Cybersecurity Saturday - Ermer and Suter PLLC

The Wall Street Journal recently interviewed IBM’s CEO Arvind Krishna. The interview concludes as follows:

WSJ: What is the biggest challenge facing the CIO and enterprise technology going forward?
Mr. Krishna: Cybersecurity is the issue of the decade. I think that is the single biggest issue we all are going to face. You have to take an enterprise approach, layered defenses. You have got to encrypt your data. You have got to worry about access control. You have got to believe you will get broken into. You make sure that you can recover really quickly, especially when it comes to critical systems.

Well put

The Cybersecurity and Infrastucture Security Agency informs us

The Federal Bureau of Investigation (FBI) has released a Flash report detailing indicators of compromise (IOCs) associated with attacks involving BlackCat/ALPHV, a Ransomware-as-a-Service that has compromised at least 60 entities worldwide.
CISA encourages users and administrators to review the IOCs and technical details in FBI Flash CU-000167-MW and apply the recommended mitigations.

Security Week and Bleeping Computer expand on this FBI alert for those interested.

CISA also added three known exploited vulnerabilities to its catalog.

In other vulnerability news, Cyberscoop tells us

More than 450 security researchers working through the Department of Homeland Security’s “Hack the DHS” bug bounty program identified more than 122 vulnerabilities, 27 of which were deemed critical, according to a DHS statement first obtained by CyberScoop.
The agency awarded $125,600 to participants in the program for finding and identifying the vulnerabilities, the agency said in the statement. The researchers, vetted by the agency before participating, were eligible to receive between $500 and $5,000 for verified vulnerabilities, depending on the severity. * * *
Friday’s results represent the first phase of the DHS bug bounty program. The second phase will consist of a live, in-person hacking event, while the third will identify lessons learned to inform future bug bounty programs.

Cybersecurity Dive reports

Amazon Web Services is scrambling to assist customers after security researchers at Palo Alto Networks found severe vulnerabilities in AWS hotpatches that were supposed to protect customers from the Log4Shell vulnerability.
AWS released a software tool in mid-December designed to patch vulnerabilities found in the Log4j library, however security researchers at Palo Alto’s Unit 42 discovered code vulnerabilities that could let attackers break out of a container environment and gain escalated privileges.
After working with Palo Alto researchers for months, Amazon released a new hotpatch earlier this week, Unit 42 said in research released Tuesday. Unit 42 researcher Yuval Avrahami is urging organizations to review their container environments and upgrade to the fixed version. A large number of users may have downloaded the original hotpatches.

The HHS Health Sector Cybersecurity Coordination Center (HC3) released a comprehensive PowerPoint presentation about insider threats in healthcare.

From the ransomware front HC3 issued an an alert on Hive ransomware.

Hive is an exceptionally aggressive, financially-motivated ransomware group known to maintain sophisticated capabilities who have historically targeted healthcare organizations frequently. HC3 recommends the Healthcare and Public Health (HPH) Sector be aware of their operations and apply appropriate cybersecurity principles and practices found in this document in defending their infrastructure and data against compromise.

Beckers Health IT Issues explains

Here a four things to know about the cyber group, according to the warning:
1. The group uses many common ransomware tactics, including the exploit of remote desktop protocol or VPN, and phishing attacks, in addition to more aggressive methods like directly calling the victims to apply pressure and negotiate ransom payments.
2. Other tactics deployed by the group include searching the victim’s systems that are tied to backups and either terminating or disrupting those connections, deleting shadow copies, backup files and even system snapshots.
3, Hive also conducts double extortion and supports this with their data leaks site, while operating as a ransomware-as-a-service model.
In total, Hive has claimed attacks on approximately 355 companies within 100 days of operations.
HHS is urging healthcare organizations to increase its preventive security measures, such as two-factor authentication, strong passwords, sufficient backups of the most critical data and continuous monitoring.

Speaking of passwords, Cybersecurity Dive discusses the efforts of the FIDO Alliance to gain industry acceptance of using smartphones as the IT authentication standard while the tech industry presses for new methods.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Subscribe to FEHBlog