#NSBCS.035 - Business Continuity Planning - Is Your Business Prepared for the Unexpected?
Source: NSB Cyber
Business Continuity Planning - Is Your Business Prepared for the Unexpected?
Disruptions to your business operations can occur at any time. Whether it’s a cyberattack, system outage, or even a pandemic, the ability to quickly recover and resume operations is crucial. This is where business continuity planning (BCP) comes in.
A robust BCP outlines how your business will continue operating in the face of adversity. But simply having a plan isn’t enough. It’s essential to test it regularly through tabletop exercises. These simulations help identify weaknesses, refine response procedures, and ensure your team is prepared to execute the plan when it matters most.
Key considerations when developing and testing your BCP include:
Identify critical functions: Determine the core activities essential to your business’s survival.
Assess potential risks: Evaluate threats that could disrupt operations and prioritise them based on likelihood and impact.
Develop recovery strategies: Create detailed plans for resuming operations after a disruption, including alternate work locations, communication protocols, and data recovery procedures.
Test and refine: Conduct regular tabletop exercises to identify gaps and improve your plan.
Unexpected challenges can arise in any business. A well-prepared organisation is better equipped to navigate these hurdles and emerge stronger. By investing time in business continuity planning and regular tabletop exercises, you are taking proactive steps to protect your business and build resilience.
At NSB Cyber, we can assist you in creating thorough business continuity plans and carrying out practical tabletop exercises to ensure your business is well-prepared. Our sessions cater to technical response staff, as well as boards and executives, to guarantee comprehensive coverage in the event of a disruption. Contact us via our website or at info@nsbcyber.com for more information.
For info on NSB Cyber’s Cyber Governance or Resilience capabilities, or to book a meeting with our team, click here.
What we read this week
CrowdStrike: 'Content Validator' Bug Let Faulty Update Pass Checks - A bug in CrowdStrike's Content Validator allowed a faulty update to pass checks, causing millions of Windows systems to crash on July 19, 2024. The issue arose from a problematic configuration update intended to gather telemetry on new threat techniques. The faulty update bypassed additional verifications due to prior trust in successful deployments of the underlying Inter-Process Communication (IPC) Template Type. CrowdStrike reverted the update within an hour but is now implementing new testing and deployment measures to prevent future incidents.
Russian Hackers Caught Targeting Ukrainian Research Organisations - Russian hackers, linked to the GRU and known as UAC-0063, targeted Ukrainian research organisations using a compromised email account to send a malicious Word document. This document contained a macro that, when executed, deployed the HATVIBE malware, leading to the installation of the CHERRYSPY backdoor. CERT-UA identified that poor security practices, such as the lack of multifactor authentication and inadequate macro policies, contributed to the attack's success. The campaign, which started on July 8, highlights the ongoing cyber threats facing Ukrainian entities.
Experts Uncover Chinese Cybercrime Network Behind Gambling and Human Trafficking - A Chinese cybercrime network linked to gambling and human trafficking, run by the Yabo Group (now rebranded as Kaiyun Sports), has been exposed. This group uses an advanced technology suite called "baowang," involving DNS configurations, website hosting, and payment mechanisms, to support their operations. The network sponsors European football clubs to advertise illegal gambling sites, targeting bettors mainly in China. Their infrastructure includes over 170,000 domain names and sophisticated DNS traffic distribution systems to evade detection. The syndicate also coerces people into supporting these operations through human trafficking.
Over 3,000 GitHub Accounts Used by Malware Distribution Service - Over 3,000 GitHub accounts were used by the Stargazer Goblin group to distribute malware via a service called Stargazers Ghost Network. They used GitHub repositories and compromised WordPress sites to push password-protected archives containing information-stealing malware like RedLine and Lumma Stealer. These accounts made the malicious repositories appear legitimate by starring, forking, and subscribing to them, making them more visible on GitHub. The operation, active since August 2022, has generated over $100,000 in profits. GitHub has taken down over 1,500 of these malicious repositories, but many remain active.
Microsoft Defender Flaw Exploited to Deliver ACR, Luma, and Meduza Stealers - A flaw in Microsoft Defender SmartScreen, tracked as CVE-2024-21412, was exploited to distribute ACR, Lumma, and Meduza information stealers. The vulnerability allowed attackers to bypass SmartScreen protection and deliver malicious payloads via crafted URL and LNK files. These files then downloaded executable scripts, which decoded and ran PowerShell code to deploy the stealers. The attack targeted users in Spain, Thailand, and the U.S., exploiting the flaw to harvest sensitive data from web browsers, crypto wallets, and other applications. Microsoft patched the flaw in February 2024.
References
https://www.bleepingcomputer.com/news/security/crowdstrike-content-validator-bug-let-faulty-update-pass-checks/
https://www.cyberdaily.au/security/10863-russian-hackers-caught-targeting-ukrainian-research-orgs
https://thehackernews.com/2024/07/experts-uncover-chinese-cybercrime.html
https://www.bleepingcomputer.com/news/security/over-3-000-github-accounts-used-by-malware-distribution-service/
https://thehackernews.com/2024/07/microsoft-defender-flaw-exploited-to.html