Tag Archive for: Cyber Threat

Top 4 Cyber Challenges for Credit Unions

Credit unions continue to be the primary targets of cyberattacks like phishing, ransomware, and supply chain attacks. This is due to the highly confidential nature of the data they collect and store. If this data falls into the wrong hands, the outcome can negatively impact the institution’s reputation, as well as its legal and financial standing.

Cyberattacks aimed at credit unions come at a high cost. Financial loss can range from $190,000 for small credit unions to as high as $1.2 million for large credit unions.

As technology advances, so have the cyber threats targeting credit unions. The National Credit Union Administration (NCUA) has continuously encouraged credit unions to “strengthen their institution’s cyber vigilance and preparedness efforts” to protect themselves and their members.

Read on to learn how credit unions can mitigate cybersecurity risks. The key is to first understand the primary threats and then how to reduce their impact.

Cybersecurity Trends in the Finance Sector

Over the last decade, cybercriminals have found creative ways to target credit unions. Attacks have increased in volume and severity, with hacking and malware being deployed to cripple financial institutions. The first half of 2020 saw a 238 percent increase in cyberattacks targeting the finance sector.

Between March and June of 2020, ransomware attacks aimed at banks increased by 520 percent compared to the same period in 2019. A huge spike was also observed in 2021.

In June of this year, several credit unions in Canada discovered evidence of attempted access by unauthorized personnel. A 2020 survey by the National Credit Union Administration (NCUA) found that 46% of credit unions experienced a cybersecurity incident in the past year. Phishing attacks continue to be a major threat to credit unions, with the NCUA reporting that they accounted for over 50 percent of incidents in 2020.

According to a recent IBM report, the average cost of a data breach in 2022 was $4.35 million. The finance sector is a primary attack target, only second to healthcare organizations, with the average financial breach costing $5.97 million. Credit unions, as a result, are increasingly turning to technology to improve their cybersecurity posture.

Credit unions should also be aware of the risk employees or contractors with access to sensitive information pose to cybersecurity. They can potentially misconfigure servers, networks, and databases and become compromised by hackers. Combating this may involve implementing measures such as keeping an updated inventory of cloud resources, reviewing misconfiguration by identifying unintentionally exposed resources, and reviewing security policies.

With large amounts of money at risk, following cybersecurity best practices can help credit unions stay on top of cyber threats.

Common Cyber Challenges for Credit Unions

Credit unions and financial institutions face a wide range of cybersecurity dangers and challenges —  from hackers looking to exploit loopholes to sophisticated cyber warfare/cyber espionage maneuvers of advanced persistent threat (APT) actors.

Learning about the potential risk factors can help credit unions mitigate these risks.

Here are the most common cybersecurity challenges credit unions should be aware of.

Sophisticated Cyberattacks and Ransomware

A ransomware attack, which involves encrypting files and locking users out of their systems, happens every 11 seconds. Criminals then demand a ransom to release the data. Credit unions must have strategies in place to ensure their systems are protected from such attacks.

Ransomware attacks not only cause credit unions to lose large amounts of money in ransom payments and fines; they also erode consumer trust. In most cases, ransomware attacks happen because employees fall for phishing scams that trick them into downloading suspicious attachments, clicking malicious links, or launching sketchy .exe files.

By regularly assessing and analyzing your entire system, you’re better able to spot any new vulnerabilities and emerging threats. It’s also important to educate employees and customers about cybersecurity best practices so they are equipped to handle various types of cyberattacks.

Supply Chain Interruptions via Third-Party Vendors

Credit unions typically use third-party partners to offer better features and functionalities to their members. Cybercriminals take advantage by attacking less secure software vendors. These vendors then inadvertently deliver malicious code in the form of compromised products or updates, enabling cybercriminals to access the credit institution’s network.

To minimize this risk, credit unions should thoroughly vet vendors before entering into a business partnership with them. They should also scrutinize their security practices and perform regular system updates and maintenance to ensure their existing infrastructure performs optimally for the longest time possible.

Emerging Threats Associated with the Internet of Things (IoT)

Hacking techniques are continuously becoming more sophisticated. IoT adoption is increasing exponentially, and hardware assets connected to the internet such as cameras, printers, sensors, and scanners are becoming a major target of exploitation by cybercriminals.

With over 50 percent of all IoT devices susceptible to severe cyberattacks, credit unions should focus on investing in cybersecurity solutions that make it easier to identify all IoT devices connected to their network. This way, they can easily monitor IoT devices for any security issues and take action before the risks become harder to mitigate.

Shortage of Cybersecurity Skills

The demand for cybersecurity experts, especially among credit unions, is outpacing the supply of qualified professionals. According to the 2022 (ISC)2 Cybersecurity Workforce Study, even with an estimated 4.7 million professionals, there’s still a global shortage of 3.4 million workers in this field. This will affect smaller credit unions as they will find it difficult to hire expertise well-versed in various cloud technologies.

Technical skills such as secure software development, intrusion detection, and attack migration are by far the most valuable skills in this field. Security teams in the credit union space must look for innovative solutions to optimize productivity. This includes identifying security tools and technologies that are easy to use and deploy, providing more opportunities for external training, and identifying solutions that streamline cybersecurity processes.

How Credit Unions Can Strengthen Their Cybersecurity

To ensure your credit union has optimal protection against potential cyberattacks, RedSeal recommends a proactive approach by performing regular cybersecurity assessments to identify any loopholes in your system and also ensure proper defenses are in place. These include having an up-to-date inventory, identifying unintended exposures, and setting a security baseline to meet current and future compliance requirements. It’s also important to establish security protocols that follow industry guidelines and continuously apply security patches and updates to the system.

Working with a prioritized set of risks allows security teams to better allocate resources to areas where they’re needed most.

Want to know more about how you can mitigate cyberattacks in your credit union? Check out this white paper on digital resilience and ransomware protection strategies.

Doing More with Less: Consolidating Your Security Toolkit

Cyber threats are fast-evolving, and organizations must stay vigilant at all times to protect their business-critical information from prying eyes. One oversight or outdated control could expose your network to different types of cyberattacks, leading to costly breaches.

Information security has become even more challenging in the past year as organizations had to shift their IT budget to tackle the sudden changes brought on by the COVID-19 pandemic. As the dust settles, many security teams are left with a smaller cybersecurity budget. The constraints are affecting staffing decisions and technology adoption. Today, many IT departments are stretched thin, making it even harder to be proactive about their security measures. However, organizations can consolidate their security toolkits and conserve funds while weathering the storm.

The Problem: Tight Budgets, Reduced Staffing, Increased Threats

To cope with new business demands, many organizations had to restructure their IT budgets, leaving less funding and fewer team members. Meanwhile, the number of cyberattacks has increased significantly since the pandemic. Many organizations had to respond quickly to support remote working, leaving security gaps and vulnerabilities in their networks. Additionally, the proliferation of devices used by remote workers increases the attack surface dramatically while making it even harder for security teams to gain a holistic view of their environments.

Furthermore, the fast pace of digital transformation has accelerated cloud adoption. Yet, cloud security is complex and distributed. There’s an exponential growth in misconfigurations of cloud security settings, which leave sensitive data and resources unintentionally exposed to the public internet.

To plug security holes quickly, companies cobbled together multiple point solutions. While this approach may seem reasonable in a pinch, security teams soon realized they have to piece together data from various sources to analyze threats and parse through duplicate alerts to get to the bottom of an issue. Using multiple security tools is time-consuming and labor-intensive and drastically increases response time.

This heavy reliance on digital assets and processes, along with the complexity of cybersecurity and the distributed nature of cloud computing, has created the perfect storm where threat actors can exploit various vulnerabilities to attack organizations and steal their data.

How Organizations Can Weather the Cybersecurity Storm

Companies are under constant pressure to do more with less when it comes to cybersecurity. But piling on more point solutions will only add inefficiency to already overwhelmed IT resources.

To improve performance on a tight budget, you must direct resources to focus on the interaction between technologies, systems, and processes. You can achieve this most effectively by consolidating your existing security tools into a single pane of glass solution, which gives you a holistic view of your environment.

The Benefits of Consolidating Your Security Toolkit

From saving money to improving your security, here are the advantages of consolidating your cybersecurity tools:

  • Reduce vulnerability. Each security system that connects to your network is a potential vulnerability. Using different tools can actually increase your attack surface and make your IT infrastructure less secure.
  • Lower total cost of ownership. The cost of point solutions can add up quickly. By using fewer tools, you can spend less on these products while saving on training, management, and maintenance.
  • Increase IT productivity. Point solutions often have overlapping functionalities and generate duplicate alerts. IT teams have to spend extra time sorting through all the information before taking action.
  • Reduce resource needs. A consolidated toolkit requires fewer resources to operate and monitor. The streamlined workflows also help free up IT resources to respond to critical issues.
  • Shorten response time. A single pane of glass view helps minimize duplicate or missed alerts, allowing security teams to identify issues and respond more quickly.
  • Improve cost-efficiency. Consolidation and automation simplify IT management so you can perform system backup, maintenance, monitoring, and other essential functions more efficiently.
  • Eliminate silos. Tool sprawl can create silos between teams. A consolidated toolkit helps you improve visibility, enhance collaboration, and gain a holistic understanding of your entire IT infrastructure.

How to Consolidate Your Security Toolkit

Start by designing a strategy, conducting a risk assessment, and performing a gap analysis to identify what you need in a consolidated security solution. Apply security frameworks (e.g., NIST-800 and ISO 27001) and refer to compliance standards (e.g., HIPAA, PCI-DSS, DFARS) to determine your cybersecurity requirements.

Then, take stock of all the features you’re using in the current point solutions. Your consolidated toolkit should cover these functionalities without compromising the ability to safeguard your networks, systems, applications, data, and devices.

Use a solution provider that understands your strategy and can help you design a solution that integrates with your existing infrastructure to reduce friction during implementation and migration. Your partner should also help you address the human change elements during the adoption process by providing training guides and ongoing support.

Strengthen Your Cybersecurity Posture Through Consolidation

There are many benefits to consolidating your security toolkit, including better security, improved IT productivity, and higher cost-efficiency. But not all security solutions are created equal.

To cover all your bases, choose a consolidated solution that addresses these critical aspects:

  • Cloud security. Your toolkit should allow you to visualize all your environments, including public cloud, private cloud, and on-premise servers, all in one place.
  • Incident response. Your solution should help you detect network incidents, facilitate investigations, and offer containment options to minimize loss.
  • Compliance monitoring and reporting. Your security tool should automate monitoring and document any changes you implement to help streamline security audits and compliance reporting.
  • Remote workforce support. Your vendor should ensure that your networks and cloud platforms have the appropriate security configurations to ensure secure remote access.
  • Vulnerability management. Your tool should visualize all network assets, so you can understand the context and focus resources on mitigating risks that are of the highest priority.

RedSeal offers comprehensive cybersecurity solutions in today’s business environment where cyber complexity and threats are rapidly escalating. Global 2000 corporations and government agencies trust us to help them secure their networks and assets.

Watch our demo to see how we can help you get all your cybersecurity needs covered.

CISA and FBI Publishes List of Top Vulnerabilities Currently Targeted by Foreign Sponsored Hacking Groups

RedSeal Cyber Threat Series

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have jointly released a report on the top 10 vulnerabilities consistently being scanned, targeted, and exploited by foreign sponsored hacking groups.

All 10 of the vulnerabilities are known and have patches available from their vendors.

Exploits for many vulnerabilities are available publicly and have been used by various malware and ransomware groups and other nation-state actors.

RedSeal customers should:

  1. Create and run daily reports until all systems with the 10 vulnerabilities are patched
  2. Contact your RedSeal sales representatives or email info@redseal.net for additional details

References:

https://us-cert.cisa.gov/ncas/alerts/aa20-133a

Experts Warn of Attacks on a Cisco ASA Security Flaw due to a new Proof-of-Concept Exploit

RedSeal Cyber Threat Series            

Researchers at Positive Technologies have created a proof-of-concept (PoC) exploit that leverages a 2020 Cisco ASA vulnerability. A Cisco administrator would have to click on a link that takes the unsuspecting user to a web page where the malware is downloaded and the Cisco ASA must not be patched. Cisco released a patch for a Medium Severity web services vulnerability that affects the Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software CVE-2020-3580. This security flaw can allow an unauthenticated attacker to remotely conduct a cross site scripting (XSS) attack against a user of the web services interface.

Enterprises should patch their Cisco ASA Software and Firepower Software as soon as possible.  A successful attack could allow the attacker to execute code or access sensitive browser information.   

RedSeal customers should:

  1. Run a custom best practice check to receive a list of vulnerable devices
  2. Create and run daily reports until all affected systems are patched.

For additional details, contact your RedSeal sales representatives or email info@redseal.net

Cybersecurity Best Practices 

  • Keep your devices patched and up to date 
  • Ensure you are using TLS v1.2 or above; disable lower versions of TLS and HTTP 
  • Disable WebVPN or AnyConnect if not in use on your device  

References 

https://securityaffairs.co/wordpress/119442/hacking/cisco-asa-under-attack.html 

https://nvd.nist.gov/vuln/detail/CVE-2020-3580 

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-xss-multiple-FCB3vPZe   

Old Fortinet Flaws are being used to breach federal and commercial networks


RedSeal Cyber Threat Series
            

The Federal Bureau of investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) have released a joint advisory warning that 3 Fortinet CVEs (CVE 2018-13379, CVE-2020-12812, and CVE-2019-5591) are being leveraged to gain a foothold in government agency and commercial networks to be exploited in the future. The FBI and CISA observed attackers scanning for ports 4443, 8443, and 10443.

Enterprises should immediately patch their FortiOS software and follow the recommended configuration guidance.

RedSeal customers should:

  1. Run a custom best practice check to receive a list of vulnerable devices
  2. Create and run daily reports until all affected systems are patched.

For additional details, contact your RedSeal sales representatives or email info@redseal.net

References:

https://www.ic3.gov/Media/News/2021/210402.pdf

https://www.fortiguard.com/psirt/FG-IR-19-283

https://www.fortiguard.com/psirt/FG-IR-18-384

https://www.fortiguard.com/psirt/FG-IR-19-037

https://kb.fortinet.com/kb/documentLink.do?externalID=FD49410

 

 

F5 Server iControl REST unauthenticated remote command execution vulnerability

RedSeal Cyber Threat Series

F5 has released patches for several BIG-IP and BIG-IQ critical vulnerabilities. CVE-2021-22986 is the most critical since it allows unauthenticated attackers with network access to use the iControl REST interface, via the BIG-IP management interface and self IP addresses, to execute system commands that could lead to complete system compromise. This vulnerability can only be exploited through the control plane and cannot be exploited through the data plane.

RedSeal customers should:

  1. Run a custom best practice check to receive a list of vulnerable devices
  2. Create and run daily reports until all affected systems are patched.

For additional details, contact your RedSeal sales representatives or email info@redseal.net

References:

https://support.f5.com/csp/article/K03009991

https://www.tenable.com/blog/cve-2021-22986-f5-patches-several-critical-vulnerabilities-in-big-ip-big-iq

 

Microsoft Releases Fixes for 4 Zero Day Exchange Server Vulnerabilities

RedSeal Cyber Threat Series

Multiple news sources, security researchers and security agencies have reported on a new attack against tens, if not hundreds, of thousands of Internet accessible Exchange servers configured for Secure Sockets Layer (SSL)/Transport Layer Security (TLS) Outlook Web App (OWA) access. These attacks are being carried out by the China nation/state sponsored hacking group known as Hafnium.

The exploit utilizes 4 Zero Day vulnerabilities in Microsoft Exchange software, three in Exchange and one in Unified Messaging Services.

The four Zero Day Microsoft CVEs are as follows:
• CVE-2021-26855 – allows an attacker to send specific HTTP requests and authenticate to the Exchange Server
• CVE-2021-26857 – insecure deserialization in Unified Messaging allows remote code execution on Exchange sever
• CVE-2021-26858 – post authentication arbitrary file write vulnerability in Exchange
• CVE-2021-27065 – post authentication arbitrary file write vulnerability in Exchange

The result is a persistent web shell that allows attackers to steal data and perform other malicious actions.

RedSeal customers should:

1) Track the Hosts that the vulnerability scanner identifies as Exchange servers (this example was done with Rapid7 data).

2) Report to inventory the existence of hosts with any of the four vulnerabilities required for this exploit

3) Report on the access from subnets indicated as Internet to Exchange servers via TCP 443

4) -optional- Report on the access from ALL subnets to Exchange servers via TCP 443

All of these actions will be performed using the RedSeal Java UI.

For additional details, contact your RedSeal sales representatives or email info@redseal.net

References:
https://cyber.dhs.gov/ed/21-02/

NSA publishes list of top vulnerabilities currently targeted by Chinese hackers

RedSeal Cyber Threat Series

 

The U.S. National Security Agency published a report detailing the top 25 vulnerabilities consistently being scanned, targeted, and exploited by Chinese state-sponsored hacking groups.

All 25 vulnerabilities are known and have patches available from their vendors.

Exploits for many vulnerabilities are available publicly and have been used by various malware and ransomware groups and other nation-state actors.

The first three CVEs of this 25 that should be remediated — especially if open to an untrusted network — are:

  • Citrix Netscaler CVE-2019-19781
  • Windows RDP Exploit (aka Bluekeep) CVE-2019-0708
  • Windows Zerologon CVE-2020-1472)

RedSeal customers should:

 Create and run daily reports until all systems with the 25 vulnerabilities are patched.

 For additional details, contact your RedSeal sales representatives or email info@redseal.net

 References:

https://www.zdnet.com/article/nsa-publishes-list-of-top-25-vulnerabilities-currently-targeted-by-chinese-hackers/

 

High Severity Security Flaw with Cisco ASA: Find It and Prioritize Patching Quickly

RedSeal Cyber Threat Series

Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) have a known vulnerability – CVE-2020-3452. This security vulnerability can allow an unauthenticated attacker to remotely conduct a directory traversal attack as well as read sensitive files on a targeted system.

Exploiting this vulnerability, the attacker can view files within target device’s web services file system. The web services files that the attacker can view may have information such as WebVPN configuration, bookmarks, web cookies, partial web content, and HTTP URLs. There are no workarounds that address this vulnerability.

Enterprises should patch their Cisco ASA Software and Firepower Software as soon as possible.  The web services file system is at risk when the WebVPN or AnyConnect functionality is enabled.  Note: The Cisco ASA or FTD system files or underlying Operating System files are not readable.

RedSeal customers should:

  1. Run a custom best practice check to receive a list of vulnerable devices.
  2. Create and run daily reports until all affected systems are patched.

For additional details, contact your RedSeal sales representatives or email info@redseal.net

 

References