Edwin Kwan: A former cloud engineer at a bank was terminated for violating company policies, including inappropriate laptop use. After he was fired, the employee went home and used a company issued laptop to launch attacks on the bank’s network.

Hillary Coover:  Database management company MongoDB is currently investigating a security incident that has led to the exposure of some customer information. Certain corporate systems were compromised, containing customer names, phone numbers, email addresses, and other unspecified customer account metadata. For one customer, system logs were accessed.

Ian Garrett:  New year, new data breach disclosure rules, issued by the US Securities and Exchange Commission to reshape the cybersecurity landscape for publicly owned companies. As the cybersecurity landscape continues to evolve, these new SEC rules represent a significant shift in how cyber incidents are handled and disclosed.

 

The Stories Behind the Cybersecurity Headlines

 

Edwin Kwan
Terminated Bank Cloud Engineer Sabotages Systems

In a case highlighting the importance of removing access upon termination, a disgruntled employee wreaked havoc with his employer’s systems when he was terminated.

This is Edwin Kwan from Sydney, Australia.

A former cloud engineer at a bank was terminated for violating company policies, including inappropriate laptop use.

After he was fired, the employee went home and used a company issued laptop to launch attacks on the bank’s network. His sabotage included deploying malware, deleting code repositories, and impersonating colleagues.

Despite being ordered to surrender the laptop, the employee resisted, providing several excuses as to why he couldn’t, including filing a false police report alleging the laptop’s theft. He was eventually sentenced to two years in prison for causing over $220,000 in damages to his employer’s computer network and is being ordered to pay over $500,000 in restitution.

This case highlights the risks tied to disgruntled employees and underscores the need for swift security measures upon termination.

You need to make sure that access is terminated or suspended as part of the separation process, regardless of whether company equipment has been returnd.

Resources
– Bleeping Computer: https://www.bleepingcomputer.com/news/security/cloud-engineer-gets-2-years-for-wiping-ex-employers-code-repos/
– The Register: https://www.theregister.com/2023/12/12/cloud_engineer_bank_prison

 

Hillary Coover
Unauthorized Access to MongoDB Corporate Systems

Database management company MongoDB is currently investigating a security incident that has led to the exposure of some customer information. The incident involved unauthorized access to certain MongoDB corporate systems, resulting in the exposure of customer account metadata and contact details. Although suspicious activity was detected on Wednesday, it’s unclear at this point how long hackers had access MongoDB’s systems.

Hi, this is Hillary Coover in Washington, D. C.

MongoDB reassured its customers that the breach does not seem to have affected data stored in MongoDB Atlas, its hosted database service. However, certain corporate systems were compromised, containing customer names, phone numbers, email addresses, and other unspecified customer account metadata. For one customer, system logs were accessed, but no evidence suggests other customers system logs were compromised at this point.

The exact number of affected customers is unknown, as is the method and timing of the breach. MongoDB recommends customers stay vigilant for social engineering and phishing attacks and activate multi-factor authentication on their accounts.

The company also clarified that an unrelated login spike was affecting customer access to Atlas and the support portal.

Resources
– TechCrunch: https://techcrunch.com/2023/12/18/mongodb-security-incident-customer-account-metadata/

 

Ian Garrett
Insights from the Microsoft Digital Defense Report 2023

New year, new data breach disclosure rules, issued by the US Securities and Exchange Commission to reshape the cybersecurity landscape for publicly owned companies. Today, we’ll dig into the six key aspects of the rules.

Hey folks, this is Ian Garrett in Arlington, Virginia.

Recently, starting on December 18th, these companies must now comply with the stringent rules requiring them to disclose material cyber incidents within 96 hours. This regulation, while aimed at increasing transparency and investor protection, has sparked significant debate and concern among organizations about the feasibility of such a tight reporting window and the potential risks it introduces.

Key Aspect 1. Reporting Requirements. Organizations must report cybersecurity incidents in a specific line item on a Form 8-K report within four business days. This includes describing the incident’s nature, scope, timing, and material impact.

Key Aspect 2. Exemptions and Extensions. Smaller companies are granted a 100-day extension, and there’s a clause allowing delay in disclosure if the US Attorney General deems it necessary for national security or public safety.

Key Aspect 3. Consequences of Non-compliance. Failure to adhere to these regulations can lead to financial penalties, legal liabilities, reputational damage, loss of investor confidence, and increased regulatory scrutiny.

Key Aspect 4. Challenges and Concerns. The tight deadline for reporting and the broad definition of material incidents pose significant challenges for businesses. There’s also a concern that the required disclosures might inadvertently provide useful information to hackers.

Key Aspect 5. Potential for Exploitation. Cybercriminals are already exploiting these new rules. The BlackCat Ransomware Group, for instance, filed an SEC complaint against MeridianLink for not reporting a breach, illustrating how hackers might use the regulation to exert additional pressure on their victims.

Key Aspect 6. Impact on Cybersecurity Landscape. The SEC’s rules are expected to change how organizations approach cybersecurity, with a greater emphasis on rapid detection, response, and transparent communication.

As the cybersecurity landscape continues to evolve, these new SEC rules represent a significant shift in how cyber incidents are handled and disclosed. Organizations must adapt quickly to comply with these regulations while safeguarding against the evolving tactics of cybercriminals.

Resources
– CSO Online: https://www.csoonline.com/article/1265436/10-essential-insights-from-the-microsoft-digital-defense-report-2023.html