#NSBCS.012 - Securing your Data - Third-Party Risk
Source: NSB Cyber
Third Party Risk
How much of your company’s data is sitting with third-party suppliers?
From file storage systems to your CRM and even IT service providers, third-party vendors hold keys to your critical data and infrastructure. Imagine one of your vendors suffers a data breach. Your confidential customer information may be made public, leading to reputational damage or potential legal issues. With supply chain breaches on the rise, this is an all-to-common scenario.
Third-party cyber reviews can help prevent these scenarios by giving you valuable insights into your vendors’ security landscape. Focus on asking the important questions:
How do your vendors protect your data? What controls do they have in place to ensure your data remains secure?
How often are they monitoring these controls to ensure they remain up-to-date and sufficient?
Do their policies and practices match your standards and expectations? Are they aligned with any best-practice industry frameworks?
Reviewing third-party vendors shouldn’t be a one-and-done process, but rather a process that is regularly monitored, up to date and fit for purpose. The process doesn’t need to be onerous or complex to garner good results:
Keep track of all your vendors and know what data they store or access.
Review their cybersecurity practices regularly - review critical and high-risk vendors more frequently than medium or low-risk vendors.
Obtain relevant information efficiently. Don’t waste time with lengthy questionnaires when they’re not needed - use internal documentation (such as an Information Security Policy) and publicly released security standards (for example, Microsoft’s Trust Center) to understand the security posture of your vendors.
At NSB Cyber, we help organisations build a structure around this process by automating the monitoring and management of third-party supplier chain risks by leveraging the supplier management tool in Avertro. Implementing this cybersecurity best practice is an effective way to secure and protect sensitive data, ensuring that your company is taking No Steps Backward!
For information on NSB Cyber’s Cyber Resilience capabilities or to book a meeting with our team, click here.
What we read this week
New Linux glibc flaw lets attackers get root on major distros - Tracked as CVE-2023-6246, the security flaw is in glibc's __vsyslog_internal() function, which is responsible for logging messages to the system log. The flaw can be exploited by attackers to overwrite memory with malicious code, which can then be executed to gain root access. Debian, Ubuntu and Fedora are vulnerable to this security flaw, and cybercriminals pose a significant threat because they do no require any special privileges to exploit this vulnerability and gain full control of systems.
Newest Ivanti SSRF zero-day now under mass exploitation - CVE-2024-21893, a server-side request forgery (SSRF) vulnerability in Ivanti Connect Secure and Policy Secure, is being actively exploited by attackers to gain unauthorised access and compromise systems. Reports indicate a significant increase in exploitation attempts compared to previous Ivanti vulnerabilities, which could suggest coordinated attacks by multiple threat actors, potentially targeting high-value systems. The severity of the situation prompted the US Cybersecurity & Infrastructure Security Agency (CISA) to issue an emergency directive requiring federal agencies to disconnect all vulnerable Ivanti appliances. This unprecedented action highlights the criticality of addressing this vulnerability immediately.
Hackers Exploit Job Boards, Stealing Millions of Resumes and Personal Data - Cybercriminals known as ResumeLooters have exploited vulnerabilities in job boards across the Asia-Pacific region, primarily targeting resumes and personal data like names, emails, and phone numbers. The threat actors were using SQL injection attacks against websites to steal sensitive information and then set up Telegram channels to sell the sensitive information. Majority of the compromised websites were based in India, Taiwan and Thailand and the campaign by ResumeLooters appears to be financially motivated.
Cloudflare Breach: Nation-State Hackers Access Source Code and Internal Docs - Suspected nation-state actors exploited stolen credentials to gain unauthorised access to Cloudflare's Atlassian server between November 14th and 24th, 2023, with the objective of persistent and widespread access to the global network. While no customer data or systems were affected, the attackers accessed internal documentation and a limited amount of source code. Cloudflare promptly detected and blocked the intruder, conducted a thorough investigation, and implemented extensive security measures. This included rotating thousands of credentials, isolating systems, performing system triages, and rebooting all machines across their network.
US Says China’s Volt Typhoon Hackers ‘Pre-Positioning’ for Cyberattacks Against Critical Infrastructure - CISA warns of a wider effort by the Chinese state-backed "Volt Typhoon" hackers, targeting critical infrastructure beyond the previously known Guam attacks. Unlike typical espionage operations, CISA indicates Volt Typhoon aims to disrupt critical infrastructure, raising concerns about potential power outages, transportation disruptions, or communication breakdowns. CISA urges defenders to find and remove Volt Typhoon malware artefacts, and the organisation includes detailed technical mitigations and recommends proactive hunting for suspicious activity linked to the group.
Referenceshttps://www.bleepingcomputer.com/news/security/new-linux-glibc-flaw-lets-attackers-get-root-on-major-distros/
https://www.bleepingcomputer.com/news/security/newest-ivanti-ssrf-zero-day-now-under-mass-exploitation/
https://thehackernews.com/2024/02/hackers-exploit-job-boards-in-apac.html
https://thehackernews.com/2024/02/cloudflare-breach-nation-state-hackers.html
https://www.securityweek.com/cisa-chinas-volt-typhoon-hackers-planning-critical-infrastructure-disruption/