Cyber Security News for June 2021
Posted by Peter Bassill on 02/06/2021
Cyber Security News
Well, that is the first half of 2021 almost over. We are into summer and it has been a somewhat rough 18 months for everyone. Things are starting to settle down and businesses are now well versed in their new normal of remote working mixed with a small number of days in the office. Having said that, the criminals have been hard at work, but so have we.
We now have our new website up and running and we have taken a big step and published all of our prices online. Along with that, you can now buy certain pre-packaged penetration tests as well as vulnerability scanning and Cyber Essentials all online. It is just another way we are trying to change the secretive nature of our industry and make your lives simpler by enabling online purchasing, either via a credit card or a purchase order. Let me know what you think. Would you buy online?
Cyber Security News
This month there has been some interesting news coming up. We are seeing fundamental changes to the cyber insurance world, one of the most successful ransomware attacks ever and the evolution of the Cyber Essentials certification standard.
Cyber Insurance Changes
Ransomware attacks have been so successful over the past quarter in compromising victims and getting big payouts that it has led to a rapid, fundamental change in the cybersecurity industry. Many previous cybersecurity insurers are now refusing to insure for ransomware and other types of cybercrime. Those that are still providing cover are charging more, insuring for less and requiring proof of far stronger controls before a policy is issued. Having spoken to several insurers over the last two weeks, all wanted to see a valid Cyber Essentials Plus certificate along with a penetration test summary no older than six months. If you already have a cybersecurity insurance policy call your broker to see if anything has changed because for sure the terms you had in the past will not be the terms you have going forward.
That Fuel Pipeline Attack
Many people have heard about the ransomware attack on the US fuel pipeline. But how far did the attack actual go? The ransomware attack was, for the attackers, super successful. So successful in fact that the pipeline operators paid close to five million dollars in ransom. The initial attack vector isn't known, but it is likely to have been the usual suspects; an old, unpatched vulnerability in a public-facing system; a phishing email that successfully fooled an employee; the use of access credentials purchased or obtained elsewhere that were leaked previously. The DarkSide group is a Ransomware-as-a-Service (RaaS) group that offers its own brand of malware to customers on a subscription basis. The ransomware is currently in version 2 and with this newfound success, we can expect to see rapid development and expansion of their services.
If you maintain a risk register, then now would be a good time to review the risk scores for Ransomware and other malware attacks. It would also be a prudent time to run a full backup restore test and start to make 2 weekly "offline" backup archives.
Changes in Cyber Essentials
There were six major changes to the Cyber Essentials certification standard on the 26th of April. Here is what you need to know.
There are new definitions for a corporate virtual private network (VPN), organisational data and organisational services. These definitions assist when applying the requirements for Bring Your Own Device (BYOD).
An update to the Bring Your Own Device (BYOD) requirement to explain what is out of scope.
Clarification on when and where software firewalls are acceptable as the internet boundary.
The name ‘patch management’ control has been changed to ‘security update management’.
An update to the security update management control. This will include automatic updates where possible and clarify the position on updates that do not include details of the level of vulnerabilities that the respective update fixes.
User access control has been expanded to include third-party accounts that have access to the certifying organisation’s data and services.
A lot of detail and information can be found on the IASME blog here.