Cybersecurity Saturday

From the cybersecurity policy front,

  • Per Cybersecurity Dive,
    • Federal authorities are trying to strengthen the security of open-source software used by critical infrastructure providers in a bid to improve risk management, particularly across operational technology and industrial control system vendors. 
    • Critical infrastructure providers have faced heightened risks of malicious attack in recent years, both from nation-state threat actors and criminal ransomware groups, the Cybersecurity and Infrastructure Security Agency and other federal agencies said Tuesday in an open-source security guide.   
  • Forbes tells us about the top ten cybersecurity trends In 2024 that everyone must be ready for now.

From the cybersecurity vulnerabilities and breaches front,

  • Cyberscoop reports,
    • “Distributed denial of service attacks just keep getting bigger. On Tuesday, a coalition of tech giants revealed the biggest one yet, a DDoS campaign from August that compressed a month’s worth of Wikipedia traffic into a two-minute deluge and exploited a flaw in the fundamental technology powering the internet to do it. 
    • “At its peak, the DDoS campaign described by Google, Cloudflare and Amazon AWS reached more than 398 million requests per second (RPS) — more than eight times larger than the biggest DDoS attack previously observed by Google, which clocked in at 46 million RPS, according to the firm. The new attack uses a novel method that exploits a zero-day vulnerability dubbed “HTTP/2 Rapid Reset,” which takes advantage of the protocol that manages how computers request data from websites.
    • “For a sense of scale, this two-minute attack generated more requests than the total number of article views reported by Wikipedia during the entire month of September 2023,” Google said Tuesday.
    • “The DDoS attacks using the vulnerability have been ongoing since August and have targeted major infrastructure providers like Google Cloud, Cloudflare and Amazon Web Services.”
  • The Cybersecurity and Infrastructure Security Agency added five known exploited vulnerabilities to its catalog on Tuesday, October 10, 2023.

From the ransomware front,

  • Per Cybersecurity Dive,
    • “Threat actors can break into an organization’s infrastructure to initiate ransomware attacks in many ways, but vulnerability exploits remain an effective and productive tool for financially-motivated cybercriminals, data from the Cybersecurity and Infrastructure Security Agency shared Thursday illustrates.
    • “Nearly 1 in 5 exploited common vulnerabilities and exposures (CVE) are also known to be used in ransomware attacks, according to CISA’s Known Exploited Vulnerabilities Catalog.
    • “The database of 1,019 exploited CVEs, some dating back to 2002, was updated Thursday to include those with known ransomware exploits. At least 184 CVEs have known use in ransomware attacks, according to CISA.
    • “Of those, more than 2 in 5 of the vulnerabilities exploited by threat actors to conduct ransomware are linked to Microsoft products, which are ubiquitous in the enterprise.”
  • Here’s a link to the referenced CISA report, which was released on October 12, 2023.
  • CISA “released [on October 11, 2023] a joint Cybersecurity Advisory (CSA), #StopRansomware: AvosLocker Ransomware (Update) to disseminate known indicators of compromise (IOCs), tactics, techniques, and procedures (TTPs), and detection methods associated with the AvosLocker variant identified through FBI investigations as recently as May 2023.”
  • HHS’s Healthsector Cybersecurity Coordination Center (HC3) issued an Analyst Note on NoEscape Ransomware on October 12.
    • “A relatively new threat actor and ransomware to the cybercriminal community, NoEscape ransomware emerged in May 2023, but is believed to be a rebrand of Avaddon, a now-defunct ransomware group shut down in 2021. Unlike many of its contemporaries, however, the unknown developers of this ransomware claim that in lieu of using source code or leaks from other established ransomware families, they have constructed their malware and its associated infrastructure entirely from scratch. Using unique features and aggressive multi-extortion tactics, in just under a year, it has targeted multiple industries, including the Healthcare and Public Health (HPH) sector. Their recent activities highlight the prominence and influence they have as a Ransomware-as-a-Service (RaaS) group. What follows is an overview of the group, possible connections to the Avaddon threat group, an analysis of NoEscape’s ransomware attacks, its target industries and victim countries, sample MITRE ATT&CK techniques, and recommended defense and mitigations against the ransomware.”
  • Bleeping Computer’s The Week in Ransomware” returned this week.
    • Researchers and government agencies released some interesting news this week:
      • “A new Q3 2023 Ransomware Trends Summary shows that ransomware continues to explode, with Q3 being the most successful quarter ever recorded.
      • “The FBI shared technical details, defense tips, and IOCs for the AvosLocker ransomware, which has not been active lately.
      • “Ransomware attacks have now started to target unpatched WS_FTP servers. However, these attacks are more encryption-focused rather than for data theft.”

From the cybersecurity defenses front.

  • HC3 offers a PowerPoint on cybersecurity incident response plans.
  • Forbes points out the top 10 cybersecurity trends to prepare you for next year and explains why 18 factors and metrics can prove the value of cybersecurity initiatives.
  • Health IT Security reports on three best practices for maturing healthcare third party risk management.
  • An ISACA expert delves into “Quantum-Resistant Cryptography.”
    • “Crypto-agility was introduced in this year’s Gartner Hype Cycle, an annual analysis released for data security and emerging technologies. Gartner added both crypto-agility and post-quantum cryptography for the first time this year. The presence of data-in-use technologies in the Hype Cycle reflects the focus on data-in-transit security.
    • “It is imperative that organizations watch this space closely and upgrade encryption algorithms used in real time, because sovereign data strategies and digital communications governance are crucial areas to develop. In fact, CISA (Cybersecurity and Infrastructure Security Agency) was already urging organizations to prepare for the dawn of this new age in August.”