#NSBCS.039 - APRA’s Open Letter: A Summary
Source: NSB Cyber
APRA’s Open Letter: Additional Insights on Cyber Resilience Weaknesses
Key Takeaways from APRA's Letter
In an open letter published last week, APRA shared additional insights and guidance related to the common cyber weaknesses observed in relation to security in configuration management, privileged access management, and security testing. In this letter, APRA reiterates the requirement for regulated entities to remain vigilant and proactively implement strategies to mitigate risks posed by the rapidly evolving cyber threat landscape. APRA has also expressed their expectation that regulated entities review their control environment against these common weaknesses, in addition to conducting regular self-assessments to ensure compliance with CPG 234, and other established frameworks.
If you are a Regulated Entity, consider reviewing your controls to ensure you:
Prioritise security configuration: Ensure IT systems are configured securely and regularly updated to address new vulnerabilities.
Manage privileged access: Maintain a complete inventory of privileged accounts, grant access only when necessary, and use strong security measures to protect credentials.
Conduct comprehensive security testing: Regularly assess your organisation's cyber defences using various testing methods, including vulnerability scanning, penetration testing, and red-team exercises.
Conduct regular self-assessments to ensure your organisation's practices comply with the requirements of CPG234.
So what does this mean for your organisation?
APRA makes it clear that proactively planning your cyber resilience is an expectation and a key focus area for APRA. Proactive cyber controls and cyber resilience are essential for safeguarding organisations. By identifying and mitigating risks before they can be exploited and having a well-defined plan to respond to incidents, organisations can significantly reduce their exposure to cyberattacks and protect their valuable assets. Implementing these controls does not need to be onerous, expensive or complicated - a pragmatic, fit-for-purpose approach is key.
Read the letter here: Additional insights on common cyber resilience weaknesses | APRA
For information on NSB Cyber’s Cyber Resilience or Cyber Governance capabilities or to book a meeting with our team, click here.
What we read this week
Microsoft Patches Zero-Day Flaw Exploited by North Korea’s Lazarus Group - Microsoft has patched a zero-day vulnerability (CVE-2024-38193) in Windows, which was actively exploited by North Korea's Lazarus Group. The vulnerability has a CVSS score of 7.8, and is described as a privileged escalation bug in the Windows Ancillary Function Driver that could allow attackers to gain system access. If successfully exploited, researchers at Gen Digital highlighted that cybercriminals could bypass normal security restrictions and access sensitive system areas.
Toyota Confirms Third-Party Data Breach Impacting Customers - Toyota has confirmed a third-party data breach that exposed customer data after a threat actor leaked 240GB of stolen files on a hacking forum. ZeroSevenGroup is the threat actor claiming to have leaked the stolen data, including sensitive information on employees, customers, contracts, and network infrastructure. The stolen data was obtained utilising the open-source ADRecon tool that extracts large amounts of data from Active Directory environments.
US Says Iran Behind Trump Campaign Hack - The United States (US) government has identified Iran as the actor behind a cyberattack targeting the Trump campaign, where hackers are attempting to access and exfiltrate sensitive campaign information. Politico, an American digital news company claimed to receive anonymous emails from a threat actor under the name ‘Robert’ claiming to have legal documents and internal discussions from a senior Trump official. While there is no clear affiliation between the threat actor and Iran, the US do certify that Iran is behind a number of cyber operations aiming to interfere with the elections and to create tensions within society.
CISA Warns of Critical Jenkins Vulnerability Exploited in Ransomware Attacks - The United States Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a critical Jenkins vulnerability (CVE-2024-23897) that is being actively exploited in ransomware attacks. The flaw, with a CVSS score of 9.8, is a path traversal vulnerability that allows attackers to execute arbitrary code on affected Jenkins servers. Initially disclosed by Sonar security researchers in January 2024, it has since been exploited by threat actors, including IntelBroker and the RansomExx gang. CISA has mandated federal agencies to patch the vulnerability by September 9, 2024.
New Mad Liberator Gang Uses Fake Windows Update Screen to Hide Data Theft - The new Mad Liberator ransomware gang uses a deceptive technique by displaying a fake Windows update screen to hide their data theft activities. While victims believe their system is undergoing an update, the ransomware is encrypting files and exfiltrating sensitive data in the background. This approach is designed to delay detection and increase the likelihood of a successful attack. In the attacks observed by researchers from Sophos, they appeared to last approximately four hours, and Mad Liberator refrained from encrypting data after exfiltration. Despite this, the attackers still left ransom notes in shared network directories to ensure they were highly visible in corporate environments.
References
https://thehackernews.com/2024/08/microsoft-patches-zero-day-flaw.html
https://www.bleepingcomputer.com/news/security/toyota-confirms-third-party-data-breach-impacting-customers/
https://www.cyberdaily.au/government/10992-us-says-iran-behind-trump-campaign-hack
https://thehackernews.com/2024/08/cisa-warns-of-critical-jenkins.html
https://www.bleepingcomputer.com/news/security/new-mad-liberator-gang-uses-fake-windows-update-screen-to-hide-data-theft/