Cyber Intelligence Weekly (June 23, 2024): Our Take on Three Things You Need to Know

Welcome to our weekly newsletter where we share some of the major developments on the future of cybersecurity that you need to know about. Make sure to follow my LinkedIn page as well as Echelon’s LinkedIn page to receive updates on the future of cybersecurity!

To receive these and other curated updates to your inbox on a regular basis, please sign up for our email list here: https://echeloncyber.com/ciw-subscribe
 

Before we get started on this week’s CIW, I’d like to highlight the latest insights from our offensive security in this article: "Packet Paranoia – Manipulating ICMP Packets to Covertly Exfil and Infil Data." Dive into the techniques of ICMP packet manipulation and its resurgence as a covert data transfer method.

Read the full article here! https://lnkd.in/eHEKC34x

Away we go!

1. Cyberattack on CDK Global Disrupts Auto Dealerships Nationwide

In a recent cyberattack, hackers have compromised CDK Global's software systems, impacting auto dealerships across the United States. The hackers, reportedly based in Eastern Europe, are demanding millions of dollars in ransom to halt the attack, according to Bloomberg News. CDK Global, a leading provider of technology solutions for auto dealerships, is considering paying the ransom to restore its services.

Major U.S. auto retailers such as Sonic Automotive and Penske Automotive have reported operational disruptions due to the outage, now in its third consecutive day. Sonic Automotive has managed to keep its dealerships open but noted a significant negative impact on its operations. Penske Automotive's Premier Truck Group, which relies on CDK’s dealer management system, has implemented alternative processes to maintain operations.

Ford and Kia America have also been affected by the CDK system outage. Ford stated that many of its dealers are using alternative processes to continue providing sales and service support to customers. Kia is working with its dealers to mitigate the disruption and maintain business continuity. CDK Global services over 15,000 retail locations across North America, highlighting the extensive impact of this cyberattack on the automotive industry.

CDK has not responded to requests for comments from Reuters. As the situation develops, auto dealerships are striving to minimize disruptions and continue their operations using manual or alternative processes until the issue is resolved.

2. SEC Charges R.R. Donnelley Over Cybersecurity Failures

On June 18, 2024, the SEC charged R.R. Donnelley & Sons Company (RRD) with failing to maintain adequate internal accounting controls, which led to an ineffective response to a ransomware attack. This action, settled with a $2,125,000 civil penalty, marks the SEC's broad interpretation of its authority under Section 13(b)(2)(B) of the Exchange Act. RRD's deficient policies resulted in delayed responses to alerts, culminating in significant disruptions due to encrypted computers and data exfiltration.

This enforcement action highlights the SEC's aggressive stance on cybersecurity failures, even when they do not directly affect financial reporting. This case follows a similar action against SolarWinds Corporation, where the SEC's broad jurisdiction is being legally contested. Two SEC Commissioners dissented, arguing that the SEC overstepped its authority by treating cybersecurity issues as internal accounting control failures.

RRD's internal controls failed to prioritize and address security alerts promptly. The SEC criticized RRD's policies and procedures, noting inadequate oversight of third-party security service providers. Despite RRD's assertion that its financial systems were unaffected, the SEC deemed the company's response measures insufficient under the Exchange Act.

The SEC's expansive reading of its powers under Section 13(b)(2)(B) has significant implications for companies facing cyber breaches. This interpretation suggests that any cybersecurity failure could be deemed an internal accounting controls violation, subjecting companies to potential penalties. The ongoing challenge in the SolarWinds case will be crucial in determining the limits of the SEC's authority in such matters.

3. U.S. Government Bans Kaspersky Software Over Security Concerns

The U.S. government has banned the sale of Kaspersky’s antivirus software to new customers, citing national security concerns. This decision, announced on June 22, 2024, by the Biden administration, restricts Kaspersky from selling its products in the U.S. starting July 20. The company can only provide software updates to existing customers until September 29. The ban, which is the first of its kind under a 2019 authority granted to the Commerce Department, follows longstanding fears that the Russian government could exploit Kaspersky’s software for espionage.

Commerce Secretary Gina Raimondo emphasized the significance of technology in national security, noting the dual-use nature of modern tech and data. The U.S. conducted an extensive investigation into Kaspersky but determined that a complete ban was necessary due to the Russian government's cyber capabilities and potential influence over the company. The ban reflects the ongoing tensions between the U.S. and Russia, exacerbated by Russia's military actions and other aggressive moves on the global stage.

The decision impacts many American businesses and government entities that rely on Kaspersky's cybersecurity tools. The Commerce Department, alongside Homeland Security and Justice, will guide affected organizations to transition smoothly to alternative solutions. Despite the ban, Kaspersky denies posing any security threat and plans to challenge the decision legally.

This move aligns with a broader strategy to fortify U.S. cybersecurity against foreign threats. The Commerce Department will monitor Kaspersky's compliance post-September 29 to ensure the company does not continue operations in the U.S., reinforcing the nation's proactive stance on cybersecurity.

Thanks for reading!

About us: Echelon is a full-service cybersecurity consultancy that offers wholistic cybersecurity program building through vCISO or more specific solutions like penetration testing, red teaming, security engineering, cybersecurity compliance, and much more! Learn more about Echelon here: https://echeloncyber.com/about