Cybersecurity Saturday

From the cyber policy front, the FEHBlog noticed that OMB’s Office of Information and Regulatory Affairs recently had concluded its work on FAR Case 2017-016, a proposed rule on Controlled Unclassified Information (CUI). Surprisingly, the proposed rule has been withdrawn. The FEHBlog had been tracking this rule because health claims data is considered CUI.

From the cyber vulnerabilities front,

Tech Republic discusses “how credential phishing attacks threaten a host of industries and organizations.”

For the first half of 2022, email attacks against organizations rose by 48%, according to the report. Out of all those attacks, 68% were credential phishing attempts that contained a link designed to steal sensitive account information. Over the same time, 265 different brands were spoofed in phishing emails.

The HHS Health Sector Cybersecurity Coordination Center (HC3) released last week analyst notes on the following topics:

CISA added two new known exploited vulnerabilities to its catalog.

Cybersecurity Dive reports

Researchers from Rapid7 discovered 10 vulnerabilities in Cisco firewall and network security products, however after reporting them to the company in February and March, six of the flaws have not been fully patched. 

The vulnerabilities were found in Cisco Adaptive Security Software (ASA), ASDM and Firepower Services Software for ASA. Cisco has more than 300,000 security customers, and more than 1 million ASA devices are deployed worldwide. 

Most of the vulnerabilities allow attackers to execute arbitrary code, Jake Baines, lead security researcher at Rapid7, said via email. Rapid7 researchers presented the findings this week at Black Hat USA in Las Vegas.

From the ransomware front, CISA announced on August 11 that

CISA and the Federal Bureau of Investigation (FBI) have released a joint Cybersecurity Advisory (CSA), #StopRansomware: Zeppelin Ransomware, to provide information on Zeppelin Ransomware. Actors use Zeppelin Ransomware, a ransomware-as-a-service (RaaS), against a wide range of businesses and critical infrastructure organizations to encrypt victims’ files for financial gain.

CISA encourages organizations to review #StopRansomware: Zeppelin Ransomware for more information. Additionally, see StopRansomware.gov for guidance on ransomware protection, detection, and response. 

ZDNet delves into Zeppelin ransomware at this link.

Zeppelin actors are known to have demanded ransoms of several thousand dollars to in excess of $1 million. The advisory references Core Security’s research, which describes Zeppelin as a “well-organized” threat

Security Week reports

Profit-driven cybercriminals breached Cisco systems in May and stole gigabytes of information, but the networking giant says the incident did not impact its business.

Cisco on Wednesday released a security incident notice and a technical blog post detailing the breach. The intrusion was detected on May 24, but the company shared its side of the story now, shortly after the cybercriminals published a list of files allegedly stolen from its systems.

The level of attacker sophistication disclosed in the technical blog post is eye-opening.

Here is a link to Bleeping Computer’s The Week in Ransomware, which leads with the Cisco hack.

From the cyber defense front

An ISACA expert discusses the state of the cyber insurance market.

While premiums are leveling off, the hardening of the cyber insurance market is ongoing and will impact how policies are underwritten. In the meantime, organizations can benefit from improving their security and control postures with the goal of reducing insurance costs.

The Wall Street Journal reports

A group of 18 tech and cyber companies said Wednesday they are building a common data standard for sharing cybersecurity information. They aim to fix a problem for corporate security chiefs who say that cyber products often don’t integrate, making it hard to fully assess hacking threats.

Amazon. com Inc.’s AWS cloud business, cybersecurity companySplunk Inc. and International Business Machines Corp.’s security unit, among others, launched the Open Cybersecurity Schema Framework, or OCSF, Wednesday at the Black Hat USA cybersecurity conference in Las Vegas.

Products and services that support the OCSF specifications would be able to collate and standardize alerts from different cyber monitoring tools, network loggers and other software, to simplify and speed up the interpretation of that data, said Patrick Coughlin, Splunk’s group vice president of the security market. “Folks expect us to figure this out. They’re saying, ‘We’re tired of complaining about the same challenges.’”

Other companies involved in the initiative are CrowdStrike HoldingsInc., Rapid7 Inc., Palo Alto Networks Inc., Cloudflare Inc., DTEX Systems Inc., IronNet Inc., JupiterOne Inc., Okta Inc., Salesforce Inc.,Securonix Inc., Sumo Logic Inc., Tanium Inc., Zscaler Inc. and Trend Micro Inc.