Cybersecurity Saturday

David ErmerCybersecurity

From the cybersecurity policy front,

  • At the American Hospital Association News informs us,
    • “The National Institute of Standards and Technology this week released updated guidance to help HIPAA-covered entities and business associates assess and manage cybersecurity risks to electronic protected health information and comply with the HIPAA security rule. The Department of Health and Human Services’ Office for Civil Rights collaborated with NIST on the guidance, last updated in 2008, which identifies activities that a regulated entity might consider implementing as part of an information security program and resources to help in complying with the HIPAA security rule.” 
  • Fedscoop tells us,
    • “The Cybersecurity and Infrastructure Security Agency [CISA] is opening up an office dedicated to helping federal agencies implement zero trust security principles, leaning further into the Biden administration’s push toward broader adoption of the framework.   
    • “Speaking Thursday [February 15] at CyberScoop’s Zero Trust Summit, Sean Connelly, CISA’s senior cybersecurity architect and trusted internet connections program manager, said the agency’s Zero Trust Initiative Office is intended to provide federal agencies with more comprehensive trainings and resources. 
    • “We’re working with various organizations to support broad training,” Connelly said. “We also have some in-house training we’ve done with a number of agencies [and have made available] playbooks and guidance [for] agencies that want to know how to move toward zero trust.”
    • “The new office will offer expanded training on zero trust principles and will also include an effort to better identify the skills and knowledge needed for successful implementations of the architecture. The office’s playbooks will build on current CISA resources, specifically the agency’s Zero Trust Maturity Model and Trusted Internet Connections 3.0.”  
  • Health IT Security points out,
    • “The US Government Accountability Office (GAO) issued recommendations to HHS surrounding its oversight of ransomware practices across the sector in a recent report. The report assessed four federal agencies, including HHS, to evaluate each agency’s efforts to oversee sector adoption of leading cybersecurity practices.
    • “GAO chose to focus on four critical infrastructure sectors in particular – critical manufacturing, energy, healthcare and public health, and transportation systems – due to the fact that half of the cyber incidents tracked by the FBI in 2022 impacted these four sectors.”

From the cybersecurity vulnerabilities and attacks front,

  • The American Hospital Association notes,
    • “The FBI Feb. 15 released an alert to help organizations detect and reduce the risk of network compromise from the Warzone Remote Access Trojan, a malware service used by over 7,000 cybercriminals and nation-state actors.
    • “In other news, the Cybersecurity & Infrastructure Security Agency and other agencies recently released joint advisories to help organizations defend against Volt Typhoon and other cyber threat groups using living-off-the-land techniques to compromise and access U.S. critical infrastructure.”
  • According to TechCrunch,
    • “The U.S. Department of Defense is notifying tens of thousands of individuals that their personal information was exposed in an email data spill last year.
    • “According to the breach notification letter sent out to affected individuals on February 1, the Defense Intelligence Agency — the DOD’s military intelligence agency — said, “numerous email messages were inadvertently exposed to the Internet by a service provider,” between February 3 and February 20, 2023.
    • “TechCrunch has learned that the breach disclosure letters relate to an unsecured U.S. government cloud email server that was spilling sensitive emails to the open internet. The cloud email server, hosted on Microsoft’s cloud for government customers, was accessible from the internet without a password, likely due to a misconfiguration.”
  • HHS’s Health Sector Cybersecurity Coordination Center issued a report on Russian threat actors targeting the U.S. health sector.
  • Cyberscoop adds,
    • “U.S. U.S. authorities took down a network of hundreds of compromised small office and home office routers being used by Russian military intelligence to carry out global cyber espionage campaigns, the Federal Bureau of Investigation and Department of Justice announced Thursday.
    • “Speaking at the Munich Cyber Security Conference on Thursday, FBI Director Christoper Wray said the operation aimed to “kick the Russian GRU off” a large network of compromised routers “and lock the door behind them, killing the GRU’s access to a botnet it was piggybacking to run cyber operations against countries around the world, including America and its allies in Europe.”
    • “The operation, approved by a U.S. court in January, dismantled a botnet used by GRU Military Unit 26165 that targeted Ubiquiti Edge OS routers that were still using publicly known default administration passwords, the DOJ said in its announcement.”

From the ransomware front,

  • An ISACA expert explains how to navigate the shifting ransomware landscape for the benefit of IT governance and cybersecurity leaders.
  • The FEHBlog found this temporary (?) SC Magazine replacement for Bleeping Computer’s the Week in Ransomware.

From the cybersecurity defenses front,

  • TechTarget identifies five steps involved in performing a cybersecurity risk assessment.
  • Dark Reading suggests that the time has come to rethink third party risk assessment.
  • ZDNet explains why businesses should upgrade to Windows 11 Pro.