Cybersecurity Update

From Capitol Hill, Nextgov informs us

Having cleared the Senate in January, the State and Local Government Cybersecurity Actpassed the House Tuesday and now awaits President Joe Biden’s signature.

The bill updates the House Homeland Security Act to direct the Department of Homeland Security to improve information sharing and coordination with state, local and tribal governments—all of which face growing risks of cyberattack. The legislation requires federal cybersecurity officials to share cybersecurity threat, vulnerability and breach data with states and localities, and provide some recovery resources when attacks occur.

From the vulnerabilities front —

Federal News Network reports

Agencies have until Monday [May 23] to mitigate vulnerabilities in five products from VMware that permit attackers to have deep access without the need to authenticate.

The Cybersecurity and Infrastructure Security Agency issued a new emergency directive today saying the vulnerabilities in VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation, and vRealize Suite Lifecycle Manager put federal networks and systems at immediate risk.

“These vulnerabilities pose an unacceptable risk to federal network security,” said CISA Director Jen Easterly in a release. “CISA has issued this Emergency Directive to ensure that federal civilian agencies take urgent action to protect their networks. We also strongly urge every organization — large and small — to follow the federal government’s lead and take similar steps to safeguard their networks.”

Here’s a link to the CISA website on this emergency directive.

CISA also released an analysis of Fiscal Year 2021 Risk and Vulnerability Assessments.

[This] analysis and infographic details the findings from the 112 Risk and Vulnerability Assessments (RVAs) conducted across multiple sectors in Fiscal Year 2021 (FY21). 

The analysis details a sample attack path comprising 11 successive tactics, or steps, a cyber threat actor could take to compromise an organization with weaknesses that are representative of those CISA observed in FY21 RVAs. The infographic highlights the three most successful techniques for each tactic that the RVAs documented. Both the analysis and the infographic map threat actor behavior to the MITRE ATT&CK® framework. 

CISA also added two known exploited vulnerabilities to its catalog last week.

From the ransomware front

Cybersecurity Dive reports

Most executives have and are willing to pay ransoms in the event of an attack, despite broad and consistent advice to the contrary. 

Nearly four in five organizations impacted by ransomware attacks have paid the ransom to regain access to corporate data, according to a survey conducted last month by Kaspersky.

The findings, while not surprising, highlight the extent to which a widely acknowledged best practice is rarely followed. Cybersecurity professionals, including Kaspersky, consistently advise businesses hit by ransomware to never pay the ransom.

Cyberscoop tells us

The federal government has made strides in deterring ransomware over the past year, but still has a number of milestones to reach, according to a new paper from the Institute for Security and Technology’s Ransomware Task Force. * * *

Of the 48 specific recommendations the Ransomware Task Force made in its initial report, 12 have seen tangible progress in the year since. Some initial steps have been taken on 29 recommendations, while seven recommendations have seen no action.

The United States has made the most progress in addressing the RTF’s recommendations for deterring ransomware, according to Friday’s update. In addition to the Department of Homeland Security launching a hiring “sprint” to combat cyber crime, the Justice Department last year created its own ransomware task force. And at the event Friday, Cybersecurity and Infrastructure Security Agency Director Jen Easterly said the DHS unit is creating another task force to collaborate with the FBI and other agencies that fight cybercrime.

The Healthcare Cybersecurity Coordination Center released a PowerPoint on major cyber organizations of the Russian Intelligence Services.

Bleeping Computer reports

The notorious Conti ransomware gang has officially shut down their operation, with infrastructure taken offline and team leaders told that the brand is no more.

This news comes from Advanced Intel’s Yelisey Boguslavskiy, who tweeted [last Thursday] afternoon that the gang’s internal infrastructure was turned off. * * *

While it may seem strange for Conti to shut down in the middle of their information war with Costa Rica, Boguslavskiy tells us that Conti conducted this very public attack to create a facade of a live operation while the Conti members slowly migrated to other, smaller ransomware operations.

Of course, here is a link to the Bleeping Computer’s Week in Ransomware

From the cyber defenses front

The Wall Street Journal reports

The Justice Department on Thursday [May 19] urged prosecutors to narrow their enforcement of the nation’s main anti-hacking law in a bid to protect legitimate researchers who probe technology for security flaws.

The policy change is a victory for the many cyber professionals and academics who have criticized the Computer Fraud and Abuse Act for potentially criminalizing research that security experts see as key to protecting computer systems from cyberattacks.

Health Data Management discusses seven key steps for avoiding cyberattacks.

1. Protect all workloads


2. Know your adversary


3. Be ready when every second counts


4. Adopt a zero-trust approach


5. Monitor the cybercriminal underground


6. Invest in elite threat hunting


7. Build a cybersecurity culture

CISA offers an updated list of its “free” cybersecurity services, tools, and resources.