Cybersecurity Saturday - Ermer and Suter PLLC

From the cybersecurity policy,

Cyberscoop reports,
- “A cyberattack on a payment processor that has crippled large parts of the U.S. health care system is inspiring calls in Washington to urgently implement cybersecurity regulations for the sector, setting up a showdown with hospital and health care groups that are stridently arguing against such a move.
- “As these companies have become so large, it is creating a systemic cybersecurity risk,” Sen. Ron Wyden, an Oregon Democrat, said Thursday during a Senate Finance Committee hearing featuring Health and Human Services Secretary Xavier Becerra, whose agency is responsible for overseeing the health care industry’s digital security standards. * * *
- “The incident has reinvigorated conversations among policymakers in Washington about how to improve the health care sector’s security posture. HHS has proposed a voluntary set of cybersecurity standards and is working to develop mandatory rules, but these are unlikely to come into effect soon.
- “Until mandatory rules are in place, industry critics like Wyden want sharper action. “The next step has got to be fines and accountability for negligent CEOs, which will enable HHS to protect patients and our national security,” he said Thursday.”

Cybersecurity Dive adds,
- ‘Ransomware remains a persistent threat, despite law enforcement actions aimed at disrupting the infrastructure threat actors rely on to conduct their attacks, according to the Office of the Director of National Intelligence’s latest annual threat assessment.
- “Transnational organized criminals involved in ransomware operations are improving their attacks, extorting funds, disrupting critical services and exposing sensitive data,” said the report, which was publicly released Monday. “Important U.S. services and critical infrastructure such as healthcare, schools and manufacturing continue to experience ransomware attacks.”
- “National intelligence leaders warned that the ransomware problem is worsening and is growing more difficult to combat.”

In this regard, the Wall Street Journal considers “Why Are Data Breaches Still Rising If Companies Are So Focused on Cybersecurity.”
- “Evolving Ransomware Attacks * *. * First, after a slight drop [in 2022], [ransomware] attacks are on the rise again due to the emergence of ransomware gangs that franchise their malware and make it available to budding cybercriminals. This trend is allowing more criminals, even those with minimal computer knowledge, to get into the ransomware game.”
- “Second, these attacks are becoming more damaging in that many attackers are now stealing their victims’ data, in addition to just locking it up. I refer to this new approach as Ransomware 2.0. The hackers threaten to disclose the private information if they don’t receive a ransom payment. This results in large leaks of corporate and consumer data that didn’t occur before.
- “Cloud misconfiguration: More companies now store and maintain their corporate data in the cloud via services such as Amazon Web Services, Google Cloud and Microsoft Azure to avoid the expense of having to own and operate their own data centers. This is making the cloud an attractive target for hackers. In fact, 82% of breaches in 2023 involved data stored in the cloud, according to a recent IBM report.
- “Cybercriminals are taking advantage of the fact that many organizations migrated rapidly to the cloud without fully understanding all of the configuration settings and establishing procedures to keep their data safe. As a result, errors and glitches in these settings are common, and many companies have no idea that their sensitive information is exposed to the public internet until it is too late. Such misconfigurations have become one of the most common security issues when deploying new cloud-based applications.
- “Exploitation of vendor systems: Almost every company, especially large companies, rely on a network of vendors to provide services ranging from maintaining the air conditioning to updating software packages. These vendors often have special access to the company’s computers, which I refer to as “side doors,” similar to a passkey given to the cleaning crew.
- “As large companies have become better prepared to repel cyberattacks, hackers have shifted their attention to vendors, often much smaller companies with limited cyber defense resources and expertise. Attackers exploit those weaknesses to first get into the vendor’s system, then use the vendor’s privileged access to get into the computer systems of every company that uses the vendor.”

From the cyber vulnerabilities and breaches front,

Cybersecurity Dive tells us,
- “The Cybersecurity and Infrastructure Security Agency was hit by a cyberattack earlier this year after a yet-to-be identified threat actor intruded the agency’s systems by exploiting critical vulnerabilities in Ivanti products.
- “About a month ago, CISA identified activity indicating the exploitation of vulnerabilities in Ivanti products the agency uses,” a CISA spokesperson told Cybersecurity Dive Friday. Threat actors started widely exploiting a pair of zero-day vulnerabilities in Ivanti Connect Secure and other remote access VPNs in early December.
- “The impact was limited to two systems, which we immediately took offline. We continue to upgrade and modernize our systems, and there is no operational impact at this time,” the spokesperson said.”
It happens to the best of us.

SC Media informs us,
- “StopCrypt, the most common ransomware family of 2023, has a new variant leveraging more advanced evasion tactics.
- “StopCrypt, also known as STOP/DJVU, surpassed the LockBit ransomware family in detections in 2023, according to Trend Micro’s 2023 Annual Cybersecurity Report published last week. STOP typically targets smaller targets with an average ransom payment size of $619 in the first half of 2023, according to a mid-year report by Chainalysis.
- “SonicWall reported Tuesday that a new StopCrypt variant employes several evasion tactics in a multi-stage shellcode deployment process, including a long delay loop, dynamic API resolution and process hollowing, or the replacement of code in a legitimate executable to malicious code. * * *
- “The STOP variant described by SonicWall bears similarities to a variant discovered by PCrisk researchers last year, which was originally submitted through VirusTotal. Similarities include the “.msjd” file extension and the ransom note, including the threat actor’s contact information.”

UHC continues to update it Change Healthcare cyberattack response site. The new feature is a “how-to video on the temporary funding process for UnitedHealthcare providers.”

From the cybersecurity defenses front,

Healthcare IT News offers an interview with Cliff Steinhauer, director of information security and engagement at the National Cybersecurity Alliance about early lessons learned from the Change Healthcare situation.

SC Media offers an expert article on the same topic.

Tech Target makes available ten best practices for deploying patches.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Subscribe to FEHBlog