This is the May news and product review from Cyberday. Our next Admin Webinar, where we will go live, will take place in autumn 2024. You can register for the webinar on our Webinars page closer to the date.
Top cyber security news 5/2024
Serious data breach in the City of Helsinki: over 120 000 people's data affected
In May, the City of Helsinki's Education and Training Division was hit by a data breach involving more than 120 000 individuals. The hackers hijacked the usernames and email addresses of city employees, as well as the IDs and address information of students, guardians and staff of the Education and Training Division.
The root cause of the data breach was an outdated remote access server. There was a patch for the vulnerability, but for one reason or another it had not been applied. In the event of a data breach and vulnerability, it is very important to identify critical systems and devices that need to be updated.
The information about the data breach has been relatively well communicated. The communication of the breach has been swift and underlines the seriousness of the event, and the City of Helsinki has acknowledged its own mistakes and shortcomings in controls and procedures for security updates and equipment maintenance.
How quickly are technical vulnerabilities exploited?
Fortinet's semi-annual report shows that vulnerability exploitation is accelerating, with a particular focus on new vulnerabilities. According to the report, attacks start on average 4.76 days after release.
The analysis places vendor responsibility at the heart of the issue. Vendors need to find and fix vulnerabilities quickly to avoid 0-day exploits and help customers protect themselves effectively.
While Fortinet's review focuses specifically on new vulnerabilities, the information is also relevant to older vulnerabilities. As many as 41% of organisations identified attempts to exploit vulnerabilities more than 30 days old. In addition, FortiGuard Labs continues to globally detect attempts to exploit vulnerabilities that are more than 15 years old. As a result, organisations should take care of their cyber hygiene and maintain updates and patches.
How AI is making phishing attacks better?
AI-assisted data phishing attempts are on the rise. AI automates and personalises different aspects of the attack process, promoting good language and minimising typos. AI can easily craft convincing phishing messages in any language, and generative AI can even accurately mimic the communication style of the right person.
The highest incidence of phishing attempts has occurred in the US (55.9%), the UK (5.6%) and India (3.9%). The study also reveals that Microsoft is one of the most imitated brands for phishing attempts.
Adversary-in-the-middle (AiTM) attacks remain a significant threat, and the rise of browser-in-the-browser (BiTB) attacks is exacerbating the problem. These methods specifically target users in web browsers, making them more difficult to detect and combat.
How is AI affecting cyber offense / defence?
Palo Alto's article discusses how the constant hype around AI makes it difficult to identify authentic attacks. Different AI attack methods include:
Enhanced phishing -More authentic attacks that are harder to detect
Malware development - Creating new malware by combining elements of existing malware with malicious code that can bypass existing protections.
Data poisoning - Attackers attack AI systems themselves by poisoning training data to manipulate results.
Automated attacks - AI can provide highly scalable, autonomous attacks against multiple targets simultaneously.
On the optimistic side, AI can improve defensive cybersecurity capabilities. Advances in AI and multimodal logic may even reduce the overall number of software vulnerabilities, as software is better tested and patched in an automated and large-scale manner during development.
Cannes Hospital Cancels Medical Procedures Following Cyberattack
In April 2024, Cannes Hospital in France was the target of a cyber attack. As a result, the organisation decided to shut down systems to limit the attack. Hospital staff had to resort to manual processes, resulting in slowed work and cancelled operations.
Cannes Hospital has embarked on a slow recovery process, the hospital is currently working to restore the most critical systems for patient care. Cannes has reported the attack to the relevant authorities and the attack is being closely analysed. No ransom demands have been received by the hospital in relation to the cyber-attack and no evidence of data theft has emerged.
NIS2-directive tracker
The NIS2 Directive entered into force on 16 January 2023 and EU Member Countries are now expected to transpose this key cybersecurity legislation into national law. The process must be completed by 17 October 2024. From 18 October 2024, the current NIS Directive will be repealed and Member countries will start applying the updated measures. Member countries will also have the possibility to extend the scope of the NIS2 Directive and introduce additional national requirements.
To help you, we have published a free NIS2 ready using ISO 27001 best practices book. Our free e-book will guide you through the world of NIS2 and show you how to use ISO 27001 best practices to achieve compliance. Grab yours here: cyberday.ai/ebook
How is Paris 2024 handling cyber security?
In the summer of 2024, the Paris Summer Olympics will be held, and their security has been called into question, in particular following a security assessment by Outpost24.
The security assessment has revealed a number of vulnerabilities, including:
- Open Ports
- SSL Misconfigurations
- Cookie Consent Violations
- Domain squatting
These vulnerabilities can compromise personal data of staff and athletes, for example, posing privacy and security risks.
However, the report also mentioned that the organisers have put in place strong security measures and their overall approach to security deserves recognition. Perfection is seldom achieved in the field of security, and the Paris Olympics can be seen as a good example of how to manage the attack surface.
Key themes from Cyberday's development
New Metrics-site
We published a new Metrics-page. You will find it in the left menu - by default under the "More" button, but you can pin the page to the top of the left menu if you want.
On the Metrics page, you can define the key metrics of information security management that are most relevant to your organization's work. There are a total of 20+ metrics depending on the amount of frameworks you have enabled. You can edit the goal values for different metrics yourself.
Monthly ISMS-reports (johdon viestintään)
We're published a new, automated monthly report, that is mostly designed for top management communication.The report will display main metrics from your account along, summarize the progress you've made during the month and show some related key information.This report is not too lenghty and makes it easy to showcase your done information security work in a positive way.
Distribute selected reports via Guidebook
Chosen reports will be displayed to selected employees in Guidebook. Employees need to open the report and confirm it as read - similarly as for guidelines.
New Framework: DORA
The Digital Operational Resilience Act (DORA) is the EU law on digital operational resilience. It aims to strengthen resilience in all aspects of financial institutions. Start implementing DORA before 1/2025 Digiturvamallissa! You can active and modify frameworks in Cyberday from Organization Dashboard.
Also, coming soon in Cyberday: ISO 9001
Check out the available and upcoming frameworks in Cyberday app or Frameworks-page.