The following article on recent cybersecurity news and events was written by Kalles Group Security Consultant, Jayanth Kumar. This content appears in our monthly email Security Digest, which unpacks recent security incidents and details what you should know, and what you should do.
NIST’s Cybersecurity Framework 2.0: Navigating the Enhanced Landscape
The National Institute of Standards and Technology (NIST) has recently released its much-anticipated draft of the Cybersecurity Framework (CSF) version 2.0. As the digital ecosystem becomes increasingly complex, the guidance provided by NIST evolves in tandem. Delve into the noteworthy enhancements:Â
What you need to know:
· Broadened Applicability: CSF 2.0 has been refined to be more inclusive, catering to diverse organizations and sectors, from small businesses to large enterprises and government entities.
· Governance at the Forefront: The introduction of the “Govern” function underscores the intertwined nature of cybersecurity and enterprise risk, emphasizing its pivotal role for organizational leadership.
· In-depth Guidance: NIST offers an enriched perspective on implementing the CSF, spotlighting the creation of profiles, addressing emerging challenges like supply chain risks, and emphasizing the pervasive ransomware threat.
· Emerging Risk Categories: The Framework sheds light on contemporary security risk categories, including supply chain threats, cybersecurity governance intricacies, and metrics to measure cybersecurity efficacy.
· The Evolution Imperative: An ‘Improvement’ category has been integrated into the ‘Identify’ function, championing the need for iterative refinement in cybersecurity endeavors.
· Clarified Implementation Tiers: The redefined tiers explain the importance of governance, risk management strategies, and the nuances of third-party collaborations.
Implications for organizations:
With these updates, the CSF not only mirrors the present-day utilization of the Framework but also forecasts its evolution, ensuring its relevance across diverse sectors.
What you need to do:
· Engage with the Draft: Familiarize your team with the nuanced changes in CSF 2.0 (send them this simple summary as a 1st step).
· Harness Expertise: As the cybersecurity domain amplifies in complexity, consider linking arms with professionals skilled in the latest guidelines and threats.
· Feedback Matters: As the Framework morphs to better suit the digital age, your insights and experiences become paramount in shaping its trajectory.
Lapsus$: Unraveling the Tactics of a Notorious Ransomware Group along with CISA’s review board
The Cybersecurity and Infrastructure Security Agency (CISA) has recently delved deep into the operations of Lapsus$, a ransomware group notorious for its sophisticated attacks. Here’s an in-depth look:Â Â
What you need to know:
· Credential Exploitation: Lapsus$ often gains its initial foothold in networks using legitimate credentials, possibly sourced from prior breaches.
· VPN & Telecom Vulnerabilities: Beyond unpatched VPN systems, the group has been known to exploit vulnerabilities within telecommunication infrastructure, widening their attack surface.
· Diverse Toolset: Their arsenal includes open-source tools, commercial solutions, and custom malware, targeting everything from initial infiltration to data exfiltration.
· BPO as Targets: Lapsus$ recognizes the potential in targeting Business Process Outsourcing entities, exploiting third-party relationships to compromise larger networks or gain access to varied datasets.
· Persistence is Key: The group employs web shells and scheduled tasks to ensure they remain within compromised networks, even if initially detected.
What you need to do:
1. Strengthen Identity and Access Management (IAM):
· Implement robust IAM solutions to reduce the risk of unauthorized access.
· Prioritize MFA, especially for privileged users and administrators.
· Monitor and log all access attempts to detect and respond to suspicious activities promptly.
2. Mitigate Telecommunications and Reseller Vulnerabilities:
· Recognize and address vulnerabilities in telecommunications infrastructure.
· Ensure partners, especially resellers, adhere to robust cybersecurity standards to prevent them from becoming weak points in your security chain.
3. Build Resiliency Across Multi-Party Systems with a Focus on BPOs:
· Recognize the interconnected nature of modern businesses and the potential vulnerabilities introduced by third-party associations, particularly Business Process Outsourcers (BPOs).
· Establish stringent cybersecurity standards for BPOs and ensure they are met.
· Conduct regular audits and assessments of BPOs to ensure compliance.
Take Action:
Embarking on the cybersecurity journey with a nuanced and updated map is imperative. As things continue to shift, we desire to work together to help you protect your organization from unconventional, and fast-evolving threats.
If you or your team needs support, please let us know.