Cybersecurity Saturday

From the cybersecurity policy front,

  • Fortune offers a commentary on the topic aptly titled “A quiet cybersecurity revolution is touching every corner of the economy as U.S., allies ‘pull all the levers’ to face new threats.”
  • Cybersecurity Dive informs us,
    • “The Cybersecurity and Infrastructure Security Agency is seeking comment on a global effort to improve software security through major changes in development practices.
    • “The request for information, released Wednesday, seeks input about how to best incorporate security into the software development life cycle. Specifically, CISA is asking for input on how to tackle recurring software vulnerabilities, how to implement security into higher education, and how to enhance security into operational technology and how secure practices may impact costs.
    • “Our goal to drive forward a future where technology is safe and secure by design requires action by every technology manufacturer and clear demand by every consumer, which in turn requires us to rigorously seek and incorporate input,” CISA Director Jen Easterly said in the announcement.”
  • Federal News Network points out,
    • The Defense Department’s long-awaited proposed rule for the Cybersecurity Maturity Model Certification (CMMC) lays out DoD’s plan to introduce the CMMC requirements over the next three years. The proposed rule, released today [December 22] and scheduled to be published in the Federal Register on Dec. 26, would establish requirements “for a comprehensive and scalable assessment mechanism” to ensure defense contractors are implementing required security protections.

From the cybersecurity vulnerabilities and breaches front,

  • Cybersecurity Dive reports
    • “Comcast’s Xfinity broadband entertainment platform disclosed a massive data breach involving 35.9 million customers on Monday, an incident connected to the ongoing CitrixBleed vulnerability.
    • “Xfinity promptly patched the vulnerability in Citrix software it uses in mid-October and took additional mitigation steps, the company said in an announcement. However, during a routine cybersecurity exercise on Oct. 25, Xfinity found an anomaly in its systems and identified a breach between Oct. 16-19 by an unauthorized party. 
    • “After launching an investigation and contacting law enforcement, on Nov. 16 the company determined that customer data was likely stolen. On Dec. 6, Xfinity determined the compromised data included user names and hashed passwords. In some cases, names, contact information, the last four digits of Social Security numbers, dates of birth and secret questions and answers were accessed.”
  • Health IT Security adds,
    • “Genetic testing company 23andMe notified 6.9 million individuals that their personal information was compromised in October 2023. However, 23andMe had no evidence that there was a data security incident within its systems. Instead, threat actors leveraged credential stuffing, a tactic in which hackers use stolen login information from one account to gain access to other accounts with the same passwords. * * *
    • “The 23andMe breach exemplified the effects that poor cyber hygiene by end users can have on data security. What’s more, the breach’s impact was expanded since access to one account gave hackers further access to other user profiles via the DNA Relatives feature.
    • Multi-factor authentication (MFA) often emerges as a sensible solution to this issue. The cornerstones of authentication revolve around three factors: something you know, something you have, and something you are. While single-factor authentication requires the user to identify only one of those factors, MFA necessitates that users produce two or more factors, such as a password and a security token, or a pin number and a fingerprint.”
  • CISA added two known exploited vulnerabilities to its catalog on December 21.

From the ransomware front,

  • The American Hospital Association tells us,
    • “The FBI, Cybersecurity and Infrastructure Security Agency and Australian Cyber Security Centre Dec. 18 released a warning about actions and tactics used by the Play ransomware group. The group has impacted a wide range of businesses and critical infrastructure in North America, South America and Europe since 2022, in addition to incidents in Australia in April and November this year. 
    • “The cyber threat actors are presumed to be a closed group, designed to “guarantee the secrecy of deals,” according to a statement on the group’s data leak website. Play ransomware actors use a double-extortion model, which encrypts systems after exfiltrating data; their ransom notes do not include an initial ransom demand or payment instructions; rather, victims are instructed to contact the threat actors via email.” 
  • On December 19,
    • “CISA and the Federal Bureau of Investigation (FBI) released a joint Cybersecurity Advisory (CSA), #StopRansomware: ALPHV Blackcat, to disseminate known ALPHV Blackcat affiliates’ tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) identified through FBI investigations as recently as Dec. 6, 2023. The advisory also provides updates to the FBI FLASH BlackCat/ALPHV Ransomware Indicators of Compromise released April 19, 2022.”
  • Bleeping Computer’s The Week in Ransomware” offers details on the ALPHV situation that are worth a gander.

From the cybersecurity defenses front,

  • Dark Reading reports,
    • “Cisco is closing out a busy year of acquisitions with a new deal to boost its multicloud networking and security capabilities.
    • “The networking giant announced its intention to acquire Isovalent, a cloud-native security and networking startup that helped develop two widely used visibility projects, eBPF, Cilium, and Tetragon. The open source technology eBPF provides developers with “unmatched visibility into the inner workings of the operating system,” Cisco said in a statement. The technology presents a way for building security systems that can protect a workload while running, according to the company. * * *
    • “Isovalent will join Cisco Security Business Group after the acquisition closes, which is expected in the second quarter of 2024 (third quarter of Cisco’s fiscal year). The purchase price was not disclosed.”
  • CISA issued a blog post about planned improvements to its cybersecurity information sharing.
    • “Our shared visibility into cyber threats is our best defense. When an organization identifies threat activity and keeps it to itself, our adversaries win. When we rapidly share actionable information across a community of partners, we take back the advantage. And, when we turn actionable information into strategic investments to drive the most important mitigations, we achieve enduring change. In this new year, we encourage every organization to make a commitment- perhaps a New Year’s resolution- to cybersecurity information sharing, including incident information, indicators of compromise, or even feedback and insights that could benefit peers across the Nation. We look forward to sharing more details about TIES and our cyber threat exchange modernization initiatives throughout the year.”