Cybersecurity Saturday

David ErmerCybersecurity

The American Hospital Association informs us that

The White House yesterday announced an interagency task force and other initiatives to protect U.S. organizations from ransomware attacks [on July 15]. The task force has been coordinating federal efforts to improve the nation’s cybersecurity as directed by the president in April. In addition, the departments of Homeland Security and Justice yesterday launched a one-stop website for federal resources to help organizations reduce their ransomware risk; the Treasury Department’s Financial Crimes Enforcement Network will convene public and private sector stakeholders in August to discuss ransomware concerns and information sharing; and the State Department will offer up to $10 million for information leading to the identification or location of anyone engaged in malicious cyber activities against U.S. critical infrastructure.

Here’s a link the Bleeping Computer’s Week in Ransomware.

Ransomware operations have been quieter this week as the White House engages in talks with the Russian government about cracking down on cybercriminals believed to be operating in Russia.

This increased scrutiny by law enforcement and the growing fear that Russia is no longer a safe haven for cybercriminals has led to what is believed to be the shutdown of the notorious REvil ransomware operation. * * *

This shutdown is not believed to be caused by law enforcement, and it is likely we will see this group rebrand as a new operation in the future.

On the Microsoft front, Security Week reports yesterday that

After spending the last two months pushing out multiple Print Spooler fixes (one as an emergency, out-of-band update), Redmond’s security response team late Thursday acknowledged a new, unpatched bug that exposes Windows users to privilege escalation attacks.

Microsoft’s advisory describes an entirely new vulnerability — CVE-2021-34481 — that could be chained with another bug to launch code execution attacks.  

There is no patch available and Microsoft says the only workaround is for Windows users to stop and disable the Print Spooler service.

From the advisory:

An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

An attacker must have the ability to execute code on a victim system to exploit this vulnerability.

Microsoft said the vulnerability has already been publicly disclosed and credited Dragos security researcher Jacob Baines with the discovery.

SC Media informs us

More than 22.8 million patients have been impacted by a health care data breach so far in 2021, a whopping 185% increase from the same time period last year where just 7.9 million individuals were affected according to a new report from Fortified Health Security.

Malicious cyberattacks caused the majority of these security incidents, accounting for 73% of all breaches. Unauthorized access or disclosure accounted for another 22%, and the remaining 5% were caused by smaller thefts, losses, or improper disposals.

Further, the number of breaches reported to the Department of Health and Human Services during the first six months of 2021 increased by 27% year-over-year. Health care providers accounted for the most breaches with 73% of the overall tally, compared to health plans with 16% and business associates that accounted for 11%.

“Healthcare organizations have literally hundreds of electronic entry points into their data networks, everything from EHRs, radiology and lab systems, to admission, discharge and transfer systems, to supply chain ordering and internet-enabled medical devices — and any one of these could be the Achilles’ heel exploited by a bad actor,” the report authors wrote.

In other cybersecurity news

  • Per Homeland Security Today, “The Senate [on July 23] confirmed by unanimous consent former NSA deputy for counterterrorism Jen Easterly to lead the Cybersecurity and Infrastructure Security Agency at the Department of Homeland Security.” “Easterly was a managing director at Morgan Stanley, serving as global head of the firm’s Fusion Resilience Center, and a senior fellow at New America’s International Security program. After her NSA role from 2011-2013, she served on the National Security Council as special assistant to the president and senior director for counterterrorism. Easterly served more than 20 years in the Army and was responsible for standing up the Army’s first cyber battalion. She was also instrumental in the creation of U.S. Cyber Command, and served as executive assistant to National Security Advisor Condoleezza Rice for a time.” Good luck, Ms. Easterly
  • Earlier this week the HHS Office for Civil Rights which enforces the HIPAA Privacy and Security Rules issued its Summer 2021 Cybersecurity Newsletter. The newsletter is headlined “Controlling access to electronic protected health information; for whose eyes only? “Ensuring that workforce members are only authorized to access the ePHI necessary and that technical controls are in place to restrict access to ePHI can help limit potential unauthorized access to ePHI for both threats.”