This weekly brief highlights the latest threat intelligence news to provide insight into the latest threats to various industries.
“According to the Thales’ 2018 Data Threat Report of the information security firm 451 research, U.S. federal government agencies experienced a 20 percent increase in the number of data breaches last year since 2016. Part of this increase is due to the growing use of commercial cloud services without the adoption of encryption or prioritization cloud computing security. The report says that although 93 percent of federal agencies are preparing to spend more this year on cloud computing security than they had in the past, most of that money will be spent on endpoint security and network security. Only 19 percent will allocate most of their funding on data-centric security solutions, such as encryption and tokenization.”
Information Security Risk
“Social Security numbers for thousands of state employees and contractors were exposed in a recent data breach at the Department of Fish and Wildlife, according to a memo that the department sent to its workers. The department discovered the data breach on Dec. 22, but did not disclose the breach to employees until recently. The California Highway Patrol has been investigating the incident for the past two months. According to the memo, a former state employee downloaded the data to a personal device and took the records outside of the state’s network. The memo does not say when or why the former employee downloaded the information to an unsecured network”
“An Indian bank reported that “cyber criminals” had hacked its systems and transferred nearly $2 million through three unauthorized remittances to lenders overseas via the SWIFT financial platform. A senior official called it a “conspiracy” involving multiple countries, and added that the lender was still investigating how it had happened. “This is basically a cyber-attack by international cyber criminals,” he said in a phone interview. The official added that they saw “so far no evidence of any internal staff involvement,” but said “we are very clear now the account holders are part of this conspiracy.” The bank said that it had been able to block one of the remittances, totaling $500,000, that was being sent through an account in New York to a Dubai-based lender. A second transfer of 300,000 euros ($372,150) was routed through an account in Frankfurt to a Turkish account, although the Turkish lender had blocked the transfer from being finalized. A third totaling $1 million was sent through an account in New York to a China-based bank.”
“The U.S. Securities and Exchange Commission issued new guidance calling on public companies to be more forthcoming when disclosing cybersecurity risks, even before a breach or attack happens. The statement, which expands on previous guidance issued in 2011, also warns that corporate insiders must not trade shares when they have information about cybersecurity issues that isn’t public yet. While the commission’s five members voted unanimously to approve the guidance, both of its Democratic commissioners said it needs to take more action (the SEC as a group is non-partisan, with no more than three out of its five commissioners allowed to belong to the same party). The guidance was issued as an “interpretive release,” which the SEC uses to publish their views and interpret federal securities laws and SEC regulations. In it, the commission urged companies to develop policies that allow them to quickly assess cybersecurity risks and decide when to tell the public, and also prevent executives, board members and other corporate insiders from trading shares when they have important information that hasn’t been released yet. The SEC’s new guidance doesn’t mention specific incidents, but it comes about five months after the massive Equifax data breach, which compromised the personal information of about 145.5 million people. The credit bureau was criticized for taking too long to inform users about the incident and the Justice Department is also reportedly investigating large sales of shares by executives between when the company learned of the breach and when it became public. The SEC added that even though companies are not required to reveal sensitive information that could compromise their cybersecurity measures, they also cannot use internal or law enforcement investigations as an excuse for not informing the public.”