ELTENI’S CYBER SCOOP
Latest News
In this newsletter, we highlight the SEC’s rule amendments to Regulation S-P as well as the importance of prompt reporting of cyber incidents.
REGULATORY CORNER
SEC Adopts Rule Amendments to Regulations S-P to Enhance Protection of Customer Information
The amendments require covered institutions to develop, implement, and maintain written policies and procedures for an incident response program that is reasonably designed to detect, respond to, and recover from unauthorized access to or use of customer information. These amendments also require that the response program include procedures for, with certain limited exceptions, covered institutions to provide notice to individuals whose sensitive customer information was or is reasonably likely to have been accessed or used without authorization.
Notes
In today’s digital age, where sensitive information is frequently transmitted and stored during routine financial transactions, ensuring the confidentiality and integrity of such data is paramount for financial institutions. Prompted by technological advancements and escalating cyber risks, the amendment to the Regulation S-P rule aims to strengthen the safeguarding of consumers’ nonpublic personal information. This amendment aligns with other approved and pending rules for financial services firms that aim to enhance cybersecurity protections for themselves and their clients. Highlighted among these initiatives is proactive Incident Response Planning and notification protocols.
SEC Adopts Rule Amendments to Regulation S-P to Enhance Protection of Customer Information | SEC.gov
ENFORCEMENT NEWS
SEC Charges Intercontinental Exchange and Nine Affiliates Including the New York Stock Exchange with Failing to Inform the Commission of a Cyber Intrusion
The Securities and Exchange Commission announced that The Intercontinental Exchange, Inc. (ICE) agreed to pay a $10 million penalty to settle charges that it caused the failure of nine wholly owned subsidiaries, including the New York Stock Exchange, to timely inform the SEC of a cyber intrusion as required by Regulation Systems Compliance and Integrity (Regulation SCI).
According to the SEC’s order, in April 2021, a third-party informed ICE that ICE was potentially impacted by a system intrusion involving a previously unknown vulnerability in ICE’s virtual private network (VPN).
Notes
This incident underscores the critical need for financial institutions to maintain a robust cybersecurity program that proactively addresses vulnerabilities and potential threats. It is essential to report these threats promptly, in compliance with regulatory obligations, to ensure a comprehensive defense strategy. A swift and effective response not only mitigates damage and prevents escalation but can also significantly limit the financial impact on the firm and its clients, protecting their assets and maintaining operational continuity. Moreover, timely incident management preserves trust with stakeholders, demonstrating the institution’s commitment to safeguarding sensitive information. This trust is crucial for maintaining client relationships and reputation in the industry. Proactive cybersecurity measures also encourage continuous learning and improvement within the organization, fostering a culture of vigilance and preparedness.
Enhancing overall cyber resilience involves not just reactive measures, but also preventive strategies, regular risk assessments, and employee training. By integrating these elements into a cohesive cybersecurity program, financial institutions can better anticipate and counteract emerging threats, thereby ensuring long-term stability and security in an increasingly digital financial landscape.
CYBER NEWS
Family offices become prime targets for cyber hacks and ransomware | CNBC
Family offices are increasingly targeted by cybercriminals, with many lacking the necessary staff and technology for defense, according to a survey by Dentons. 79% of North American family offices believe cyberattack risks have significantly increased. In 2023, 25% reported a cyberattack, up from 17% in 2020, and 50% know another family office that has been attacked. Despite this, less than a third have well-developed cyber risk management processes, and only 29% consider their staff training programs sufficient.
Update Chrome Browser Now: 4th Zero-Day Exploit Discovered in May 2024 | The Hacker News
Google recently addresses a high-severity security flaw in its Chrome browser, designated CVE-2024-5274, which was actively exploited by many individuals. The vulnerability is a type of confusion bug in the V8 JavaScript and Web Assembly engine. This vulnerability allows threat actors to execute arbitrary code by accessing resources with incompatible types, potentially leading to out-of-bound memory access and system crashes. This marks the fourth zero-day patched by Google in the last month.
Scammers Fake DocuSign Templates to Blackmail & Steal from Companies | Dark Reading
The rise in phishing emails impersonating DocuSign has been attributed to a thriving underground market for fake templates and login credentials. DocuSign’s popularity, along with its generic email format, makes it an easy target for attackers. Attackers can purchase ready-made templates for as low as $10 and buy stolen login credentials. To mitigate these threats, remain vigilant for suspicious email characteristics, such as unfamiliar senders or links, and to verify the legitimacy of unexpected documents with the sender directly.
Is Your Computer Part of ‘The Largest Botnet Ever?’ | Krebs on Security
The U.S. Department of Justice (DOJ) was able to arrest the individual behind a service deemed “likely the world’s largest botnet ever” by the FBI. The online anonymity service called 911 S5 exploited compromised computers running various free VPN products to facilitate fraudulent activities. The service allowed cybercriminals to route their internet traffic anonymously through compromised computers. It is advised for internet users to check whether their computers may be part of the 911 s5 botnet since more than 19 million computers were affected.
DECODE THE TERMS
Exploit– a program, or piece of code, designed to find and take advantage of a security flaw or vulnerability in an application or computer system, typically for malicious purposes.
Threat- a malicious act that seeks to damage data, steal data, or disrupt computing systems.
VPN (Virtual Private Network) – encrypts internet traffic and routes it through the VPN provider’s server before connecting to a website or another online service.
Botnet– a network of private computers infected with malware and controlled by hackers remotely.
Incident- a digital or physical breach that threatens the confidentiality, integrity, or availability of an organization’s information systems or sensitive data.