Cyber Risk Governance Insights | July 7, 2025

Apologies for our delayed publication, it was due to a LinkedIn issue.

WEEK IN BRIEF

SUPPLY CHAIN: IT Giant Outage Caused by Ransomware Attack

🟦 WHY IT MATTERS: Ingram Micro, a global IT distribution giant, suffered a significant outage due to a SafePay ransomware attack, impacting its internal systems, website, and ordering platforms. This incident highlights the profound operational disruption ransomware can cause, even to critical infrastructure providers within the technology supply chain.

🟥 REALITY CHECK: The suspected initial access via GlobalProtect VPN shows that even established security technologies can be vulnerable, if not perfectly configured or if credentials are compromised.

🟨 PROBABLE CAUSE: Initial reports suggest the breach was executed via Ingram Micro's GlobalProtect VPN, likely through exploited vulnerabilities or compromised credentials.

🟩 PROACTIVE PREVENTION: Implement strong VPN security protocols, including continuous vulnerability assessments, multi-factor authentication (MFA) on all remote access points, and monitoring for anomalous login attempts or traffic patterns. Regular penetration testing of external-facing services is crucial.

INSIGHT: This Ingram Micro attack is a reminder that supply chain risk isn't theoretical. When a foundational IT distributor is compromised, the downstream impact on countless businesses, their operations, and their ability to procure technology becomes a tangible threat. Organizations must rigorously vet the cybersecurity posture of their third-party vendors and prepare for potential service disruptions within their supply chain. 

FINANCIAL SERVICES: Over Half a Million People Impacted by Major Data Breach

🟦 WHY IT MATTERS: Kelly & Associates Insurance Group, a major benefits and payroll administrator, confirmed a significant data breach impacting over half a million individuals. This incident exposed highly sensitive personal information, including full names, Social Security Numbers, and financial data. The breach illustrates the extreme vulnerability of organizations holding vast repositories of personal, health, and financial data, highlighting the severe consequences for privacy and trust in critical service sectors.

🟥 REALITY CHECK: When an insurance or benefits administrator suffers a breach of this magnitude, the fallout is severe. It's not just about stolen data; it's about the compromise of the most intimate financial and health details, leading to heightened risks of identity theft, fraud, and profound erosion of trust.

🟨 PROBABLE CAUSE: While specific attack vectors are still under investigation, breaches of this nature in organizations handling vast amounts of PII often stem from compromised third-party access, successful phishing campaigns leading to network intrusion, unpatched software vulnerabilities in critical systems, or misconfigured cloud storage allowing unauthorized access.

🟩 PROACTIVE PREVENTION: Implement rigorous data access controls based on the principle of least privilege, conduct regular and comprehensive third-party risk assessments for all vendors handling sensitive data, and enforce advanced endpoint detection and response (EDR) capabilities combined with threat hunting to identify and neutralize persistent threats early.

INSIGHT: The Kelly Benefits breach is a sobering reminder that for organizations stewarding highly sensitive personal data - cybersecurity is a core business mandate and a public trust obligation. Executives must prioritize investments in data protection, not as a compliance checklist, but as a fundamental pillar of corporate responsibility and resilience. The "cost of doing business" now explicitly includes the cost of preventing, and rapidly responding to, catastrophic data exposure.

 FBI: 2FA Bypass - The Attacks Have Started

🟦 WHY IT MATTERS: The FBI has issued a warning regarding active attacks designed to bypass two-factor authentication (2FA). Signifying an escalation in threat actor capabilities, moving beyond simple credential theft to circumvent common security controls.

🟥 REALITY CHECK: 2FA, while a critical security layer, is not a silver bullet. Sophisticated social engineering tactics, MFA fatigue attacks, or proxy-based phishing can trick users into inadvertently approving malicious login attempts or divulging one-time codes, demonstrating that the human element remains a significant vulnerability.

🟨 PROBABLE CAUSE: These attacks typically involve advanced phishing techniques (e.g., adversary-in-the-middle phishing kits), vishing (voice phishing), or MFA fatigue, where users are bombarded with prompts until they accept a fraudulent one.

🟩 PROACTIVE PREVENTION: Transition from less secure 2FA methods (SMS, email OTPs) to phishing-resistant MFA (e.g., FIDO2-compliant security keys, certificate-based authentication). Implement continuous user education on social engineering tactics and conduct simulated phishing exercises to test user resilience.

INSIGHT: The FBI's warning is a signal for every organization: your reliance on 2FA alone for strong authentication is no longer sufficient. Executives and security leaders must acknowledge that the threat landscape has evolved beyond basic credential theft. The strategic imperative is phishing-resistant MFA solutions, coupled with robust employee training that emphasizes vigilance against social engineering, transforming human vulnerability into a resilient defense layer.

 FBI: Following 2FA Bypass Warning - Now Stop Using These Passwords

🟦 WHY IT MATTERS: Following its 2FA bypass warning, the FBI has reinforced the critical need to abandon weak and commonly used passwords. This highlights that even with advanced bypass techniques, attackers still leverage fundamental credential hygiene weaknesses as an entry point.

🟥 REALITY CHECK: Despite years of warnings, insecure password practices remain a pervasive vulnerability across organizations and individuals. Attackers exploit human nature – the preference for simplicity and reuse – to compromise accounts, often as a precursor to more sophisticated 2FA bypass attacks.

🟨 PROBABLE CAUSE: The continued use of easily guessable, reused, or common passwords provides initial access points. Brute-force attacks, credential stuffing (using leaked credentials from other breaches), and dictionary attacks remain effective against weak passwords.

🟩 PROACTIVE PREVENTION: Enforce strong, unique password policies across the organization, ideally leveraging password managers. Implement regular password audits and encourage/enforce multi-factor authentication for all systems, prioritizing phishing-resistant methods.

INSIGHT: This dual warning from the FBI (2FA bypass + weak passwords) provides a stark reminder that cybersecurity is a multi-layered challenge. Executives must recognize that investing in advanced defenses is futile if fundamental hygiene is neglected. The strategic focus must be on an integrated approach: eliminating easily exploitable entry points (weak passwords) while simultaneously fortifying advanced controls (phishing-resistant MFA). There is a reason that NIST IR8286 was written.  Integrate your Cyber Risk Governance into your Enterprise Risk Management.

SOFTWARE: Covert Surveillance App Spills Passwords

🟦 WHY IT MATTERS: A provider of a covert surveillance application inadvertently exposed user passwords for 62,000 individuals. This incident highlights the profound security risks associated with niche, often ethically questionable, software providers, particularly when they handle highly sensitive user data and credentials.

🟥 REALITY CHECK: This incident underscores that security vulnerabilities can exist in unexpected corners of the digital landscape. Users of such applications, who often seek anonymity or discretion, are paradoxically exposed to significant risks when the providers themselves exhibit poor security practices.

🟨 PROBABLE CAUSE: The "spill" of passwords indicates a fundamental failure in data protection, likely unencrypted storage of user credentials, misconfigured databases, or weak access controls on the provider's infrastructure.

🟩 PROACTIVE PREVENTION: For organizations, reinforce policies against the use of shadow software - unauthorized or unvetted software, especially those with privacy or legal implications. Implement strict application whitelisting and network monitoring to detect unsanctioned tools.

INSIGHT: This breach serves as a warning about shadow IT risk, particularly when dealing with tools that operate outside sanctioned corporate oversight. Organizations must recognize that employees using unapproved software (even personal surveillance apps) can create unforeseen attack vectors and significant data exposure risks. This reinforces the need for robust internal policies, continuous asset discovery, and a culture of transparency regarding software usage, ensuring that what goes on "covertly" doesn't become a corporate liability.

RANSOMWARE: RaaS Group Shuts Down After World Leaks Rebrand

🟦 WHY IT MATTERS: Hunters International, a significant Ransomware-as-a-Service (RaaS) operation, has announced its shutdown and offered free decryptors, but is largely believed to be rebranding as "World Leaks" - shifting focus to pure data exfiltration and extortion without encryption.

🟥 REALITY CHECK: This development illustrates the dynamic and adaptive nature of cybercrime. Ransomware groups are not disappearing; they are evolving their tactics to reduce risk (avoiding encryption might reduce law enforcement scrutiny) and optimize their monetization strategies (pure data extortion can be faster and less technically complex).

🟨 PROBABLE CAUSE: The announcement is likely a strategic rebranding to evade law enforcement pressure and adapt to a more profitable, less risky extortion model. The "free decryptors" could be a tactic to appear benevolent or to further distance themselves from their prior identity.

🟩 PROACTIVE PREVENTION: Organizations must shift their defense strategies beyond mere data backup and recovery. Focus intensely on preventing data exfiltration, implementing robust data loss prevention (DLP) solutions, enhancing network segmentation, and improving real-time detection and response capabilities to identify unauthorized data movement.

INSIGHT: The "shutdown" of Hunters International and its apparent rebrand to World Leaks is not a cause for celebration but a signal for reassessment of cybersecurity strategies.

A growing trend: threat actors are pivoting from encryption-based ransomware to extortion-only models. For executives and security leaders, this means your "backups are enough" mentality is obsolete.

INSIGHTS & EXPERT PERSPECTIVE

The Insecurity of Data Accessibility for State Security

The European Union is actively exploring legislative measures, anticipated by 2030, to mandate "lawful access" to encrypted private data. This proposal would compel technology providers to integrate decryption capabilities into their services, fundamentally altering existing paradigms of end-to-end encryption. The initiative seeks to balance privacy with national security and law enforcement needs, but raises significant concerns among cybersecurity and digital rights advocates regarding potential vulnerabilities and the future of data confidentiality.

Highlights:

• Mandated Decryption: The EU plans to potentially require technology providers to build decryption capabilities into their services by 2030.

• Lawful Access: The primary stated goal is to enable government and law enforcement agencies to access encrypted data under legal frameworks.

• Undermining Encryption: This proposal directly challenges the integrity of end-to-end encryption, raising fears about the creation of systemic vulnerabilities and a weakened global security ecosystem. 

EXPERT PERSPECTIVE: Responsible forward-thinking leaders in privacy debates know that they need to look beyond mere compliance; it includes actively advocating against legislative proposals that fundamentally compromise their enterprise's ability to protect its sensitive data.

In an increasingly surveillance-driven world, the competitive advantage will disproportionately accrue to organizations that champion and implement uncompromising, auditable privacy-by-design principles, even if it means navigating complex legal grey areas.

While the apprehension regarding data privacy and the integrity of encryption is valid, C-suite executives must understand the underlying strategic rationale driving governments, such as the EU, to seek lawful access to encrypted data.

From this perspective, absolute, unassailable encryption, though ideal for individual privacy, creates an untenable blind spot for state security agencies grappling with terrorism, organized crime, and child exploitation. The argument posits that the societal costs of completely inaccessible data, particularly in preventing severe criminal activities, may outweigh the theoretical risks associated with controlled, legally sanctioned access.

Responsible governance requires a balance.

Many experts will contend that with stringent legal oversight, judicial warrants, and clear operational frameworks, mechanisms for lawful data access can be implemented in a manner that minimizes systemic vulnerabilities while empowering law enforcement to fulfill its mandate. Enterprises must prepare for a future where compliance may extend beyond data protection to facilitating responsible governmental access under defined legal parameters.

This pragmatic approach acknowledges the legitimate security imperatives of the state, requiring a shift in organizational thinking from solely guarding against external threats to intelligently managing the complexities of governmental access requests.

Passive acceptance is a dereliction of fiduciary duty to stakeholders' digital safety.

Strengthen Your Cybersecurity with Netswitch

Achieve Compliance & Reduce Risk:

• Comprehensive Security Audit: Uncover network vulnerabilities with our automated Security Automation & Risk Assessment (SARA). Gain a clear understanding of your risk landscape, prioritize enhancements, and make the most of your security investments. Contact Netswitch.

• Free "Quick Start" Program: Kickstart your cyber risk and governance journey with a complimentary health check. Enroll today to build lasting resilience.

Expand Your Cyber Knowledge:

• Join: Our Cyber Risk Governance Community and connect with a dynamic network of professionals on LinkedIn. Exchange insights, transform risks into readiness, and stay ahead of evolving threats.

• Engage in Live Events: Attend interactive LinkedIn Live sessions. Dive into critical cyber risk topics with industry leaders from executive, technology, and governance backgrounds.

Take Action Now!

Reach out to Netswitch Technology Management today and seize control of your cyber risk.

Disclaimer: The information and links provided in this newsletter are for informational purposes only. Netswitch does not warrant the accuracy or completeness of such information and is not liable for any damages arising from its use.