Friday Five: Regulatory Discord, North Korean and Kremlin-Backed Attacks, & More
Contact Us | |
Free Demo | |
Chat | |
As Congress works to minimize regulatory headaches for compliant organizations, cyberattacks hailing from North Korea and the Kremlin continue, while cyber insurance rates are plummeting. Get caught up to speed on all these stories in this week's Friday Five recap.
BIPARTISAN SENATE BILL TAKES AIM AT ‘OVERLY BURDENSOME’ CYBERSECURITY REGS BY MATT BRACKEN
The Streamlining Federal Cybersecurity Regulations Act, proposed by Senators Gary Peters and James Lankford, seeks to establish an interagency committee to harmonize the U.S.'s fragmented cybersecurity regulations. The bill mandates the White House’s national cyber director to form this committee, which will identify and update inconsistent or burdensome cyber requirements, set minimum standards, and promote agency reciprocity. The committee will include key government leaders and will pilot the new framework in consultation with sector risk management agencies. An annual report on the committee’s progress will be submitted to the Senate Homeland Security and House Oversight and Accountability committees.
CRITICAL INFRASTRUCTURE ORGANIZATIONS WANT CISA TO DIAL BACK CYBER REPORTING BY CHRISTIAN VASQUEZ
Public comments on the proposed cyber incident reporting mandate for critical infrastructure, introduced by the Cybersecurity and Infrastructure Security Agency (CISA), show significant pushback from industry stakeholders. They advocate for a scaled-back version of the regulation, citing concerns over the broad definitions of cyber incidents, which could overwhelm CISA with irrelevant data. Critics also question which organizations are required to report, suggesting that some sectors should be excluded. Concern exists over the lack of clarity on penalties for non-compliance and the need for harmonization of existing regulations, and many are reportedly skeptical about the federal government's ability to effectively share and safeguard collected information.
CYBER-INSURANCE PRICES PLUMMET AS MARKET COMPETITION GROWS BY JAI VIJAYAN
Cyber insurance premium rates have dropped by 15% in 2023, making coverage more affordable due to increased competition and better cyber hygiene among insured organizations. Reports from Howden Insurance and Aon attribute the decline to a more competitive market and stable pricing despite ongoing cyber threats and increased claims. Improved risk assessment by insurers and the growing demand from small and midsize enterprises (SMEs) also contribute to market growth. However, experts warn that increased claims frequency and severity could eventually impact rates. For now, the market remains stable with ample capacity and competitive pricing.
JAPAN WARNS OF ATTACKS LINKED TO NORTH KOREAN KIMSUKY HACKERS BY BILL TOULAS
Japan's Computer Emergency Response Team Coordination Center (JPCERT/CC) has issued a warning about North Korean 'Kimsuky' threat actors targeting Japanese organizations. Kimsuky, known for global intelligence-gathering for the North Korean government, employs phishing and social engineering to infiltrate networks, deploying custom malware for data theft and persistence. Recent attacks began with phishing emails containing malicious ZIP attachments, leading to malware infections and data exfiltration. Kimsuky's sophisticated techniques include PowerShell scripts for information gathering and keylogging, as well as using Compiled HTML Help (CHM) files for malware delivery. JPCERT/CC advises heightened vigilance against such threats.
US, ALLIES TAKE DOWN KREMLIN-BACKED AI BOT FARM BY DAVID DIMOLFETTA
The FBI dismantled two websites and nearly 1,000 accounts on the X platform that were part of a Kremlin-run disinformation campaign using AI to spread propaganda. The operation, involving a bot farm controlled by RT employees and approved by the Kremlin, began in 2022 to disseminate pro-Russian narratives and influence geopolitical opinions. The takedown, in collaboration with international partners, targeted 968 accounts, some of which were seized by the FBI while others were suspended by X. This crackdown aims to curb Russian disinformation as global elections approach in 2024, with ongoing investigations highlighting concerns about AI's potential to enhance such campaigns.
Recommended Resources
All the essential information you need about DLP in one eBook.
Expert views on the challenges of today & tomorrow.
The details on our platform architecture, how it works, and your deployment options.
Don't Fall Behind
Get the latest security insights
delivered to your inbox each week.
Thank you for subscribing!