Tag Archive for: Reporting

[Update: Fix is live] Windows Defender is reporting a false-positive threat ‘Behavior:Win32/Hive.ZY’; it’s nothing to be worried about

/in


  • Windows Defender is alerting people of a “threat detected” for “Behavior:Win32/Hive.ZY”
  • The issue is tied to a recent listing in Microsoft’s Defender update file, which is making a wrong detection
  • The trigger seems tied to Defender detecting “Electron-based or Chromium-based applications as malware”
  • Microsoft is expected to patch/update Microsoft Defender to alleviate the issue

Update #1 (1:50 PM ET): According to the Microsoft support forums, the Defender Team indicated they are investigating this and will hopefully release a patch for this soon.

Update #2: (7:50 PM ET): According to Microsoft support forums, “indications from a Microsoft Agent is a fix has been released (Version: 1.373.1537.0)”

Source…

Everything You Need To Know About India’s New Guidelines Related to Cyber Incident Reporting by CERT-In | Ankura

/in


On April 28, 2022, the Indian Computer Emergency Response Team (CERT-In), a functional organization under the Ministry of Electronics and Information Technology (MeitY), Government of India issued directions under sub-section (6) of section 70B of the Information Technology Act, 2000 relating to information security practices, procedure, prevention, response and reporting of cyber incidents for Safe & Trusted Internet. [1]

The directions are issued to augment and strengthen cyber security in the country. The directions will be effective from June 27, 2022 (60 days from the date of issue).

  • Synchronization of time clocks to NTP servers of NIC – This is applicable to all service providers, intermediaries, data centers, body corporate and government organizations. For the servers and infrastructure hosted in India the time can be synced with the following:
    • National Informatics Centre (NIC):
      • samay1.nic.in
      • samay2.nic.in
    • National Physical Laboratory (NPL):
  • For servers and infrastructure outside India the time can be synced with the nearest server having atomic time. You may use https://pool.ntp.org/
  • While storing the logs of any device, application, database, etc. make sure the local time as , as well as the UTC time, is recorded in separate columns, if possible, along with time zone details alongside the timestamp.
  • Reporting Cyber Incidents in 6 hours to CERT-In – While many other developed countries expect the incidents to be reported in 48-72 hours, CERT-In has given a very aggressive time frame of 6 hours for reporting incidents. This means companies need to have a monitoring mechanism in place to identify cyber security incidents and a well-equipped incident response team along with an incident response plan must be in place. The relevant stakeholders should get immediate intimation in case of a suspected security breach, and they must be in a position to triage and avoid false positives. A readiness assessment can help check if the timeline can be met.
  • POC to Interact with CERT-In – Companies will need to assign a Point of Contact with whom CERT-In can communicate for any information. CERT-In has also provided a format in which such information needs to…

Source…

Cert-In Direction On Reporting Cyber Incidents

/in


BACKGROUND

On 28 April 2022, CERT-In issued a direction relating to “information security practices, procedures, prevention, response, and reporting of cyber incidents for Safe & Trusted Internet” (“Direction”).1 The Direction has been issued under Section 70B(6) of the Information Technology Act, 2000 (“IT Act”). A summary of the provisions of the Direction is provided in Annexure A below.

The Direction has significantly widened the types of cyber security incidents that must be mandatorily reported to CERT-In. The Direction also imposes a strict timeline of 6 hours after notice of the incident for reporting such incidents to CERT-In and introduces several compliance requirements for different types of entities, including intermediaries, service providers, data centres, virtual private network service providers, cloud service providers, as also other entities such as “virtual asset service providers” and “virtual asset exchange providers”. The key compliances are discussed below.

Considering the wide wording of the Direction, it is likely to be applicable to almost each and every type of business operating within India. The Direction will be effective from June 28, 2022 and may require businesses to rethink and overhaul their cyber security practices and processes.

NDA is organising a webinar to further discuss the key aspects of the Direction and their impact on businesses in India on Wednesday, May 11, 2022. You may register for the webinar at this link.

We have discussed some key aspects of the Direction below.

EARLIER REQUIREMENTS

Information Technology (The Indian Computer Emergency Response Team and Manner of Performing Functions and Duties) Rules, 2013 (“CERT-In Rules”)2 issued under Section 70B(5) of the IT Act.

The CERT-In Rules required mandatory reporting of identified cyber security incidents (See Annexure B), while other cyber security incidents could be reported voluntarily. By way of the Direction, CERT-In has in a way amended several provisions of the CERT-In Rules.

KEY PROVISIONS OF THE DIRECTION AND CONCERNS

  1. Reporting

    • Mandatory reporting requirements: The list of cyber security incidents which are mandatorily reportable…

Source…

Ransomware Task Force calls for better incident reporting

/in


Members from the Ransomware Task Force called for better incident reporting during a panel at RSA Conference 2022.

The RSA panel was titled “Progress in the Year of Ransomware: Analysis with the Ransomware Task Force” and featured four members of the task force: Phil Reiner, CEO of the Institute for Security and Technology (IST); Megan Stifel, IST chief strategy officer; Michael Phillips, chief claims officer at cyber insurer Resilience; and Michael Daniel, president and CEO of Cyber Threat Alliance.

The Ransomware Task Force is a public-private partnership formed last spring by the IST and dedicated to disrupting the threat of ransomware. The panel acted as a look at efforts made over the past year, as well as an opportunity to discuss progress that still needs to be made.

A key piece of the panel focused on incident reporting, which requires ransomware victims to notify the U.S. government after they’ve been struck by a cyber attack. The panelists discussed how difficult it is to get a complete picture of ransomware when public- and private-sector sources often have very different tallies when it comes time to present attack statistics each year.

“The FBI, through its IC3 reporting mechanism, came out with its ransomware reporting statistics, and it’s extraordinarily low compared to what even a specialist cyber insurance company would see year in, year out,” Phillips said. “So we still see this this data gap, whether it’s per unit of government or institutions like insurance companies, which aggregate the victim’s data and experience. We’re all seeing very partial aspects of the picture, which makes the reporting requirements that we’ve been discussing so, so important.”

In a report that launched alongside the task force, four recommendations were made to support victims. These included clarity from the U.S. Treasury in its ransom payment guidance, a recovery fund for organizations that refuse to pay the ransom, creating a ransomware attack reporting standard and requiring organizations to disclose ransomware payments to the government prior to paying.

Stifel said progress has been made on all four fronts, and while there is still a ways to go in some aspects (specifically…

Source…