Cybersecurity Saturday

David ErmerCybersecurity

FCW reports that

Rep. Michael McCaul (R-Texas) announced that he and Rep. Jim Langevin (D-R.I.), both members of the House Homeland Security Committee are working on a bill that would establish the Cybersecurity and Information Security Agency as a kind of 911 for breach notification. McCaul said his legislation is designed to protect companies from repercussions in the market by removing sources and methods and company names out of reporting. “It would just simply send a threat information itself to CISA so that they could deal both industrywide and federal government wide and state, the threat information they would need to address it on a larger scale,” McCaul said at a joint hearing of the House Committee on Oversight and Reform and the House Homeland Security Committee on Feb. 26.

Speaking of CISA, last Wednesday March 3, CISA issued an emergency directive 21-02 “requiring federal civilian departments and agencies running Microsoft Exchange on-premises products to update or disconnect the products from their networks until updated with the Microsoft patch.” According to the Wall Street Journal this action stems from

A cyberattack on Microsoft Corp.’s MSFT 2.15% Exchange email software is believed to have infected tens of thousands of businesses, government offices and schools in the U.S., according to people briefed on the matter.

Many of those victims of the attack, which Microsoft has said was carried out by a network of suspected Chinese hackers, appear to be small businesses and state and local governments. Estimates of total world-wide victims were approximate and ranged broadly as of Friday. Tens of thousands of customers appear to have been affected, but that number could be larger, the people said. It could be higher than 250,000, one person said.

While many of those affected likely hold little intelligence value due to the targets of the attack, it is likely to have netted high-value espionage targets as well, one of the people said.

Cyberscoops informs us that

The White House is moving forward with an executive order to encourage software developers to build more security into their products as the investigation of a suspected Russian supply chain compromise continues, a top security official said Friday [March 5]. The upcoming directive “will focus on building in standards for software, particularly software that’s used in critical areas,” Anne Neuberger, the deputy national security adviser for cyber and emerging technology, said at the SANS Institute’s ICS Security Summit. “The level of trust we have in our systems has to be directly proportional to the visibility we have. And the level of visibility has to match the consequences of the failure of those systems.”

Cyberscoop further discloses that

Microsoft and FireEye on Thursday [March 4] revealed three more malware strains associated with the suspected Russian perpetrators who breached SolarWinds’ Orion software and used its update to infect federal agencies and major companies. FireEye named one strain Sunshuttle in a blog post. In a separate blog post, Microsoft dubbed two more strains GoldFinder and Sibot, and labeled the strain FireEye called Sunshuttle as GoldMax Microsoft said the strains join the previously known SolarWinds hacker tools Sunburst and Teardrop.

Fortune discusses the nascent use of contact tracing in cybersecurity processes.

concept called Sightings has been gaining traction in the security community, largely at the academic level, for the past few years. The idea is for organizations to be able to share details of how they were attacked and what was targeted—the who, what, and when—as quickly as possible with other organizations. 

This concept could help organizations identify breaches sooner and remediate faster and more effectively. Through sharing, attack techniques could be more thoroughly understood, and with the right reporting mechanism, the resulting threat intelligence could be shared to help more organizations avoid a breach in the first place. MITRE, a leading not-for-profit research organization, is working on incorporating Sightings concepts into a security reporting process that would let breach victims share appropriate data in a secure, anonymized way to benefit the wider community.

Beyond this threat intelligence application, organizations could use this sort of contact tracing approach for their own internal investigations. Data contact tracing can dramatically reduce the time it takes to discover how far into their networks an attacker has penetrated, and identify where related systems in their supply chains, customers, and partner networks have also been compromised.

Finally, Health IT Security reports that

Cyberattacks on healthcare more than doubled in 2020, with ransomware accounting for 28 percent of all attacks. COVID-19 response efforts, including personal protective equipment and the vaccine supply chain were the largest focus of these targeted campaigns, according to the latest IBM X-Force report.

Nearly one out of four of overall cyberattacks last year were ransomware, while the increase in data extortion efforts enabled just one of these ransomware hacking groups to make over $123 million in profits in 2020.

The annual report is generated through insights and observations from monitoring more than 150 billion security events per day in more than 130 countries. Researchers also gathered and analyzed data from multiple sources within IBM, including data from Quad9 and Intezer.