Connect with us

Cyber Security

What’s the cost of not implementing a vendor management platform

Published

on

Regularly the conversation around any sort of platform revolves around what the costs are: what is the base cost, if there are any add ons, and if you have to pay for support. However, sometimes it makes more sense to think about what the costs are if you forgo to implement a software platform. And what’s harder is that usually the task of optimizing security and efficiency is too often a paradoxical relationship. When you boost one, you end up compromising the other. Especially when it comes to managing your vendors, this balancing act between granting network access and keeping your data and systems safe can be difficult.

Luckily, Vendor Privileged Access Management (VPAM) platforms provide an easy, effective solution to this problem, giving organizations an efficient way to stay secure. , but what about the costs of not investing in VPAM? Here’s an outline of the risks associated with foregoing a systemized, automated approach to securing your network from third-party vendor breaches.

Manual risk management processes are ineffective

When organizations choose not to use software to help them manage their network access controls, especially for vendors, they find themselves needing to monitor their systems with manual systems, either on paper or using ineffective tools like spreadsheets. Tracking and managing vendors via these methods can prove time-intensive and costly. .

Vigilance is needed to secure networks against vendor vulnerabilities, as nearly two-thirds of all breaches are due to third-parties. Unfortunately, it only takes one vendor to cause an incident. No matter how much time and money an organization spends on efforts to maintain data security, it won’t be enough to protect the network without proper software tools. In short, not only is manual risk management costly and time-consuming, most organizations don’t even believe that it works.

Third-party noncompliance penalties

Compliance regulations can be a headache, especially because if your third-party vendors aren’t compliant, neither are you. In many industries, even if your vendors cause a breach but the systems or data are yours, the fines are your responsibility.  Fines and penalties vary by industry, so here’s a quick explainer on how they specifically apply to HIPAA/HITECH, ITAR, PCI DSS, and GLBA.

HIPAA/HITECH

The Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH Act) provide regulations for ensuring the security of Personal Health Information (PHI), a specifically defined and protected class of data  under the law. Protecting people’s information is critical, especially details concerning personal health, so the penalties for violating these regulations are severe. , depending on the level of negligence related to the specific case. The maximum fine, imposed for uncorrected, willful neglect, is $1.5 million. Remember that this is a fine your organization could have to pay, even if it’s your vendor who is noncompliant.

ITAR

International Traffic in Arms Regulations () require that companies maintain security in the import and export of defense-related articles and services on the United States Munitions List (USML). For technology companies, this law is aimed at protecting important data from reaching the hands of foreign nationals. As matters of national security are strictly enforced, noncompliance fines for organizations and their vendors are steep. ITAR violations can lead to business restrictions, criminal or civil penalties, and imprisonment. Civil fines can reach up to $500,000 per violation, and criminal fines can reach up to $1 million and 10 years in prison per violation.

PCI DSS

The Payment Card Industry Data Security Standard (PCI DSS) is a set of standards that apply to any business that accepts credit card payments. The goal is to keep financial information secure, and the major credit card companies are tasked with ensuring compliance and for violations, both by merchants and their vendors. Fines are not widely published or reported, but they vary between $5,000 and $100,000 per month of PCI non-compliance.

GLBA

The Gramm-Leach-Bliley Act (GLBA) is a U.S. federal law that requires financial institutions to prove they keep their clients’ nonpublic personal information (NPI) secure. Under this law, institutions that disclose NPI to third-party vendors are obligated to enter into a contractual agreement with their vendors, ensuring the NPI will not be used for anything other than to carry out the task required in the contract. This means that organizations and institutions applicable to GLBA are responsible for the compliance of themselves and their vendors. with fines of $100,000 per violation for institutions and $10,000 per violation, plus up to five years in prison for individuals.

Data breach costs

Expenses can pile up quickly for non-compliance violations, but the costs associated with insufficient cybersecurity don’t end there. Data breaches can be incredibly expensive, especially in the United States. A 2019 published by the Ponemon Institute and IBM Security found that the average cost of a data breach in the U.S. is now up to $8.19 million – or $242 per stolen record. And certain industries are hit even harder than others, particularly in healthcare. The study found that the average cost of a healthcare data breach in the U.S. is a whopping $15 million.

Ransomware costs

Ransomware attacks are growing in frequency and scale and becoming increasingly expensive to resolve. According to Coveware, the in Q4 2019 “increased by 104% to $84,116, up from $41,198 in Q3 of 2019.” However, other metrics gauge ransomware attacks as even more expensive. When taking into account the ransom payments and associated losses, such as the value of lost data, the expense of repairing infrastructure, and the rebuilding of brand image, research by Kapersky Labs shows that on average. These figures make clear that it’s far wiser to invest in preemptive security, rather than trying to react to an attack after the fact.

Invest now, save later

Even though many cybersecurity platforms can seem expensive initially, the benefits of having a secure network far outweigh the costs of the alternative. Between noncompliance violations, data breaches, ransomware attacks, and damages to brand image, the costs of having a vulnerable network can be insurmountable.

Source: https://www.cybersecurity-insiders.com/whats-the-cost-of-not-implementing-a-vendor-management-platform/

Cyber Security

EasyJet is Facing a Class Action Lawsuit Worth £ 18 Billion Over Data Breach

Published

on

Cyber Attack

UK budget carrier easyJet is facing a £18bn class action lawsuit brought on behalf of customers affected by a data breach recently revealed.

Made public on May 19, easyJet said details belonging to nine million customers, including more than 2,200 credit card records, might have been exposed in a cyberattack.

As well as email addresses and travel data, the “highly advanced” intruder to blame for the security incident managed to access this financial information. EasyJet is also contacting travelers who have been affected.

The carrier did not clarify whether or exactly when the data breach happened, in addition to “locked off” “unauthorized entry.”

The National Cyber Security Center (NCSC) and the United Kingdom Information Commissioner ‘s Office (ICO) have been notified, the latter having the power to impose heavy GDPR fines if an investigation finds that the carrier has been lax in data protection and security.

Last year, British Airways received an ICO-filed “notice of intent” to fine the carrier £183.4 million for failing to safeguard the data of 500,000 customers in a data breach during 2018.

However, easyJet has a more immediate legal concern due to PGMBM, a law firm that has issued a class-action claim with a potential liability of £ 18 billion, or up to £ 2,000 per client that has been affected.

The case was brought on behalf of consumers in London’s High Court. According to the company, the data breach by easyJet happened in January 2020, and although the ICO was reportedly alerted at this time, consumers were not informed until four months later.

“The confidential sensitive data leaked contains full names , email addresses and travel details including departure dates, arrival dates and booking information,” says PGMBM. “In particular, revealing the information of personal travel patterns of individuals can pose security risks to individuals, and is a gross privacy invasion.”

The class action case is based on GDPR legislation that allows users the right to seek redress if their information in security incidents is breached.

Tom Goodhead, PGMBM Managing Partner, said the “monumental” data breach is a “terrible liability failure which has a severe effect on customers of easyJet.”

EasyJet said the firm “will not comment on the matter.”

In this month’s related news, Verizon ‘s latest Data Breach Investigation Report shows how a prevalent factor in data breaches, cloud-based databases and buckets misconfiguration, continues to be a issue that makes the size more noticeable due to increased coverage.

In addition, Verizon says configuration errors are now a growing phenomenon in data breaches, along with forms of malware including scrapers, the use of stolen credentials and phishing.

Source: https://cybersguards.com/easyjet-is-facing-a-class-action-lawsuit-worth-18-billion-over-data-breach/

Continue Reading

Cyber Security

Turla Group Updated ComRAT Malware to Use Gmail web Interface for Command and Control

Published

on

ComRAT Malware

The ComRAT malware is a remote administration tool and is used by the Turla hacker group. It was first spotted in November 2014. The Trula hacker group is active for more than ten years.

ComRAT malware also known as Agent.BTZ, the first version of it was released in 2007. It becomes infamous after it was used to breach the US military in 2008.

Turla’s operators known for maintaining a large arsenal of malware includes a rootkit, several complex backdoors aimed at different platforms, including Microsoft Exchange mail servers, and a large range of tools to enable pivoting on a network.

ComRAT Malware

A new variant of ComRAT malware found by researchers in 2017 and it is active as recently as January 2020. Three targets were identified; two of them are ministries of Foreign Affairs and a national parliament.

The main use of the ComRAT malware is to steal confidential documents, in one such case researchers observed that “deployed a .NET executable to interact with the victim’s central MS SQL Server database containing the organization’s documents.”

In addition to document stealing the hacker group runs various commands to gather information about services such as “Active Directory groups or users, the network, or Microsoft Windows configurations such as the group policies.”

ComRAT Malware
ComRAT Malware Operation

The most recently compiled ComRAT malware dated November 2019, according to the ESET telemetry, the malware was installed using an existing foothold such as compromised credentials or via another Turla backdoor.

All the files associated with ComRAT are stored in a Virtual File System and the VFS is encrypted using AES-256 in XTS mode.

Two Command and Control channels

  • HTTP – The malware makes HTTP requests to its C&C server.
  • Email – Uses the Gmail web interface to receive commands and exfiltrate data
Gmail used for C&C

The most interesting feature with the new version of the malware uses the Gmail web UI to receive commands and exfiltrate data.

So that attackers can bypass some security solutions as the communication not from the malicious domains. Eset published a detailed report with Indicators of compromise.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Source: https://gbhackers.com/comrat-malware/

Continue Reading

Cyber Security

Blue Mockingbird Malware Gang Infected Thousands of Enterprise Systems

Published

on

Malware

Thousands of enterprise systems are thought to have been infected with a crypto-currency-mining malware operated by a group tracked under Blue Mockingbird’s codename.

Discovered earlier this month by cloud security firm Red Canary malware researchers, it is assumed the Blue Mockingbird community has been operating since December 2019.

Researchers say that Blue Mockingbird attacks servers running ASP.NET apps which use the Telerik framework for their component user interface ( UI).

Hackers exploit the vulnerability of CVE-2019-18935 to plant a web shell on the server which has been targeted. They then use a variant of the Juicy Potato technique to gain access at admin-level and change server settings to obtain persistence (re)boot.

Once they have full access to a system, they will download and install a version of XMRRig, the popular Monero (XMR) cryptocurrency mining app.

Some attacks are crucial against internal networks

Red Canary experts claim that if the public-facing IIS servers are connected to the internal network of a organization, the group often attempts to spread internally through RDP (Remote Desktop Protocol) or SMB (Server Message Block) connections that are weakly secured.

In an email interview earlier this month, Red Canary told ZDNet they don’t have a full view of the activities of this botnet, but they assume the botnet has made at least 1,000 infections so far, only because of the limited visibility they have.

“We have limited visibility in the threat landscape like any security company and no way to reliably know the full scope of this threat,” a spokesperson for Red Canary told us.

“In particular, this threat has affected a relatively limited percentage of organizations whose endpoints we control. However, we have detected about 1,000 infections within these organizations and over a short period of time.”

Red Canary, however, says the number of companies that have been affected could be much higher and even companies that believe they are safe are at risk of attack.

Dangerous vulnerability in the Telerik UI

This is because the vulnerable Telerik UI component may be part of ASP.NET applications running on their new updates, but the Telerik component may be other obsolete versions, often exposing businesses to attacks.

Many companies and developers may not even know whether the aspect of the Telerik UI is even part of their applications, again leaving companies exposed to attacks.

And this uncertainty has been exploited ruthlessly over the past year by attacks, ever since information about the vulnerability became public.

For example, the US National Security Agency ( NSA) listed the Telerik UI vulnerability CVE-2019-18935 as one of the most exploited vulnerabilities used to plant web shells on servers in an advisory published late April.

The Australian Cyber Security Center (ACSC) also identified the Telerik UI vulnerability CVE-2019-18935 as one of the most exploited vulnerabilities to target Australian organizations in 2019 and 2020, in another security advisory released last week.

Organizations may not in certain cases have the option of upgrading their insecure devices. For these situations, several businesses will have to ensure that they at their firewall level block the exploitation attempts for CVE-2019-18935.

If they don’t have a cloud firewall, businesses need to search for server- and workstation-level signs of a compromise. Here, Red Canary has published a report with compromising indications that businesses can use to search servers and networks for signs of a Blue Mockingbird attack.

“As always, our primary aim in releasing information like this is to help security teams establish threat detection techniques that are likely to be used against them. In this way, we believe it is important for security to determine their ability to detect persistence based on COR PROFILER and initial access through Telerik vulnerability exploitation,” Red Canary told.

Source: https://cybersguards.com/blue-mockingbird-malware-gang-infected-thousands-of-enterprise-systems/

Continue Reading

Trending