ELTENI’S CYBER SCOOP
Latest News
In this newsletter, we focus on key cybersecurity topics: the EU’s Digital Operational Resilience Act (DORA) aimed at strengthening financial sector security, the implications of the Snowflake data breach underscoring the importance of third-party risk management, and the crucial role of human factors in cybersecurity.
REGULATORY CORNER
EU’s Digital Operational Resilience Act (DORA) Takes Effect
As of November 1, 2024, the European Union’s DORA is now in effect, requiring banks, insurance companies, and other key financial entities within the EU to meet stringent cybersecurity benchmarks. As implementation begins, financial entities throughout the European Union are tasked with a critical alignment of their cybersecurity and operational policies. This regulation demands a thorough integration with the new regulatory framework, aimed at ensuring compliance with the legal requirements as well as significantly strengthening defenses in the face of increasingly sophisticated cyber threats.
Core Requirements:
Governance and Risk Management – rigorous governance frameworks, conducting detailed and frequent risk assessments and comprehensive incident response strategies. Demonstrate a proactive approach in identifying potential vulnerabilities and deploying effective mitigation actions.
Incident Reporting – establish mandatory incident reporting mechanisms, ensures that both financial entities and regulatory bodies have timely and accurate information to act swiftly in the face of potential disruptions.
Operational Resilience Testing – in regular testing of their infrastructures to evaluate their capacity to withstand cyber incidents.
Third-Party Risk Management – managing third-party risks, particularly for those entities relying on external vendors for critical operational services, including cloud computing.
Information Sharing and Communication – As financial institutions work towards full compliance with DORA, they will not only enhance their own operational resilience but also contribute to the broader goal of establishing a robust digital operational framework across the EU’s financial system.
Digital Operational Resilience Act
ENFORCEMENT NEWS
US Authorities indict two men allegedly responsible for Snowflake customer breach
Connor Moucka and John Binns are accused of executing an international hacking and extortion scheme targeting over 10 organizations, with demands for ransom following the theft of sensitive data. They reportedly extorted digital currency as a ransom, valued at approximately $2.5 million.
Victims were not listed in the indictment, but it aligns with previous reports linking the breaches to prominent firms that were customers of the data storage firm Snowflake, such as Ticketmaster and Santander.
Notes
Third-party risk management has become increasingly crucial considering incidents like the Snowflake data breach, where vulnerabilities in one service affected the cybersecurity posture of numerous unsuspecting client companies. This incident underscored the potential cascading effects when third-party vendors, such as cloud service providers, encounter security lapses. Effective third-party risk management would involve not only initial due diligence but also ongoing assessments and monitoring of the security practices of all third-party vendors.
For organizations relying on third-party services like Snowflake, it is essential to ensure that these vendors adhere to rigorous security standards comparable to or exceeding their own. This involves implementing stringent contractual obligations concerning cybersecurity, regular security audits, and maintaining a proactive stance through continuous monitoring of the vendor’s security measures. Such practices help mitigate the risk of data breaches and system compromises, ensuring both compliance with regulatory requirements and the protection of sensitive information. Ultimately, robust third-party risk management is crucial for maintaining the integrity and security of an organization’s data in an interconnected digital ecosystem.
CYBER NEWS
FBI: Spike in Hacked Police Emails, Fake Subpoenas
The FBI says it has seen an uptick in postings on criminal forums regarding the process of emergency data requests (EDRs) and the sale of email credentials stolen from police departments and government agencies. The trouble is, these EDRs largely bypass any official review and do not require the requester to supply any court-approved documents. Also, it is difficult for a company that receives one of these EDRs to immediately determine whether it is legitimate.
Booking.com Phishers May Leave You with Reservations
This story examines a recent spear-phishing campaign that ensued when a California hotel had its booking.com credentials stolen. We’ll also explore an array of cybercrime services aimed at phishers who target hotels that rely on the world’s most visited travel website. SecureWorks found the phishers targeting booking.com partner hotels used malware to steal credentials. But today’s thieves can just as easily visit crime bazaars online and purchase stolen credentials to cloud services that do not enforce 2FA for all accounts.
After the Dust Settles: Post-Incident Actions
Artificial intelligence is revolutionizing fraud detection in financial services, with machine learning models now capable of detecting irregular patterns almost instantaneously. However, the reliance on AI also raises concerns about new vulnerabilities, such as AI-generated phishing attacks and the ethical use of customer data.
Oh, the Humanity! How to Make Humans Part of Cybersecurity Design
The “human element” contributed to 68% of breaches in 2023 and 74% of breaches in 2022, according to Verizon’s “Data Breach Investigations Report.” Organizations should pursue a human-centric cybersecurity (HCC) approach, focusing on processes and products that account for users’ needs and motivations and incentivize secure behaviors aiming to reduce the security responsibility placed on the average person.
DECODE THE TERMS
SPF (Sender Policy Framework) – An email authentication method that allows domain owners to specify which IP addresses are authorized to send emails on their behalf. This helps prevent email spoofing by enabling recipient email servers to verify if incoming messages are sent from authorized servers.
DKIM (DomainKeys Identified Mail) – An email authentication method that uses a cryptographic signature associated with a domain to verify that an email hasn’t been tampered with during transit. This helps confirm that the email is genuinely from the stated sender and hasn’t been altered.
DMARC (Domain-based Message Authentication, Reporting & Conformance) – A policy that builds on SPF and DKIM to provide email senders and receivers a way to determine if an email is legitimate. DMARC also allows domain owners to receive reports on email authentication activity, helping to reduce phishing and spoofing.
Together, SPF, DMARC, and DKIM are commonly used to strengthen email security and protect against phishing, spoofing, and other email-based attacks.
