Read: The Need for Digital Transformation in Finance

The November 2023 OptionOne Cybersecurity Briefing

By OptionOne Technologies

We searched through the most popular cybersecurity websites to bring you the latest industry news, updates, and tips.

Cybersecurity Threat News

Attack on OpenAI Signals New Capabilities for Threat Actor Anonymous Sudan (AS)

OpenAI, the non-profit behind ChatGPT, recently found itself on the receiving end of a distributed denial-of-service (DDoS) attack, Cybernews reported. The attack coincided with the unveiling of a new for-hire botnet, SkyNet, by the Russia-allied Anonymous Sudan (AS).

While OpenAI hasn’t publicly identified the source of the DDoS attack, cybersecurity experts link it strongly with AS. This attack aligns with AS’s recent commercialization, which points to a significant boost in its operational resources.

AS claimed responsibility for two significant attacks in November; one was against OpenAI and another against Cloudflare, referred to as the “backbone of the modern internet.”

AS’s motivations are hardly clear, but they present themselves as anti-western, pro-Russian, and recently, anti-Israel. The attack on OpenAI was purportedly due to its plans to invest in Israel and the potential use of AI in weapon manufacturing and intelligence gathering.

The introduction of the SkyNet botnet signals an escalation in AS’s capabilities. Capable of targeting the outermost layer for data exchange, this botnet could be a game-changer.

Tim West, head of threat intelligence at WithSecure, believes, “If this attack was a DDoS protection bypass, it demonstrates the ability to identify and exploit ‘chinks in the armor’ of an advanced DDoS protection service, which is over and above what we typically see with pro-Russian hacktivist groups.”

However, not everyone agrees that AS is evolving. Chris Conrad, Senior Threat Intelligence Manager at NETSCOUT, maintains that AS’s tactics have remained largely unchanged. He argues that while the size of the botnets may vary, AS’s modus operandi is consistent with its past behavior.

NetSupport RAT Infections Increase, Targeting Government and Businesses

Cybersecurity threats are on the rise, with a remote access trojan, NetSupport RAT, increasingly being used in attacks on educational, government, and business services sectors. According to a report by The Hacker News, this malicious tool, originally a legitimate aid for technical assistance, is being misused by cybercriminals as an entry point for further attacks. It’s often downloaded onto a victim’s computer through deceptive websites and counterfeit browser updates, creating a major security concern.

In a recent report, VMware Carbon Black researchers revealed, “The delivery mechanisms for the NetSupport RAT encompass fraudulent updates, drive-by downloads, utilization of malware loaders, and various forms of phishing campaigns.”

Over the past few weeks, the cybersecurity firm has detected at least 15 new infections relating to NetSupport RAT, indicating the growing prevalence of this threat.

Once installed, NetSupport RAT allows cybercriminals to monitor user behavior, manipulate computer settings, transfer files, and even expand to other devices within the network. In August 2022, a campaign involving compromised WordPress sites was found to be spreading the NetSupport RAT, highlighting the increasing sophistication of these attacks.

Cybersecurity Business News

A Ransomware Gang Filed an SEC Complaint Against a Company That Refused to Negotiate

The US Securities and Exchange Commission (SEC) recently mandated the reporting of material cyber breaches. To the shock of many, not an advocacy group but a ransomware gang, BlackCat, recently filed an SEC complaint against MeridianLink, CSO Online reported.

MeridianLink is a provider of digital lending solutions, due to their refusal to negotiate the ransom.

BlackCat’s blackmailing act against MeridianLink is an example of the ‘double extortion’ method increasingly adopted by ransomware gangs. Under this method, uncooperative victims are threatened with the sale or release of stolen data.

The new SEC rule, due to take effect on December 15, imposes an obligation on US-listed companies to disclose cybersecurity incidents impacting their financial and operational condition within four days of acknowledging the incident’s material impact.

However, this raises questions about what constitutes a ‘material’ impact, leading to uncertainty among business leaders. CISOs are at risk of facing legal consequences for misrepresenting their company’s cybersecurity stature or data breach impact.

A precedent to this is the recent SEC charges against SolarWinds and its CISO, Timothy G. Brown, for misleading investors about the company’s cybersecurity measures during the 2020 cyberattack.

The adoption of the new SEC regulations by cybercriminals like BlackCat for extortion highlights the need for robust, proactive cybersecurity measures.

As CISO of cybersecurity firm Semperis, Jim Doggett, points out, “Some will argue that BlackCat’s move is opportunistic at best, and they are motivated only by greed to force quicker payments by victims. Others will say that this aggressive move could leave the group in the crosshairs of US law enforcement agencies. At the end of the day, the ransomware gangs are criminal organizations, and their only motive is profits.”

The Evolving Role of the CISO Is Having a Deep Impact on Cybersecurity

The cybersecurity landscape is changing rapidly, and the relationship between the Chief Information Security Officer (CISO) and vendors is at the heart of this transformation, DarkReading reported. The role of the CISO has evolved in recent years due to shifts in the market, the impact of COVID-19, increased cybersecurity awareness on the part of boards, and technological developments.

“The reality is that things are going to continue to change in our industry,” says Mandy Andress, CISO at Elastic. The need for adaptability in the face of ever-changing threats, issues, and systems has never been more critical.

In addition to adaptability, effective communication has emerged as a key skill for CISOs. With the breakdown of organizational silos, security has become a more collaborative effort, necessitating constant communication across multiple teams and levels.

Frank Kim, CISO-in-Residence at YL Ventures, emphasizes the importance of storytelling in security, stating, “We need to think about how we tell the story of what we’re doing, how it’s aligned with and supporting the business.”

The evolution of the CISO role is far from over. As cybersecurity threats continue multiplying, and in light of global events such as the SEC’s SolarWinds investigation, organizations will need to rethink their approach to security.

As Kim puts it, “We don’t like to be the ones business leaders search for when there’s a problem — we want to be at the table when the problem arises.” This highlights the ongoing transition that many organizations are making in trying to best position the CISO for success.

Thanks for Reading

That’s it for this month’s Cybersecurity Briefing. Contact us today to learn more about our services.




Subscribe to our Newsletter

* indicates required