Cybersecurity Saturday

Happy New Year! Cybersecurity Dive offers viewpoints of “six security experts on what cyber threats they expect in 2023. In sum
Organizations will keep a close eye on geopolitical tension and supply chain attacks. But at the core, the biggest threats are built on mistakes.”

Becker’s Health IT provides the viewpoints of healthcare cybersecurity experts on what’s in store for 2023.

Security Week discusses five stories that shaped cybersecurity in 2022.

From the ransomware front —

The Healthsector Cybersecurity Coordination Center released an analyst note on CLOP ransomware last Wednesday:

Clop operates under the Ransomware-as-service (RaaS) model, and it was first observed in 2019. Clop was a highly used ransomware in the market and typically targeted organizations with a revenue of $5 million U.S. Dollars (USD) or higher. Since its appearance, HC3 is aware of attacks on the Health and Public Health (HPH) sector. The HPH sector has been recognized as being a highly targeted industry for the Clop ransomware.

Health IT Security provides a related article.

Bleeping Computer’s The Week in Ransomware reports

BitDefender and law enforcement released a free decryptor for the MegaCortex ransomware.  Any victims who saved their encrypted files in the hopes of a decryptor being released can recover their files for free.

From the cyber defense front —

  • Health Tech informs us about “Tips for health systems on managing legacy systems to strengthen security bolstering; basic security can help protect legacy systems as healthcare organizations make strides to modernize infrastructure.”
  • The National Institute of Standards and Technology informs us

The Zero Trust Architecture (ZTA) team at NIST’s National Cybersecurity Center of Excellence (NCCoE) has published the second version of volumes A-D and the first version of volume E of a preliminary draft practice guide titled “Implementing a Zero Trust Architecture” and is seeking the public’s comments on their contents. This guide summarizes how the NCCoE and its collaborators are using commercially available technology to build interoperable, open standards-based ZTA example implementations that align to the concepts and principles in NIST Special Publication (SP) 800-207, Zero Trust Architecture.