Top news stories this week
- Banking on security. Financial service regulators in Hong Kong publish guidance on cyber risks.
- Testing ground. Hunters International claim ransomware attacks on Telecom Namibia and Development Bank of Jamaica.
- RIBridges breached. The social services portal of the State of Rhode Island hit by data breach.
- Timeout. CISA mandates Microsoft 365 security while Amazon halts deployment.
- Data protection Meta-morphosis. Meta and Change Healthcare facing fines for data protection violations.
- Sanctioned. EU imposes historic sanctions on Russian individuals and entities over malicious cyber activities.
1. Hong Kong financial services regulators begin to take charge
The Hong Kong Monetary Authority and the Insurance Authority (HKIA) have published guidance for their respective regulated entities – deposit-taking institutions and authorised insurers respectively – to help manage their cyber security risk and resilience frameworks. Both papers reference the need for self-assessments and continuous monitoring, but the HKIA also identifies several other control areas, including third party risk management.
So What?
The implication is two-fold – entities regulated under these authorities should ensure they’re aligned with the guidance, and other regulators are likely to follow suit in the near future.
[Researcher: Kyle Schwaeble]
2. Hunters International claim attacks on Telecom Namibia and Development Bank of Jamaica
Namibia’s state-owned telecommunications company Telecom Namibia has confirmed it was impacted by a ransomware attack after stolen data was published on the Hunters International leak site. Separately, the threat group also named the Development Bank of Jamaica on their site on Wednesday.
So what?
Cyber criminals use developing countries as a testing ground for their tactics, techniques, and procedures (TTPs) and as an increasingly attractive audience to target for extortion.
[Researcher: David Broome]
3. US State of Rhode Island’s social services portal hit by data breach
Rhode Island social services provider RIBridges has been confirmed as a victim of Brain Cipher, after the threat actor previously listed Deloitte on their leak site two weeks ago. Deloitte, which provides technical support to RIBridges, confirmed that the group had likely obtained files with personally identifiable information.
So what?
State authorities recommend those impacted to reset their passwords, use multifactor authentication, and place a fraud alert and credit freeze on their bank accounts.
4. CISA mandates Microsoft 365 security while Amazon halts deployment
CISA's Binding Operational Directive 25-01 requires US federal agencies to secure cloud environments, starting with Microsoft 365 configurations. The directive aims to reduce vulnerabilities by enforcing security practices. Federal agencies must use CISA's tools, integrate their monitoring infrastructure, and remediate configuration deviations promptly.
Separately, Amazon has delayed its Microsoft 365 deployment after a January 2024 cyber attack by the Russian-linked Midnight Blizzard group compromised employee email accounts. Amazon asked Microsoft to enhance its logging and telemetry capabilities to meet their security requirements.
So what?
Organisations should ensure that all logging features in their Microsoft 365 environment are activated and continuously updated to include any new features Microsoft releases.
[Researcher: Aditya Ganjam Mahesh]
5. Meta and Change Healthcare face fines for data protection violations
Meta has been issued a 251 million EUR (263 million USD) fine by the Irish Data Protection Commission (DPC) for the 2018 data breach which affected around 29 million Facebook accounts. Separately, Nebraska’s Attorney General has filed a lawsuit against Change Healthcare for exposing the sensitive healthcare information of around 100 million state residents following a ransomware attack. Both companies took swift actions to implement stronger data security measures.
SO WHAT?
Organisations should take proactive steps to protect personal information by embedding it into their practices and products they provide. They should also develop appropriate data breach notification and documentation processes in case an incident does occur.
[Researcher: Milda Petraityte]
6. EU imposes historic sanctions over ‘Russian hybrid threats’
The European Council has imposed sanctions on 16 individuals and three entities, including a unit of Russian military intelligence (GRU), in response to malicious cyber activities targeting EU member states and Ukraine. This marks the first time the EU's political body has enforced sanctions specifically addressing 'Russian hybrid threats.'
SO WHAT?
This action demonstrates the EU's commitment to pursuing Russian hackers engaged in cyber attacks, as well as those orchestrating information and influence campaigns against member states and their allies.
[Researcher: Waithera Junghae]
