2023: Reflections and Way Forward by The Cyber Express

Award Winning World’s Fastest Growing Cybersecurity Company

ISSUE 13

TheCyberExpress

Cyble VISION Beyond

Threat Intelligence

The Best Ai-Powered Threat INtel PLATFORM • Uncover hidden threats. • Predict and prevent attacks. • Empower informed decision-making. • Stay ahead of evolving risks. • Secure your digital ecosystem.

See Cyble Vision in Action

TheCyberExpress

ISSUE 13

Contents 6 FROM THE EDITOR

2023 in Cybersecurity: Reflections and Way Forward

8 SCOOP Manipulating Hacktivist Propaganda to Collect Cyber Behavioral Threat Information

16 CYBERVILLE 5 Best Practices for Implementing Firewalls in Industrial Control Systems

22 REGISTER Navigating Cybersecurity in 2023: The Year’s Best Cyber Threat Intelligence Tools

30 VIEWPOINT Digital Dangers in Medicine: Hackers’ Terrifying Obsession with the Healthcare Industry

36 THE COVER Cyber Chaos 2023: Decoding The Year’s Most Daring Hacks

ISSUE 13

TheCyberExpress

44 HOT SEAT 2023’s Cybersecurity Slip-Ups: Small Mistakes, Big Consequences

50 FORESIGHT ALPHV/BLACKCAT SEC Complaint: A Desperate Move, Pressure Tactic, or Exploiting Regulations?

56 DIGEST Paychex CISO Bradley J. Schaufenbuel Warns: Weak Training = Easy Path for Cyberattacks

62 BOTTOMLINE A Year in Review: The Biggest Cybersecurity Fines in 2023

68 INSIDER 2023 Cybersecurity Lessons from Top Industry Voices

74 PERSPECTIVES Emerging Trends and Challenges in Cybersecurity: Insights from Abul Kalam Azad

TheCyberExpress

ISSUE 13

STAFF

Editorial

Management

Augustin Kurian

Rajashakher Intha

Editor-in-Chief editor@thecyberexpress.com

Head - Marketing & Sales raj@thecyberexpress.com

Avantika Chopra

Ashish Jaiswal

Associate Editor avantika@thecyberexpress.com

Conference Manager ashish.j@thecyberexpress.com

Samiksha Jain

Priti Chaubey

Magazine Producer samiksha.jain@thecyberexpress.com

Content Strategist priti.c@thecyberexpress.com

Ishita Tripathi

Ravi Gupta

Senior Tech Journalist

SEO Analyst

ishita.tripathi@thecyberexpress.com

ravi@thecyberexpress.com

Ashish Khaitan

Vittal Chowdry

Journalist ashish@thecyberexpress.com

Design Lead vittal@thecyberexpress.com

Image credits: Shutterstock & Freepik

*Responsible for selection of news under PRB Act. Printed & Published by Augustin Kurian, The Cyber Express LLC., The publishers regret that they cannot accept liability for errors & omissions contained in this publication, howsoever caused. The opinion & views contained in this publication are not necessarily those of the publisher. Readers are advised to seek specialist advice before acting on the information contained in the publication which is provided for general use & may not be appropriate for the readers’ particular circumstances. The ownership of trade marks is acknowledged. No part of this publication or any part of the contents thereof may be reproduced, stored in a retrieval system, or transmitted in any form without the permission of the publishers in writing.

ISSUE 13

TheCyberExpress

From The Editor’s DESK Augustin Kurian Editor-in-Chief

Dear Readers, As 2023 winds down, The Cyber Express presents a profound reflection on the year in cybersecurity, aptly titled “2023 in Cybersecurity: Reflections and Way Forward.” This issue is a testament to the resilience and ingenuity of the cybersecurity community in a year marked by unprecedented challenges and innovations. Our journey begins with an exploration of “The Year’s Best Cyber Threat Intelligence Tools.” This section serves as a vital guide, showcasing the tools that have been instrumental in navigating the complex cybersecurity landscape of 2023. The year has been a watershed in cyber threat evolution, witnessing the emergence of new adversaries and the resurgence of known groups. Our comprehensive coverage in “The Biggest Cyberattacks of 2023” offers a detailed analysis of these attacks, the tactics used, and the industries affected. It’s a stark reminder of the ever-present threat that looms in the digital realm. Equally important is our examination of the “Biggest Cybersecurity Blunders of 2023.” These stories of seemingly small mistakes escalating into significant incidents underscore the need for diligence and continuous improvement in cybersecurity practices.

A standout feature of this issue is our interview with Bradley J. Schaufenbuel of Paychex. His insights into the evolving cybersecurity landscape, particularly regarding generative AI, zero-trust architectures, and the dynamics of ransomware, provide a forwardlooking perspective on the challenges and opportunities that lie ahead in 2024. We also present a collection of viewpoints from esteemed cybersecurity experts. Their reflections on 2023 and guidance for the future cover a spectrum of topics, from zero-day vulnerabilities to the human aspects of cybersecurity. This diverse array of insights is crucial for understanding the nuances of the field and for preparing to meet future challenges. Adding to our rich tapestry of insights, we feature an interview with Abul Kalam Azad, Head of Information Security at Eastern Bank. His perspective on emerging trends and challenges in cybersecurity offers a unique look into the strategies and concerns at the forefront of the industry. Looking to the future, we explore innovative approaches in “Manipulating Hacktivist Propaganda to Collect Cyber Behavioral Threat Information.” This article delves into new methodologies for understanding and countering cyber threats.

Our focus then shifts to a disturbing trend in “Hackers’ Terrifying Obsession with the Healthcare Industry,” highlighting the vulnerabilities and stakes involved in protecting this critical sector. An essential aspect of our coverage includes a look at “The Biggest Cybersecurity Fines in 2023,” underscoring the legal and financial consequences of failing to secure digital assets and information. This issue is not just a retrospective; it’s a comprehensive guide through the challenges of the past year and a strategic map for the future. It’s our hope that these insights and analyses will serve as invaluable resources for our readers as we collectively navigate the evolving cybersecurity landscape. As we close this year, we at The Cyber Express remain committed to delivering in-depth, actionable insights that empower and inform. Here’s to a safer, more secure 2024 in the world of cybersecurity. Most importantly, we welcome your feedback at editorial@thecyberexpress.com. Stay Informed, Stay Secure. Augustin Kurian Editor-in-Chief The Cyber Express

TheCyberExpress

ISSUE 13

SCOOP

Manipulating Hacktivist Propaganda to

Collect Cyber Behavioral Threat Information - By Tim Pappa

Tim Pappa is a certified former FBI profiler on the Behavioral Analysis Unit, one of the few profilers in the world specializing in cyber deception and online influence. Pappa was also previously assigned to the FBI Cyber Division’s Cyberterrorism Unit, where he oversaw the FBI’s cyber threat programs focused on Middle East and Southeast Asia cyberterrorism.

The broader government and commercial cyber threat intelligence community is missing an opportunity to not only diffuse hacktivist propaganda, but to collect

ISSUE 13

TheCyberExpress

significant cyber behavioral threat information on adversarial hacktivist collectives and personalities that often influence global policymaking.

TheCyberExpress

ISSUE 13

SCOOP

With the return and rise of so-called patriotic hacktivist collectives, including nation states masquerading as Islamic hacktivist brands, there is a growing need to introduce more rigor to attribution, because the involvement of these hacktivist collectives with unclear origins and players often have unanticipated impact have on the daily geopolitical mix. While most cyber threat intelligence involves collection and analysis of forensic and observed anomalous or malicious activity, manipulating hacktivist propaganda content creates a privileged moment to collect unique cyber behavioral threat information. Hacktivist propaganda content is generally created to masquerade as a hacktivist collective, or to promote genuine hacktivist branding or reputation. Manipulating that content so that the brand of that hacktivist is ridiculed, for example, would likely diffuse the influence or disparage the reputation of that hacktivist brand. More importantly, channeling the attention of that hacktivist collective or personalities would likely cause them to engage or respond in some manner, which creates opportunity for collection. Rather than just observing the controlled content created by these hacktivist collectives and personalities or actors masquerading as hacktivists, we would likely see behavioral responses reflecting the emotional and cognitive vulnerabilities of those actors, whomever they are.

ISSUE 13

TheCyberExpress

In my experience, that’s when actors are most likely to make mistakes. This article will introduce a simple model for evaluating content online for manipulation and then behaviorally manipulating that content. This model will be applied to content created by a suspected Gaza-based hacktivist group that targeted Israel in approximately 2020, known as the Jerusalem Electronic Army (JEA). This is a practitioner’s model, based on my experience as one of few former FBI profilers in the world specializing in cyber deception and online influence. Additionally, this model is foundationally based on multi-disciplinary theoretical and analytical frameworks of content evaluation and communication and emotional response.

A Timely Historical Model of Islamic Hacktivist Content The Jerusalem Electronic Army created content online several years ago claiming to have the ability to access and compromise Israeli critical national infrastructure. Israeli security companies at the time in approximately April 2020 suggested the group responsible for those claims on several social media platforms was an Islamic hacktivist group, based in Palestine, who were likely affiliated with the Gaza Cybergang.

While the content from JEA primarily included photos and video of a masked and uniformed in black unknown individual speaking Arabic at a desk with a laptop computer making threats, including the claim of compromising an Israeli water treatment plant, Israeli authorities claimed at that time that there were only attempts to gain unauthorized access to the treatment plant’s network, but no actual known or reported compromise.

Image 1: Jerusalem Electronic Army screen shot The Gaza Cybergang has not been as closely aligned publicly with HAMAS as other hacktivist suspected pro-HAMAS collectives, but the talent pool is limited in Gaza, so arguably any of these hacktivist collectives believed to be based in Gaza could be affiliated with HAMAS actors. An Atlantic Council report at the time suggested the same content from JEA could be an “attribution front” for Iran, masquerading as HAMASaligned or affiliated hacktivist collectives. JEA may have been largely ignored because there was no known evidence of any reported successful attacks against significant targets or identified malware. But even in a historical context where a mostly unknown hacktivist group of some sort like JEA has stopping creating content, there is opportunity to collect cyber behavioral threat information on the users of this content, to further inform attribution and cyber threat intelligence analysis.

A Theoretical Framework for Evaluation of Jerusalem Electronic Army Content Warranting theory helps explain how people evaluate content online, given the potential for manipulation by whomever controls that content or has created that content. People generally judge the warranting value of content online by their perception or evaluation of how likely it is that content has been manipulated in some way to some degree.

TheCyberExpress

ISSUE 13

SCOOP If someone believes content has not been manipulated, they often assign high warranting value, meaning they are more likely to trust that content or they consider that content to be authentic. As an example, researchers studied whether eBay consumers would place more bids and make more purchases of either a stock photograph of a package of golf balls or a photograph taken of a package of golf balls on one of the researcher’s basement rugs. The study found that there were significantly more bids and more purchases of the package of golf balls photographed on the basement rug. Researchers concluded that consumers believed they were more likely to receive the package of golf balls photographed on the basement rug from a real person, rather than a stock photograph which could suggest the package of golf balls was some kind of scam. Consumers evaluated the photograph of the golf balls on the basement rug as less likely to have been manipulated by whomever created and controlled the photograph of the golf balls. When evaluating JEA content within this theoretical framework, arguably there are no identifying characteristics of the individual in this screen shot.

Every cue in this screen shot, including the desk, the laptop, the background, the chair, the uniform including the mask and hat, could be simply replicated by anyone anywhere.

Image 2: Jerusalem Electronic Army screen shot

ISSUE 13

TheCyberExpress

Image 3: Jerusalem Electronic Army logo The logo and font could arguably be replicated graphically or manipulated easily, in terms of creating a similar background or removing written content or font or rewriting the same font. While audiences evaluating this content are likely to believe that a real person is wearing that uniform and is being photographed or filmed making statements, this person could be anyone representing any organization or collective that wants to masquerade as another organization. The simpler the content, the more likely that content has been or could be manipulated. As a contrast, if this same content was created with what appeared to be a distinct Gaza landmark in the background, most audiences would be more likely to believe this was created in Gaza. That landmark would be much more difficult to manipulate into content in some manner, so audiences would likely believe it was less likely the content was manipulated by someone masquerading as a Gaza-based hacktivist collective, for example. Every additional cue, such as movement of the camera where we can see other people or activity in the vicinity of the landmark and hear ambient noise such as wind, makes it more authentic or more difficult to manipulate, for example.

Image 4: Jerusalem Electronic Army screen shot

TheCyberExpress

ISSUE 13

SCOOP

This other content from JEA likewise appears to be commonly available clipart or ‘hacker’ symbology that audiences have likely seen often in all kinds of content online. While this content may have been created to cause audiences to fear JEA, more than likely the content used above was used because it was available or cheap or appeared to be what’s normal.

Applying Other Fields of Research To Warranting Theory Researchers and activists found less than a decade ago that creating or repurposing content created by Islamic State representatives and personalities to make it humorous to audiences outside Islamic State but offensive to audiences inside Islamic State not only channeled the attention of these Islamic State personalities but also the audiences they were trying to reach. Further, the repurposed or manipulated content such as memes of Islamic State soldiers with silly outfits or YouTube videos or an actor portraying the Islamic State leader getting a lap dance was believed to have diffused the influence of Islamic State communications and messaging efforts. Even recently there has been additional research confirming manipulation or creation of emotional content designed to anger the target audience often drives them to share that content.

As an example, above I manipulated one sample of JEA branding by simply crossing out part of their title, and including a mildly humorous renamed title to suggest we know who might really be behind this hacktivist collective. This manipulated content proof-of-concept also suggests whoever is part of this collective may not be as skilled as the corporate cyberterrorist brand. This took me a few minutes.

ISSUE 13

TheCyberExpress

Conclusion When you channel the attention of hacktivist personalities or collectives to this kind of manipulated content, you generally create a need for them to find out who created this and what they know. This is the privileged moment where you can stage other methods to collect and observe how they respond behaviorally to this kind of targeted reputational manipulated content. In my experience, even seasoned cybercriminals who should not click on any link to any content have clicked on links to content I have manipulated, because they had a need to find out more. The drive of curiosity is powerful enough that people will encounter danger to find out more. When you have their attention and hold their attention, you have a public stage for everyone to question their capabilities. In such a heightened, vulnerable space online, there is likely a need for that collective or personalities to respond in some way, if only to gather information on whoever manipulated their content or to vocalize some response that may diminish the influence of that altered content. This is where there is great opportunity to collect cyber behavioral threat information that is both observational and forensic, depending on collection. Strategically, this public reputational issue may influence the leadership of that collective or controlling organization to question the autonomy of their cyber operators. Tim Pappa is a certified former FBI profiler on the Behavioral Analysis Unit, one of the few profilers in the world specializing in cyber deception and online influence. Pappa was also previously assigned to the FBI Cyber Division’s Cyberterrorism Unit, where he oversaw the FBI’s cyber threat programs focused on Middle East and Southeast Asia cyberterrorism.

TheCyberExpress

ISSUE 13

CYBERVILLE

5 BEST PRACTICES FOR IMPLEMENTING

FIREWALLS IN INDUSTRIAL CONTROL SYSTEMS - By Emily Newton

Emily Newton is the Editor-in-Chief of Revolutionized, a science publication focusing on the latest innovations in science, technology, and industry. Specializing in in-depth articles for the industrial and sci/tech sectors, she enjoys researching trends and optimizing content for search engines.

Industrial control systems (ICS) that function well can help companies grow, meet emerging needs and maintain reliability. However, many people overseeing ICS security don’t always establish appropriate firewall rules in their

ISSUE 13

TheCyberExpress

organizations. Here are five actionable ICS firewall best practices for people to consider and follow to avoid cybersecurity incidents.

TheCyberExpress

ISSUE 13

DIGEST CYBERVILLE

Review Existing ICS Firewall Policies A company’s policies related to its ICS firewall will affect how incoming traffic is handled and how effective its overall cybersecurity efforts are in stopping current and future threats. However, as an industrial network grows and changes, more opportunities arise for misconfigurations that can erode overall effectiveness and provide a false sense of security. A 2022 study found that network misconfigurations cost the equivalent of 9% of annual revenue for the average organization. However, the actual costs could be significantly higher. One positive finding from the study was that 96% of those polled prioritize configuration audits for firewalls. However, only 4% of respondents evaluate switches and routers along with their firewalls. These conclusions emphasize that regular audits are critical for ICS security. When firewall misconfigurations go undetected for too long, it becomes more likely that hackers will find them before an organization’s security professionals do. One option is to use specialized products that let people see all firewall configurations on centralized dashboards. That makes it easier to spot and rectify abnormalities or make necessary changes.

Apply Segmentation for Better ICS Security Many ICS networks are segmented to limit potential hackers’ ability to do damage across the whole organization. Cybersecurity professionals may segment systems based on their functions or importance to an organization’s operations. They should use firewalls between each network so only authorized parties can access them. Network professionals can also create and apply granular rules to control traffic between the firewalls. Notifications of unusual activity or access attempts could warn an organization’s cybersecurity team to investigate further. Segmentation can also stop malware from spreading across the network, confining it to a specific area and limiting its damage. Another benefit is that firewalls and network segmentation can protect sensitive data and make identifying people trying to gain unauthorized access easier. John Adams, the co-founder & CEO of Mission Secure, said appropriate network segmentation is a definite factor in how likely hackers are to orchestrate successful attacks. He also noted that most of today’s networks are not segmented enough to stop or reduce the damage cybercriminals cause.

ISSUE 13

TheCyberExpress

If a cybersecurity team leader wants to deploy more network segmentation and firewalls, consulting an external network security expert could help them assess how well the segmentation currently functions and where weak spots exist.

Take a Layered Approach to Firewall Deployment Some business leaders treat cybersecurity as an afterthought or assume hackers won’t target them. However, that could prove a costly and incorrect assumption. Just one data breach costs small- and medium-sized businesses an average of $149,000, and that figure is likely to rise. Cybercriminals constantly plan new attack methods with more widespread and damaging results. Cybersecurity experts suggest using numerous firewalls to make it harder for intruders to breach ICS security. A good starting point is to install physical, hardware-based firewalls as the first lines of defense since they won’t consume system resources. From there, software and cloud-type firewalls can further strengthen a company’s protection against unauthorized access. Firewalls that work in the cloud are virtual options that don’t require installing anything on individual machines. They help rapidly growing companies or organizations that will likely scale up soon. Alternatively, software-based firewalls are installed on each device and control traffic within and outside it. There’s no universally accepted ideal for an organization’s ICS firewall type or number. Therefore, people responsible for securing a company’s infrastructure must take a personalized approach. That requires understanding particulars, including which assets are most at risk, whether an organization operates across one site or several, and if employees work remotely.

Maintain Easily Accessible Logs Network activity logs are critical but often overlooked parts of ICS security. After all, cybersecurity practitioners can’t know something’s amiss if they don’t have data showing them. Firewall logs are some of the many useful pieces of information cybersecurity teams can study to find unusual patterns or other aspects worth investigating. However, some cybersecurity experts say insufficient logging is one of the biggest issues preventing prompt resolution. Plus, having the logs available is only part of maintaining ICS security. Companies must also have enough resources to allow people to sift through the data and look for anything unusual.

TheCyberExpress

ISSUE 13

CYBERVILLE

Fortunately, people can use partially automated tools that examine firewall logs and flag anything strange. Users can also set parameters in many products to immediately detect unusual events. Those are beneficial when a company has had recent ICS firewall issues and cybersecurity professionals must prevent similar events from occurring.

Prioritize Employee Education and Risk Awareness Coverage of ICS firewall best practices doesn’t always explore employees’ roles in protecting a company’s network. However, it’s time for that to change. Some cybersecurity professionals even point out that people act as human firewalls, serving as the final defensive layer. Correctly configured firewalls block intruders. However, they can’t necessarily compensate for employees who fall for social engineering attacks and provide sensitive access information to seemingly legitimate scammers. Many employees might try to circumvent company firewalls blocking their access to specific sites. Alternatively, workers who can remotely access a corporate network from home may turn off their computers’ firewalls while accessing sensitive company resources. One ICS security best practice is to remember that safeguards must encompass on- and off-site locations. Supervisors who get permission to remotely monitor what’s happening within an ICS must understand the importance of configuring home firewalls. Companies that use rolebased access control must remind employees of the importance of not sharing their passwords. People who understand how an ICS firewall works and know their responsibilities in keeping it functioning correctly will likely embrace following best practices and encourage colleagues to do the same.

Utilize ICS Firewalls Well These five best practices ensure organizations can secure their industrial control systems with appropriate, effective firewall deployment. They’ll be able to better protect assets and reduce the chances of successful intrusions.

ISSUE 13

TheCyberExpress

ISSUE 13

NAVIGATING CYBERSECURITY IN 2023: THE YEAR’S BEST

CYBER THREAT INTELLIGENCE TOOLS A

s the year draws to a close, it’s crucial for businesses to reflect on their cybersecurity posture and consider the best cyber threat intelligence tools available to safeguard their digital terrain. Cyber threats continue to evolve rapidly, making it imperative for organizations to stay ahead of potential risks with tools that offer real-time, actionable intelligence.

ISSUE 13

TheCyberExpress

The best cyber threat intelligence tools provide insights into cyber adversaries’ origins, tactics, and strategies, allowing for proactive defense and risk mitigation. Cyber threat Intelligence (CTI) tools are now more essential than ever for companies seeking to strengthen their security defenses effectively. These tools play a crucial role in the collection and analysis of threat data from various external sources, allowing businesses to protect themselves against existing vulnerabilities and stay prepared for potential future threats.

TheCyberExpress

ISSUE 13

The global cyber threat intelligence market has seen substantial growth in recent years. In 2023, the market size for CTI was expected to reach approximately US$11.6 billion, reflecting the increasing reliance on these tools in the realm of cyber defense. This growth indicates a significant leap from previous years. For instance, the market was valued at US$4.24 billion in 2022 and is projected to grow from US$4.93 billion in 2023 to an estimated US$18.11 billion by 2030. This growth trajectory, characterized by a Compound Annual Growth Rate (CAGR) of 20.4% during the forecast period, highlights the expanding scope and importance of threat intelligence in cybersecurity strategies.

cyberattacks as they happen is critical. This ensures that your organization can respond to threats promptly and efficiently. 3.

Threat Analysis: Look for tools that offer sophisticated analytics and machine learning capabilities. These are necessary for analyzing, classifying, and understanding threats, providing you with actionable intelligence.

Integration Capabilities: The tool should seamlessly integrate with other security platforms and tools. This enhances the overall effectiveness of your cybersecurity operations by creating a unified defense system.

Incident Response Automation: Automating routine tasks and processes speeds up incident response times and reduces the burden of manual effort, making your cybersecurity efforts more efficient and effective.

With their help, businesses can develop targeted defense strategies, tailored to the unique challenges of the digital age. Embracing these cyber threat intelligence tools is essential for any organization looking to enhance its cybersecurity posture and safeguard its digital assets.

Threat Indicator Sharing: The ability to share intelligence about threats with trusted partners or peers in your industry is crucial for a collaborative defense strategy, helping to protect not just your organization but the wider community.

Key Considerations in Choosing the Best Cyber Threat Intelligence Tools

Reporting and Collaboration: The tool should offer extensive and customizable reporting capabilities. These are important for enabling effective collaboration between various teams and stakeholders within your organization.

IoC Management: Effective management of Indicators of Compromise (IoCs) is necessary for identifying and mitigating malicious activities before they can spread further across your network.

Moreover, the Threat Intelligence Market is projected to further expand from US$7.22 billion in 2023 to US$13.25 billion by 2028, at a CAGR of 12.90%. This growth underscores a paradigm shift in attack sources, targets, destination attack profiles, and the technologies used in cyber defense. In this comprehensive guide, we delve into the most effective cyber threat intelligence tools of 2023, showcasing their pivotal role in fortifying business defenses against cyberattacks. These tools represent the forefront of cybersecurity solutions, offering advanced capabilities to protect and empower organizations.

In the quest for the best cyber threat intelligence tools, it’s essential to evaluate various features that cater to the dynamic nature of cyber threats. Essential features for cyber threat intelligence tools include: 1.

Data Aggregation: This feature involves gathering and consolidating information from a variety of sources, such as open-source intelligence (OSINT), the dark web, social media, and private data channels. It’s vital for a comprehensive overview of potential threats. Real-time Monitoring: The ability to continuously scan for and identify emerging threats and potential

ISSUE 13

TheCyberExpress

These features are indispensable in any cyber threat intelligence tool you consider, ensuring that the organization stays ahead of cyber threats and maintains a strong security posture.

Top 10 Cyber Threat Intelligence Tools of 2023 Here’s our list of the top 10 cyber threat intelligence tools in 2023, reflecting the latest in technological advancements and strategic capabilities in this rapidly evolving field. 1. Cyble Vision: Cyble’s flagship AI-powered Threat Intelligence platform, Cyble Vision, offers unmatched insight into dark web operations and underground cybercrime networks. The company recently secured a significant investment of US$30.2 million in Series B funding, aimed at enhancing and expanding its AI and Threat Intelligence capabilities. Hailed as the Best Threat Intelligence Platform of 2023, Cyble Vision provides comprehensive risk visibility, proactive monitoring, and deep threat analysis, parsing over 5 billion Darkweb records and 15 billion web pages daily.

It tracks over 5,000 Threat Actors 24/7, with functionalities spanning Threat Intelligence, Attack Surface Management, and more, offering over 40 essential use cases for organizations. You can schedule a demo of this platform to see how it fits your business needs. 2. Cisco Umbrella: Cisco introduces Cisco Umbrella, a top-tier cyber threat intelligence software that ensures robust protection for endpoints, remote users, and various locations. Leveraging advanced threat intelligence, it addresses a range of security needs, including web security, cloud access, and data loss prevention, by integrating crossproduct security data from Cisco’s infrastructure and other sources.

TheCyberExpress

ISSUE 13

3. Anomali ThreatStream: Anomali’s ThreatStream stands out with its ability to harness millions of threat indicators, enabling proactive identification of new attacks and breaches. It’s designed for seamless integration with various security tools, providing essential insights to stay ahead of cyber threats.

4. IBM X-Force Exchange: This leading threat intelligence platform from IBM offers unique insights into cybersecurity threats by combining a vast global security feed with expert human intelligence. It monitors over 25 billion websites and millions of endpoints globally, equipping organizations to effectively counter emerging risks.

5. IntSights TIP by Rapid7: Following Rapid7’s acquisition of IntSights, this platform has become a powerhouse in the industry, blending threat intelligence and advanced technology to provide effective cyber defense measures.

ISSUE 13

TheCyberExpress

6. LookingGlass: LookingGlass excels as a data intelligence platform, collating information from over 80 unique feeds into a comprehensive collections repository. It features a novel threat indicator confidence scoring tool, aiding in rapid risk prioritization.

7. ThreatConnect: Recognized as one of the best threat intelligence softwares, ThreatConnect offers an allencompassing platform, integrating risk quantification, intelligence, automation, and analytics to transform complex data into clear, actionable insights.

8. RecordedFuture: This advanced tool automates the entire intelligence process, from data collection to in-depth analysis and reporting, providing deep insights into various cyber threats.

TheCyberExpress

ISSUE 13

9. ThreatQuotient’s ThreatQ: ThreatQ by ThreatQuotient provides a dynamic and flexible environment for effective cyber threat management and analysis, addressing the evolving challenges in cybersecurity with its proactive defense platform.

organizations can ensure they are well-prepared to face the evolving threats of the digital age, keeping their data and operations secure. This new era of cyber threats requires tools that do more than just react to known threats; they need to anticipate potential future attacks. It’s about developing systems that not only respond to incidents as they occur but also provide insights into what could happen next. This foresight is invaluable for organizations to stay a step ahead and prepare for threats that are still on the horizon. The role of technology, particularly AI and machine learning, in enhancing these tools cannot be overstated. However, it’s not just about the technology itself but how we use it.

10. ThreatMiner: As a leading cyber threat intelligence tool, ThreatMiner specializes in collecting, analyzing, and visualizing threat intelligence from a multitude of sources, utilizing advanced data mining techniques for effective threat identification and processing.

These technologies allow us to sift through enormous amounts of data quickly and identify patterns that might indicate a looming threat. But it’s the human expertise in interpreting these patterns and translating them into actionable strategies that makes the difference. Customization is another key factor in the effectiveness of cyber threat Intelligence tools. Every organization is unique, with its own set of challenges and vulnerabilities. The most effective tools are those that can be tailored to meet these specific needs, rather than a generic solution that might not address all the nuances of a particular organization’s threat landscape.

Preparing for the Future with the Best Cyber Threat Intelligence Tools As cyber threats evolve, the importance of innovation in the realm of cyber threat Intelligence tools becomes increasingly evident. The landscape of cyber threats in 2023 was markedly different from previous years, with sophisticated attack vectors and tactics emerging constantly. This dynamic environment necessitates tools that are not only reactive but also predictive in their approach, offering foresight into potential threats and vulnerabilities. As we look towards the future, the significance of equipping businesses with the best cyber threat Intelligence tools cannot be overstated. The tools listed in this article represent the pinnacle of innovation and effectiveness in cybersecurity. By choosing the right tool,

ISSUE 13

TheCyberExpress

Additionally, the fight against cyber threats is not one that any organization can handle in isolation. Collaboration is vital. Sharing insights and strategies with others in the cybersecurity community can strengthen everyone’s defenses. This collaborative approach is facilitated by modern cyber threat Intelligence tools, which make it easier to share information and coordinate responses across different teams and organizations. In summary, as we move through 2023 and beyond, the landscape of cyber threats will continue to evolve, and so must our approaches to dealing with them. Innovation in cyber threat Intelligence tools is no longer a nice-to-have; it’s a necessity. The future of cybersecurity will be defined by tools that are predictive, adaptable, and collaborative, empowering us to protect our digital environments more effectively than ever before.

TheCyberExpress

ISSUE 13

VIEWPOINT

Digital Dangers in Medicine: Hackers’ Terrifying Obsession with the Healthcare Industry - By Samiksha Jain Cybercriminals, in a strange twist of fate, have developed a worrying fixation on the very core of our society—the healthcare sector. This peculiar ‘romance’ between the inherent vulnerabilities of healthcare infrastructure and the unyielding attention of cyberattackers is concerning. In the first three months of 2023 alone, the U.S. government’s Office for Civil Rights (OCR) within the healthcare industry. This statistic not only raises eyebrows but also highlights a pressing concern: the healthcare sector remains a prime target for cybercriminals, and the intensity of their pursuits shows no signs of abating.

ISSUE 13

TheCyberExpress

As we delve into the intricate web of this unforeseen love story, it’s clear that the healthcare sector is fighting a dual battle: combating diseases and simultaneously facing a hidden adversary in the shape of relentless cyber threats. In this article, we unravel the nuances of “Hackers’ Love for Healthcare,” exploring the reasons behind the surge, the vulnerabilities exposed, and the looming challenges that cast a shadow over the realm of patient data and digital health security.

TheCyberExpress

ISSUE 13

VIEWPOINT

The Rising Trend The Ponemon Institute’s study exposes a disconcerting reality: a staggering 88% of healthcare organizations experienced an average of 40 cyberattacks in the past 12 months alone. This uptick in incidents not only amplifies the risks to patient data but also sends shockwaves through the very core of care delivery. The financial toll is equally distressing, with the average cost of disruption to normal healthcare operations reaching US$1.3 million—a significant 30% spike from the preceding year. What’s more, the single most expensive cyberattack incurred an average total cost of US$4.9 million over the past 12 months, underlining the magnitude of the financial havoc wreaked by these digital assaults. The shift in focus is glaringly evident in the statistics: 64% of healthcare organizations faced supply chain attacks in the past two years, with a staggering 77% acknowledging the resultant impact on patient care. As if that weren’t enough, cloud compromises have become a recurrent nightmare, with 63% of organizations grappling with an average of 21 compromises over the same period. These numbers paint a vivid picture of a sector besieged by cyber adversaries, forcing us to confront the unsettling reality of the hackers’ newfound love affair with healthcare in 2023.

Why Hackers are Zeroing in on Healthcare The primary magnet for cybercriminals is the treasure trove of private patient information stored within hospital databases. This confidential data has evolved

ISSUE 13

TheCyberExpress

into a lucrative commodity, fetching substantial amounts in the digital underworld. The implementation of GDPR this year has added urgency to the need for hospitals to fortify their cybersecurity defenses, given the staggering financial penalties for noncompliance and the potential costs associated with retrieving data from ransomware attacks. For example, one of the major distributors of dental supplies, Henry Schein Inc., has fallen victim to a significant data breach affecting its core systems, including distribution and ecommerce. The company, with sales reaching US$12.6 billion in 2022, recently regained online functionality after the cyberattack on October 14. The incident led to a delay in filing the third-quarter earnings report, and Henry Schein anticipates filing an insurance claim in 2024 with a $60 million after-tax claim limit. Despite challenges, the company expressed gratitude for customer support and acknowledged the prevalence of cyber issues in the healthcare sector. Moreover, the proliferation of medical devices, such as x-rays, insulin pumps, and defibrillators, introduces a new frontier for attackers. While these devices serve critical functions in modern healthcare, security often takes a back seat in their design. Hackers recognize them as vulnerable entry points, exploiting them to compromise servers holding valuable patient information. The consequences can be dire, ranging from unauthorized access to other network devices to the installation of costly ransomware, hindering healthcare organizations’ ability to deliver essential, life-saving treatments.

The healthcare industry’s reliance on remote access further amplifies its susceptibility to cyber threats. Collaborative working, a cornerstone of effective patient care, necessitates accessing information from diverse locations and devices. Unfortunately, this flexibility opens up opportunities for attacks, especially when staff members, under the pressures of their demanding schedules, may not adhere to cybersecurity best practices. This lack of awareness and the absence of comprehensive cybersecurity education for healthcare professionals create an environment where even basic security measures are overlooked. Compounding the issue is the resistance to adopting new technologies among healthcare staff, who are already burdened with tight deadlines and long working hours. This reluctance to disrupt familiar workflows leaves vulnerabilities unaddressed, making it easier for hackers to exploit the system. Furthermore, the sheer number and diversity of devices used in hospitals make it challenging for IT specialists to stay ahead of evolving security threats. The complexity of healthcare information systems, coupled with staff constraints, leaves the industry grappling with the monumental task of safeguarding vast amounts of sensitive data. Interestingly, the vulnerability of healthcare organizations extends across the spectrum, impacting both large enterprises and smaller entities. While larger organizations present an attractive target due to the vast amounts of data they hold, smaller enterprises with limited security budgets are perceived as easier prey, offering a potential backdoor-access opportunity for hackers seeking to target larger entities.

The situation is exacerbated by outdated technology within the healthcare industry, where legacy systems and budget constraints hinder the adoption of advanced cybersecurity solutions. Even with the backdrop of technological advances, the reluctance to embrace new cybersecurity measures echoes through the healthcare corridors. The resistance to change, fueled by the demanding schedules of overworked staff, leaves the door wide open for hackers to waltz in and exploit the status quo.

So, What are the Unconventional Methods Employed by Hackers Beyond the typical strategies, cybercriminals exploit the critical nature of medical devices, using them as unsuspecting conduits for infiltration. These hackers recognize the interconnected nature of healthcare systems and exploit the complexity, maneuvering through the vast network of devices to access sensitive patient data.

Additionally, social engineering tactics become a weapon of choice, preying on the human element within healthcare organizations. Manipulating staff through phishing schemes and exploiting their limited cybersecurity knowledge, hackers navigate their way into the heart of healthcare networks. This tactic challenges traditional security measures, urging the healthcare industry to adopt innovative defenses that can anticipate and thwart these elusive cyber threats.

TheCyberExpress

ISSUE 13

VIEWPOINT

Securing Health: A Collaborative Approach to Cyber Defense Now the question is how to protect this sector? To fortify the healthcare sector against the escalating cyber threats, implementing robust measures and strategies is imperative. First and foremost, comprehensive cybersecurity training programs must be instated for healthcare staff, ensuring they are well-versed in the latest cybersecurity best practices. This includes educating them on the risks associated with remote access and fostering a culture of heightened awareness. Additionally, healthcare organizations should prioritize the adoption of advanced cybersecurity solutions specifically tailored to the intricacies of the medical field. A crucial aspect of enhancing cybersecurity in healthcare is fostering collaboration between the industry and cybersecurity experts. This partnership can yield invaluable insights into emerging threats and the development of tailored defense mechanisms. Cybersecurity experts can conduct regular assessments of healthcare systems, identifying vulnerabilities and implementing proactive measures to thwart potential attacks. Moreover, joint efforts can lead to the creation of industry-wide standards and protocols that ensure a unified and fortified defense against cyber threats. In an era where cyberattacks are ever evolving, the synergy between the healthcare sector and cybersecurity experts becomes a formidable shield, safeguarding not only patient data but the very foundation of efficient and secure healthcare delivery. Through ongoing collaboration and a commitment to staying one step ahead of cyber adversaries, the healthcare industry can create a resilient cybersecurity framework that stands as a bulwark against the unconventional tactics employed by hackers.

FDA’s New Rules: Securing Medical Devices Against Cyber Threats In response to long-standing concerns about the vulnerability of internet-connected medical devices to cyberattacks, the Food and Drug Administration (FDA) is now mandating specific cybersecurity measures. According to recent FDA guidance, applicants for new medical devices must submit a comprehensive plan addressing the monitoring, identification, and resolution of cybersecurity issues.

ISSUE 13

TheCyberExpress

The plan must offer “reasonable assurance” of the device’s protection. Additionally, applicants must commit to providing regular security updates, especially in critical situations, and furnish the FDA with a “software bill of materials,” detailing all software, including open-source components, used in their devices. These security requirements, effective due to the federal omnibus spending bill signed by President Joe Biden in December, mark a significant step in fortifying the cybersecurity of medical devices, with the FDA obligated to update its guidance every two years under the new law.

Forecasting the Next Wave As we peer into the future of cybersecurity, anticipating the next wave of threats in healthcare, the terrain unfolds as both daunting and promising. Forecasts point to an intensification of sophisticated cyber threats targeting the healthcare sector’s vulnerable underbelly. As technology advances, so too do the strategies of attackers, highlighting the imperative of perpetual vigilance. The emergence of technologies like artificial intelligence and blockchain offers opportunities to strengthen defenses, yet they also introduce new battlegrounds. The pivotal question arises: Can the healthcare industry swiftly adopt these innovations and outpace cyber adversaries? Only time will reveal the answer. In response to these projections, the healthcare sector must evolve and adopt state-of-the-art solutions to outmaneuver cyber threats. Robust cybersecurity frameworks, leveraging advancements in machine learning and behavioral analytics, become indispensable. Simultaneously, cultivating a culture of cybersecurity awareness and education among healthcare professionals stands as a crucial defense. Striking a delicate balance between harnessing cutting-edge technologies and mitigating associated risks is paramount for the industry’s forward trajectory. Amidst uncertainties, it is our collective responsibility to maintain vigilance, propel innovation, and fortify defenses against the ever-evolving landscape of cybersecurity challenges in the healthcare domain.

TheCyberExpress

ISSUE 13

THE COVER

CYBER CHAOS DECODING THE YEAR’S MOST DARING HACKS - By Ashish Khaitan

The year 2023 stands as a pivotal moment in the ongoing evolution of cyber threats. Witnessing the emergence of new threat actors and the resurgence of previously banned groups targeting global organizations, the cyber landscape in 2023 has borne the brunt of a relentless onslaught. Given the widespread reliance on digital technologies, this era has provided an ideal environment for cybercriminals and state-sponsored hackers to exploit

ISSUE 13

TheCyberExpress

vulnerabilities. Faced with this escalating threat landscape, the cybersecurity industry has been compelled to take decisive action in order to mitigate these risks. The Cyber Express delve deep into the significant cyberattacks of 2023, unraveling the tactics employed, the industries affected, and drawing critical lessons that will shape future cybersecurity efforts.

TheCyberExpress

ISSUE 13

THE COVER

2023: The Gargantuan of Cyberattacks and Data Breaches In 2023, the world experienced a concerning surge in cyberattacks, with data breaches and security lapses becoming frequent headline fodder. The sheer scale and sophistication of these attacks presented formidable challenges for organizations, governments, and individuals alike. The widespread dependence on digital technologies created an ideal environment for cybercriminals to exploit vulnerabilities, resulting in a global upswing in cyberattacks. This surge has already left a noticeable mark on cyberspace and security.

The Saga of MOVEit Cyberattacks One of the most notorious cyberattacks of 2023 was the series of breaches leveraging Progress Software’s MOVEit Transfer file management program. The attacks, carried out by a group known as “cl0p,” compromised data over hundreds of organizations globally, affecting nearly 40 million people. MOVEit Transfer, a widely used file management tool, became the entry point for hackers to access sensitive data such as social security numbers, medical records, and billing information. The ripple effect of the MOVEit cyberattacks extended across diverse sectors, emphasizing the interconnected nature of digital systems. Educational institutions, government agencies, healthcare providers, financial institutions, and media organizations fell victim to the breaches. The widespread impact, unfortunately, led to a global privacy disaster resulting from a single software flaw. Following the disclosure of the breaches, organizations and cybersecurity firms mobilized to mitigate the damage and prevent further exploitation. Progress Software issued patches to address the vulnerabilities in MOVEit Transfer, and many organizations were able to deploy these patches before falling victim to the attacks. Incident response firms and cybersecurity outlets played a crucial role in helping organizations detect, respond to, and recover from breaches. However, the hackers, cl0p, continued to be aggressive in their data extortion tactics, posing an ongoing threat to the affected organizations.

ISSUE 13

TheCyberExpress

Here is a quick look at some other major cybersecurity incidents we faced this year: •

The notorious hacking group KelvinSecurity Team claimed to have acquired and offered for sale on the darknet a database containing the information of 384,319 BMW car owners in the UK.

•

Kathmandu police arrested eight individuals who hacked bank accounts by distributing a fake app, Nepali Keti, via WhatsApp and subsequently stole money from those who downloaded it.

•

The U.S. Marshals Service, the oldest U.S. federal law enforcement agency, disclosed being targeted in a cyberattack, resulting in the theft of sensitive data.

•

T-Mobile reported a breach exposing the personal data of 37 million customers, with an unidentified intruder accessing and stealing information, including addresses, phone numbers, and dates of birth, in late November.

•

Microsoft has warned of a zero-day vulnerability affecting all Windows OS versions, posing a risk of enabling attackers to bypass a browser sandbox and attain system-level privileges.

•

An unauthorized actor executed a social engineering attack on Mailchimp staff, gaining access to specific accounts using compromised employee credentials; the incident, as per current investigations, is confined to 133 Mailchimp accounts.

•

The PayPal hack occurred through credentialstuffing attacks, where hackers used bots to try combinations of usernames and passwords obtained from data leaks, including the dark web, to access user accounts.

leading to the publication of a database containing information on over 200 million Twitter users on a prominent hacker forum. •

In March 2023, AT&T reported a data breach, notifying 9 million customers that their data had been exposed due to an attack on a third-party vendor.

•

The hacktivist group ‘KillNet,’ known for targeting the U.S. healthcare industry, actively focusing on the health and public health sector, utilizing DDoS attacks, and maintaining public channels for recruitment and attention.

The Kodi Foundation forum experienced a data breach, revealing the personal information of over 400,000 users; the non-profit organization, known for developing the Kodi media center, a free and open-source software entertainment hub, and media player, was affected.

•

JD Sports revealed that potentially accessed information by hackers encompassed names, billing and delivery addresses, phone numbers, order details, and the final four digits of payment cards for approximately 10 million unique customers.

Luxottica confirmed a data breach after online reports, attributing it to a security incident with a third-party contractor handling customer data, which exposed information such as names, email IDs, phone numbers, addresses, and dates of birth.

•

On July 21, 2023, the University of Minnesota discovered that someone claimed to have posted admissions, race, and ethnicity information from a university database on the internet in July 2023.

•

The UK Electoral Commission disclosed it had fallen victim to a “complex cyberattack,” leading to hackers accessing reference copies of electoral registers, containing the names and addresses of 40 million people.

The LockBit ransomware group, linked to Russia, claimed responsibility for a cyberattack on an ION Group division, impacting 42 clients in Europe and the United States, leading to manual processing of trades by affected banks and brokers.

Connectivity Source experienced a breach in April, with an unknown attacker obtaining employee data, including names and social security numbers, totaling around 17,835 records from across the U.S., as Connectivity operates exclusively as a white-labeled T-Mobile US retailer. In January 2023, a Twitter data breach occurred,

TheCyberExpress

ISSUE 13

THE COVER

•

The MOVEit attack exploited a flaw in the MOVEit managed file transfer service, a tool widely used by organizations for securely transferring sensitive files. 23andMe, a major U.S. biotechnology and genetic testing firm, had data from over 1.3 million Ashkenazi Jew and Chinese users compromised in a data-scraping incident.

•

Capital One, a major U.S. bank holding firm, confirmed that data from over 16,500 customers was exposed in the February cyberattack targeting the Pennsylvania-based debt purchasing company NCB Management Services.

•

PharMerica reported a data breach to the Office of the Maine Attorney General, stating that hackers infiltrated their system on March 12th, 2023, and stole personal information, including full names, addresses, dates of birth, social security numbers (SSNs), medications, and health insurance details of 5,815,591 individuals.

Which Industries Felt the Burnt Most Throughout 2023, several highprofile cyberattacks made headlines, showcasing the adaptive tactics and techniques employed by cybercriminals. Let’s explore some of the most influential breaches that occurred during this period.

ISSUE 13

TheCyberExpress

The finance sector bore the brunt of cyberattacks in 2023, with hackers targeting banks and financial institutions worldwide. One notable breach occurred when a sophisticated hacking group gained access to a major global bank’s network, compromising customer data and causing widespread panic. The healthcare industry was not spared either with relentless cyberattacks, exposing sensitive patient information and disrupting medical services. Hackers exploited weaknesses in healthcare systems, causing significant disruptions and compromising patient privacy. The ramifications of these attacks were far-reaching, with hospitals and healthcare providers struggling to recover from the financial and reputational damage. Government entities became prime targets for cyberattacks in 2023, as hackers sought to exploit vulnerabilities for political gain. These attacks aimed to compromise sensitive government data, disrupt operations, and undermine public trust. The breach of a government agency’s network exposed classified information, raising concerns about the security of critical infrastructure and national security. Cyberattacks targeting manufacturing and industrial systems also posed a significant threat in 2023. Hackers exploited vulnerabilities in supply chain networks, gaining unauthorized access to production systems and disrupting operations. These attacks had severe consequences, resulting in financial losses, reputational damage, and potential safety hazards.

Government Involvement in Cyber Defense Governments around the world faced the challenge of defending critical infrastructure in the wake of newer state-sponsored cyber threats. The Russian invasion of Ukraine showcased the use of cyber operations for wartime advantage, with government-backed attackers targeting Ukraine’s government, military, and civilian infrastructure. The invasion also triggered a notable shift in the Eastern European cybercriminal ecosystem, with some groups splitting over political allegiances and others adapting their tactics to the evolving geopolitical powers. The dynamic cyberspace demanded continuous adaptation and innovation in cybersecurity measures. The COVID-19 pandemic and remote work arrangements created new vulnerabilities, exploited by ransomware-as-a-service gangs like Doppelpaymer and REvil. These groups employed various tactics, including ransomware attacks and data exfiltration, to extort victims and disrupt operations. State-sponsored actors engaged in information operations (IO) and propaganda campaigns to shape public perception and achieve their strategic objectives. Russia, in particular, utilized a range of tactics, from overt state-backed media to covert platforms and accounts, to undermine the Ukrainian government, fracture international support for Ukraine, and maintain domestic support for the war.

TheCyberExpress

ISSUE 13

THE COVER

The economic repercussions of cyberattacks cannot be understated either. The estimated loss to cybercrimes in 2023 was projected to reach $8 trillion, a staggering amount that surpassed the GDP of many countries, reported Cybercrime Magazine. The financial impact extended beyond the immediate costs of recovering from breaches and securing systems. The loss of customer trust, regulatory fines, and reputational damage were significant consequences faced by organizations affected by cyberattacks. The interconnected nature of the global economy meant that a single breach could have far-reaching consequences for multiple stakeholders.

Extracting Insights, Enhancing Preparedness The cyberattacks of 2023 served as a wake-up call for organizations, governments, and individuals to prioritize cybersecurity. Timely patching, multi-factor authentication, employee training, and incident response planning became imperative. Collaboration between governments, companies, and security stakeholders became essential for sharing threat intelligence and coordinating defense efforts. Businesses, regardless of size or industry, must proactively safeguard their digital assets against cyber threats. Implementing robust cybersecurity measures, such as network segmentation, encryption, regular vulnerability assessments, and employee awareness training, can significantly enhance resilience. Collaborating with reputable cybersecurity firms and staying informed about emerging threats are critical components of an effective strategy. The year 2023 witnessed a surge in cyberattacks, with the MOVEit cyberattacks being among the most notable. These breaches highlighted vulnerabilities in interconnected systems and underscored the need for enhanced cybersecurity measures. By prioritizing cybersecurity, investing in advanced technologies, and fostering collaboration, we can strive to create a safer digital space. Moving forward, lessons learned from the cyberattacks of 2023 should guide the development of robust cybersecurity strategies to address the sophisticated techniques of threat actors and enemies.

ISSUE 13

TheCyberExpress

ISSUE 13

HOT SEAT

2023’S

CYBERSECURITY SLIP-UPS: SMALL MISTAKES, BIG CONSEQUENCES - By Ashish Khaitan Within the intricate landscape of cybersecurity, the year 2023 unfolds as a double-edged sword, where the interplay of innovation and vulnerability takes center stage. Amidst the rush of organizations to embrace the digital era, the perils of cybersecurity have escalated to new levels.

ISSUE 13

TheCyberExpress

The Cyber Express brings you the cybersecurity blunders of 2023 —a narrative weaving through seemingly inconspicuous missteps that, like a cascading series of dominos, evolve into significant cybersecurity incidents.

Embarking on an exploration of minor mistakes with far-reaching consequences, we untangle the threads connecting human errors to the challenges faced by individuals, businesses, and governments in a relentless race against time.

TheCyberExpress

ISSUE 13

HOT SEAT

MOVEit cyberattacks: A Mass Hack with Far-Reaching Consequences In June 2023, a mass hack of the file transfer tool MOVEit set the cybersecurity world upside down. This breach impacted over 200 organizations and approximately 17.5 million individuals, including federal agencies such as the Department of Energy, Department of Agriculture, and Department of Health and Human Services. The attack also targeted numerous international entities, as well as schools across the United States. The breach originated from a security vulnerability in MOVEit’s software, which allowed hackers to gain unauthorized access to sensitive data. Although the flaw was patched once identified, the damage had already been done. The Russia-linked Clop ransomware group claimed responsibility for the breaches and threatened to publish the stolen information on the dark web. Lesson learned: Conducting regular and proactive vulnerability assessments is essential for identifying and addressing security flaws before they can be exploited by cybercriminals.

T-Mobile: A Repeat Offender in Data Breaches

Yum! Brands: Fast Food Giants Fall Victim to Cyberattack Yum! Brands, the parent company of popular fast food chains KFC, Taco Bell, and Pizza Hut, faced a cyberattack in January 2023. Initially, it was believed that only corporate data was compromised. However, further investigation revealed that employees’ data may have also been breached. The attack led to the closure of nearly 300 locations in the UK and resulted in financial losses for the company. Yum! Brands responded by implementing additional security measures, notifying affected employees, and offering complimentary monitoring and protection services.

T-Mobile, a prominent telecommunications company, experienced not one but two data breaches in 2023. In May, it was announced that over 800 customers’ PINs, full names, and phone numbers were exposed in the second breach.

Lesson learned: Comprehensive cybersecurity measures should encompass both corporate and employee data to prevent potential breaches.

This incident marked T-Mobile’s ninth data breach since 2018, highlighting the company’s struggles in safeguarding customer information. The first breach occurred in January 2023, when a malicious actor gained access to T-Mobile’s systems and stole personal information, including names, emails, and birthdays, from over 37 million customers. The company incurred significant expenses as a result, including a $350 million settlement related to a previous data breach in 2021.

ChatGPT: AI’s Setback in Late March

Lesson learned: For companies managing substantial volumes of sensitive customer data, ongoing enhancement of cybersecurity measures is imperative for safeguarding against potential threats.

ISSUE 13

TheCyberExpress

ChatGPT, an AI-powered chatbot developed by OpenAI, encountered a setback in late March when a data breach was announced. The breach exposed users’ first and last names, email addresses, payment addresses, and the last four digits of credit card numbers. However, full credit card numbers were not compromised. OpenAI promptly notified impacted users, confirmed their email addresses, and strengthened security measures to prevent future breaches. This incident further fueled skepticism surrounding AI and its potential vulnerabilities. Lesson learned: As AI technologies become more prevalent, it is crucial to prioritize data security and regularly assess potential vulnerabilities.

Chick-fil-A: A Breach of Trust

Activision: Breach via SMS Phishing Attack

MailChimp: Social Engineering Breach

In March 2023, the popular fast-food chain Chick-fil-A confirmed a data breach that exposed customers’ personal information through its mobile app. Unusual login activity led to the discovery of the cyberattack, which was traced back to the unauthorized use of email addresses and passwords obtained from a third party.

In February 2023, video game publisher Activision fell victim to a data breach that originated from an SMS phishing attack. The attacker targeted an HR employee, gaining access to employee data, including email addresses, cell phone numbers, salaries, and work locations. The breach also exposed the company’s 2023 release schedule.

In January 2023, the popular email marketing platform MailChimp alerted its customers to a data breach resulting from a social engineering attack. Unauthorized users gained access to an internal customer support tool, compromising employee information and credentials.

While less than 2% of customer data was breached, Chickfil-A took immediate action by increasing online security and monitoring. The company also offered reimbursements for any unauthorized transactions and advised affected customers on securing their accounts.

Although Activision swiftly addressed the breach, it highlighted the importance of employee awareness and ongoing security training to prevent successful phishing attempts. Under California law, companies must alert affected individuals if 500 or more employees’ data is breached.

Lesson learned: Continuous monitoring and proactive measures are necessary to detect and respond to unusual activity that may indicate a data breach.

Lesson learned: Regular employee training and awareness programs are crucial to mitigating the risks posed by phishing attacks.

Upon learning about this unauthorized access, MailChimp identified and suspended the compromised accounts, while continuing to investigate the incident. The company emphasized the importance of ongoing efforts to protect its platform and prevent future breaches. Lesson learned: Robust identity and access management systems are essential for preventing unauthorized access and mitigating the impact of data breaches.

TheCyberExpress

ISSUE 13

HOT SEAT

Norton Life Lock: “Stuffing” Attack Consequences In mid-January, Norton Life Lock, a leading cybersecurity company, notified its customers of a data breach that affected over 6,000 accounts. The breach occurred due to a “stuffing” attack, where previously compromised passwords were used to gain unauthorized access to accounts. Norton Life Lock promptly informed the affected customers, recommending password changes and enabling two-factor authentication for enhanced security. The incident highlighted the importance of multi-factor authentication in protecting against such attacks.

Lesson learned: Multi-factor authentication is a valuable defense mechanism against cyberattacks that exploit compromised passwords.

Extracting Lessons from Key Incidents The cybersecurity fumbles of 2023 are a wakeup call for organizations of all sizes, revealing how seemingly minor slip-ups can trigger significant fallout, from data breaches to ransomware nightmares. In the digital realm, cybersecurity isn’t a mere checkbox but a critical priority. Businesses must proactively fortify their defenses, embracing continuous vulnerability assessments and keeping their teams sharp through ongoing training. Remember, cybersecurity isn’t a one-and-done deal; it’s an enduring commitment. As the custodians of valuable data, organizations not only shield themselves from threats but also cultivate trust among customers and stakeholders. In an everevolving landscape, staying vigilant is not just a choice but a necessity.

ISSUE 13

TheCyberExpress

ISSUE 13

FORESIGHT

ALPHV/ BLACKCAT SEC COMPLAINT: A Desperate Move, Pressure Tactic, or Exploiting Regulations? - By Avantika Chopra

Filing a complaint with The U.S. Securities and Exchange Commission (SEC) in the event of a company’s nondisclosure of a cyberattack is primarily rooted in the principles of transparency, investor protection, and maintaining the integrity of the financial markets. However, what could it mean when a hacker group decides to meticulously fill out the SEC complaint form and post it on their leak site? In a strikingly unconventional tactic, the infamous Alphv/ BlackCat ransomware group filed a complaint with the U.S. Securities and Exchange Commission (SEC), accusing one of their claimed victims, MeridianLink, a Californiabased provider of digital lending and data verification

ISSUE 13

TheCyberExpress

solutions, of not adhering to a four-day rule for disclosing a cyberattack—a rule not yet in effect. This move, a far cry from their usual modus operandi of covert operations and ransom demands, begs the question: What drives a hacker group to engage with a regulatory body traditionally allied with investors and market integrity? At first glance, it may appear as an ironic twist – cybercriminals assuming the role of regulatory watchdogs. But a deeper analysis suggests a possible strategic ploy, a sign of desperation or an innovative tactic to amplify pressure for ransom.

TheCyberExpress

ISSUE 13

CYBERVILLE

This act, which witnessed a new form of exerting pressure and extortion by manipulating regulations designed for protection, compels us to examine the motivations and evolving strategies of cybercriminal groups in their relentless pursuit of illicit gains.

The statement “failed to file the requisite disclosure under Item 1.05 of Form 8-K within the stipulated four business days, as mandated by the new SEC rules” refers to an accusation that a company, in this case, MeridianLink, did not comply with a specific reporting requirement set forth by the U.S. Securities and Exchange Commission (SEC).

On November 7, 2023, BlackCat/APLHV claimed to breach the network of MeridianLink and extracted sensitive data. Following the MeridianLink data breach, the hacker collective demanded a ransom, setting a 24-hour deadline for payment to prevent the release of the stolen information.

Soon after, MeridianLink confirmed the cyberattack. A spokesperson from MeridianLink shared with The Cyber Express details about the cybersecurity incident, stating, “MeridianLink recently identified a cybersecurity incident.”

Although initial communications were established, BlackCat/ APLHV claims that MeridianLink has since failed to engage in further dialogue to negotiate the terms for the data’s security.

They continued, stating, “Based on our investigation to date, we have identified no evidence of unauthorized access to our production platforms, and the incident has caused minimal business interruption. If we determine that any consumer personal information was involved in this incident, we will provide notifications, as required by law.”

The company’s apparent silence on negotiation may have driven the hacker group to file a complaint with the SEC. In the form they submitted, the hacker group highlighted, “We want to bring to your attention a concerning issue regarding MeridianLink’s compliance with the recently adopted cybersecurity incident disclosure rules.”

Form 8-K serves as a formal notification mechanism for informing shareholders of U.S. publicly traded companies and the Securities and Exchange Commission about certain events that could be significant to stakeholders or may require regulatory attention.

“It has come to our attention that MeridianLink, in light of a significant breach compromising customer data and operational information, has failed to file the requisite disclosure under Item 1.05 of Form 8-K within the stipulated four business days, as mandated by the new SEC rules,” they wrote further.

The SEC approved the final rules on cybersecurity, risk management, strategy, governance, and incident disclosure on July 26, 2023. These enhanced cybersecurity disclosure regulations officially came into effect on September 5, 2023, referred to as the “Final Rules.”

ISSUE 13

TheCyberExpress

“With respect to compliance with the incident disclosure requirements in Item 1.05 of Form 8-K and in Form 6-K, all registrants other than smaller reporting companies must begin complying on December 18, 2023. As discussed above, smaller reporting companies are being given an additional 180 days from the non-smaller reporting company compliance date before they must begin complying with Item 1.05 of Form 8-K, on June 15, 2024,” stated the official report. According to the report, starting December 18, 2023, all registrants—excluding smaller reporting companies—are obliged to follow the incident disclosure regulations. This indicates that impacted companies have until December to comply with the newly established rules for reporting cybersecurity incidents. Several cybersecurity experts, who took to social media following the abrupt reaction by Alphv/BlackCat ransomware group, pointed this out. “ALPHV claims the breach was November 7 MeridianLink says November 10. The amended SEC requirement says *material* incidents must be reported four business days after determining the incident is material. Compliance isn’t required until December 18th anyway,” tweeted Steve Werby, an information security strategist with 20 years of experience.

stunt. He believes that the group’s decision to file a complaint with the SEC may not have been expected to change MeridianLink’s stance on the ransom but rather serves as a stark warning to future targets of the group, indicating that paying the ransom might be their sole escape from being publicly named and facing regulatory consequences. Werby stated, “Since BlackCat’s threat of leaking the exfiltrated data didn’t result in a willingness to pay the requested ransom, it’s unlikely that they thought the SEC complaint would alter MeridianLink’s decision. It’s likely that the action was intended to signal to future BlackCat victims that ransom payment is the right choice. Perhaps with a dash of vengeance.” Interestingly, the move to report “non-compliance” could backfire significantly. A Cyber Threat Researcher from the cybersecurity and threat intelligence firm Cyble shared a perspective on the BlackCat ransomware group’s recent SEC filing. The researcher emphasized that this act is actually a display of boldness and a form of blackmail. The researcher elaborated, “It’s not desperation, but rather flaunting and blackmail. The gangs see themselves as somebody who calls all the shots, and the victims have to submit to their demands.”

In conversation with The Cyber Express, Steve Werby shared his interpretation of the BlackCat hacker group’s

TheCyberExpress

ISSUE 13

CYBERVILLE

Further, they highlighted a potential unintended consequence of this tactic. “By reporting to the SEC, they might inadvertently prompt the government to implement stricter regulations. This could make it harder to pay ransoms, essentially undermining the primary motivation of ransomware gangs - getting paid.” “This move is likely to backfire on them. It’s a positive development for the victims, as increased regulation will make the operations of ransomware groups more challenging,” they concluded. Another viewpoint suggests that the hackers’ actions represent an attempt to manipulate the SEC’s cybersecurity regulations to their advantage. Jamil Farshchi, EVP and Chief Information Security Officer (CISO) at Equifax, interprets this move as an aggressive tactic following unsuccessful ransom negotiations. By leveraging the SEC’s rules, which require companies to disclose significant cyber incidents, the hackers aim to exert additional pressure on their targets. Farshchi explained, “It’s almost certainly a retaliatory response after not receiving a ransom.” This statement indicates that the filing

ISSUE 13

TheCyberExpress

with the SEC could be a direct consequence of the ransomware group’s frustration over unmet demands. He further added, “They are trying to weaponize the SEC cyber rules to incentivize future victims to pay the ransom.” This tactic involves exploiting the regulatory requirements as a tool of coercion, pushing companies to pay ransoms to avoid the ramifications of public disclosure and potential regulatory scrutiny. Such a strategy could significantly impact companies, forcing them to weigh the risks of non-compliance with SEC rules against the consequences of yielding to the hackers’ demands. BlackCat’s decision to file a complaint and publicly put it out also seems like a calculated strategy to instil fear among senior executives of companies, as pointed out by Greg Linares, a cybersecurity expert and white hat hacker. “I definitely see it as a leverage tactic to induce fear among C-levels,” Linares told The Cyber Express. He suggests that this tactic might have been chosen based on a vulnerability identified during the negotiation process with the victim company.

Expanding on the impact of this move, he added, “We don’t know why they potentially did this tactic, maybe it was based on a weakness discovered during negotiations, however I do know CISOs definitely took notice.” Linares noted the significant attention the incident garnered on social media, predicting its potential influence on similar groups. “And with as much attention it received on social media, it likely will be replicated by other ransomware groups elsewhere in the near future.” Discussing the implications for corporate cybersecurity strategies, Linares advised, “I think everyone should review their material reporting process, ransomware response, and tabletop exercises involving this plus other additional avenues of extortion.” Jane Teh, SEA Cybersecurity Director at Deloitte, contextualized the incident within the group’s modus operandi, emphasizing their objectives: “to obtain monetary gain, reputational elevation, and deliver the impact.” She provided an alternate perspective, interpreting the incident as a strategic move intended to “increase the cybercriminals’ elevation of status.”

“Reporting to the SEC is an act of increasing the cybercriminal’s elevation of status amongst other ransomware variants operators, as the competition amongst ransomware operators are fiercely competitive,” Jane told The Cyber Express. “Elevation of status in cyber criminals network as this will put them in a map to be the ‘Go-To’ cybercrime provider that delivers the result and impact, as an assured & reliable service provider that delivers,” she added.

A dark web researcher at Cyble offered further insights into BlackCat’s strategy, describing it as a high-pressure tactic. According to the researcher, this move isn’t just about coercion; it’s also a calculated play for legitimacy. “This seems to be a desperate attempt to pressure the victim into compliance,” they said. Further, the researcher speculated on the group’s expectations: “It appears they hoped that the mere mention of an SEC notification would cause panic and prompt a swift response and possibly a quick settlement from the victim.”

Deciphering BlackCat’s Motives The BlackCat ransomware group’s decision to file a complaint with the SEC represents a significant departure from traditional ransomware tactics, as conventional methods may meet increasing resistance. One possible interpretation of BlackCat’s actions is that companies are becoming more resilient and less willing to agree to ransom demands. This shift could be a result of enhanced cybersecurity measures, better awareness, or the realization that paying the ransom offers no guarantee against data exposure. Companies are increasingly aware of the unreliability of hackers. The realization that paying the ransom doesn’t necessarily safeguard against data exposure or future attacks, has left many companies in a dilemma. Faced with this new resilience, ransomware groups like BlackCat might be exploring more desperate and innovative tactics to exert pressure and secure payment.

The move also reflects the complications introduced by tighter regulations in cybersecurity. The requirement for companies to disclose cyberattacks to regulatory bodies like the SEC adds a new layer to the ransomware game. BlackCat’s decision to exploit these regulations indicates their awareness of the legal and reputational pressures that can be used as leverage against their targets. Despite the uncertainty of securing a ransom, BlackCat’s approach has undoubtedly achieved the desired attention. This publicity, while not directly lucrative, enhances their notoriety and may serve as a warning to future targets. In conclusion, BlackCat’s unusual tactic of engaging with the SEC is a move that speaks volumes about the current state of cybercrime. It suggests possible desperation on the part of hackers facing stiffer corporate resistance and complex regulatory landscapes. It also reflects an understanding that the promise of ransom payment is becoming increasingly unreliable.

TheCyberExpress

ISSUE 13

DIGEST

Paychex CISO

Bradley J. Schaufenbuel Warns: Weak Training = Easy Path for

CYBERATTACKS - By Samiksha Jain In an interview with The Cyber Express, Bradley J. Schaufenbuel, VP and Chief Information Security Officer at Paychex, shared insights into his nuanced approach to addressing unique challenges in data protection. During the conversation, he discussed the forthcoming cybersecurity trends for 2024, highlighting the significance of generative AI, zerotrust architectures, and the dynamic evolution of ransomware threats.

ISSUE 13

TheCyberExpress

Renowned for his contributions as the author of ‘For Dummies’ books on cybersecurity, Schaufenbuel distilled key principles for businesses, highlighting continuous improvement, the role of employees, and fostering a security mindset. He also provided valuable perspectives on navigating legal compliance and managing complexities.

Emphasizing a risk-based approach to cybersecurity investments, Schaufenbuel highlighted the immense value of peer collaboration and industry engagement as key strategies for staying informed and effective in the dynamic field of cybersecurity.

TheCyberExpress

ISSUE 13

DIGEST

How do you leverage your expertise in law, IT, and cybersecurity, spanning legal, financial, and healthcare sectors, to address unique challenges in protecting sensitive data as a CISO? When it comes to building a cybersecurity program that meets the standard of “due care”, it helps to know how courts have established what activities and controls are encompassed by that term of art (and how that standard is changing over time). When it comes to securing information in a digital form, it helps to understand the technology used to generate, store, and process that information. When it comes to gaining support for your security program from peer executives, it helps to thoroughly understand the business you are in. Each perspective augments and enhances the other.

What are the upcoming cybersecurity trends expected to gain prominence in 2024, and how should organizations adapt their strategies and defenses to counter evolving cyber threats? I am not great at predicting the future. If I was, I would be a gambler or an investor, not a cybersecurity practitioner. But here are three safe bets: •

Advances in generative artificial intelligence will continue to drive the evolution of both attacks and defense. We are already seeing attackers leverage large language models to generate more sophisticated phishing attacks and deepfakes. Defenders will need to leverage generative AI to detect and stop these attacks.

•

More organizations will attempt to adopt zero trust architectures, but because zero trust solutions are being built on a foundation of immature identity technology stacks, progress will be slow.

•

Ransomware attacks will continue to evolve and snare organizations with both mature and immature cybersecurity programs. Double extortion will become standard (if it is not already), with techniques for disruption other than encryption of data becoming more common.

ISSUE 13

TheCyberExpress

In your ‘For Dummies’ books, you’ve simplified complex cybersecurity concepts. What key principles do you think are essential for businesses to understand cybersecurity?

As a cybersecurity expert with a deep understanding of legal frameworks, how do you navigate and balance the complexities inherent in aligning legal compliance with cybersecurity measures?

Three key principles I would highlight are:

There are thousands of legal and regulatory requirements related to cybersecurity and data privacy across hundreds of unique jurisdictions and dozens of voluntary security frameworks and standards. Many of the requirements of these sources overlap. The only way I have found to effectively deal with this complexity is to determine which requirements apply to your organization and then map them to your organization’s controls.

•

Improving and maintaining an organization’s cybersecurity posture is not a “one and done” project. You must continuously evolve your capabilities with the changing threat landscape. The job is never done.

•

People can either be the greatest asset to, or the greatest liability of, a cybersecurity program. Well trained employees can serve as a “human firewall”, protecting the organization from cyberattackers. Poorly trained people become the easiest way for an attacker to subvert an organization’s technical controls.

•

Cybersecurity is a team sport and culture beats strategy every time. You can have the best information security team and the most advanced tools on the planet, but without a culturally embedded security mindset, you can still get popped.

Where your controls fall short of meeting one or more legal or regulatory requirements, the gap must be closed. This mapping exercise can be time consuming but is necessary to make sure that you are addressing requirements holistically.

Additionally, in your experience, what are the key challenges when ensuring that cybersecurity strategies not only meet legal requirements but also effectively protect against evolving digital threats? Legal and regulatory requirements are nothing more than a baseline that you cannot dip below. All cybersecurity investments that go above and beyond meeting those baseline requirements should be risk-based. What I mean by that is that you should be working with the governing body of your organization to understand its risk appetite and set risk thresholds. You should then be performing regular (if not continuous) cybersecurity risk assessments. Where cybersecurity risks exceed risk thresholds, you should be investing in controls that mitigate that risk to an acceptable level. A risk-based approach to cybersecurity investment is far more effective (and cost-effective) than buying and deploying every “shiny object” you encounter.

TheCyberExpress

ISSUE 13

DIGEST

How do you personally stay sharp and continually develop your skills in the rapidly evolving field of cybersecurity? Are there specific resources or practices you find particularly valuable? Fortunately, I am passionate about what I do. I absolutely love being a cybersecurity professional. When you are passionate about something (whether it is cybersecurity, football, politics, or cost accounting), you tend to have an insatiable curiosity about all things related to that something. The resource I turn to most often is my peers. You can learn a lot from people who are facing the same challenges as you are. That means I attend a lot of CISO roundtables and summits. There is value in the big events (e.g., RSA and Black Hat), but even more value in more intimate venues like local CISO dinners and roundtables. When there is not time to wait for an event, I turn to blogs and podcasts to stay on top of the latest and greatest developments in the world of cybersecurity. There are far too many to list here, but Dark Reading, Krebs on Security, Schneier on Security, and, of course, The Cyber Express, are a few of my favorites.

Given the interconnected nature of the digital landscape, do you engage in cross-industry collaboration regarding information security, and if so, how has this collaboration shaped your perspectives?

ISSUE 13

TheCyberExpress

Yes. Fundamentally, information security is not that different from one industry to the next. The “crown jewels” may be different from one industry vertical to the next and different hacking groups may target different industries. That is why there is so much value in belonging to the ISAC and ISAO for your organization’s industry. However, the fundamental methods that attackers use to go after the crown jewels and the methods that organizations use to defend against those attacks are not that different from one industry to another. Furthermore, collaboration between all defenders is needed to counter the collaboration that already occurs between threat actors. Organizations of all industry verticals must band together for their collective defense. There is nothing to be lost, and much to be gained, by collaborating across industries. In conclusion, Schaufenbuel’s expertise illuminates the everevolving landscape of cybersecurity. His insights on upcoming trends, pragmatic principles for businesses, and the imperative of collaboration highlights the dynamic nature of safeguarding sensitive data in the digital age. As organizations grapple with evolving threats, Schaufenbuel’s holistic approach provides a valuable compass for effective cybersecurity strategies.

TheCyberExpress

ISSUE 13

BOTTOMLINE

A YEAR IN REVIEW

THE BIGGEST CYBERSECURITY FINES IN 2023 - By Avantika Chopra

As the sun sets on 2023, the cybersecurity space bears the scars and triumphs of a year unlike any other. The domain witnessed a collapse as organizations of every scale -- multinational corporations to humble startups -- and individuals alike navigated the repercussions of numerous security incidents. The year saw a dramatic surge in cyberattacks, data breaches, and the emergence of sophisticated cybercriminal groups, laying bare our collective digital vulnerabilities. However, 2023 was not just about the attacks; it was also about resilience and response. As threats multiplied, so did efforts to fortify digital fortresses. Governments and regulatory bodies, recognizing the escalating stakes, tightened their grips. New policies were drafted, and

ISSUE 13

TheCyberExpress

existing ones were enforced with renewed keeping in mind the latest development in the cybersecurity space. The message was clear: the era of lax digital oversight was over. Amidst this backdrop of heightened vigilance, penalties and fines emerged as critical tools in the regulatory arsenal. They were no longer just punitive measures but vital instruments of change, compelling organizations to rethink their approach to data protection and cybersecurity. For instance, the General Data Protection Regulation (GDPR), once a mere buzzword, became a tangible force, reshaping how companies across the globe handle personal data.

TheCyberExpress

ISSUE 13

BOTTOMLINE This article delves into the heart of this seismic shift, focusing on the most significant cybersecurity fines of 2023. Each fine, a story in itself, reveals not just the cost of noncompliance but also the evolving expectations in our digital age. From Meta’s record-breaking €1.2 billion (US1.308 billion) GDPR fine to the stringent penalties imposed on TikTok and Spotify, these cases exemplify the growing rigor in data protection and privacy. These fines serve as both a warning and a guidepost. As 2023 draws to a close, it leaves in its wake a clearer, albeit sterner, path forward for digital compliance and security, shaping the future of our interconnected world.

Meta GDPR Fine - US1.308 Billion (€1.2 Billion) In May 2023, the Irish Data Protection Commission (DPC) issued a groundbreaking fine of €1.2 billion to Meta Platforms, Inc., the parent company of social media giants like Facebook, Instagram, and WhatsApp. This fine marked a watershed moment in the enforcement of the General Data Protection Regulation (GDPR), being the largest penalty imposed since the regulation’s inception in 2018. The crux of the DPC’s decision centered on Meta’s handling of European users’ personal data. Specifically, the issue was Meta’s transfer of this data to the United States without ensuring adequate levels of protection, a requirement under the GDPR. This regulation mandates that companies must provide robust safeguards for personal data when it is transferred outside the European Economic Area (EEA), ensuring the privacy and protection of user data against unauthorized access and misuse. The fine against Meta in 2023 was not the company’s first brush with GDPR-related issues. In the years leading up to this decision, Meta had faced multiple investigations and fines for various privacy infringements under the GDPR. In 2022, Meta faced significant fines totaling €670 million (US$766 million) from the Irish Data Protection Commission (DPC) for separate breaches. In September, a €405 million (US$465 million) fine was levied due to Instagram’s privacy settings for children. The DPC found Meta failed to clarify to children that their profiles were public by default, violating GDPR’s data minimization principle, necessitating companies to collect only necessary personal information.

ISSUE 13

TheCyberExpress

In November, a €265 million (US$301 million) penalty was imposed for failing to safeguard user data from scraping. Meta’s inadequate security measures allowed unauthorized parties to scrape data, breaching GDPR’s data security requirement mandating appropriate technical measures for data protection. In 2021, WhatsApp, a Meta-owned entity, was fined €225 million (approx US$245.25 million) by the DPC for failing to conform with GDPR transparency requirements. This penalty was, at the time, one of the largest fines under GDPR.

TikTok GDPR Fine - US$375.05 million (€345 Million) TikTok came under fire in 2023 and faced a substantial €345 million fine for violating the General Data Protection Regulation (GDPR), marking one of the most significant penalties. This fine was specifically tied to the platform’s handling of accounts belonging to children, an area of growing concern in the digital age. The Irish Data Protection Commission (DPC) concluded its investigation into TikTok’s practices in September 2023, focusing on a period in 2020. The probe uncovered several critical areas of non-compliance with GDPR. Notably, TikTok was found to have inadequate mechanisms for age verification, which is crucial for protecting minors online.

Additionally, the DPC highlighted issues with the platform’s clarity and transparency in communicating with its younger user base, a key requirement under GDPR for any entity handling personal data. This penalty was not TikTok’s first encounter with GDPR fines. Prior to 2023, the platform had faced scrutiny and smaller fines for various privacy issues in different European countries. However, the 2023 fine was unprecedented in its size, reflecting a growing trend towards stricter enforcement of data protection laws, especially concerning vulnerable users like children.

CRITEO Fine - US$43.6 Million (€40 Million) In June 2023, CRITEO, a prominent figure in the online advertising world, was hit with a €40 million fine by France’s National Commission on Informatics and Liberty (CNIL).

This penalty was a direct result of several breaches of the General Data Protection Regulation (GDPR). Key violations included the use of tracking technologies without obtaining explicit user consent, maintaining privacy policies that lacked clarity and transparency, and employing questionable data management practices. This fine is part of a growing trend of regulatory actions against digital advertising companies for GDPR noncompliance. Prior to CRITEO’s case, there have been instances where other firms in the digital advertising sector faced scrutiny and penalties for similar reasons.

Amazon Fine - US$30 Million Amazon faces a substantial US$30 million fine from the Federal Trade Commission (FTC) for inadequate regulation of devices like Echo and

Ring Camera bells. The penalty includes a US$25 million fine for violating children’s privacy rights through Alexa and an additional US$5.8 million for privacy violations related to Amazon Ring. In a settlement reached in June, Amazon addressed allegations of violating child privacy laws and misleading parents regarding the storage of children’s voice and location data by its Alexa voice assistant. Amazon has agreed to pay over US$30 million in settlements to the Federal Trade Commission (FTC) for two separate lawsuits. The first involves its smart doorbell subsidiary, Ring, accused of sharing customer data with third parties and failing to prevent unauthorized access to users’ cameras. The second lawsuit concerns the privacy breach involving children’s voice and geolocation data accessed through the Alexa virtual assistant.

TheCyberExpress

ISSUE 13

DIGEST BOTTOMLINE TIM SpA - US$8,284,000 (€7.6 Million) In a significant regulatory action, Italy’s Data Protection Authority levied a €7.6 million fine against TIM SpA, a major player in the telemarketing sector, in 2023. This penalty was imposed for the company’s failure to effectively oversee its call centers, which were found to be engaging in abusive practices, and for inadequate protection of personal data. TIM SpA was fined for two major lapses: the failure to supervise call centers engaging in abusive practices and insufficient measures to protect personal data. The company’s call centers were found not only to be engaging in aggressive telemarketing tactics but also mishandling sensitive personal information. These practices were in direct violation of established data protection laws, which mandate strict protocols for consumer consent and data security. This fine highlighted the growing concerns around data privacy in telemarketing and the imperative for stringent data protection measures, particularly in industries involving direct consumer interactions. TIM SpA’s history with regulatory fines for data protection violations is not new. Before this incident, the company had faced several penalties for similar issues. In 2020, TIM was fined €27.8 million (US$30.332 million) by the same Italian Authority for unsolicited marketing calls without proper consent, showcasing a pattern of data privacy concerns.

WhatsApp Penalty US$5.995 million (€5.5 Million) In a significant regulatory decision, Ireland’s Data Protection Commission (DPC) imposed a €5.5 million fine on WhatsApp in 2023 for violations

ISSUE 13

TheCyberExpress

of the General Data Protection Regulation (GDPR). This action specifically targeted the messaging giant’s data processing operations, reflecting growing concerns over how technology companies handle user information. The crux of the DPC’s finding was WhatsApp’s failure to comply with GDPR’s transparency and lawful processing requirements. The investigation revealed that WhatsApp did not provide clear, accessible information to users about how their data was being processed, particularly in the context of service improvements and security. This lack of transparency directly contravenes GDPR mandates, which require companies to clearly communicate the purpose and methods of data processing to users. Furthermore, the DPC’s decision included a stipulation that WhatsApp must bring its data processing practices into compliance within a sixmonth timeframe. Prior to the 2023 fine, WhatsApp, a subsidiary of Meta Platforms, Inc., had faced other significant GDPR-related fines and scrutiny. One of the notable instances was in September 2021, when the DPC imposed a then-record fine of €225 million (US$245.25 million) on WhatsApp for failing to meet the transparency requirements of GDPR. This penalty stemmed from the company’s inadequate disclosure to users and non-users about the collection and use of their data.

CLEARVIEW AI Penalty - US$5.68 Million (€5.2 Million) In April 2023, Clearview AI, a company specializing in facial recognition technology, was fined €5.2 million by French data protection a uthorities. This penalty was levied due to Clearview AI’s non-compliance with a prior order related to its data

handling practices, particularly in regard to the processing and use of personal data without proper consent. The French authorities’ decision highlighted Clearview AI’s use of a vast database of images scraped from various online sources, including social media platforms, without the knowledge or consent of the individuals in those images. This practice raised significant concerns about privacy and consent, especially in the context of GDPR, which mandates explicit consent for the processing of personal data. Moreover, the authorities found that Clearview AI did not provide adequate information to individuals about the collection and use of their data. This lack of transparency is a critical issue under GDPR, which requires clear communication to data subjects about the use of their personal information. Earlier, the French data protection authority, CNIL, fined Clearview AI over its facial recognition software, ordering the company to cease collecting and using data of individuals in France and to delete the collected data. The total penalty included a fine of 20 million euros and an additional daily penalty of 100,000 euros for delays beyond a two-month compliance period. Clearview AI has also faced scrutiny and legal challenges in other jurisdictions as well. In February 2021, Canada’s privacy commissioner declared the company’s technology illegal under Canadian privacy laws, citing similar concerns about consent and data scraping practices. In the UK and Australia, investigations into Clearview AI’s practices have also been initiated, reflecting a global concern over the company’s operations.

Spotify Fine - US$5.4 Million In a significant regulatory action, Spotify, the renowned music streaming service, was fined SEK 58 million (approximately $5.4 million) by Swedish authorities for violating the General Data Protection Regulation (GDPR), specifically concerning data access rights. This fine arose from Spotify’s failure to adequately comply with GDPR’s ‘right to access’ provisions. The Swedish Authority for Privacy Protection (IMY) identified that Spotify, while providing users access to their personal data upon request, fell short in sufficiently explaining the usage of this data. Users reportedly faced difficulties

in accessing their personal data, a fundamental right under GDPR, which mandates that individuals should be able to obtain their data easily and understand how it is being used. This gap in compliance with GDPR’s transparency requirements led to the substantial fine. The authority emphasized the need for clarity, particularly in how Spotify processes and utilizes the extensive data it collects, ranging from contact and payment information to users’ listening habits and preferences.

Curtains Draw on 2023 Data privacy is not a mere consideration, but a fundamental right. The record penalties levied across diverse sectors, from the bustling alleys of social media to the

intricate networks of advertising and telemarketing, serve as reminders of the weight of responsibility in the digital domain. Digital responsibility and accountability are not just buzzwords, but the very pillars upon which businesses are expected to stand. As we step into 2024, the echoes of 2023’s lessons resonate, guiding a journey towards more ethical data practices, more transparent user interactions, and a deeper respect for the sanctity of personal information. In the dance of digits and data that paints our modern existence, each step towards privacy and protection is a step towards honoring the human element at the heart of technology.

TheCyberExpress

ISSUE 13

INSIDER

2023

CYBERSECURITY

LESSONS FROM TOP INDUSTRY VOICES - By Samiksha Jain As we reflect on the transformative year of 2023 in the cybersecurity domain, we gather invaluable insights from industry experts who have been at the forefront of this landscape. The expert commentary is not just about reflection but also about preparation. Their insights provide a clearer understanding of the cyber space, offering valuable guidance for companies to strategize and reinforce their defenses for future challenges.

ISSUE 13

TheCyberExpress

From zero-day vulnerabilities to the nuances of threat intelligence, these experts delve into the strategic maneuvers that defined 2023. The discussion extends beyond technicalities, revealing the human side of cybersecurity, where resilience intertwines with innovation. This is more than just a retrospective glance; it’s an in-depth exploration of the pivotal moments and strategic decisions that shaped 2023. We have

gathered the thoughts of those who architect the cybersecurity defenses to extract the essential lessons that have left an indelible mark on the field. So, let’s dive through the cyber trenches and explore the candid, conversational perspectives of industry trailblazers.

TheCyberExpress

ISSUE 13

INSIDER Vijayant Gaur

Cyber Security Consultant and currently Supporting Uttar Pradesh Power Corporation Limited (UPPCL) In the ever-evolving landscape of cybersecurity, the acceleration of digital transformation has brought forth diverse attack vectors. With the adoption of Zero Trust Architecture, organizations prioritize a holistic approach to security, mitigating risks from insider threats and zero-day exploits. The critical infrastructure protection paradigm extends to cloud security challenges, emphasizing the need to fortify against supply chain vulnerabilities. As IoT and connected devices expand the attack surface, the importance of threat intelligence becomes paramount. Addressing exploitation of software vulnerabilities, businesses navigate a complex terrain, implementing robust measures to ensure resilience in the face of emerging threats.

Neal Quinn

Head of Cloud Security Services, Radware First, Burst Attacks ramp up faster than the polling intervals outlined above, causing an outage before the attack is even visible to an operator. These Burst Attacks contrast with years past where the attack took more time to ramp up. Attackers now have instant access to large attack networks, utilizing a combination of public cloud computing and purpose-built infrastructures to create instant volumes approaching 1Tbps. Mitigation solutions that rely on human intervention to profile the attack and activate the right countermeasure are no longer fast enough to mitigate the attack before it causes an outage. Automated protection solutions that use algorithms to spot events quicker are necessary to address this type of problem.

ISSUE 13

TheCyberExpress

The second and more important shift in the threat landscape is the migration of attacks up the stack to the application layer. While HTTP Floods have been common for many years, they relied on easier to spot patterns that could be mitigated with a static signature. A new breed of HTTPS Floods, called Web DDoS Tsunamis, however, now uses encryption to defeat traditional packet sniffing approaches to attack profiling. These attacks also use numerous evasion techniques tailored to sneak past most DDoS mitigation clouds and rely on much faster modulation through application headers that mimic real users. With these advancements, we now see attack signatures that look like legitimate traffic come from a larger pool of IP addresses with low per-bot request rates. The combination of rapid signature change and low per-bot rates makes existing approaches like rate limiting and IP blacklisting ineffective. In 2023, there were numerous examples of large internet properties being crippled by these attacks. The only effective protection solution is to field advanced algorithms that use machine learning to continuously develop and deploy accurate signatures in real time as they fight the attack. The combination of Burst Attacks with Web DDoS Tsunamis has seen many purpose-built defenses struggle to adapt to the scale and complexity of the contemporary attack landscape. New methods are being deployed by the best providers to stay ahead of the curve. We can expect to see this trend continue into 2024.

Satnam Narang

Senior Staff Research Engineer, Tenable

Amitabh Bhardwaj Joint Director (IT and Cyber Security) As per my opinion, one of the most important lessons learned in 2023 is that cybersecurity is a shared responsibility. It is no longer enough for Info security professionals but for all of the organizations to simply implement security measures. Everyone, from individuals to businesses to governments, has a role to play in protecting the digital world. Next key lesson learned is that cybersecurity is not a one-time fix. It is an ongoing process that requires constant vigilance and adaptation. As attackers become more sophisticated, likewise organizations need to be constantly evolving their security strategies to stay ahead of the curve. Besides this, the cybersecurity industry has also learned a number of specific things in 2023. For example, we have learned more about the dangers of supply chain attacks, and we have developed new techniques for defending against them. We have also learned more about the importance of data security, and we have developed new tools and techniques for protecting sensitive data.

Mass exploitation of CVE-2023-4966, a critical sensitive information disclosure vulnerability in Citrix’s NetScaler ADC and Gateway products, has been ongoing since October 30. Dubbed “CitrixBleed” by researchers, at the time, there were estimates of 30,000 internet-facing assets that were vulnerable to this flaw. Recent analysis suggests that the number has decreased to over 10,000 assets with the majority located in the United States. With publicly available proof-of-concept exploit code, a variety of threat actors have been leveraging this flaw as part of their attacks over the last few weeks, including affiliates of the infamous LockBit ransomware group and Medusa. Ransomware groups are mostly indiscriminate in their attacks, motivated by profits over anything else. Organizations that use Netscaler ADC and Gateway products must prioritise patching these systems immediately as the threat of exploitation is extremely high, especially by ransomware groups.

Aaron Bugal

Field CTO Asia Pacific and Japan, Sophos With the help of advanced AI, deepfake videos and images are being increasingly created by taking advantage of content posted on public social media profiles. While setting social profiles to private and limiting them to only known friends or contacts can help limit overt exposure, it isn’t a guarantee that someone among them won’t repost it or use it for nefarious purposes. It is reassuring to see the Indian Ministry of Electronics and Information Technology (MeitY) sent an advisory to social media companies urging them to tackle deep-fake content. In the advisory, the government also warned social media intermediaries that failing to remove deepfake information from their platforms might result in penalties such as losing safe harbour rights, among other things. Such stringent advice from the government can help to flatten the curve of data being exploited to create deepfake content. As a protective measure, digitally signed videos can be a way to verify that content can be trusted. Much like how certificates are used to validate website security and email communications, the same could be used for validating digital media. As technology evolves and deepfake production times shrink and quality vastly improves, a point may come where it’s impossible to distinguish a deepfake from real recorded content; therefore, validating content as true using a signing or verification process is needed.

TheCyberExpress

ISSUE 13

INSIDER

Sachin Kawalkar

Global CISO and Cyber Head Neeyamo

Jane Teh

SEA Cybersecurity Director, Deloitte In year 2023, the FSI, production and heavy industries has been toeing the line of battling with increase of threat landscape, breaches, firefighting with limited key skilled resources whilst tightening their belts; consolidating security technology stacks, combating the increase of platform licenses; this in turns increases security cost exponentially & not sustainable from a business perspective. This trend and efforts will spill over till year 2025, therefore, CISOs or security heads are tasked to balance the scale of increasing organization’s cybersecurity resiliency, optimising security operations in line with business objectives and be more cost effective, as a result of it.

ISSUE 13

TheCyberExpress

Since world is moving toward more digitalisation there is big rise and need for sustainability (connecting multiple devices for a longer duration) among consumers and modern digital applications. There is a mandatory need of implementing Secure by Design in the modernization process and identifying current and future threats among stakeholders while designing the architecture. It is extremely necessary to robustly secure enterprises in this digitally evolving world as the complexity of cyber security risk and challenges is going to increase. We need to well-equipped technology solutions and training and nurturing talent and making them understand cybersecurity fundamentals, techniques and solutions to safeguard Information and Organization.

Pooja Shimpi

Founder & CEO SyberNow – Specializes in Cybersecurity Mindfulness Trainings In 2023 the surge in cyberattacks in India is alarming, with daily reports of individuals losing substantial amounts to scams involving extra income, online dating, job offers, and UPI fraud. Cyber-criminals skilfully exploit psychological aspects to deceive people. Globally, major cyberattacks are predominantly driven by social engineering and ransomware, demonstrated by the $100 million loss at MGM Casino, where attackers manipulated help desk employees with a 10 minutes call. Recognizing the gravity of the situation, it is crucial to regularly provide employees with cybersecurity awareness and mindfulness trainings to empower them as strongest defense against cybercrimes.

Insights, Shifts, and What Lies Ahead The cybersecurity exploration in 2023 reveals itself as an engaging storyline, where experts fearlessly navigate unfamiliar territories. From the accelerated adoption of Zero Trust Architecture to the escalating threat of Burst Attacks and Web DDoS Tsunamis, the industry witnessed a dynamic shift, demanding continuous adaptation. A key takeaway resonates — cybersecurity is a shared responsibility, transcending traditional boundaries. As the digital landscape evolves, the need for constant vigilance and adaptation becomes evident. The landscape is no longer confined to technicalities; it’s a human story where resilience intertwines with innovation.

The lessons aren’t just about defense but also about fortifying critical infrastructure against supply chain vulnerabilities, addressing the dangers of mass exploitation, and confronting the rise of deepfake content. As we peer into the future, the only certainty is the need for advanced algorithms, continuous learning, and a collective effort to stay ahead of the ever-evolving threat landscape. 2023 leaves us with a cliffhanger, anticipating how the industry will rise to the challenges and what new narratives will unfold in the ever-shifting landscape of cybersecurity. The stage is set for 2024, promising innovation, adaptation, and the resilience of those dedicated to safeguarding the digital realm.

TheCyberExpress

ISSUE 13

PERSPECTIVES

EMERGING TRENDS AND CHALLENGES IN CYBERSECURITY: Insights from Abul Kalam Azad - By Augustin Kurian

In a comprehensive exploration of the dynamic cybersecurity terrain, Abul Kalam Azad, Head of Information Security at Eastern Bank, shares invaluable insights in an interview with Augustin Kurian, Editorin-Chief of The Cyber Express. With over two decades of expertise in IT audit, risk management, and cybersecurity, Azad illuminates the challenges, trends, and transformative potential in today’s cybersecurity sphere, particularly within the financial sector. From the escalating threats of ransomware attacks to the pivotal role of Artificial Intelligence (AI) and the imperative of compliance and risk management, Azad’s discourse

ISSUE 13

TheCyberExpress

uncovers the complex array of challenges and strategies molding the cybersecurity landscape. Azad began by highlighting the vulnerability of the financial sector to cyberattacks, noting that attackers often target these institutions for financial gain. He pointed out that in recent years, there has been a significant increase in attempts to hack customer accounts and manipulate financial transactions. He discussed a troubling trend: the surge in ransomware attacks. These attacks not only aim to extort money but also disrupt services by rendering systems inoperable..

TheCyberExpress

ISSUE 13

PERSPECTIVES

Another critical issue Azad touched upon was the breach of customer data. He noted that several large organizations had faced severe consequences, including bankruptcy, due to the loss of customer data. The conversation then shifted to the role of AI in cybersecurity. Azad expressed optimism about the integration of AI in cybersecurity tools, noting that AIenhanced systems offer more accurate and timely detection of threats. He emphasized that traditional security tools are often inadequate in detecting sophisticated cyberattacks, making AI an essential component in modern cybersecurity strategies. However, Azad also acknowledged the double-edged sword that AI represents in cybersecurity. He pointed out that the effectiveness of AI depends on how it is used – whether by cybersecurity professionals for defense or by attackers for more sophisticated breaches. This raises important questions about the balance of power in cybersecurity and the ongoing arms race between cyberattackers and defenders. In discussing the broader implications of AI in cybersecurity, Azad highlighted the significant investments being made by companies in AI-driven security solutions. He cited the example of Cyble Vision, leveraging AI to detect and index banking cyber threats. Azad’s insights reveal a complex and rapidly evolving cybersecurity landscape. The financial sector’s vulnerability to cyberattacks, the rise of ransomware, the critical importance of protecting customer data, and the potential of AI in cybersecurity are all key themes that define the current challenges in the field.

AI’s Crucial Role in Financial Cybersecurity and Compliance The discussion delved into the critical role of AI in cybersecurity and the significance of compliance and auditing in the financial sector. Azad emphasized the transformative impact of AI on cybersecurity. He pointed out that AI is not just beneficial but essential for detecting and responding to cyber threats more accurately and promptly. This technology has become a cornerstone in the cybersecurity strategies of many organizations, particularly in the financial sector, where the stakes are exceptionally high.

ISSUE 13

TheCyberExpress

The integration of AI into traditional cybersecurity tools like firewalls, Intrusion Detection Systems (IDS), and Security Information and Event Management (SIEM) systems has markedly improved their efficiency and detection rates. Azad predicted a continued rise in the adoption of AI technologies by cybersecurity companies, suggesting a future where AI plays a dominant role in cyber defense mechanisms. Moving on to threat intelligence, Azad highlighted its critical importance for financial institutions. He stressed that these organizations must be proactive in understanding potential cyber threats, including identifying indicators of compromise (IOCs) and staying informed about emerging attack vectors. Additionally, monitoring the dark web is crucial for financial institutions to gather intelligence and prevent data breaches and other cyber incidents. Azad then addressed the importance of compliance and auditing in the financial industry. He outlined the various standards and regulations that financial institutions must adhere to, such as PCI DSS, ISO 27001, GDPR, HIPAA, and SOC, depending on their geographic location and business nature. To maintain compliance, organizations need to identify relevant regulations and establish checklists for regular monitoring and assessment. He also mentioned the utility of Governance, Risk Management, and Compliance (GRC) tools in aiding organizations to stay compliant. These tools can automate certain aspects of compliance, making it easier for companies to meet regulatory requirements and generate reports. Azad’s insights underscore cybersecurity’s evolving

TheCyberExpress

ISSUE 13

PERSPECTIVES

nature, highlighting AI’s growing importance in enhancing cyber defense capabilities. Furthermore, his emphasis on the necessity of threat intelligence and the critical role of compliance and auditing in the financial sector provides a comprehensive overview of the current cybersecurity landscape. As cyber threats become more sophisticated, the integration of advanced technologies like AI and a strong focus on compliance will be key to safeguarding digital assets and maintaining customer trust.

Navigating the Future of Cybersecurity: Perspectives from a Seasoned Expert Azad acknowledged the dynamic nature of cyber threats, emphasizing that strategies effective today might not suffice tomorrow. This constant evolution requires organizations to be adaptive and agile. He observed that while companies are becoming more aware of cybersecurity risks and are proactive in their approach, challenges such as budget constraints and technological limitations can impede their efforts. However, he remained positive about the industry’s commitment to mitigating cyber threats and keeping up with the latest trends. Looking ahead to 2024, Azad speculated on the potential changes in cyber threats. He noted the recent increase in ransomware attacks and data breaches, particularly involving sensitive customer data. He predicted that attacks on data would become more frequent, driven by the high value of customer information. Azad also cautioned that entirely

ISSUE 13

TheCyberExpress

new forms of attacks, currently unimaginable, might emerge, highlighting the need for continuous vigilance and preparedness in cybersecurity. Azad then touched upon the importance of basic cyber hygiene and employee awareness, especially in financial institutions. He stressed that simple measures, like complex passwords and twofactor authentication, can prevent many attacks. Employee training and awareness are crucial in bolstering cybersecurity defenses without significant technological investment. This approach not only enhances security but also builds resilience against a wide range of cyber threats. He emphasized the need for organizations to identify potential risks and act swiftly to mitigate them. He pointed out that understanding and responding to risks promptly is key to creating a safe cyber environment. He also highlighted the interconnected nature of cybersecurity, where a single breach or loophole can have devastating effects on the entire ecosystem. Azad provided valuable insights into the current state and future of cybersecurity, particularly in the financial sector. His emphasis on adaptability, proactive risk management, employee awareness, and the potential impact of AI in cybersecurity paints a picture of a field that is constantly evolving and requires continuous attention and innovation.

To conclude, Azad underscored the transformative role of AI in enhancing

cybersecurity measures, predicting its growing dominance in future cyber defense strategies. The importance of threat intelligence and compliance was also stressed, pointing to the need for financial institutions to stay vigilant and proactive in monitoring potential cyber threats and adhering to various regulatory standards. Azad’s discussion revealed the dynamic nature of cyber threats, where strategies effective today might be obsolete tomorrow, necessitating adaptive and agile approaches from organizations. He speculated on the future of cyber threats, foreseeing an increase in sophisticated attacks, particularly targeting customer data. The importance of basic cyber hygiene and employee awareness was also highlighted as key in preventing many attacks, with simple measures like complex passwords and two-factor authentication playing a crucial role. Concluding the interview, Azad emphasized proactive risk management as essential for creating a safe cyber environment. The interconnected nature of cybersecurity means that a single breach can have far-reaching effects, making it imperative for organizations to identify and mitigate risks swiftly.

TheCyberExpress

ISSUE 13

ROUND UP

Monthly Recap: Prominent Cyberattacks in 2023 Approaching the threshold of 2024, the cybersecurity landscape is undergoing transformative changes, solidifying its position as one of the most rapidly advancing industries. However, the relentless pace of change is not without challenges. Cyber adversaries continually innovate, leaving an indelible mark in their unyielding quest for sensitive information and data.

ISSUE 13

TheCyberExpress

In this dynamic realm, where artificial intelligence serves as a driving catalyst for both cybersecurity experts and malevolent hackers, the year 2023 stands out as a pivotal chapter. This monthly roundup provides a panoramic view of the top cyber incidents in November 2023, bearing witness to a significant data breach that marked the autumn season.

The Monthly Round-Up

SIAAP Faces Cyberattack

SIAAP, a critical infrastructure, faced a major cyberattack starting on November 17, revealing the attack’s severity. In response to the sophisticated incident disrupting its operations, SIAAP filed a complaint with law enforcement and notified the French data protection authority (CNIL). The focus shifted to securing industrial systems and eliminating external digital connections to prevent further spread. Urgent decisions for IT restructuring were made to ensure public sanitation service continuity. The crisis team remains active to manage repercussions and support employees amid the compromised work environment. Ongoing efforts will persist until normalcy is restored, with SIAAP ready to address inquiries promptly.

TheCyberExpress

ISSUE 13

ROUND UP

Neuss City’s Telecom Infrastructure Hit by Cyberattack On November 15, 2023, a hacker targeted the telecommunications infrastructure of Neuss city administration, prompting immediate action. Despite the attack, citizens were unaffected, and no data leakage occurred. The compromised devices were swiftly isolated and analyzed by external specialists, preventing the spread of the breach.

ISSUE 13

TheCyberExpress

Neuss city administration maintained its functionality throughout, ensuring uninterrupted communication. Temporary telephone outages at some schools were quickly restored. The secure separation of the telecommunications network from the rest of the administration network ruled out data compromise. The city filed a complaint with the State Criminal Police Office, withholding specific attack details for ongoing investigations.

Cyberattack on Long Beach, California, USA Long Beach has declared a local emergency in response to a significant cyberattack, resulting in the shutdown of the main website and disruptions to payment processing and public services. City leaders are cautious about divulging details, citing the ongoing investigation into the incident. The emergency resolution grants City Manager Tom Modica enhanced powers to address the situation, referencing similar cyberattacks in other cities. While public safety and essential services remain unaffected, the utility call center and online bill payments are temporarily out of service. Late fees and utility shut offs are suspended, with the impact on data and potential compromises yet to be disclosed.

TheCyberExpress

ISSUE 13

ROUND UP

Yanfeng International Automotive Technology Cyberattack Stellantis, the manufacturer of Chrysler, Dodge, Jeep, and Ram vehicles, faces production disruptions due to a cyberattack on its Chinese supplier, Yanfeng International Automotive Technology Co. Ltd. The attack impacts crucial components like seats, interiors, and electronics. Stellantis, currently monitoring the situation, collaborates with the supplier to minimize further operational impacts. Details about affected production lines and locations remain undisclosed. The incident highlights the growing cybersecurity concerns across industries. In a separate development, Stellantis and Yanfeng secured equipment from bankrupt supplier Unique Fabricating Inc. Cyber threats pose challenges not only to automotive production but also to diverse sectors, emphasizing the need for robust cybersecurity measures.

ISSUE 13

TheCyberExpress

North Carolina Central University (NCCU) Faces Disruption North Carolina Central University (NCCU) faces a disruption in online classes and services due to a cyberattack, prompting the suspension of campus Wi-Fi and various online platforms. While the university believes no personal data was compromised, investigations are ongoing. NCCU took swift action to contain the intrusion, involving collaboration with the UNC System Office, state investigators, the FBI, and the U.S. Secret Service. The incident reflects the increasing targeting of universities by hackers. Previous attacks on educational institutions, such as Gaston College and North Carolina A&T, underscore the prevalent threat of ransomware, though NCCU has not confirmed if ransomware was involved.

TheCyberExpress

ISSUE 13

ROUND UP

Cyberattack on Henry County Schools, Georgia Henry County Schools in Georgia took its internet offline due to detected suspicious network activity, prompting an investigation by county, state, and federal authorities, including the U.S. Department of Homeland Security and the FBI. While online classes are affected, other district operations such as student services and payroll continue. Superintendent Mary Elizabeth Davis emphasized the seriousness of the matter and commended the adaptability of the school community. The timeline for restoring internet functionality and details about the suspicious activity remain undisclosed as the investigation progresses.

ISSUE 13

TheCyberExpress

DP World Australia Faces Cyberattack Ports nationwide will remain closed for days as the Australian Federal Police (AFP) investigates a cybersecurity breach. DP World, managing key terminals in Sydney, Melbourne, Brisbane, and Fremantle, reported the incident on Friday, prompting immediate closures. The government invoked the national crisis management framework, responding similarly to the COVID-19 pandemic. The National Coordination Mechanism, involving federal, state, and territorial agencies, along with private sector stakeholders, is activated. Air Marshal Darren Goldiem revealed the disruption could persist, impacting goods movement. The Australian Cyber Security Centre and AFP are engaged, while speculation arises about a potential ransom demand.

TheCyberExpress

ISSUE 13

ROUND UP

Allen & Overy Faces Server Disruption Allen & Overy faced a recent cyberattack affecting a “small number” of servers, with core systems like email and document management unaffected. The law firm continues normal operations but faces some disruption due to containment measures. A&O is assessing impacted data and notifying affected clients. This incident follows a trend of law firms being targeted, including Bryan Cave Leighton Paisner, Proskauer Rose, and others. A&O’s response team, with a cybersecurity adviser, took immediate action, and investigations are ongoing. The cybersecurity incident won’t impact the ongoing transatlantic merger with Shearman & Sterling, set for completion by May 2024.

ISSUE 13

TheCyberExpress

ICBC Faces Ransomware Attack The Industrial & Commercial Bank of China (ICBC), the world’s largest commercial bank, confirmed a ransomware attack disrupting its Financial Services (FS) systems on November 8. ICBC FS disconnected affected systems, initiating a thorough investigation with information security experts. Recovery efforts are underway, and the incident was reported to law enforcement. While U.S. Treasury trades on November 8 and Repo financing trades on November 9 were successfully cleared, the attack impacted ICBC’s ability to connect to DTCC/NSCC, affecting equity clearing. The ICBC Group, ICBC New York Branch, and affiliated institutions were unaffected.

TheCyberExpress

ISSUE 13

ROUND UP

US$2.4 Million Stolen from CoinSpot Australian crypto exchange CoinSpot reportedly suffered a US$2.4 million hot wallet hack, believed to have resulted from a “probable private key compromise” by blockchain security firm CertiK. The breach involved a known CoinSpot wallet transferring 1,262 Ether (ETH) to the alleged hacker’s wallet. The hacker then used THORChain and Wan Bridge to convert funds to Bitcoin. CertiK’s investigative data revealed further transactions, with the hacker employing tactics to complicate tracking. CoinSpot, Australia’s largest crypto exchange with 2.5 million users, is regulated by the Australian financial watchdog.

ISSUE 13

TheCyberExpress

ALPHV/BlackCat Ransomware Attack on MeridianLink The ALPHV/BlackCat ransomware gang filed a complaint with the U.S. Securities and Exchange Commission (SEC) against MeridianLink, a publicly traded software company, accusing it of not disclosing a cyberattack within the required four-day rule. The ransomware actors claim to have breached MeridianLink’s network on November 7, threatening to leak stolen data unless a ransom is paid in 24 hours. The alleged lack of communication prompted the gang to file a complaint with the SEC regarding MeridianLink’s failure to disclose the cybersecurity incident affecting customer data. MeridianLink acknowledged the cyberattack, initiated containment measures and engaged third-party experts for investigation.

TheCyberExpress

ISSUE 13

ROUND UP

Japan Aviation Electronics Faces Cyberattack Japan Aviation Electronics fell victim to a cyberattack by BlackCat/ALPHV, an unauthorized party that gained access to some servers, as reported on the company’s website. Discovered on November 2, the attack prompted Japan Aviation Electronics to temporarily take down its website. While the website is restored, the company is focused on restoring business operations. BlackCat/ALPHV, known for recent attacks on entities like Henry Schein and US courts, claimed responsibility. Some systems have been shut down, though details remain unspecified, and there are no current indications of leaked information.

ISSUE 13

TheCyberExpress

DDoS Attack on Synapxe in Singapore

On November 1, 2023, public healthcare institutions experienced a Distributed Denial-of-Service (DDoS) attack, disrupting internet connectivity from 9:20 am to 4:30 pm. Synapxe’s security measures prevented data compromise, ensuring patient care remained unaffected. While critical systems were sustained, internet-reliant services were inaccessible until 5:15 pm. Synapxe’s layered defense includes blocking abnormal traffic and firewalls for resilience. An abnormal surge at 9:15 am overwhelmed the firewall, causing the outage. Measures were deployed to resume services by 4:30 pm. Ongoing DDoS attacks may cause intermittent disruptions. Synapxe collaborates with stakeholders for active defense and recovery.

TheCyberExpress

ISSUE 13

TheCyberExpress

ISSUE 13

SCAN AND STAY UPDATED WITH REAL TIME CYBERSECURITY NEWS To advertise with us, write to: marketing@thecyberexpress.com