Cybersecurity Saturday - Ermer and Suter PLLC

From the Change Healthcare situation front,

United Healthcare updated its Change Healthcare situation website yesterday. The website details the wide variety of constructive steps that UHC is taking to remedy the situation.

Cybersecurity Dive notes,
- “The devastation caused by the attack against Change are especially pronounced in an industry rife with ransomware attacks. To date, at least five hospital systems with 49 hospitals between them have been impacted by ransomware attacks this year, according to Callow.
- “AlphV’s involvement is a particularly sour development after a law enforcement action in December shut down the infrastructure of the ransomware group, also known as BlackCat.
- “Following the takedown, it emerged within hours and remained active, targeting and threatening new victims ever since.
- “The FBI on Friday [March 1] said it’s aware of the ongoing incident impacting Change and is engaged with the Cybersecurity and Infrastructure Security Agency, the Department of Health and Human Services and other partners who are providing assistance. The agency declined to comment on anything related to AlphV.
- “AlphV is notorious for the scope of its reach, its high-profile victims, and the nearly $300 million in ransom payments it received as of September. AlphV is the second-most prolific ransomware as a service group in the world, according to the FBI and CISA.
- “LockBit, another ransomware as a service group that reestablished operations within days of a global law enforcement effort dismantled the group’s infrastructure, remains the most prolific criminal group in the field.”

Krebs on Security and Bleeping Computer’s Week in Ransomware offer more details on these developments.

From the cyber vulnerabilities and breaches front,

NextGov reports,
- “Government facilities were the third largest critical infrastructure sector targeted by ransomware attacks in 2023, according to cybercrime statistics released Wednesday by the FBI.
- “The agency’s Internet Crime Complaint Center, or IC3, unveiled the findings in its annual report that unpacks complaints, financial losses and other metrics used to determine the severity of cybercrime activities reported to federal authorities.
- “Of the 1,193 complaints IC3 received from organizations belonging to U.S.-designated critical infrastructure sectors, government facilities came in third place with 156 complaints, while critical manufacturing and healthcare centers took the second and top spots, respectively.
- “Of the 16 critical infrastructure sectors, IC3 reporting indicated 14 sectors had at least 1 member that fell to a ransomware attack in 2023,” the report adds.
- “LockBit, ALPHV/BlackCat, Akira, Royal and Black Basta were the top ransomware gangs tied to those critical infrastructure complaints, the report added.”

Cybersecurity Dive tells us on March 6,
- “A new state-linked threat actor has joined the ConnectWise ScreenConnect fray, capitalizing on already rapidly exploited security flaws to deploy malware, Kroll Cyber Threat Intelligence researchers said Tuesday.
- “The new malware, which Kroll dubbed ToddlerShark, was used during post-compromise threat activity linked to two vulnerabilities in ScreenConnect, including CVE-2024-1709, which has a CVSS score of 10.
- “The ToddlerShark malware shares several similarities to BabyShark malware, which Palo Alto Networks researchers previously identified as targeting U.S. national security think tanks. That malware is linked to a group tracked by Kroll researchers as KTA082, but is also known as Kimsuky.”

Cyberscoop points out on March 8,
- “In January, Microsoft disclosed that Russian hackers had breached the company’s systems and managed to read emails belonging to senior executives. Now, the company has revealed that the breach was worse than initially understood and that the Russian hackers accessed Microsoft source code.
- “Friday’s revelation — made in a blog post and a filing with the Securities and Exchange Commission — is the latest in a string of breaches affecting the company that have raised major questions in Washington about Microsoft’s security posture. The company’s filing with the SEC describes the incident as ongoing, stating that “the threat actor used and continues to use information it obtained to gain, or attempt to gain, unauthorized access to some of the Company’s source code repositories and internal systems.”
- “Microsoft has linked the attack to the hacking group it tracks as Midnight Blizzard but is more popularly known as Cozy Bear. The group is believed to be a unit of Russia’s foreign intelligence service SVR and one of the Kremlin’s most capable hacking units.”

Security Week relates on March 7, “Cisco Patches High-Severity Vulnerabilities in VPN Product: High-severity flaws in Cisco Secure Client could lead to code execution and unauthorized remote access VPN sessions.

SC Media adds on March 6,
- “Apple issued two emergency patches (iOS 17.4) for iPhone zero-days on March 5 that the company said in an advisory may have been exploited in the wild.
- “Security pros said it was a serious issue because nation-state threat actors tend to exploit iOS zero-days to launch spyware attacks on high-risk individuals such as journalists, opposition politicians, and dissidents.”

The Cybersecurity and Infrastructure Security Administration added to its catalog of known exploited vulnerabilities:
- CVE-2024-21338 Microsoft Windows Kernel Exposed IOCTL with Insufficient Access Control Vulnerability on March 4;
- CVE-2023-21237 Android Pixel Information Disclosure Vulnerability and CVE-2021-36380 Sunhillo SureLine OS Command Injection Vulnerablity on March 5, and
- CVE-2024-27198 JetBrains TeamCity Authentication Bypass Vulnerability on March 7.

Tech Target discusses the “Top 10 types of information security threats for IT teams.”

From the cybersecurity defense front,

CISA and NSA released Cybersecurity Information Sheets on Cloud Security Best Practices on March 7.

Forbes explains “Expert Cybersecurity Strategies For Protecting Remote Businesses.”

Tech Republic adds,
- A new White House report focuses on securing computing at the root of cyber attacks — in this case, reducing the attack surface with memory-safe programming languages like Python, Java and C# and promoting the creation of standardized measurements for software security.
- The report urges tech professionals to:
  - Implement memory-safe programming languages.
  - Develop and support new metrics for measuring hardware security.
  - This report, titled Back to the Building Blocks: A Path Toward Secure and Measurable Software, is meant to convey to IT pros and business leaders some of the U.S. government’s priorities when it comes to securing hardware and software at the design phase. The report is a call to suggested action, with advice and loose guidelines.
- “Even if every known vulnerability were to be fixed, the prevalence of undiscovered vulnerabilities across the software ecosystem would still present additional risk,” the report states. “A proactive approach that focuses on eliminating entire classes of vulnerabilities reduces the potential attack surface and results in more reliable code, less downtime and more predictable systems.”

From the cybersecurity policy front,

Cyberscoop reports,
- “Cybersecurity professionals can expect fresh reading materials in the coming months from the Office of the National Cyber Director, which aims to issue an update to the national cybersecurity strategy implementation plan before the summer is over, a White House cyber official said Tuesday.
- “The implementation plan outlines how the White House will accomplish the goals outlined in the national cybersecurity plan and is supposed to be a “living document”that is updated as initiatives are complete or new initiatives are added. The implementation plan 2.0 is expected “late spring, early summer,” said Brian Scott, deputy assistant national cyber director for cyber policy and programs.
- “Speaking at the ICS-focused security conference S4x24 in Miami, Scott also noted that cybersecurity pros can expect an update on software liability reform in the next implementation plan release, and the Biden administration is currently looking at developing a framework around software liability. The White House is also convening a symposium of law professors at the end of March around the issue, he said.
- “The administration is committed to working with Congress to develop legislative action to incentivize development of software with more secure code,” Scott said.”

Per Dark Reading, “The US National Security Agency (NSA) delivered its guidelines for zero-trust network security this week, offering a more concrete roadmap towards zero-trust adoption. It’s an important effort to try to bridge the gap between desire for and implementation of the concept.”

NextGov calls attention to the fact that
- “Two years after the White House teased an executive order on identity theft in public benefits during the 2022 State of the Union, such an order hasn’t materialized, leaving stakeholders frustrated at the lack of action to address vulnerabilities and prevent fraudsters from siphoning off government money.
- “We continue to work in this area very rigorously across government,” Clare Martorana, the federal chief information officer, told Nextgov/FCW at an event this week when asked about the state of the executive order. “This is top of mind for all of us. We want to make sure that we accelerate people’s use of digital [to access government], but safely, securely.”

Security Week reports on March 8,
- “The US cybersecurity agency CISA has laid out key actions for securing open source software (OSS) following a two-day OSS security summit where it has convened with community leaders.
- “Steps that CISA will take in partnership with the community include promoting the Principles for Package Repository Security, a framework outlining security maturity levels for package repositories and a new effort to enable collaboration and information sharing with open source software infrastructure operators.
- “Furthermore, CISA will publish materials from the summit’s tabletop exercise, so that the open source community can use the lessons learned to improve vulnerability and incident response.”

A client told me that he is very impressed by the security features of Windows 11 professional. This Journal of Accountancy article explains that Windows 11 includes a new Microsoft AI feature co-pilot to help office workers navigate Microsoft Office products.
- “For example, you can tell Copilot to create a PowerPoint presentation based on some information you provide. Copilot can also create emails and email replies. Do you have that colleague who sends five emails pertaining to the same subject? You can ask Copilot to summarize all emails from that person.
- “Copilot also can help you prepare for a meeting. Or if you join a Teams meeting late, Copilot will generate a summary of what you missed.
- “Copilot can create budget proposals, project timelines, agendas, SWOT analyses, etc. And because it can answer questions and understand commands using natural language processing, you don’t need to know how to write computer code to use it.”
Cool.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Subscribe to FEHBlog