Cybersecurity Saturday

David ErmerCybersecurity, Generative AI

From the cybersecurity policy front —

  • Cybersecurity Scoop reports,
    • “The Cybersecurity and Infrastructure Security Agency [CISA] released its strategic plan for fiscal year 2024 through 2026 on Friday, following a plethora of strategies and implementation plans released over the past several months by the White House aimed at improving the nation’s overall cybersecurity preparedness. 
    • “Within CISA, this Plan will serve as a keystone for implementation, resource, and operational planning, as further executed through our Annual Operating Plans. Externally, it will help stakeholders understand and participate in our long-term cybersecurity planning and prioritization,” the document reads.
    • CISA’s strategic plan will focus on three goals: address immediate threats, harden the terrain and drive security at scale. Additionally, the strategy has nine objectives, three for each goal, outlining the agency’s scope for the next three years.
    • “The release comes shortly after the Office of the National Cyber Director released a National Cyber Workforce and Education Strategy, as well as the National Cybersecurity Strategy in March and subsequent Implementation Plan in July.”
  • and
    • “The Biden administration’s strategy for building the U.S. cybersecurity workforce calls for government, industry and civil society groups to collaborate in increasing the number of cybersecurity workers and also urges an overhaul of the U.S. immigration system. 
    • “To address a dire shortage of cybersecurity workers, Monday’s strategy document takes a broad approach in overhauling the cybersecurity workforce. “The national cyber director’s office can only really task federal departments and agencies because, realistically, we need all of society. We need them to be feel supported and heard and seen as we approach these ecosystem models,” Acting National Cyber Director Kemba Walden told CyberScoop.”

From the cybersecurity breaches and vulnerabilities front —

  • Health IT Security brings us up to date on MOVEit breaches affecting healthcare organizations.
  • Health IT Security adds, “The healthcare sector continued to face a high volume of cyberattacks in the past few months as infostealing malware rose in popularity, BlackBerry stated in its latest Global Threat Intelligence Report.”
  • Cybersecurity Dive reports
    • “Half of the 12 most-commonly exploited vulnerabilities in 2022 were discovered the previous year, cyber authorities from the Five Eyes said in a joint advisory released Thursday. One of the top 12 vulnerabilities was discovered in 2018.
    • “Flaws in Microsoft products accounted for 1 in 3 of the most-routinely exploited vulnerabilities, including three Exchange Server CVEs from 2021. Two-thirds of the most-exploited vulnerabilities were found in products from three vendors: Atlassian, Microsoft and VMware.
    • “Other vendors that made the list include Apache’s Log4j, F5 Networks, Fortinet and Zoho.
    • * * * “Delayed or inconsistent vulnerability patching remains an underlying problem. This, combined with the unmet need for vendors, designers and developers to adhere to secure-by-design and secure-by-default principles, is aggravating the risk of compromise by malicious cyber actors.
    • “The Five Eyes intelligence alliance, which includes authorities from the U.S., Australia, Canada, New Zealand and the U.K., reiterated the need for vendors to follow secure design practices throughout the software development lifecycle.”
  • Security Week tells us
    • The US government’s cybersecurity agency CISA is calling attention to under-researched attack surfaces in UEFI [Unified Extensible Firmware Interface], warning that the dominant firmware standard presents a juicy target for malicious hackers.
    • “UEFI is a critical attack surface. Attackers have a clear value proposition for targeting UEFI software,” the agency said in a call-to-action penned by CISA technical advisor Jonathan Spring and vulnerability management director Sandra Radesky. 
  • CISA’s Director Jen Easterly blogs about the importance of securing the Border Gateway Protocol, which she describes as being the most important part of the internet you have never heard of.
  • On July 31, CISA added another known exploited vulnerability to its catalog.

From the ransomware front —

  • HHS’s Health Sector Cybersecurity Coordination Center released a sector alert on August 4, 2023.
    • “Rhysida is a new ransomware-as-a-service (RaaS) group that has emerged since May 2023. The group drops an eponymous ransomware via phishing attacks and Cobalt Strike to breach targets’ networks and deploy their payloads. The group threatens to publicly distribute the exfiltrated data if the ransom is not paid. Rhysida is still in early stages of development, as indicated by the lack of advanced features and the program name Rhysida-0.1. The ransomware also leaves PDF notes on the affected folders, instructing the victims to contact the group via their portal and pay in Bitcoin. Its victims are distributed throughout several countries across Western Europe, North and South America, and Australia. They primarily attack education, government, manufacturing, and technology and managed service provider sectors; however, there have been recent attacks against the Healthcare and Public Health (HPH) sector.”
  • Bleeping Computer informs us that “Clop ransomware now uses torrents to leak data and evade takedowns” and it offers its Week in Ransomware.
    • “Ransomware gangs continue to prioritize targeting VMware ESXi servers, with almost every active ransomware gang creating custom Linux encryptors for this purpose.
    • “This week, BleepingComputer analyzed the Linux encryptor for Abyss Locker and illustrated how it was specifically designed to encrypt ESXi virtual machines.”

From the cybersecurity defenses front —

  • Per Forbes
    • “Traditional passwords have proven to be an increasingly problematic authentication strategy in the evolving face of cybersecurity. Biometrics, such as fingerprints, facial recognition and iris scanning, are ushering in a new era of safe authentication.
    • “Biometrics provide distinct advantages over passwords in terms of security, convenience and user experience. But why exactly are biometrics more secure, and how can businesses successfully implement this technology into their existing strategies?
    • Forbes article explains how.
  • HelpNet offers advice on building cybersecurity defenses.
  • Security Intelligence explains how artificial intelligence can reduce data breach life cycles and costs.