Cyber Intelligence Weekly

Cyber Intelligence Weekly (March 19, 2023): Our Take on Three Things You Need to Know

Welcome to our weekly newsletter where we share some of the major developments on the future of cybersecurity that you need to know about. Make sure to follow my LinkedIn page as well as Echelon’s LinkedIn page to receive updates on the future of cybersecurity!

To receive these and other curated updates to your inbox on a regular basis, please sign up for our email list here: https://echeloncyber.com/ciw-subscribe

Also, we are always looking for great people to join our team. If you know anyone who fits the profiles for any of our open positions, drop me a line and let me know!

Before we get started on this week’s CIW, I’d like to highlight a great article from our offensive security testing leaders. As healthcare providers continue to mature their organizations cybersecurity posture, there is a need to graduate from traditional penetration testing to red teaming.

Pen Testing is Not Enough - Red Team Assessments in Healthcare

Away we go!

1. Google’s Mandiant Warns of Stealthy Chinese-Backed Attacks

A new report from Google Cloud’s Mandiant division highlights how China-backed state sponsored attackers are evolving their approaches to infiltrating corporate systems. Rather than going toe to toe with new and improved endpoint detection and response (EDR) systems, threat actors are evolving and targeting other soft spots that modern EDR protections cannot protect, such as firewalls, IoT devices, hypervisors and VPN technologies.

Google’s Mandiant Warns of Stealthy Chinese-Backed Attacks

These attacks are exposing previously undiscovered vulnerabilities in products such as Fortinet, VMware, and Citrix. The attackers are exposing and taking advantage of issues within the firmware or operating systems of these core systems, where modern EDR systems can’t supervise what’s going on. In some cases, the issues were uncovered because the Fortinet devices had a checksum enabled anti-tampering feature enabled and the devices failed to boot due these protections.

Mandiant noted that the organizations being targeted heavily include the following industries, defense industrial base (DIB), government, technology, and telecommunications. These types of attacks are very worrisome as they present major challenges for network defenders and incident responders who typically rely on EDR solutions, as these network appliances lack the means to detect runtime modifications to their underlying firmware and operating systems.

2. Feds Charge NY Man as BreachForums Boss “Pompompurin”

Brian Krebs of KrebsonSecurity released a new story last week about the arrest of the mastermind behind the notorious BreachForums cybercrime forum site. Conor Brian Fitzpatrick aka “Pompompurin” of Peekskill, NY was arrested by the FBI on March 15 under the criminal complaint of conspiracy to commit access device fraud. The full affidavit can be found here.

No alt text provided for this image

Pompompurin has actually been on the FBI’s radar for quite some time after taking credit for the breach of the FBI’s email servers back in 2021 and using the servers to send out false and misleading emails directly from the breached servers themselves. Per the Krebs story, the BreachForums site remains accessible online at the time of writing, but its members are noticeably concerned about their data being now in the hands of FBI officials.

3. SEC Proposes New Requirements to Address Cybersecurity Risks to the U.S. Securities Markets

It has a been a busy run for the SEC, last year they proposed new cybersecurity requirements for public companies, in order to protect investors and provide more information surrounding cyber-attacks and their impact around public companies, including information about how public companies manage cybersecurity risks.

Most recently, the SEC has proposed a new set of cybersecurity requirements for other “market entities” as they call them, specifically calling out broker-dealers, clearing agencies, major security-based swap participants, the Municipal Securities Rulemaking Board, national securities associations, national securities exchanges, security-based swap data repositories, security-based swap dealers, and transfer agents.

These proposed cybersecurity rules would require the market entities to have cybersecurity policies and procedures as well as review and assess the design and effectiveness of these policies and procedures at least annually. In addition to that, the rules would require controls designed to minimize unauthorized access to systems, measures in place to monitor systems, overseeing service provider security, as well as strict incident reporting measures.

Thanks for reading!

About us: Echelon is a full-service cybersecurity consultancy that offers wholistic cybersecurity program building through vCISO or more specific solutions like penetration testing, red teaming, security engineering, cybersecurity compliance, and much more! Learn more about Echelon here: https://echeloncyber.com/about

Sign Up for Weekly Cyber Intelligence Delivered to Your Inbox

Sign up to get Cyber Intelligence Weekly in your inbox.
Latest Intelligence