CyberCapsule - October 2023

Welcome to the sixth edition of our Cyber Capsule. In this month's edition, we highlight: (i) the CISA's role in helping organizations improve their cybersecurity posture; (ii) two new amendments to cybersecurity rules; and (iii) as always, provide a peek into the threat actor world.

Need A Helping Hand?

• No Strangers in the Zoom. On October 2, 2023, Krebs posted that multiple organizations have exposed web links that will permit anyone to initiate a Zoom meeting posing as a valid employee. The article also details ways to stop this.
• Raising the Low Hanging Fruit. On October 5, 2023, the NSA and CISA issued a report identifying the top 10 cybersecurity misconfigurations.
• Don't Take the Bait. On October 19, 2023, the CISA, the NSA, the FBI, and the MS-ISAC published a guide on stopping phishing attacks.
• Is Anyone Here a Doctor? On October 26, 2023, CISA issued a toolkit targeting the healthcare sector that provides tips on ways to improve cybersecurity posture.
• New and Improved IRP Coming Soon. On October 26. 2023, CISA announced it is working on a new version of the National Cyber Incident Response Plan that seeks to provide organizations with better and more effective ways to recover from cyber incidents.

Consider This...

• Calculating Cyberrisk Cost. On October 17, 2023, The FAIR Institute debuted its online material assessment model, which includes an online calculator that can appraise the financial cost of a cyber Incident.
• Making Safeguards Rule Safer? On October 27, 2023, the FTC approved an amendment to the Safeguards Rule that will require non-banking financial institutions to report to the FTC within 30 days any notification event where unencrypted customer information involving 500 or more consumers is acquired without authorization. The amendment will take effect in April 2024.
• Take Two. On November 1, 2023, the NYDFS published its second amendment to cybersecurity regulation 23 NYCRR 500. The amendment adds: (i) new definitions; (ii) new policies and procedures, such as having an incident response plan; (iii) cybersecurity controls such as access management and data retention controls; and (iv) updating the 72-hour notification requirement.

As the World Turns

• No Senior Discount Here. On September 29, 2023, the FBI issued a warning of a recent rise in "Phantom Hacker" scams. The FBI received 19,000 complaints from January through June. Of those victims, almost half were over 60, and losses exceed $500 million.
• Ransomware Reinfection on the Rise. On October 2, 2023, Malwarebytes Labs revealed that ransomware reinfections are increasing and outlined some reasons for reinfection.
• Another One Bites the Dust. On October 19, 2023, law enforcement agencies from the U.S., Europe, and Japan successfully shut down both the Tor negotiation and data leak sites belonging to Ragnar Locker.
• Thanks, Captain Obvious. On October 26, 2023, the GuidePoint Research and Intelligence Team (GRIT) stated it observed a nearly 15% increase in ransomware activity since last quarter and 10 new emerging groups.
• Wishing for Less Quishing. On October 29, 2023, Check Point revealed a 578% increase in quishing – QR code phishing attacks – between August and September.

Don't Forget

• Microsoft released its October 2023 Report.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.