Cybersecurity Saturday

From Capitol Hill, Cybersecurity Dive reports

Democratic lawmakers are continuing to call on federal agencies to increase data privacy protection for patients seeking abortions, following the Supreme Court’s decision ending the constitutional right to the procedure.

Seventy-two Democratic members of Congress sent a letter Wednesday to Lina Khan, chair of the Federal Trade Commission, urging her to use the “full power” of her office to enact safeguards against data brokers collecting and selling data that could be used to prosecute pregnancy-related crimes.

The letter to the FTC follows one sent Friday by Democrat senators to HHS urging the department to update the HIPAA privacy law to limit when covered entities can share information about abortion services.

From the cyber breaches front, Cybersecurity Dive tells us

Marriott International last month suffered its third publicly acknowledged data breach in four years. The hotel chain disclosed the incident after DataBreaches.net reported an unnamed threat actor claimed to have stolen 20 gigabytes of sensitive data. * * *

Marriott claims the incident was quickly contained and potential exposure was limited to about 400 individuals. * * *

In the latest incident, a threat actor “used social engineering to trick one associate at a single Marriott hotel into providing access to the associate’s computer,” a Marriott spokesperson said via email. “The threat actor did not gain access to Marriott’s core network.”

Following an investigation, the company said it determined the information that was accessed primarily contained non-sensitive internal business files regarding the property’s operations.

The hotel chain said it identified the breach and was investigating the incident before the threat actor contacted the company in an extortion attempt. Marriott did not pay the threat actor, according to the company spokesperson.

From the cyber vulnerabilities front, CISA announced last Wednesday

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the U.S. Department of the Treasury (Treasury) today released a joint Cybersecurity Advisory (CSA) that provides information on Maui ransomware, which has been used by North Korean state-sponsored cyber actors since at least May 2021 to target Healthcare and Public Health (HPH) Sector organizations.

The CSA titled, “North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector,” provides technical details and indicators of compromise (IOC) observed during multiple FBI incident response activities over a period of more than a year and obtained from industry analysis of Maui samples. North Korean state-sponsored actors were observed using Maui ransomware to encrypt HPH servers responsible for providing healthcare services. In some cases, the malicious activity disrupted the services provided by the victim for prolonged periods.

The HPH Sector, as well as other critical infrastructure organizations, are urged to review this joint CSA and apply the recommended mitigations to reduce the likelihood of compromise from ransomware operations. The FBI, CISA, and Treasury assess that North Korean state-sponsored actors are likely to continue targeting HPH Sector organizations, because of the assumption that these organizations are willing to pay ransoms to avoid disruption of the critical life and health services they provide. For more information on state-sponsored North Korean malicious cyber activity, see CISA’s North Korea Cyber Threat Overview and Advisories webpage.

The FBI, CISA, and Treasury strongly discourage paying ransoms as doing so does not guarantee files and records will be recovered and may pose sanctions risks. In September 2021, Treasury issued an advisory highlighting the sanctions risk associated with ransomware payments and providing steps that can be taken by companies to mitigate the risk of being a victim of ransomware.

All organizations should share information on cybersecurity incidents and anomalous activity to CISA 24/7 Operations Center at report@cisa.gov or (888) 282-0870 and/or to the FBI via your local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov.

Healthcare IT News offers a report on this announcement here.

Cybersecurity Dive reports

The group behind Hive ransomware completed a full code migration and overhaul to use a more complex encryption method for its ransomware as a service payload, researchers from Microsoft Threat Intelligence Center found.

Microsoft describes Hive, which was first observed in June 2021, as one of the most prevalent ransomware payloads and one of the fastest evolving ransomware families. 

By migrating code from Go to Rust, Hive can string encryption that boosts its ability to evade discovery, deepen control over the code and heighten protection against reverse engineering.

Of course, here’s a link to the current Week in Ransomware from Bleeping Computer. Check it out.

From the cyber defenses front —

  • Cybersecurity Dive identifies CISO priorities for the second half of this year.
  • In a similar vein, ZDNet discusses “the cybersecurity threats of tomorrow that you should be thinking about today. The rise of quantum computing, deepfakes, the Internet of Things and more are among the things that could create very real challenges for cybersecurity going forwards.”
  • Speaking of quantum computing, CISA announced this week “the establishment of a Post-Quantum Cryptography Initiative to unify and drive agency efforts to address threats posed by quantum computing.” HHS’s HC3 timely released a PowerPoint presentation on Quantum Cryptogtaphy and the Health Care Sector.
  • An ISACA expert promotes “The Case for Outcome-Based Cybersecurity: A Data-Focused Shift in Cybersecurity Management.”
  • Cybersecurity Dive brings us current on 5G network security issues. “The most prevailing security challenge in 5G infrastructure is the significant expansion of the attack surface in relation to pre-5G networks,” Ron Westfall, senior analyst and research director at Futurum Research, said.