pool its knowledge with other
teams at various times. Thus, it is vital to the success of an
incident handling capability that it establish ties and contacts
with other related counterparts and supporting organizations.
Especially important to incident handling are contacts with
investigative agencies, such as federal (e.g., the FBI), state, and
local law enforcement. Laws that affect computer crime vary among
localities and states, and some actions may be state (but not
federal) crimes. It is important for teams to be familiar with
current laws and to have established contacts within law enforcement
and investigative agencies.
Incidents can also garner much media attention and can reflect quite
negatively on an organization's image. An incident handling
capability may need to work closely with the organization's public
affairs office, which is trained in dealing with the news media. In
presenting information to the press, it is important that (1)
attackers are not given information that would place the
organization at greater risk and (2) potential legal evidence is
The Forum of Incident Response and Security Teams
The 1988 Internet worm incident highlighted the need for better
methods for responding to and sharing information about incidents.
It was also clear that any single team or "hot line" would simply be
overwhelmed. Out of this was born the concept of a coalition of
response teams -- each with its own constituency, but working
together to share information, provide alerts, and support each
other in the response to incidents. The Forum of Incident Response
and Security Teams (FIRST) includes teams from government, industry,
computer manufacturers, and academia. NIST serves as the secretariat