From the Capitol Hill front, Bank Info Security reviews the cybersecurity and breach notice measures found in the National Defense Authorization Act for the current government fiscal year. Defense One reports that the Senate at this point is not expected to pass its version of the bill until next month.
From the administrative front, Cyberscoop reports that
The Cybersecurity and Infrastructure Security Agency on Wednesday [December 1] named members to a new [Congressionally mandated] cyber advisory panel that will make recommendations on subjects ranging from battling misinformation to gaining aid from the hacker community on national cyber defense.
Among the 23 members selected are leaders from social media, cybersecurity companies, major technology firms and critical infrastructure sectors such as finance and energy. It includes officials from Johnson & Johnson and Walmart, as well as a longtime cybersecurity journalist and the mayor of Austin, Texas. * * *
Bylaws for the committee published in July said it would address subjects like critical infrastructure protection, information sharing, risk management and public-private partnerships. Wednesday’s announcement added potential subjects like the cyber workforce and disinformation. Its first meeting is Dec. 10.
Federal News Network informs us that
The Cybersecurity and Infrastructure Security Agency at the Department of Homeland Security is putting the final touches on several guidance documents to help ease the transition to a zero trust cybersecurity environment.
The entire goal of this effort to move security away from the network and to the data and application layers.
John Simms, the deputy branch chief of the Cybersecurity Assurance Branch in CISA, said the documents and other efforts are helping agencies shift their cyber thinking away from the network and closer to the data.
Over the last three months, CISA, along with the Office of Management and Budget, rolled out the draft zero trust strategy, the draft cloud security technical reference architecture and the draft zero trust maturity model.
From the reports front
- On Thursday December 2, the Government Accountability Office issued a report in connection with GAO testimony before Congress “on the need for the federal government to develop and execute a comprehensive national cyber strategy, and to strengthen the role that it plays in protecting the cybersecurity of critical infrastructure. Ensuring the cybersecurity of the nation is on our High Risk List, and we have urged federal agencies to act on it.”
- The HHS Office of Information Security released a presentation on December 2 about the risks that the cybercriminal group FIN12 posts to the healthcare sector.
- Health IT Security reports about new Healthcare ISAC guidance to help CISOs navigate interoperability, patient access, and identity-centric data sharing under the 21st Century Cures Act. New interoperability mandates under the Cures Act require healthcare organizations to implement APIs to promote the digitization of electronic health information (EHI). “While APIs are the ‘door’ to enabling interoperability of EHR between healthcare organizations, strong identity solutions are the ‘key’ that keeps EHI secure,” the guide explained. OPM is eager for FEHB plans to offer these APIs to their members.
Here is a link to Bleeping Computer’s The Week in Ransomware.
The biggest news over the past two weeks is the unsealing of a United States’ Complaint for Forfeiture detailing how the FBI seized 39.89138522 bitcoins from an Exodus wallet belonging to an REvil affiliate. Based on the email listed in the court document, it is believed that the affiliate is one known as ‘Lalartu.’
The FBI also disclosed that Cuba ransomware has attacked 49 US critical infrastructure orgs and received at least US $43.9 million in ransom payments.
ZD Net adds that
Cyber criminals are using online adverts for fake versions of popular software to trick users into downloading three forms of malware – including a malicious browser extension with the same capabilites as trojan malware – that provide attackers with usernames and passwords, as well as backdoor remote access to infected Windows PCs.
The attacks, which distribute two forms of seemingly undocumented custom-developed malware, have been detailed by cybersecurity researchers at Cisco Talos who’ve named the campaign ‘magnat’. It appears the campaign has been operating in some capacity since 2018 and the malware has been in continuous development.
Over half of the victims are in Canada, but there have also been victims around the world, including in the United States, Europe, Australia and Nigeria.
In closing, an expert in Security Week offers his four cybersecurity predictions for 2022.