ELTENI’S CYBER SCOOP
Latest News
In this newsletter, we focus on SEC Disclosure Rules, follow up to the telecom industry data breaches and the continued proliferation of cyber events related to phishing.
REGULATORY CORNER
SEC Disclosures Up, But Not Enough Details Provided
Analysis by Paul Hastings LLP found cybersecurity incident reports have increased by 60% since the disclosure rule went into effect in 2023. The SEC regulation requires public companies to disclose material cybersecurity incidents within four business days of determining materiality. Material, in this instance, means that the incident can impact someone’s decision on whether to invest in the company. Determining materiality involves considering the immediate fallout and any longer-term effects on a company’s operations, customer relationships, financial impact, reputational or brand perception, and the potential for litigation or regulatory action.
Less than 10% of the disclosures detailed the material impact of the incidents, suggesting that companies are having difficulty balancing detailed reporting with protecting the details of internal operations. The report included examples of what was considered material, such as Basset Furniture Industries noting that business operations are materially impacted until recovery efforts are completed, or First American Financial disclosing adjusted earnings per share for the fourth quarter financial results and quantifying the losses in the company’s SEC filings.
Notes
The lack of depth in these disclosures raises concerns about their overall effectiveness. With less than 10% of reports offering meaningful details about the material impacts of incidents, stakeholders are left without a clear understanding of how these breaches affect companies’ operations, finances, or reputations. This situation underscores a tension between transparency and operational confidentiality. Companies may be cautious about revealing too much, fearing reputational harm or potential exploitation by adversaries. However, this reticence can undermine investor confidence and limit the utility of these disclosures for stakeholders who rely on detailed information to make informed decisions. The prevalence of third-party breaches in the reports also highlights the interconnected nature of today’s cybersecurity landscape. Organizations must navigate complex relationships with vendors and partners, adding layers of difficulty to timely and accurate disclosure.
For the SEC’s requirements to truly drive accountability and resilience, companies must adopt more robust frameworks for assessing and communicating the impact of cyber incidents. This approach would not only enhance compliance but also bolster trust among investors and the broader public, reinforcing the importance of transparency in an increasingly digital economy.
SEC Disclosures Up But, Not Enough Details Provided | DarkReading
ENFORCEMENT NEWS
US Arrests Army Soldier Over AT&T, Verizon Hacking
The suspect, Cameron John Wagenius, 20, was arrested in Fort Hood, Texas, under the suspicion of being a cybercriminal who, using the online moniker of Kiberphant0m, had been offering and leaking call records stolen from telecommunication providers AT&T and Verizon.
The arrest came roughly one month after investigative journalist Brian Krebs revealed that a US soldier could be involved in the Snowflake hacking campaign that impacted hundreds of organizations, including Anheuser-Busch, Allstate, Advance Auto Parts, Mitsubishi, Neiman Marcus, Progressive, Santander Bank, State Farm, and Ticketmaster.
Notes
This incident underscores the critical need for organizations to implement robust security measures, including comprehensive insider threat programs, regular audits of access privileges, and continuous network activity monitoring. Prioritizing cybersecurity training and awareness among personnel is equally essential to mitigate risks posed by both internal and external threats. The arrest of Cameron John Wagenius highlights the ongoing battle against cyber threats targeting critical services and underscores the necessity for a proactive, layered defense strategy to safeguard sensitive information from compromise.
As incidents like this come to light, the broader implications for businesses and other aspects of daily life become increasingly evident. It emphasizes that the effectiveness of a cybersecurity program must extend beyond the organization’s own boundaries to include its third-party partners. Evaluating and ensuring the cybersecurity practices of third parties is now a cornerstone of a comprehensive cybersecurity program and data protection strategy.
US Arrests Army Soldier Over AT&T, Verizon Hacking | SecurityWeek
CYBER NEWS
How to Lose a Fortune with Just One Bad Click | KrebsonSecurity
The article serves as a stark reminder of the evolving strategies employed by cybercriminals and the critical need for individuals to employ strong cybersecurity practices to protect their personal information. Users should be cautious of unexpected prompts or requests for sensitive information and should independently verify the authenticity of such communications through official channels even when they appear to be from legitimate sources. Additionally, storing sensitive information, such as cryptocurrency seed phrases, in cloud services linked to email accounts can increase vulnerability; utilizing offline storage methods is advisable.
Cybercrime Gangs Abscond with Thousands of Orgs’ AWS Credentials | DarkReading
This incident underscores the critical importance of robust cloud security practices. Organizations must ensure proper configuration and regular auditing of cloud storage solutions to prevent unauthorized access. Additionally, implementing strong access controls and monitoring for unusual activity can help detect and mitigate such breaches. The fact that cybercriminals themselves fell victim to poor security configurations serves as a stark reminder that vigilance is essential for all users of cloud services.
A Day in the Life of a Prolific Voice Phishing Crew | KrebsonSecurity
Besieged by scammers seeking to phish user accounts over the telephone, Apple and Google frequently caution that they will never reach out unbidden to users this way. However, new details about the internal operations of a prolific voice phishing gang show the group routinely abuses legitimate services at Apple and Google to force a variety of outbound communications to their users, including emails, automated phone calls and system-level messages sent to all signed-in devices.
AI Regulation Gets Serious in 2025 – Is Your Organization Ready? | SecurityWeek
Over the next 12-18 months, organizations will face an increasingly complex landscape of AI compliance frameworks and regulations. While AI adoption accelerates across industries, governments worldwide are advancing legislation to address its risks and usage. For security executives, these frameworks introduce significant challenges in governance, risk management, and compliance planning.
DECODE THE TERMS
DDoS (Distributed Denial of Service) – is a malicious attempt to disrupt the normal functioning of a target, such as a website, server, or network, by overwhelming it with a flood of internet traffic. The attack is “distributed” because it typically involves multiple compromised devices—often part of a botnet—working together to send massive amounts of traffic to the target, making it slow, unresponsive, or completely inaccessible to legitimate users.
An IDS (Intrusion Detection System) – is a security tool designed to monitor a network or system for suspicious activities or potential security breaches. It works by analyzing network traffic, system logs, or other data sources to identify signs of malicious activity, such as unauthorized access attempts, malware, or policy violations. When an IDS detects something unusual, it typically generates alerts so that security teams can investigate and respond. Some IDS solutions are purely passive and only monitor and report, while others can be integrated with active defenses to take automated actions, such as blocking suspicious traffic.
An IPS (Intrusion Prevention System) – is a network security tool designed to detect and prevent malicious activity in real-time. It acts as a proactive defense mechanism that not only identifies potential threats (like an Intrusion Detection System, or IDS) but also takes immediate action to block or mitigate those threats before they can cause harm. An IPS typically sits in the flow of network traffic and inspects data packets as they pass through. If it detects something harmful, such as an exploit attempt, malware, or unauthorized access, it can respond by:
- Blocking the malicious traffic.
- Dropping harmful packets.
- Resetting connections.
- Logging the event for further analysis.
In short, an IPS stops threats before they reach their target, acting as both a watchdog and a gatekeeper for network security.
