UPDATED NIST CYBERSECURITY FRAMEWORK ADDS CORE FUNCTION, FOCUSES ON SUPPLY CHAIN RISK MANAGEMENT BY CAROLINE NIHILL
The National Institute of Standards and Technology (NIST) has released version 2.0 of its national cybersecurity framework a decade after the original. The updated framework introduces a sixth core function, "govern," focusing on how organizations establish, communicate, and monitor their cybersecurity risk management strategy. Laurie Locascio, NIST Director, emphasized the importance of bringing cybersecurity discussions into the boardroom. The updated framework also highlights supply chain risks and includes Cybersecurity Supply Chain Risk Management as a systemic process. The NIST also released Quick Start Guides with implementation examples to help organizations achieve the outcomes of the framework's subcategories. The new version reflects the evolving cybersecurity landscape and the need for increased governance and supply chain considerations.
BIDEN EXECUTIVE ORDER AIMS TO STOP ADVERSARIES FROM OBTAINING, EXPLOITING AMERICANS’ PERSONAL DATA BY DAVID DIMOLFETTA
President Joe Biden issued and signed an executive order this past week aimed at preventing adversarial nations, including China and Russia, from acquiring and exploiting sensitive personal data of Americans, with an emphasis on U.S. government officials and servicemembers. The order does not impose immediate data transfer restrictions but empowers agencies to create regulations preventing various types of sensitive data from reaching foreign adversaries. It targets data transactions with China, Russia, North Korea, Iran, Cuba, and Venezuela, focusing on seven classifications of data. The order initiates an early-stage rulemaking process, allowing agencies to seek public input on building and enforcing the regulatory framework.
FIVE EYES NATIONS WARN OF EVOLVING RUSSIAN CYBERESPIONAGE PRACTICES TARGETING CLOUD ENVIRONMENTS BY AJ VICENS
The U.K.'s National Cyber Security Centre and U.S., Australian, Canadian, and New Zealand counterparts issued an advisory detailing evolving tactics of Russian cyberespionage and data collection units linked to the Foreign Intelligence Service (SVR). The advisory focuses on APT29 operations, also known as Cozy Bear, which are highly sophisticated and have been active since at least 2014. The SVR is adapting techniques to target cloud environments used by both private and public organizations. The advisory emphasizes the importance of basic cloud security measures, such as regularly evaluating and disabling dormant accounts, limiting token validity time, and enforcing stringent device enrollment policies.
ORGS FACE MAJOR SEC PENALTIES FOR FAILING TO DISCLOSE BREACHES BY ROBERT LEMOS
Companies and CISOs may face significant fines and penalties from the U.S. Securities and Exchange Commission (SEC) if their cybersecurity and data-breach disclosure processes don't comply with new rules. The SEC has various enforcement tools at its disposal, including permanent injunctions, disgorgement of ill-gotten gains, and escalating monetary fines, which can range from $5,000 to $100,000 per violation. CISOs could also face personal liability, leading to additional costs for businesses, such as increased Directors and Officers (D&O) liability insurance. The new SEC breach disclosure rule underscores the importance of having established policies, documentation, and evidence to demonstrate good faith in addressing security incidents.
FBI, CISA RELEASE IOCS FOR PHOBOS RANSOMWARE BY JAIKUMAR VIJAYAN
The FBI and CISA have provided details on tactics and techniques used by threat actors to deploy the Phobos ransomware strain on target networks. Phobos ransomware, first identified in 2019, has gained prominence through a ransomware-as-a-service model. The advisory includes indicators of compromise to help security and IT administrators detect and respond to potential Phobos infections. Threat actors use various tactics, including phishing emails, the deployment of the SmokeLoader dropper via email attachments, and scanning for exposed RDP ports with subsequent brute-force password-guessing attacks. Once on a network, Phobos actors employ techniques such as privilege escalation, persistence mechanisms, and data exfiltration to maximize their leverage over victims.
