- 1 - © 2018 FS-ISAC, Inc. | All Rights Reserved.

COMMUNITY INSTITUTION & ASSOCIATIONS RISK SUMMARY REPORT

News and Risk Information Summary: Below are some of the top news and risks that the Financial Services Information Sharing Analysis Center (FS-ISAC) has observed this week for community institutions (CI).

In This Issue

This Week’s Threat: Breaches, Malware and Your Customer

Tools You Can Use

ACTL: Guarded PTL: Guarded Terrorism TL: Elevated TLP: Green Follow Us +

Week of June 4

Financial Industry Rehearses Defenses Against Ransomware Within ManTech’s Advanced Cyber Range Environment. On May 29, 2018, ManTech announced a successful ransomware defense exercise for financial sector participants within its Advanced Cyber Range Environment (ACRE). Participants included 22 cybersecurity staff from 18 financial institutions, brought together by FS-ISAC. ManTech ACRE improves cyber defenses by training cyber professionals in real-time tactical response to cyberattacks. Using safe replications of a customer's network, ACRE conducts live malware attacks that test cyber team skills and cyber defenses - then provides specific training and recommends technology solutions that advance both. (NASDAQ)

Google's Pixel 2 Protects Against Insider Attacks. Google's Pixel 2 devices feature improved hardware security that can better protect against insider attacks, the Android Developers Blog states. If a hacker manages to force entry into the device through remanufacturing, for instance, the device automatically destroys user data. (TechRepublic)

DNA Testing Service MyHeritage Says 92 Million User Accounts Have Been Compromised. MyHeritage, the genealogy website and DNA testing service, says the email addresses and hashed passwords of its customer database — some 92 million user accounts — were found on a private server. The breach occurred on 26 OCT 2017. MyHeritage believes the intrusion is limited to the user email addresses. (Fortune)

Satan Ransomware Spawns New Methods To Spread. Satan Ransomware was identified as using the EternalBlue exploit to spread across compromised environments. Alien Vault shared an example of how the previously known Satan ransomware keeps evolving and adding new techniques to infect more systems. This Satan variant attempts to propagate through:tJBosstCVE-2017-12149,tWeblogictCVE-2017-10271,tEternalBluetexploittCVE-2017-0143,tTomcat web application brute forcing. (AlienVault) VPNFilter Malware Router Infection Update. The Wall Street Journal reports the FBI has seized a domain that has been used by the command and control server to communicate with routers infected with the VPNFilter malware; however, Bleeping Computer is reporting security researchers from JASK and GreyNoise Intelligence revealed on June 1 that they had detected the same threat actor that built the first iteration of the VPNFilter botnet attempting to compromise new routers and build a new VPNFilter botnet.

This Week’s Top Risks 4 Malware, Ransomware and

Trojans » Adwind RAT » Anonymous "Operation Avarice" » AZORult » Cert Pivot

» FlawedAmmyy RAT

» Hanticor » IcedID » JBifrost RAT » New PO » Trickbot

4 Physical Security Threats » Guatemala volcanic activity, 200 +

missing, 72 dead » Sabotage Suspected in Daura Tower

Collapse » South China Sea unrest » US Citizen Killed in Nicaragua

4 System Vulnerabilities (multiple) » Android, Apple, F5, FireEye, Google

Nexxus, Huawei, IBM, Linux

4 Themed Phishing Campaigns » Bank-themed (multiple) » DOCX » Dot Loop » Final Notice » Spear and Whaling from China

The Financial Services Information Sharing and Analysis Center (FS-ISAC) is a non-profit corporation that was established in 1999. FS-ISAC is a member-driven organization whose mission is to help assure the resilience and continuity of the global financial services infrastructure and individual firms against acts that could significantly impact the sector’s ability to provide services critical to the orderly function of the global economy. FS-ISAC shares threat and vulnerability information, conducts coordinated contingency planning exercises, manages rapid response communications for both cyber and physical events, conducts education and training programs and fosters collaborations with and among other key sectors and government agencies.

- 2 - © 2018 FS-ISAC, Inc. | All Rights Reserved.

Summary:

Threat of the Week: Breaches, Malware and Your Customers Small businesses benefit when they partner with their institution

Summary:

Small businesses have been a critical component to the health of commerce for centuries. During that time small businesses have become dependent upon financial institutions and vice versa; yet small businesses do not operate under strict regulatory guidelines as do institutions.

While institutions struggle to meet these guidelines with their limited resources, small businesses face a greater challenge involving fewer security alternatives to protect them from the same advanced persistent threats.

A fragile detente exists between organizations. For example, following a significant incident that results in monetary loss, a small business may mistakenly expect their institution to make them whole; however, a small business is likely deaf to the fact that the issue may really be theirs and not their institution’s shortcoming This places the institution in a precarious situation between the added responsibility of looking out for their customer and enlisting the customer’s assistance as a security partner.

Risks to Organizations:

• The potential damages to an institution are long and include: Drop in share price, liquidation, fines, compensation payments, clean-up costs, legal costs, loss of potential business, brand damage, poor customer outcome, staff attrition, rise in insurance premiums and marketing off-set.

Remediation:

• While institutions are required to have customer security awareness training, to further lessen the risks, institutions should devise and embark upon a commercial client outreach program consisting of: regular focused security digests providing current security threats and easy to implement mitigating controls, creating community security groups to meet and share information, sharing security checklists that walk the customer through risks and controls.

Supplemental Material:

• FDIC Consumer Assistance and Information. You’ll find information here on specific banking topics that provide general information on the topic, as well as links to other resources to learn more.

• ICBA Consumer Fraud Loss Protection Plan. Help for community bank members.

• NCUA Consumer Financial Protection. Learn how to recognize common scams, take action if you think you are a victim of fraud, and what you can do to protect your finances from fraud.

• Stay Safe Online. This website helps you get involved by providing educational information, brochures, posters and more help institutions assist their customers at no cost.

A combination of clearly defined roles between the institution and customer, coupled with information sharing regarding current threats and practical recommendations on how small businesses can protect themselves, creates a security intersection where solutions exist to maintain and preserve relationships with the client.

“58% of malware attack victims are categorized as small businesses.”

Verizon 2018 DBIR

“In 2017, cyberattacks cost small and medium-sized businesses an average of $2,235,000.”

Ponemon 2017 State of Cybersecurity in SMBs

“92.4% of malware is delivered via email.” Verizon 2018 DBIR

“60% of small businesses say attacks are becoming more severe and more

sophisticated.” Ponemon 2017 State of Cybersecurity in SMBs

“Advanced malware protection and prevention is the #1 budget priority.”

2018 IT Budget Priorities Report

The Surveys Say

- 3 - © 2018 FS-ISAC, Inc. | All Rights Reserved.

Questions: If you have any questions about this week’s report, please contact Community Institution & Associations. Content provided for internal use by FS-ISAC members. Copyright owners retain all copyrights to material referenced. Member Services: admin@fsisac.com Toll-Free: 877-612-2622 – prompt 1 Outside US: +1 571-252-8517

FS-ISAC Analysis Team: IAT@fsisac.com Toll-Free: 877-612-2622 – prompt 2

For more TLP White about FS-ISAC information, follow us on Twitter @FSISAC and join the discussion on LinkedIn.

Tools You Can Use FS-ISAC has a wide range tools institutions can keep in their toolbox

FS-ISAC would like to remind members and non-members that we have produced in concert with working groups documents and whitepapers on numerous topics that are designed to help you identify and mitigate risk within your organization. TLP White documents are available at fsisac.com. Member only documents can be found at portal.fsisac.com.

TLP White TLP White TLP White TLP White

TLP White TLP Green TLP Green TLP Green

TLP Green TLP Green

Save the Date

June 13: FS-ISAC Solutions Showcase: Protecting the Organization and Validating Controls. Register.

June 18: Monthly CIAC Meeting at 3:30 p.m. EDT. The agenda includes threat updates, a presentation by a US Secret Service agent on ATM vulnerabilities and other attacks against financial institutions, and other information to help community institutions safeguard their networks and customers.

June 19: Expert Webinar Series: Risk: They Can’t Manage What They Don’t Know About. Register.

October 9-10 or 16-17: Cyber-Attack Against Payment Systems (CAPS) Exercises. Register.