Cybersecurity Saturday - Ermer and Suter PLLC

Cyberscoop reports

A joint federal advisory Wednesday says that foreign government-linked hackers are targeting specific industrial processes with tools meant to breach and disrupt them, with one cybersecurity firm noting that the prospective intruders demonstrate an unprecedented “breadth of knowledge” about industrial control systems.
The alert arrives one day after Ukrainian officials and a cyber firm discussed deflecting another ICS-targeting malware that attempted to shut down power in Ukraine. “ICS” is a term that encompasses a number of systems that are especially common in the energy and manufacturing sectors, including a variety known as supervisory control and data acquisition (SCADA).
Cybersecurity company Dragos, which aided in Wednesday’s alert, said it had named the advanced persistent threat (APT) group behind the tools Chernovite, and named the tools themselves Pipedream. Dragos said one potential use of the tools would be to disable an emergency shutdown system. Mandiant, which also aided in the alert, said the malware posed the greatest risk to Ukraine and other nations responding to the Russian invasion.

It’s helpful to know where the Russians are focusing their cyberattack. The latest Bleeping Computer’s Ransomware Week adds “The tables have turned with the NB65 hacking group modifying the leaked Conti ransomware to use in attacks on Russian entities.”

On the other hand, STAT News tells us,

Ransomware is no longer a threat reserved for only the largest health institutions. Small and rural providers are also getting hit with a wave of attacks, in some cases forcing them to resort to pen-and-paper record keeping to continue serving patients. “We were woefully unprepared,” said John Gaede, director of information services at Sky Lakes Medical Center in rural Oregon. The health system was hit with an attack in October 2020, just as it was responding to its first local surge of Covid cases, making a tough situation nearly impossible to manage.
Such attacks not only create logistical challenges, but also cut off access to electronic medical histories needed to safely care for patients. Read the full story from Marion Renault.

This past week, the Cybersecurity and Infrastructure Security Agency added nine new vulnerabilities to its catalog. CISA explains

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the meet the specified criteria.

From the cybersecurity business front, Cybersecurity Dive informs us,

Kaseya, an IT security and remote monitoring firm, said Monday it will buy Datto for $6.2 billion cash. The deal comes about nine months after Kaseya was hit by a major ransomware and supply chain attack that targeted the company’s small- and medium-size customers.
The price tag is being funded by an equity consortium, led by Insight Partners, along with significant participation from TPG and Temasek, as well as other firms, including Sixth Street. The agreement represents a 52% premium to Datto’s stock price of $23.37 as of March 16th.
Also on Monday, software investment firm Thoma Bravo announced it struck a $6.9 billion deal for identity management firm SailPoint Technologies Holdings and will take the firm private. SailPoint stockholders will receive $65.25 per share in cash, a 48% premium above the 90-day volume weighted average price. However, the deal has a special “go-shop” provision that allows the board to seek higher bids until May 16th.

From the cyberdefenses front —

Federal News Network offers a transcript of an expert conversation about the Administration’s “signature cybersecurity initiative, namely to get every agency to move to zero trust systems architectures.”

Cybersecurity Dive stresses the importance of any HIPAA-covered business going well beyond the minimum HIPAA privacy and security rule standards.

Security Week reviews necessary cyberdefenses in the healthcare context.

Another Security Week article recommends that the good guys think like hackers in order to improve their cyberdefenses.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Subscribe to FEHBlog