Cybersecurity Saturday

From the cybersecurity policy front,

  • Healthcare Dive informs us,
    • “The HHS released voluntary cybersecurity goals for healthcare and public health organizations on Wednesday, as the industry grapples with increasing large data breaches and ransomware attacks. 
    • “The performance goals, broken down into essential and enhanced safeguards, aim to help organizations prevent cyberattacks, improve their response if an incident occurs and minimize remaining risk after security measures are applied. 
    • “The resources come after the HHS released a concept paper in December, which detailed plans to create hospital cybersecurity requirements through Medicare and Medicaid and eventually update the HIPAA rule.”
  • Cybersecurity Dive also considers whether “the movement to ban ransom payments gain steam in 2024? Policies and regulations around ransomware payments are widely expected to change in 2024, but how and to what effect remains in flux.”
  • Tim Liu, a cybersecurity expert writing in Forbes, offers his cybersecurity predictions for 2024. Nevertheless, the author adds
    • “With all the concerns about AI, cloud and endpoints, we can’t forget that people—employees, contractors and others with network access—remain one of the most common attack vectors. The largest breach of U.S. military systems occurred when someone inserted an infected flash drive into a single computer. More recently, MGM Resorts was hit with a crippling attack that purportedly began via a convincing but impersonated phone call (a.k.a. vishing).
    • “That’s why it’s so important to focus on the basics first—keeping up to date with patches and providing training for staff and management. In other words, cybersecurity is really not just a technology discussion; it’s a people problem. And by consistently concentrating on people, policy, procedure and practice, cyberattacks can be averted.”

From the cybersecurity vulnerabilities and defenses front,

  • Cybersecurity Dive tells us,
    • “Microsoft plans to make significant changes to its internal security practices after disclosing a hack by the state-sponsored threat group Midnight Blizzard, which stole emails and other data from senior-level Microsoft executives and other employees, the company said Friday in a filing with the Securities and Exchange Commission.
    • “The hackers compromised a legacy non-production test tenant account to gain access to the company, Microsoft said. The threat actor used the account’s permissions to reach a “very small percentage” of emails and attachments of senior executives and employees in the cybersecurity, legal and other departments. 
    • “The actor, formerly known as Nobelium, was behind the 2020 Sunburst attacks against SolarWinds and other companies. U.S. authorities raised alarms about Midnight Blizzard in December after the actor was found exploiting unpatched vulnerabilities in JetBrains TeamCity servers across the globe.”
  • and
    • Data compromises were more abundant and organizations were less forthright about the root cause of cyberattacks throughout 2023, according to the Identity Theft Resource Center’s annual data breach report.
    • The number of data compromises reported in the U.S. last year jumped 78% to a record high of 3,205 incidents, the non-profit organization said Thursday. These compromises ultimately impacted more than 353 million victims, including individuals affected multiple times.
    • “The sheer scale of the 2023 data compromises is overwhelming,” ITRC CEO Eva Velasquez said in the report.
  • HHS’s Health Sector Cybersecurity Coordination Center (HC3) posted a sector alert concerning a “Possible Threat of Unauthorized Access to HPH Organizations from Remote Access Tool.”
    • “Security researchers are warning that Healthcare and Public Health (HPH) organizations that use the remote access tool ScreenConnect could be adversely affected or targeted by threat actors. The impact of potential unauthorized access on both federal and private industry victims, many of which rely on this tool, would be a concerning development for the healthcare sector. This Sector Alert provides a technical overview of issues concerning the remote access tool, IOCs, and recommendations for mitigations to detect and protect against future cyberattacks.”
  • The Cybersecurity and Infrastructure Security Agency added a new known exploited vulnerability to its catalog on January 22, January 23, and January 24.
  • Per Cybersecurity Dive,
    • “Nearly 800 instances of Forta’s GoAnywhere MFT remain unpatched and potentially exposed to a critical vulnerability disclosed earlier this week, according to Shadowserver data published Friday.
    • “While many instances of the file-transfer service remain unpatched, less than 30 are vulnerable to exploits due to admin panel exposure on the public internet, Shadowserver said. Remote access to the administration panel is required for threat actors to exploit the critical authentication bypass vulnerability, CVE-2024-0204
    • “Forta released a patch for the vulnerability on Dec. 7, but didn’t publicly disclose the vulnerability with a CVSS score of 9.8 until this week.”

From the ransomware front,

  • Dark Reading tells us,
    • “Despite takedowns of top ransomware groups, those remaining threat actors have continued to develop new tricks, while maintaining their ability to capitalize on zero-day vulnerabilities, helping them do more damage to industrial control systems (ICS) with fewer attacks, according to new research.
    • “Dragos released its latest industrial ransomware analysis for the last quarter of 2023, finding the landscape more refined, and potent, than ever before in its attacks against ICS. It’s a surprising reveal given recent high-profile busts of ransomware operators in the space, including Ragnar Locker and ALPHV, the new report explained.”
  • Health IT Security alerts us,
    • “The healthcare sector was hit hard by data breaches in 2023, with more than 540 organizations reporting breaches to HHS last year. Ransomware remains a top threat to healthcare, as exemplified by the number of high-profile attacks carried out by prolific threat actor groups and lesser-known gangs alike.
    • “In its annual ransomware report, the GuidePoint Research and Intelligence Team (GRIT) used publicly available data to explore these trends and how they vary across the threat landscape, uncovering troubling changes in the threat landscape. GRIT observed 63 distinct ransomware groups compromising thousands of victims throughout 2023. Healthcare was the third-most targeted industry in 2023 according to GRIT, behind manufacturing and technology.
    • “Attacks by prolific ransomware groups such as LockBit, Alphv, and Clop accounted for the vast majority of victims across all analyzed industries. GRIT identified these groups as “established,” meaning that they are groups that have operated for at least nine months and maintain well-defined tactics.”

From the cybersecurity defenses front,

  • HHS’s 405d program offers guidance on implementing cybersecurity insurance.
  • From the ISACA blog,
    • An expert identifies the top ten things every cybersecurity professional needs to know about privacy, and
    • Another expert explains how to run a well-executed risk and control self-assessment.
  • Tech Republic discusses how to prevent phishing attacks with multi-factor authentication.