Cybersecurity Saturday

Bleeping Computer’s This Week in Ransomware leads with the following:

This week has quite a bit of news ranging from the USA formally accusing China of the recent ProxyLogon vulnerability and Kaseya mysteriously obtaining the universal decryption key.

The US government this week officially attributed the ProxyLogon Microsoft Exchange attacks to China. Threat actors used this vulnerability to install a variety of malware, including the BlackKingdom ransomware.

In a surprise announcement, Kaseya has stated that they received the universal decryption key for their July 2nd REvil ransomware attack. This key will allow all victims of the attack to recover their files for free.

Cyberscoop has a more detailed story on the Kaseya hack resolution.

In other ransomware news / protective advice

  • The RSA Conference offers advanced common sense advice on how to handle a ransomware attack. “In the recent ISACA Ransomware Pulse Poll, 21% of respondents reported that they have already experienced a ransomware attack, and 46% consider ransomware to be the cyberthreat most likely to impact their organization within the next 12 months.”
  • ISACA advises that the importance of conducting periodic information security audits of cloud services vendors from the perspectives of the vendor and the customer.
  • Threatpost explains the importance of creating a long term remote security strategy as business begin to formalize permanent hybrid working arrangements. In the author’s opinion.

HHS’s Office for Civil Rights, which enforces the HIPAA Privacy and Security Rules has request public input as follows:

We want to hear from you! OCR and our partners at the HHS Office of the National Coordinator for Health Information Technology (ONC) are seeking user feedback and improvement suggestions on the Security Risk Assessment (SRA) Tool.  The SRA Tool is designed to help small and medium-sized healthcare providers conduct a security risk assessment, as required by the HIPAA Security Rule and the Centers for Medicare and Medicaid Services (CMS) Promoting Interoperability Program. If you have suggestions on how to improve the Tool, we ask you to complete our short survey by July 31, 2021:https://stats.altarum.org/limesurvey/index.php/547532?lang=en.

Finally the Washington Examiner reports that

The House Energy and Commerce committee passed eight bipartisan bills this week to better equip the government and businesses with tools to handle the recent explosion in ransomware attacks.

The bills, which passed with overwhelming bipartisan support, are focused on increasing coordination between the government and relevant industries, implementing cybersecurity best practices, educating everyday technology users, limiting the use of Chinese devices, and strengthening the security programs at the Federal Communications Commission and the National Telecommunications and Information Administration. * * *

One key purpose for the bills is to increase coordination between the federal government and affected businesses and industries.

“These bills will really improve the information sharing and cybersecurity readiness testing of the government by forcing all the right people to get into a room and fix things,” said Shane Tews, a senior fellow who focuses on cybersecurity and technology issues at the American Enterprise Institute, a right-of-center think tank.

“Hopefully, we get to a stage where the government is gaming out cyber problems and vulnerabilities in advance and then sending out software patches to solve them every week, like Microsoft, and other companies do internally on a regular basis,” she added.

Sound idea.