Cybersecurity Dive - Ermer and Suter PLLC

From the cybersecurity policy front —

A CSO analysis reports, “Federal cyber incidents reveal challenges of implementing US National Cybersecurity Strategy. As federal government cybersecurity incidents continue to mount, the Biden administration’s National Cybersecurity Strategy should help, although experts say implementing it won’t be easy.”
- “More than any previous administration, the Biden administration has taken a serious step forward to secure federal government infrastructure (and, by extension, the private sector through government contractor requirements) with its expansive National Cybersecurity Strategy, released in March.
- “The strategy outlines five broad “pillars” of cybersecurity efforts that civilian agencies must meet, including approaches to defending critical infrastructure, disrupting and dismantling threat actors, shaping market forces to drive security and resilience, investing in a resilient future, and enhancing public-private operational collaboration to disrupt adversaries.
- “But the details of how agencies should start tackling the challenges won’t be fully understood until the administration releases the strategy’s implementation guidance, which officials say could occur over the next month or so.
- “No matter how the guidance shakes out, government agencies’ challenges in implementing the strategy will undoubtedly be significant. First off is the sheer size and complexity of the federal government.”

The Wall Street Journal similarly explains that while “The Biden administration’s proposal to hold software makers accountable offers a starting point, it leaves a lot of questions open.

From the cybersecurity vulnerabilities and breaches front —

Health IT Security tells us,
- “Just like in years past, threat actors are leveraging ransomware, social engineering, denial of service, and basic web application attacks to disrupt operations and compromise data with great success. Verizon’s newly released 2023 Data Breach Investigations Report (DBIR) provided significant evidence of these trends through its analysis of more than 16,300 security incidents that occurred between November 1, 2021, and October 31, 2022.
- “Of the 16,312 security incidents analyzed, 5,199 of them were confirmed data breaches. What’s more, 74 percent of all breaches involved a human element, such as social engineering, use of stolen credentials, or privilege misuse. * * *
- “Verizon defines a “breach” as an incident that results in confirmed data disclosures to an unauthorized party, while an “incident” is a security event that compromises the integrity, availability, or confidentiality of information.
- “Top attack patterns in healthcare included system intrusions, basic web application attacks, and miscellaneous errors, which collectively accounted for 68 percent of all healthcare breaches.
- “The [h]ealthcare vertical is highly targeted by ransomware gangs, which results in both the loss of use of their systems—potentially with life-threatening consequences—as well as data breaches,” the report stated.”

Cybersecurity Dive reports (June 9)
- “Barracuda’s email security gateway appliances, which were compromised by a zero-day vulnerability disclosed last month, need to be scrapped and replaced immediately, the company said Tuesday in an action notice.
- “The vulnerability, CVE-2023-2868, has been actively exploited for at least eight months. Despite a series of patches issued to all appliances last month, Barracuda said, regardless of patch version level, its “remediation recommendation at this time is full replacement of the impacted ESG.”
- “Barracuda’s decision to effectively retire all compromised ESG appliances is akin to an admission the company could not fully remove threat actor access and recover the devices for customers, according to experts.”
and (also June 9)
- “Microsoft is investigating claims by an alleged hacktivist group that it launched a series of DDoS attacks that disrupted the company’s OneDrive and other Microsoft 365 services.
- “The company suffered a series of outages this week that impacted a range of services, including Microsoft Teams, SharePoint Online and OneDrive for Business. The OneDrive disruption was still impacting customers as of Thursday.
- “The group, known as Anonymous Sudan, has claimed credit for the alleged DDoS attacks and made additional threats against the company. Microsoft officials acknowledged the public claims and are working to fully restore services.
- “We are aware of these claims and are investigating,” a Microsoft spokesperson said via email. “We are taking the necessary steps to protect customers and ensure the stability of our services.”

HHS’s Health Sector Cybersecurity Coordination Center offers a PowerPoint presentation titled “Types of Cyber Threat Actors That Threaten Healthcare.”

The Cybersecurity and Infrastructure Security Agency (CISA) added two known exploited vulnerabilities to its catalog on June 5 and one more on June 7.

Cybersecurity Dive adds
- “Senior level corporate executives are increasingly being targeted by sophisticated cyberattacks that target their corporate and home office environments and even extend to family members, according to a study released Monday from BlackCloak and Ponemon Institute.
- “About 42% of organizations surveyed had a senior executive or an executive’s family member attacked over the past two years. The study is based on a survey of more than 550 IT security leaders.
- “These attacks often lead to the theft of sensitive company data, including financial information, intellectual property or other information. In one-third of these cases, hackers are reaching these executives through insecure home-office networks used during remote work.”

From the ransomware front –

Cybersecurity Dive informs us,
- “Most of Dallas’ network and IT infrastructure has been restored following a ransomware attack in early May that took most of the city’s services offline and disrupted operations, the city said Monday.
- “Our staff has worked tirelessly to restore and rebuild systems and return all systems to full functionality as quickly and securely as possible,” the city said Monday in a statement. “At this time, we are more than 90% restored, with most public-facing services restored.”
- “Dallas previously cautioned full functionality would take weeks, and some services are still non-operational. The city’s municipal court reopened on May 30, but trials and jury duty remain canceled until further notice and library staff are still tracking item availability manually.

CISA and the FBI released an “Advisory on CL0P Ransomware Gang Exploiting MOVEit Vulnerability” on June 7.
- Cyberscoop provides background on the advisory.
- Bleeping Computer’s The Week in Ransomware” focuses on this case.

Security Week reports
- “Cybersecurity firm Obsidian has observed a successful ransomware attack against Sharepoint Online (Microsoft 365) via a Microsoft Global SaaS admin account rather than the more usual route of a compromised endpoint.
- “The attack was analyzed post-compromise when the victim employed the Obsidian product and research team to determine the finer points of the attack. In its blog account of the incident, Obsidian did not disclose the victim but believes the attacker was the group known as 0mega.”
and
- “Japanese pharmaceutical giant Eisai [a developer of the new Alzheimer’s Disease drug Leqembi] this week announced that it has fallen victim to a ransomware attack that forced it to take certain systems offline.
- “Headquartered in Tokyo, the company has manufacturing facilities in Asia, Europe, and North America and has subsidiaries on both American continents, in Asia-Pacific, Africa, and Europe. Last year, the company reported more than $5 billion in revenue.
- “The ransomware attack, the company says in an incident notification on its website, was identified on June 3 and resulted in the encryption of multiple servers.
- “Eisai says it immediately implemented its incident response plan, which involved taking systems offline to contain the attack, and launched an investigation.”

From the cybersecurity defenses front —

On June 6, “CISA, Federal Bureau of Investigation (FBI), the National Security Agency (NSA), Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Israel National Cyber Directorate (INCD) released the Guide to Securing Remote Access Software. This new joint guide is the result of a collaborative effort to provide an overview of legitimate uses of remote access software, as well as common exploitations and associated tactics, techniques, and procedures (TTPs), and how to detect and defend against malicious actors abusing this software.”
- Health IT Security and Security Boulevard offer reports on the new guidance.

ISACA discusses the increasing importance of information technology audits to Boards of Directors.

Security Boulevard offers ten “go-to” tips for achieving/maintaining HIPAA Security Rule compliance.

Help Net Security suggests twenty cybersecurity projects on GitHub you should check out.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Subscribe to FEHBlog