#NSBCS.029 - Fortifying Defences Pays Off for Australian Organisations

Cyber Resilience
Written By Shane Bell

Source: NSB Cyber

 

Cutting Cyber Insurance Costs: Fortifying Defences Pays Off for Australian Organisations

A recent survey conducted by Tenable has been discussed, revealing that 44% of Australian IT and cybersecurity leaders have observed a significant reduction in their insurance premiums, ranging from 5% to 15%, as a result of implementing proactive cybersecurity measures. The study, encompassing leaders from various sectors, underscores the financial advantages of adopting preventive practices such as multi-factor authentication, exposure management, employee training, and regular system updates. These measures not only enhance security but also translate into substantial cost savings on insurance premiums, encouraging organisations to invest more in robust cybersecurity frameworks.

In addition, the survey highlights the broader industry sentiment towards federal involvement in cybersecurity enhancement. An overwhelming 79% of respondents support increased federal funding to bolster cybersecurity measures across sectors. This call for greater governmental support reflects a growing recognition of the critical role that cybersecurity plays in safeguarding national infrastructure and business operations. The Australian Prudential Regulation Authority (APRA) has stressed the importance of maintaining up-to-date data backups as a cornerstone of cyber resilience. Ensuring regular and secure backups can mitigate the impact of cyberattacks, further underscoring the need for comprehensive cybersecurity strategies.

There was also discussion on the implications of these findings for the insurance industry. As organisations demonstrate improved cybersecurity postures, insurance companies are more likely to offer reduced premiums, recognising the decreased risk. This symbiotic relationship between enhanced security measures and insurance cost savings creates a compelling case for businesses to invest in cybersecurity.

NSB Cyber can support Australian organisations in implementing these critical cybersecurity practices and ensuring robust protection. Our expert team provides comprehensive solutions tailored to meet specific industry needs, enhancing overall cyber resilience. Businesses can navigate the complexities of cybersecurity, leveraging our expertise to build a secure digital footprint by taking #NoStepsBackward!

For information on NSB Cyber’s Cyber Resilience capabilities or to book a meeting with our team, click here.

What we read this week

  • Phishing Emails Abuse Windows Search Protocol to Push Malicious Scripts - A new phishing campaign exploits the Windows search protocol (search-ms URI) to distribute malware via HTML attachments in emails. These attachments initiate Windows searches on remote servers, delivering malicious batch files disguised as legitimate documents. The HTML files use meta refresh tags to open malicious URLs or provide clickable links as a fallback. Attackers mask these URLs using Cloudflare to appear legitimate. To mitigate this threat, users are advised to delete registry entries related to the search-ms protocol, though this may affect legitimate applications.

  • New PHP Vulnerability Exposes Windows Servers to Remote Code Execution - A newly discovered vulnerability in PHP, tracked as CVE-2024-4577, allows remote code execution on Windows servers. This issue stems from a CGI argument injection vulnerability affecting all PHP versions on Windows. Attackers can bypass protections for an older flaw (CVE-2012-1823) using specific character sequences. The vulnerability has already seen exploitation attempts and affects XAMPP installations using certain locales by default. Administrators are urged to apply the latest PHP patches and consider more secure configurations like Mod-PHP or FastCGI.

  • CISA Alerts Federal Agencies to Patch Actively Exploited Linux Kernel Flaw - The United States Cybersecurity and Infrastructure Security Agency (CISA) has alerted federal agencies about a critical Linux kernel vulnerability, CVE-2024-1086, due to active exploitation. This flaw is a use-after-free bug in the netfilter component, allowing local attackers to escalate privileges to root and execute arbitrary code. The vulnerability, which affects network operations, was patched in January 2024. CISA also flagged a security flaw in Check Point's network gateway products, urging immediate updates. Agencies must apply these patches by June 20, 2024, to safeguard against potential threats.

  • Snowflake Data Breach Impacts Ticketmaster, Other Organisations - A data breach at Snowflake has impacted several organisations, including Ticketmaster, with significant amounts of information stolen. The breach was discovered when a hacking group claimed to have exfiltrated data of 560 million users, demanding $500,000 for it. Ticketmaster's parent company, Live Nation, confirmed unauthorised access to their third-party cloud database environment. Snowflake identified that the breach resulted from compromised credentials through info stealing malware and credential stuffing. They are investigating and have advised customers to enhance security measures, including enabling multi-factor authentication.

  • China's FortiGate Attacks More Extensive Than First Thought - Dutch intelligence agencies have revealed that attacks on FortiGate systems by Chinese state-sponsored hackers were more extensive than initially thought. Over 20,000 FortiGate firewalls were compromised, with around 14,000 breached during a two-month period before Fortinet discovered the vulnerability CVE-2022-42475. The attackers deployed a sophisticated malware called Coathanger, which maintains persistent access even after updates. The malware targeted several Western governments, international organisations, and defense companies. Authorities warn that many systems may still be compromised, urging complete reformatting to remove the malware.

References
https://www.bleepingcomputer.com/news/security/phishing-emails-abuse-windows-search-protocol-to-push-malicious-scripts/
https://thehackernews.com/2024/06/new-php-vulnerability-exposes-windows.html
https://thehackernews.com/2024/05/cisa-alerts-federal-agencies-to-patch.html
https://www.securityweek.com/snowflake-hack-impacts-ticketmaster-other-organizations/
https://www.theregister.com/2024/06/12/chinas_targeting_of_fortigate_systems/
Shane Bell
Previous

#NSBCS.030 - Escalating Cyber Threats to Critical Infrastructure Systems
Next

#NSBCS.028 - Navigating Cyber Risks in the Agricultural Sector