Binary Check Ad Blocker Security News

Cybersecurity firm SonicWall Inc. is investigating an attack on its internal systems that it describes as “highly sophisticated.” According to SonicWall, the investigation is centered around its Secure Mobile Access 100 series, which assists with end-to-end secure remote access.

The company said that a few thousand devices have been impacted and that it is trying to determine whether the attackers exploited a zero-day vulnerability in the SMA 100 series product.

Although it sounds very similar to the recent SolarWinds cyber-attack, it is presently unknown whether this incident is related to that attack or if it was caused by the Russian-based attackers behind the SolarWinds incident.

It is clear that cybersecurity firms are being heavily targeted by cyber-attackers and are not immune from the onslaught of cyber-attacks we are seeing across the board in every industry. It also emphasizes the fact that there is no ability to completely transfer cyber risk. Data security is a team sport. Reasonable cyber-hygiene inside your organization, while using outside tools to augment your security posture, are both ways to minimize risk, but hackers are using more and more sophistication in their attacks, which present risk internally and externally. What is crystal clear from these attacks on cybersecurity firms is that cybersecurity and vendor management must continue to be a high priority for organizations in order to manage cyber risk.

Binary Check Ad Blocker Security News

Malwarebytes, a cybersecurity firm, confirmed this week that the same hackers believed to originate from Russia who were behind the SolarWinds incident were able to access some of its internal emails without authorization.

According to the company, it did not use SolarWinds software, but had been targeted by the same hackers to access its O365 and Azure environments. It further stated that the access included a limited number of internal company emails, but did not include any access or compromise of its production environments, which is good news for its customers.

The CEO of Malwarebytes stated that the hacking campaign that started with FireEye and has affected both governmental agencies and Fortune 500 companies alike “is much broader than SolarWinds and I expect more companies will come forward soon.”

The fallout from these incidents continues, and no doubt there will be more to come.

Binary Check Ad Blocker Security News

The fallout from the SolarWinds hacking incident linked to Russian threat actors has not only wreaked havoc on governmental agencies and private companies whose data are at risk following the incident, but this week, Bitsight and Kovrr released an analysis outlining the effect of the event on insurance losses that estimates the incident could cost more than $90 million when all is said and done.

The $90 million includes costs related to forensic analyses, incident response, potential regulatory fines and public relations costs. Although it has been reported that 18,000 customers of SolarWinds may have been affected by the incident, the analysis indicates that 40 specific firms were targeted in the incident, 80 percent of which are located in the U.S. It further notes that those firms were primarily federal agencies or in the information technology sector.

The analysis highlights the importance of assessing supply-chain cyber risk and how supply chain and vendor security incidents can cause direct losses that may not be easily recoverable from downstream companies. As part of the assessment, companies also may wish to determine whether insurance coverage may be available if it experiences a vendor or supply chain incident like the SolarWinds example.

ICYMI, on Wednesday, January 6, 2021, the United States Department of Justice (DOJ) issued an update about what it termed “a major incident under the Federal Information Security Modernization Act”: the global SolarWinds cyberattack that had compromised its email system. (SolarWinds is a software provider. In December, 2020, SolarWinds revealed that cybercriminals had injected malware into its Orion® Platform software, a platform used for centralized IT monitoring and management. In doing so, the cybercriminals were able to attack subsequent users of the software, i.e., SolarWinds’ clients, including multiple federal agencies and technology contractors.) The DOJ’s update advised that after removing the malware, it determined that 3 percent of the DOJ’s O365 mailboxes were potentially accessed, albeit there was no indication that any classified systems were impacted. This update was covered by Robinson+Cole’s Data Privacy + Cybersecurity Insider.

Cyber-crime continues to permeate all industries, including real estate development and construction. The SolarWinds incident could just as easily have occurred with a construction management company or general contractor using the construction industry’s various project management software programs. Digital attacks can intercept sensitive information, divert funds and hold hostage a company’s computer systems. Robinson+Cole’s Construction Group is available to discuss the value of adding data privacy and cybersecurity protocols to design and construction agreements, and its Data Privacy + Security Team is available to assist businesses in determining their current risks and liability exposure as well as the benefits of having cyber-liability insurance coverage.

This post was authored by Virginia Trunkes and is also being shared on our Construction Law Zone blog. If you’re interested in getting updates on current developments and recent trends in all areas of construction law, we invite you to subscribe to the blog.

Development and Operations (DevOps) teams are often pressured by executives and sales teams to get software products completed and out the door and into the market as quickly as possible so the products can generate income. Often, security is not the highest priority for DevOps, as adding security features may affect the performance of the software or add time to the deployment schedule.

The SolarWinds hack is a crucial reminder to DevOps teams to build security into software products, and to complete due diligence on the security protocols regarding the DevOps teams of vendors that make components used by software manufacturers, such as JetBrains.

JetBrains is a Czech-based company that developed a product called TeamCity, which Reuters reports is “used by tens of thousands of customers to construct other software.” According to other news reports, the FBI is investigating whether the Russians hacked into JetBrains’ TeamCity DevOps tool in order to infect SolarWinds’ Orion software [see related post].  If your DevOps team is using TeamCity, it may present another risk associated with the SolarWinds incident that has much broader impact on other software development.

Check with your DevOps team to see what kind of security due diligence they are completing on the vendors that are providing the component parts of the software they are developing, including JetBrains. If no due diligence is being done, this is a perfect time to start.

On the heels of the concerning security incident experienced by FireEye [view related post], during the investigation of its own incident, FireEye discovered that multiple updates issued by SolarWinds, a cybersecurity firm that many governmental and private companies use to monitor networks, were “trojanized” and malware was inserted into the updates between March and May of 2020.

The malware allowed Russian operatives to hack into several governmental agencies, including the Departments of Homeland Security (DHS), State, National Institutes of Health, Commerce (National Telecommunications and Information Administration Office) and Treasury. In addition, it is reported that the Departments of Justice and Defense also were customers of SolarWinds. The DHS’s Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive to all government agencies to disconnect and stop using SolarWinds.

This compromising situation is obviously concerning for national security, particularly when CISA’s Director Christopher Krebs was recently summarily dismissed and many other top leaders of the organization have departed when we most need strong leadership from the federal agency in charge of cybersecurity.

Unfortunately, the bad news doesn’t stop there. SolarWinds reported to the Securities and Exchange Commission this week that it believes that approximately 18,000 of its private company customers also could be affected by the malware.

Security experts are warning all private companies  to follow the CISA emergency directive to federal agencies and to disconnect and stop using SolarWinds until the details can be sorted out. Sound guidance for companies that use SolarWinds to mitigate risk until more information is available. It is important that executives and IT personnel be in close contact about whether the company uses SolarWinds and heed the CISA emergency directive to disconnect while the effects of the compromise are being determined.

The SolarWinds cyber-attack is on everyone’s mind this week, given that most experts believe this cyber-attack will have broad impact across both the public and private sectors. For more details about the SolarWinds attack,  please read this. The sheer breadth of this attack led me to reflect on the role of cyber-liability insurance for businesses and why it is critical to understand key policy terms, coverage, exclusions, retention amounts and deductibles.

The initial work begins for businesses when they are selecting the appropriate cyber-liability insurance coverage. It is critical to think about the type of business it is and the nature of the data it possesses. Does the business handle protected health information, social security numbers, sensitive personal information, or biometric data? If so, these are some of the highest risk types of data that need protection. It is important to align risk with policy coverage and limits.

While there is no “standard” cyber-liability insurance policy, most policies provide coverage for financial losses as a result of a data breach or other unauthorized access or disclosure of personal or protected health information. Data breaches are not the only way a business can be damaged in a cyber-attack, however. Some insurance companies offer additional endorsements or specific policy provisions and coverage for losses caused by various other means such as social engineering (i.e., a breach caused by phishing), specific coverage for credit card losses, and denial-of-service attacks, such as ransomware. As we have noted many times in this blog, ransomware is probably one of the biggest threats to businesses today. Will the policy pay ransomware costs?

It also is important to determine whether the policy covers  costs associated with breach response, including forensic and legal costs. Cyber policies typically cover breach response costs for first-party losses, which are direct financial losses to your business, whereas third-party losses include those losses claimed by others, e.g., vendors, clients, or customers who claim injury as a result of the data breach. The bottom line is to always check with your broker and read the policy language carefully to determine what is covered. It is important to understand the exclusions in a policy as well.

Coverage and retention amounts also are important, as the cost of a data breach can be very high, depending upon how many people are affected, the type of data breached, the number of regulated entities to be notified, the amount of forensic and legal costs, and whether call center and credit-monitoring services are offered. Sometimes a $50,000 coverage amount for social engineering fraud simply will not be sufficient to cover all of these expenses.

If your business is hit with a cyber-attack, depending on the circumstances, it is important to understand the obligations in the policy as you notify your broker and the insurance company. Policies typically have notice provisions, even if you are still gathering all of the facts. Timing is important, so before retaining experts for remediation, you may need to notify the insurance company of the claim or potential claim. Many policies have a breach response team ready to assist you. If you want to retain your  own legal counsel or other experts to assist in your response, you will likely need the insurance company’s approval. Once the breach response experts are in place, they will guide your business along all of the necessary steps with respect to remediation, breach notification to regulators and affected individuals, call center activation, and credit monitoring.