Cybersecurity Saturday - Ermer and Suter PLLC

The Wall Street Journal reports,
- “Hemant Rathod, an Indian executive, was sipping tea in a conference room Friday morning in Delhi, about to send a long email to his team, when his computer went haywire.
- “The HP laptop suddenly said it needed to restart. Then the screen turned blue. He tried in vain to reboot. Within 10 minutes, the screens of three other colleagues in the room turned blue too.
- “I had taken so much time to draft that email,” Rathod, a senior vice president at Pidilite Industries, a construction-materials company, said by phone half a day later, still carrying his dead laptop with him. “I really hope it’s still there so I don’t have to write it again.”
- “The outage, one of the most momentous in recent memory, crippled computers worldwide and drove home the brittleness of the interlaced global software systems that we rely on. * * *
- “Adding to the chaos—and further underlining the vulnerability of the global IT system—a separate problem hit Microsoft’s Azure cloud computing system on Thursday shortly before the CrowdStrike glitch, causing an outage for customers including some U.S. airlines and users of Xbox and Microsoft 365.
- The CrowdStrike problem laid bare the risks of a world in which IT systems are increasingly intertwined and dependent on myriad software companies—many not household names. That can cause huge problems when their technology malfunctions or is compromised. The software operates on our laptops and within corporate IT setups, where, unknown to most users, they are automatically updated for enhancements or new security protections.

The irony lies in the fact that
- “The global outage began with an update of a so-called “channel file,” a file containing data that helps CrowdStrike’s software neutralize cyber threats, CrowdStrike said. The update was timestamped 4:09 a.m. UTC—just after midnight in New York and around 9:30 a.m. in India.
- “That update caused CrowdStrike’s software to crash the brains of the Windows operating system, known as the kernel. Restarting the computer simply caused it to crash again, meaning that many users had to surgically remove the offending file from each affected computer.”

From the cybersecurity policy front,

Cybersecurity Dive informs us,
- “A U.S. District Court judge dismissed most of the charges in a civil fraud case filed against SolarWinds by the Securities and Exchange Commission Thursday.
- “The SEC filed suit in October alleging SolarWinds misled investors about the company’s cybersecurity practices leading up to the Sunburst supply chain hack, which was disclosed in December 2020. The attack that targeted SolarWinds Orion platform impacted thousands of customers, including major U.S. companies and government agencies that used the platform.
- “Judge Paul Engelmayer of the U.S. District Court Southern District of New York sustained the SEC’s claims of securities fraud based on SolarWinds’ security statement. However, the court dismissed other claims, including all claims involving post-Sunburst disclosures. * * *
- “Allegations related to a 2017 statement made about the company’s security capabilities on the “trust center” page of its website will continue to be litigated.”

The Wall Street Journal points out,
- “A spokesman said SolarWinds is pleased with the judge’s ruling. “We look forward to the next stage, where we will have the opportunity for the first time to present our own evidence and to demonstrate why the remaining claim is factually inaccurate,” he said. * * *
- “David Shargel, a partner at law firm Bracewell, said the dismissal of part of the SEC’s claims was a victory for SolarWinds “by any measure.” Companies rarely defeat the SEC’s lawsuits so early in the litigation process.”
- “It’s definitely a serious charge that remains, and it serves as a reminder that, as with any public-facing statement, companies need to ensure that their disclosures are accurate and not misleading,” he said.” * * *
- Notably, Engelmayer also dismissed the SEC’s claim that SolarWinds violated rules that govern how companies guard against accounting errors. The judge said cybersecurity controls aren’t part of that process. “That reading is not tenable,” the judge wrote, saying the controls clearly apply only to financial accounting.
- “I think that might give some compliance departments some comfort going forward in terms of the parameters of the disclosure requirements,” Shargel said.

The National Institute of Standards and Technology issued a special publication concerning Personal Identity Verification (PIV). Experience-rated FEHB carriers must employ PIV for their employees who access OPM’s letter of credit system.

From the cybersecurity vulnerabilities and breaches front,

Security Week informs us that “The massive AT&T breach has been linked to an American hacker living in Turkey and reports say the telecom giant paid a $370,000 ransom.”

Cybersecurity Dive lets us know,
- “Weak credentials and misconfigurations across cloud systems were at the root of 3 in 4 network intrusions during the first half of 2024, Google Cloud said Wednesday in its latest Threat Horizons Report.
- “Google Cloud said systems with weak or no credentials were the top initial access vector, accounting for 47% of cloud environment attacks during the first six months of the year. That’s a slight decrease from the second half of 2023 when weak or no credentials were at the root of 51% of attacks, according to Google Cloud.
- “Misconfigurations were the initial access vector for 30% of all cloud environment attacks during the first half of 2024, marking a significant jump from 17% in the second half of 2023.”

The Cybersecurity and Infrastructure Security Agency added four known exploited vulnerabilities to its catalog this week:
- July 15, 2024, CVE-2024-36401 OSGeo GeoServer GeoTools Eval Injection Vulnerability
- July 17, 2024,
  - CVE-2024-34102 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability
  - CVE-2024-28995 SolarWinds Serv-U Path Traversal Vulnerability
  - CVE-2022-22948 VMware vCenter Server Incorrect Default File Permissions Vulnerability

From the ransomware front,

Per Cybersecurity Dive,
- “Ransomware activity jumped in the second quarter as threat groups listed 1,237 organizations on data leak sites during the period, marking a 20% increase from Q1, Reliaquest said in a Tuesday report.
- “May was an especially active month due to a spike in posts from the ransomware group LockBit, which accounted for 36% of the month’s alleged victims, the report found. Yet, an abnormally slow June dragged the total count of alleged ransomware victims down 13% year over year, according to Reliaquest.
- “U.S.-based businesses bore the brunt of ransomware attacks during Q2, composing more than half of all claimed ransomware victims listed on data leak sites during the period. Sectors targeted most heavily by cybercriminals during the quarter included manufacturing and professional, scientific and technical services, the report found.”

The Wall Street Journal notes,
- “Rite Aid disclosed customer data was accessed in a June cybersecurity breach.
- “The drugstore operator said an unknown third-party impersonated a company employee on June 6. It detected the incident within 12 hours and launched an investigation and reported it to law enforcement.
- “Rite Aid said by June 17 it determined the party acquired certain data associated with the purchase or attempted purchase of specific retail products, including purchaser name, address, date of birth and driver’s license number or other form of government-issued ID presented at purchase between June 6, 2017, and July 30, 2018.”

Dark Reading adds on July 15,
- “[Rite Aid] has not released an official statement revealing who the threat actors are, but the RansomHub gang has claimed that it breached the company’s systems.
- “While having access to the Rite-Aid network, we obtained over 10GB of customer information equating to around 45 million lines of people’s personal information,” the ransomware group said on its Dark Web leak site. “This information includes name, address, dl_id number, DoB, Rite Aid rewards number.”
- “Rite Aid reportedly stopped negotiating a ransom, prompting the ransomware group to share snippets of what it claims is stolen data as proof and add a two-week deadline before more information will be leaked.”

From the cybersecurity defenses front,

The Wall Street Journal reports,
- “Google parent Alphabet is in advanced talks to acquire cybersecurity startup Wiz for roughly $23 billion, according to people familiar with the matter, in what would be its largest acquisition ever.
- “A deal could come together soon, assuming the talks don’t fall apart, the people said.
- “Alphabet is eyeing the deal at a time of intense antitrust scrutiny of the search company and other tech giants. The acquisition could also help boost Alphabet’s efforts in cloud computing, an important and growing business but one where it has lagged behind peers. * * *
- “Google has been working to bulk up its cybersecurity business, focused on the cloud. Its biggest recent acquisition—and second largest ever—is the nearly $5.4 billion purchase two years ago of another security company, Mandiant.”

TechTarget shares “best practices for protection from ransomware in cloud storage” and advises “CISOs on how to improve cyberthreat intelligence programs.”

Dark Reading explains why “In Cybersecurity, Mitigating Human Risk Goes Far Beyond Training.”

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Subscribe to FEHBlog