Friday, September 6 2024

Here are just some of the news events in the world of Digital Investigations.

 

Australia and New Zealand Need an Anzac Cyber Incident Review Board

Many cyber attacks now straddle the Tasman Sea, such as last year’s data breach against Latitude, an Australian financial services provider, which affected more than 14 million people across Australia and New Zealand. As both nations focus on how to recover better from such large-scale incidents, they should combine their efforts by setting up an Anzac cyber incident review board.

A joint board would have several key functions enhancing the cybersecurity posture of both nations. It would review technical details of an incident, its root cause, actions taken by industry and government, effectiveness of coordination between stakeholders during a response, and the impacts on the affected entity, sector, and communities in both nations.

UK to Propose Mandatory Reporting for Ransomware Attacks and Licensing Regime for all Payments

Officials in Britain are set to propose a major overhaul of how the country responds to ransomware attacks by requiring all victims to report incidents to the government, and then obliging those victims to seek a license before making any extortion payments.

The proposals will be included in a public consultation to be published next month, according to multiple sources with knowledge of the matter who spoke to Recorded Future News.

Also being put forward is a complete ban on ransom payments for organisation's involved with critical national infrastructure. The ban intends to remove the incentive for hackers to disrupt these critical services by preventing them from monetising attacks.

PSNI Facing a £750k Fine Following Spreadsheet Error That Exposed the Personal Information of its Entire Workforce

The ICO have announced it intends to fine the Police Service of Northern Ireland (PSNI) £750,000 for failing to protect the personal information of its entire workforce.

  • Data breach brought tangible fear of threat to life
  • "Perfect storm of risk and harm" highlights human impact of poor data security
  • ICO used discretion to significantly reduce potential fine to ensure public money is not diverted from where most needed

The proposed fine relates to an incident where personal information – including surname, initials, rank and role of all 9,483 serving PSNI officers and staff – was included in a "hidden" tab of a spreadsheet published online in response to a freedom of information request. Our investigation has provisionally found the PSNI’s internal procedures and sign-off protocols for the safe disclosure of information were inadequate.

SEC Fines NYSE Owner $10 Million for Not Quickly Reporting Hack

Intercontinental Exchange Inc. (ICE), which owns the New York Stock Exchange, agreed to pay $10M to settle Securities and Exchange Commission allegations that the exchange giant failed to immediately tell the SEC about a hack of its systems in 2021.

The SEC said that in April 2021, ICE learned that a " threat actor had hacked its virtual private network.” According to the SEC, ICE did not alert the legal and compliance staff at its subsidiaries, which include many of the world’s largest trading platforms, for several days. The agency’s rules require ICE to tell SEC staff about such incidents immediately.

“This settlement involves an unsuccessful attempt to access our network more than three years ago,” ICE, which did not admit to or deny the SEC’s findings, said in a statement. “The failed incursion had zero impact on market operations. At issue was the time frame for reporting this type of event under Regulation SCI,” the company added, referring to the SEC rule that covers such reporting.

According to the SEC, after investigating the issue, ICE found that the intrusion was limited and did not pose a major risk.

Microsoft’s UAE Deal Could Transfer Key U.S. Chips and AI Technology Abroad

Microsoft President Brad Smith said the tech company's high profile deal with the United Arab Emirates-backed AI firm G42 could eventually involve the transfer of sophisticated chips and tools - a move that a senior Republican congressman warned could have national security implications.
In an interview with Reuters this week, Smith said the sales accord, many details of which are being reported here for the first time, could progress to a second phase that entails the export of crucial components of AI technology such as model weights, a crown jewel of AI systems that determine how powerful they are. Smith said there is no firm timeline for the second phase.

At least eight government and military entities in the South China Sea have been compromised in recent years by a group allegedly aligned with Chinese interests, a new report has found.

For nearly five years, hackers compromised and repeatedly regained access to systems used by the governments, according to researchers from Bitdefender. The report does not say which countries had systems breached or whether they were already aware of the incidents before Bitdefender investigated them.

The activity was connected to a previously unknown threat actor, which they named Unfading Sea Haze, but noted that the “targets and nature of the attacks suggest alignment with Chinese interests.” The primary goal of the campaign, they said, appears to be espionage.

CYBERCOM, DARPA Pen Agreement to Speed up Advanced Cyberwarfare Research

U.S. Cyber Command and the Defence Advanced Research Projects Agency signed a binding memorandum this month that carves out pathways needed to expedite research and development of advanced cyberware technologies in the Department of Defence.

The agreement, announced by the two Pentagon agencies this week, establishes budgets, roles and governance structures needed to swiftly move cyber technologies “from the laboratory to the cyber battlefield,” they said.

The move centres DARPA—the research giant focused on advanced technology for U.S. military capabilities—as the frontrunner entity that provides projects to be loaded into CYBERCOM’s software suite. The memorandum follows the 2022 establishment of Constellation, the agreement’s cornerstone pilot program focused on transmitting advanced hacking capabilities to American cyberspace combatants.

Under the agreement, R&D programs would be chosen by DARPA and executed by the Orion Consortium, a joint group that includes DARPA contributors and CYBERCOM engineers.

Japan Plans Public-Private Info-Sharing on Cyber-Attacks

Operators of key infrastructure, such as railways, electricity, and telecommunications, to be tapped in an effort to boost capabilities to defend against and cope with cyber-attacks.

The government has decided to establish a consultative body as a step toward introducing an “active cyber defence” system aimed at preventing critical cyber-attacks, according to government sources.

The body would be comprised of other entities, including an envisaged successor organisation of the National centre for Incident readiness and Strategy for Cybersecurity (NISC) and operators of key infrastructure, such as electricity and telecommunications, in an effort to boost capabilities to defend against and cope with cyber-attacks.

The body will be modelled after the Joint Cyber Defence Collaborative (JCDC) established by the Cybersecurity and Infrastructure Security Agency of the U.S. Department of Homeland Security, according to the sources. The JCDC comprises various organisations and operators, including telecommunications firms. Its participants share confidential cyber risk information and devise cyber defence plans.

“Hybrid warfare,” which combines armed attacks with cyber-attacks on crucial infrastructure, has become mainstream in contemporary conflicts. Public-private collaboration is essential to countering such threats, but Japan is lagging behind other countries in this field.

 

Discover more from Digital Forensics Magazine

Subscribe now to keep reading and get access to the full archive.

Continue reading