Cybersecurity Saturday

From the cybersecurity policy front, Cybersecurity Dive tells us

The Defense Department officially launched its zero trust strategy and road map Tuesday, part of a larger strategy to overhaul the way federal agencies combat sophisticated threat actors, including those from criminal organizations and rogue nation states. 

The DOD will move away from a perimeter-based approach for IT systems defense to a system that essentially assumes the risk of breach during regular interactions and will act accordingly. The plan calls for the Pentagon’s full implementation of the strategy and road map by fiscal 2027.  * * *

Microsoft, in a blog post released Tuesday, praised the DOD announcement on zero trust, noting the challenge of collaborating on zero trust amid the difficulties of comparing implementations across various organizations and technology stacks. 

“However the level of detail found in the DoD’s strategy provides a vendor-agnostic, common lens to evaluate the maturity of a variety of existing and planned implementations that were derived from the DoD’s unique insights on cybersecurity,” Steve Faehl, federal security CTO at Microsoft, said in the blog post. 

From the cybersecurity vulnerabilities front, Forbes offers “A Boiling Cauldron: Cybersecurity Trends, Threats, And Predictions For 2023.”

From the ransomware front, Health IT Security reports

Lorenz ransomware poses a threat to the healthcare sector, particularly larger organizations, the Health Sector Cybersecurity Coordination Center (HC3) warned in its latest analyst note. The human-operated ransomware group has been known to focus on “big-game hunting,” targeting large, high-profile entities rather than private users.

Lorenz threat actors are known to publish data publicly as a tactic to pressure victims during the extortion process. The actors have been observed demanding hefty ransoms, ranging from $500,000 to $700,000.

From the cybersecurity defenses front, Cybersecurity Dive informs us

Cybercriminals are prepared and ready to target online shoppers with fake websites, malicious links and fake charities, the Cybersecurity and Infrastructure Security Agency warned as the holiday shopping season gets underway.

“By following a few guiding principles like checking your devices, shopping from trusted sources, using safe purchasing methods, and following basic cyber hygiene like multifactor authentication, you can drastically improve your online safety when shopping online for gifts this year,” CISA Director Jen Easterly said in a statement.

The federal agency shared tips for individuals to limit cyber risks while shopping online, and encouraged organizations to review guidance it released last year with the FBI to manage cyberthreats during the holidays.