Cyberscoop tells us
The Homeland Security Department is establishing a Cyber Safety Review Board that will convene after major cyber events to review and act on them, according to a Federal Register notice.
The notice brings to fruition an idea long circulated among cybersecurity policymakers and thinkers, one set in motion by an executive order President Joe Biden signed in May 2021. The idea is to mimic the National Transportation Safety Board that reviews civil aviation accidents.
The board (CSRB) will have no more than 20 members, with one each required from DHS, its Cybersecurity and Infrastructure Security Agency, the Department of Justice, the National Security Agency and the FBI. The DHS undersecretary for strategy, policy and plans — a post held by Rob Silvers — will serve as the inaugural two-year chair.
It will kick into effect when an incident prompts formation of a Cyber Unified Coordination Group, a National Security Council-established organization for unifying government response to cyber incidents such as those that hit critical infrastructure owners and operators. The 2020 SolarWinds breach, which caused the compromise of both federal agencies and major tech companies, led to a public announcement of a coordination group forming.
From the breach and vulnerability front —
Health IT Security reports
Cyberattacks targeted at health plans and third-party business associates increased last year, while attacks against healthcare providers dipped slightly, a report by Critical Insight discovered.
Researchers analyzed 2021 data from the Office for Civil Rights (OCR) data breach portal and compared it to years past. The report revealed that health plan cyberattacks increased by 35 percent from 2020 to 2021, and attacks against third-party business associates increased by 18 percent.
Interestingly, cyberattacks aimed at healthcare providers declined by approximately 4 percent. Although the decrease is not extreme, it shows that cybercriminals are adapting their tactics and targets as organizations continue to implement safeguards against common exploitation techniques.
Threat actors continually leverage unpatched vulnerabilities as their primary ransomware attack vector, a new report by Ivanti in partnership with Cyware and Cyber Security Works found. Researchers discovered 65 new vulnerabilities connected to ransomware in 2021, which signified a 29 percent growth compared to 2020.
Over a third of the 65 newly discovered vulnerabilities were being actively searched for on the internet, further stressing the need to prioritize patching.
More specifically, Bleeping Computer informs us in a report posted yesterday
The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch their systems against an actively exploited Windows vulnerability that enables attackers to gain SYSTEM privileges.
Per a binding operational directive (BOD 22-01) issued in November and today’s announcement, all Federal Civilian Executive Branch Agencies (FCEB) agencies are now required to patch all systems against this vulnerability, tracked as CVE-2022-21882 within two weeks, until February 18th.
While BOD 22-01 only applies to FCEB agencies, CISA strongly urges all private and public sector organizations to reduce their exposure to ongoing cyberattacks by adopting this Directive and prioritizing mitigation of vulnerabilities included in its catalog of actively exploited security flaws.
Cybersecurity Dive discusses four cyberthreat trends to watch this year.
If there is one predictable constant in cybersecurity, it’s the omnipresence of ransomware. As Mandiant put it best, “There’s no end in sight for ransomware.”
But don’t expect ransomware to continue as we kow it today. Mandiant predicts threat actors will develop new ways to gain a profit from ransomware, starting with a shift to globalized attacks. * * *
The common thread around these trends is cybercriminals finding a way to manipulate corporate data, and for that problem, there really is no end in sight.
Of course this quote naturally leads the FEHBlog to offer a link to the Bleeping Computer’s The Week in Ransomware.
From the cyberdefense front
- Healthcare Dives discusses three tactics shaping ransomware mitigation this year.
- A Wall Street Journal commentator who is the Cato Network‘s CEO explains
Just as Software as a Service revolutionized the internet by letting everyone access applications online rather than buying, installing and managing expensive software, [Cato Network offers] a new [cybersecurity] model, Secure Access Service Edge, promises to do the same thing for network security. To understand roughly what it does, look at your iPhone, which is a telephone, a computer, a high-resolution camera and a global positioning device all in one machine. Secure Access Service Edge will do something similar for network access and security, allowing businesses of all sizes, including small and medium-size ones, network access and security without a host of costly components.
Cool.