From the cyber threats and concerns front —

Health IT Security reports

The Health Sector Cybersecurity Coordination Center (HC3) issued a threat profile about Evil Corp and warned that the prolific group could threaten healthcare cybersecurity.

The Russian-based cybercriminal syndicate has been operational since 2009 and is responsible for creating some of the most powerful ransomware and malware variants. The group maintains strong connections to the Russian government and other cybercriminal gangs.

HC3 described the group as “exceptionally aggressive and capable.” Considering the group’s past crimes, this description seems highly accurate. In 2019, Evil Corp used Dridex malware to harvest login credentials from hundreds of banks, raking in more than $100 million in stolen funds.

The HC3 threat profile points out

Evil Corp should be considered a significant threat to the U.S. health sector based on several factors. Ransomware is one of their primary modus operandis as they have developed and maintained many strains. Many ransomware operators have found the health sector to be an enticing target as, due to the nature of their operations, they are likely to pay some form of ransom to restor operations. Healthcare organizations are particularly suceptible to data theft as personal health information (PHI) is often sold on the dark web to those looking to leverage it for fraudulent purposes. Foreign governments often find it to be more cost effective to steal research and intelliectual property via data exfiltration cyberattacks rather than invest time and money into conducting research themselves. This includes intellectual property related to the health sector. It is entirely plausable that Evil Corp could be tasked with acquiring intellectual property from the U.S. health sector using such means at the behest of the Russian government.

Bleeping Computer, which is not offering the Week in Ransomware this holiday weekend, delves into the Lockbit ransomware gang.

Cybersecurity Dive informs us

A critical, but long-anticipated decision by Lloyd’s last week to phase out coverage for state-sponsored cyberattacks illustrates an insurance market that has been under increasing financial pressure for years. It also raises questions for U.S. companies about their preparedness and long-term risks amid more dangerous and sophisticated threats. 

“Cyber remains a priority area for Lloyd’s,” a spokesman said in an emailed statement. This month’s advisory guidance, “following consultation with our market, is to ensure we take on the right kinds of risk as a market while approaching this complex field with the expertise and diligence it requires.” 

The company said it will continue to take a pragmatic and innovative approach to supporting the growth of cyber. 

Lloyd’s policy says the company’s role is to support a competitive and resilient cyber insurance market, but the bulletin has not mandated clauses for managing agents. Instead of applying a one-size-fits-all approach, the new guidance encourages managing agents to apply due diligence to the specific complexities of state-sponsored attacks. 

From the cyber defenses front —

• Cybersecurity Dive discusses best practices for getting full value out of multi-factor authentication and a city for a passwordless future.

• Health IT Security says, “When properly implemented, zero trust security strategies can help healthcare organizations bolster their security efforts. However, the sector faces unique challenges surrounding IoT devices and identity and access management that are worth considering when contemplating zero trust in healthcare. In a new white paper, Health-ISAC provided guidance for healthcare CISOs to help them understand and implement zero trust security strategies.”

• ZDNet offers Microsoft guidance on how to reduce exposure to ransomware attacks.

• CISA calls attention to necessary updates to certain Apple products.

• Fortune lists “five free online cybersecurity courses hosted by top universities.”