Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Cybersecurity Snapshot: Schools Suffer Heavy Downtime Losses Due To Ransomware, as Banks Grapple with AI Challenges

Cybersecurity Snapshot: Schools Suffer Heavy Downtime Losses Due To Ransomware, as Banks Grapple with AI Challenges

The cost of ransomware downtime in schools gets pegged at $500K-plus per day. Meanwhile, check out the AI-usage risks threatening banks’ cyber resilience. Plus, Uncle Sam is warning about a dangerous Iran-backed hacking group. And get the latest on AI-system inventories, the APT29 nation-state attacker and digital identity security!

Dive into six things that are top of mind for the week ending August 30.

1 - Ransomware downtime costs to schools: About half a million dollars per day

After suffering a ransomware attack, schools and colleges lose an average of $550,000 per day of downtime, a heavy financial burden considering they remain offline for an average of about 11 days.

That’s according to an analysis by research firm Comparitech of almost 500 ransomware attacks against U.S. educational institutions between 2018 and this year.

“Most schools faced astronomical recovery costs as they tried to restore computers, recover data, and shore up their systems to prevent future attacks,” reads a Comparitech blog about the research published this week.

Ransomware downtime costs to schools: About half a million dollars per day

(Source: Comparitech, August 2024)

Highlights from the research include:

  • In 2023, the average downtime suffered by an educational institution due to ransomware was 12.6 days, up from almost 9 days in 2021.
  • The 491 ransomware attacks analyzed between 2018 and 2024 affected about 8,000 schools and colleges
  • The average ransom demanded was $1.4 million.
  • Collectively, these 491 incidents cost about $2.5 billion and involved the breach of 6.7 million individual records.

For more information about cybersecurity threats to educational institutions:

2 - GenAI risks among banks’ top cloud security challenges

As financial institutions aim to boost their cloud security, they face a variety of obstacles, including data-privacy and data-integrity risks posed by their use of generative AI systems.

That’s one takeaway from the Cloud Security Alliance’s upcoming report “Cloud Resiliency in Financial Services,” based on a survey of about 860 security pros, CISOs and financial services leaders.

Other AI-related concerns cited by respondents include the danger of suffering AI-boosted cyberattacks, as well as issues with data accuracy, information bias and regulatory compliance, according to a CSA blog posted this week.

 

GenAI risks among banks’ top cloud security challenges

 

Meanwhile, respondents’ top-three challenges with cloud service providers are:

  • Cloud settings misconfigurations, cited by 62%
  • Integration of cloud and third-party services (52%)
  • Effective identity and access management systems (35%)

Other barriers cited by respondents include a lack of qualified cloud-security staff and difficulties with serverless and containerized environments.

More key findings include:

  • The NIST Cybersecurity Framework has been adopted by 67% of respondents. The ISO/IEC 27001 standard for information security management is also popular.
  • Seeking simplicity and easier management, a majority of respondents (78%) prefer to use a single cloud services provider.
  • Enhancing disaster-recovery preparedness (60%) and infrastructure scalability and availability (58%) are high-ranking priorities.

To get more details, read the CSA blog “The State of Cyber Resiliency in Financial Services.

For more information about cybersecurity trends in the financial sector:

3 - CISA: Iranian hackers unleash ransomware, data-theft attacks

A cybercrime group is attacking U.S. organizations with ransomware for financial gain, while separately stealing data on behalf of Iran’s government from U.S., Israel, United Arab Emirates and Azerbaijan organizations.

That’s the warning the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the FBI issued this week in their joint advisory “Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations.

The advisory outlines the Iran-based group’s tactics, techniques and procedures, as well as indicators of compromise, and provides mitigation recommendations.

 

CISA: Iranian hackers unleash ransomware, data-theft attacks

 

The group, known as Pioneer Kitten, Fox Kitten, UNC757, Parisite, RUBIDIUM and Lemon Sandstorm, has been conducting a “high volume of network breach attempts against U.S. organizations since 2017." It’s also known as Br0k3r and xplfinder, and uses the Iranian company name Danesh Novin Sahand as a cover.

For a deep dive and analysis of the advisory, check out the Tenable blog “AA24-241A: Joint Cybersecurity Advisory on Iran-based Cyber Actors Targeting US Organizations.

To get more details, read:

4 - White House requires AI inventories from federal agencies

Has your organization considered the importance of inventorying AI assets? Need guidance on how to best document your organization’s usage of AI tools? Check out how the White House is approaching this issue.

In its recently finalized “Guidance for 2024 Agency Artificial Intelligence Reporting Per EO 14110,” the White House outlines guidelines for federal agencies to compile and submit inventories of their AI use cases.

The document states that agencies must conduct an annual inventory and metrics of their AI use cases. It also details the “criteria, format, and mechanisms” agencies should use to create their reports.

White House requires AI inventories from federal agencies

For all AI use cases, agencies will have to state their purpose, expected benefits, outputs, stage of development, and whether they impact rights or safety, among other information.

For some AI use cases, the White House wants to know more details, including:

  • Does it disseminate information to the public?
  • Does it involve personally identifiable information?
  • Has the agency’s privacy chief assessed the use case’s privacy risks?
  • What agency-owned data was used to train or fine-tune the AI model in question?
  • Does it include custom-developed code, and does the agency have access to the code?
  • Can it make a decision or trigger an action without direct human involvement that could impact on rights or safety?

To get more details, check out the document “Guidance for 2024 Agency Artificial Intelligence Reporting Per EO 14110.”

For more information about the importance of inventorying AI assets to prevent “shadow AI” problems:

5 - Google: APT29 exploiting known bugs in iOS and Chrome

APT29, a nation-state attacker backed by the Russian government, is actively trying to exploit known vulnerabilities in iOS WebKit and ChromeOS using techniques employed by spyware actors.

That’s according to the Google Threat Analysis Group (TAG), which this week said that over the past nine months, multiple exploit campaigns were delivered via a watering hole attack on Mongolian government websites. 

Google TAG believes “with moderate confidence” that the attacks were carried out by APT29, also known as Cozy Bear, Nobelium and Midnight Blizzard. The group is known for high-profile hacks, including breaches of Microsoft and SolarWinds.

 

Google: APT29 exploiting known bugs in iOS and Chrome

 

In the campaigns observed by Google TAG, APT29 first deployed an iOS WebKit exploit of CVE-2023-41993 that affects iOS versions older than 16.6.1. Later, it launched a ChromeOS exploit chain of CVE-2024-5274 and CVE-2024-4671 targeting Android users running versions M121 to M123. Patches are available for all three vulnerabilities.

“These campaigns delivered n-day exploits for which patches were available, but would still be effective against unpatched devices,” reads the Google TAG blog titled “State-backed attackers and commercial surveillance vendors repeatedly use the same exploits.

For more information about APT29, check out these Tenable blogs:

6 - NIST updates draft of its digital-identity recommendations

The U.S. National Institute of Standards and Technology (NIST) has released a new draft of its “Digital Identity Guidelines,” which, when finalized, U.S. federal agencies will be required to adopt and follow.

The latest draft details NIST’s identity management requirements, including identity proofing and authentication. It also offers best practices for improving the privacy protection and usability of digital identity tools.

NIST’s current guidelines date from 2017. The process to update them began in 2022. 

 

NIST updates draft of its digital-identity recommendations

 

These are some of the changes and additions in the latest draft, which is open for comment through October 7, 2024:

  • A set of recommended metrics for evaluating the performance of identity management tools
  • Broader requirements and recommendations for fraud management
  • The addition of user-controlled digital wallets to the federation model
  • A new taxonomy and structure for identity-proofing controls

The 2022 version of the draft received almost 4,000 comments from 140 organizations and individuals, many focused on digital wallets and on passkeys digital credentials.

The digital identity guidelines aim to “ensure security, privacy and accessibility during the identity-proofing process for people accessing government services,” reads a NIST statement.

To get more details, check out:

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.