Cybersecurity Saturday - Ermer and Suter PLLC

From the cybersecurity policy front,

Cybersecurity Dive points out five cybersecurity trends to watch this year.

Dark Reading informs us,
- Following the Securities and Exchange Commission’s X account, formerly known as Twitter, compromise on Jan. 9, two Senators have issued a statement calling the hack “inexcusable” and urging the Inspector General of the US Securities and Exchange Commission (SEC) to investigate the regulator’s failure to have basic multifactor authentication (MFA) protections in place.
- “Additionally, a hack resulting in the publication of material information for investors could have significant impacts on the stability of the financial system and trust in public markets, including potential market manipulation,” Senators Ron Wyden, D-Ore., and Cynthia Lummis, R-Wyo. said in a statement. “We urge you to investigate the agency’s practices related to the use of MFA, and in particular, phishing-resistant MFA, to identify any remaining security gaps that must be addressed.” * * *
- “Not only should the agency have enabled MFA, but it should have secured its accounts with phishing-resistant hardware tokens, commonly known as security keys, which are the gold standard for account cybersecurity,” the letter to the SEC Inspector General said, adding the agency was warned in 2023 about its “poor cybersecurity.”
- “The letter added a shot at the regulator’s increasingly rigorous oversight of enterprise cybersecurity.
- “The SEC’s failure to follow cybersecurity best practices is inexcusable, particularly given the agency’s new requirements for cybersecurity disclosure,” the Senators wrote.”

Cyberscoop reports
- “Over-classification, a lack of policy guidance, and tensions between private sector cybersecurity firms are continuing to hamper federal government efforts to share cybersecurity threat information, according to a report released Friday by the U.S. intelligence community’s top watchdog.
- “Friday’s report, released by the Office of the Inspector General of the Intelligence Community, concludes that while federal agencies have broadly improved their ability to share threat information and defensive mitigations, long-standing policy and technical concerns are providing barriers to rapid information sharing.
- “The IG’s report examines how relevant federal agencies shared cyber threat information and defensive measures over the past two years through a framework created by the Cybersecurity Information Sharing Act of 2015. The report finds that the “policies, procedures, and guidelines” for sharing information are “sufficient” to carry out the requirements of the legislation and noted that “sharing has improved” in the last two years.
- “However, a section on barriers to sharing information among federal entities describes a set of familiar issues — to cyber pros at least — that has long been a rallying cry for improvement, including failures to be more forthcoming in sharing threat information with private sector entities.”
and
- “As dozens of states race to establish standards for how their agencies use AI to increase efficiency and streamline public-facing services, researchers at the National Institute of Standards and Technology found that artificial intelligence systems, which rely on large amounts of data to perform tasks, can malfunction when exposed to untrustworthy data, according to a report published last week.
- “The report, part of a broader effort by the institute to support the development of trustworthy AI, found that cyber criminals can deliberately confuse or “poison” AI systems to make them malfunction by exposing them to bad data. And what’s more, according to the study, there’s no one-size-fits-all defense that developers or cybersecurity experts can implement to protect AI systems.”

The Wall Street Journal adds,
- “U.S. intelligence authorities are using AI to pick up on the presence of hackers trying to infiltrate and attack American critical infrastructure—and identifying signs of hackers using AI themselves in the attacks.
- “At a conference Tuesday, cybersecurity leaders discussed burgeoning aspects of AI use by hackers—as well as by law enforcement. Rob Joyce, cybersecurity director at the National Security Agency, said machine learning and artificial intelligence are helping cybersecurity investigators track digital incursions that would otherwise be very difficult to see.
- “Specifically, Chinese hackers are targeting U.S. transportation networks, pipelines and ports using stealthy techniques that blend in with normal activity on infrastructure networks, Joyce said, speaking at Fordham University in New York.
- “These methods are “really dangerous” as their aim is societal disruption, as opposed to financial gain or espionage, Joyce said. The hackers don’t use malware that common security tools can pick up, he added.”

From the cybersecurity vulnerabilities and breaches front,

Cybersecurity Dive tells us,
- Mortgage lender loanDepot is responding to a cyberattack that led the company to take some of its IT systems offline, the California-based company said Monday.
- “Though our investigation is ongoing, at this time, the company has determined that the unauthorized third-party activity included access to certain company systems and the encryption of data,” the company said Monday in filing with the Securities and Exchange Commission. “In response, the company shut down certain systems and continues to implement measures to secure its business operations, bring systems back online and respond to the incident.”
- A spokesperson for the non-bank mortgage lender declined to say how or when the threat actor gained access to its systems and if it’s received an extortion demand or paid a ransom.
and
- “Distributed denial of service attacks hit an all-time high in 2023, more than doubling year over year in the fourth quarter, Cloudflare said Tuesday in a threat report.
- “The record high year for DDoS attacks coincided with mass exploits of the novel zero-day vulnerability HTTP/2 Rapid Reset, which threat actors used to launch DDoS attacks that broke records during the third quarter of 2023.
- “Cloudflare said it was mitigating about 201 million requests per second at the peak of the series of HTTP/2 vulnerability attacks.
- “Massive DDoS attacks require significantly fewer capabilities, resources and time, according to Omer Yoachimik, senior product manager of DDoS protection and security reporting at Cloudflare.”

The Cybersecurity and Infrastructure Security Agency (CISA) let us know on January 11,
- “Cisco released a security advisory to address a vulnerability (CVE-2024-20272) in Cisco Unity Connection. A cyber threat actor could exploit this vulnerability to take control of an affected system.
- “CISA encourages users and administrators to review the Cisco Unity Connection Unauthenticated Arbitrary File Upload Vulnerability advisory and apply the necessary updates.”

CISA added six known exploited vulnerabilities to its catalog on January 8, one more on January 10, and another one on the same day.

From the ransomware front,

Per Cybersecurity Dive,
- “Almost 5,200 organizations were hit by ransomware attacks in 2023, Rapid7 said in a Friday blog post, pulling research from public disclosures and incident data from its managed detection and response team.
- “In reality, we believe that number was actually higher because it doesn’t account for the many attacks that likely went unreported,” Christiaan Beek, senior director of threat analytics at Rapid7, said in the report.
- “Rapid7 didn’t provide numbers for 2022, but research from other firms concludes the number of ransomware attacks is rising. There were twice as many ransomware attacks in the second half of 2023, compared to the latter half of 2022, according to BlackFog.”

Security Week reports,
- “Over the weekend, the LockBit ransomware gang claimed responsibility for a November 2023 cyberattack on the hospital system Capital Health.
- “In December, Capital Health announced that it fell victim to a cyberattack that resulted in network outages and that it immediately launched an investigation, informed law enforcement, and started the restoration process.
- “At this time, all services are available at our facilities, all systems have been restored, and all operations have returned to normal,” the organization said in an incident notification.
- “According to the LockBit ransomware gang, only data exfiltration occurred.
- “We purposely didn’t encrypt this hospital so as not to interfere with patient care,” the gang notes on its Tor-based leak site.
- “The ransomware group says it stole more than 10 million files from the healthcare organization, which allegedly includes medical confidentiality data.”

Here’s a link to Bleeping Computer’s latest Week in Ransomware.

From the cybersecurity defenses front,

Federal New Network identifies five steps for building an adaptable, dynamic zero trust architecture within federal agencies.

Health IT Security and ISACA discuss identity management issues.

Security Boulevard considers how to recover after failing a cybersecurity audit.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Subscribe to FEHBlog