Cybersecurity Saturday

David ErmerCybersecurity

From the cybersecurity policy front,

  • Per Cybersecurity Dive,
    • “The Biden administration outlined a comprehensive plan Tuesday [June 4] to harmonize a bevy of federal, state and international regulations designed to boost cyber resilience among the nation’s private sector and critical infrastructure providers. Industry stakeholders want the administration to simplify the reporting process to cut back on duplicative disclosure requirements. 
    • “National Cyber Director Harry Coker Jr. said the administration is working on a pilot reciprocity framework to determine how best to streamline the administrative load on critical infrastructure subsectors, in a Tuesday blog post
    • “The administration will also seek additional help from Congress to find legislative authorities to reduce administrative redundancies.
  • The Senate Homeland Security and Governmental Affairs Committee held a hearing on this topic on June 5.
    • “During the hearing, Peters and the witnesses emphasized the importance of having standardized regulations across critical infrastructure sectors to ensure our nation is best prepared to respond to cybersecurity threats. They also reinforced that cybersecurity remains one of the most pressing challenges facing our nation due to our reliance on interconnected systems and increasingly complex cyberattacks. “During the hearing, Peters and the witnesses emphasized the importance of having standardized regulations across critical infrastructure sectors to ensure our nation is best prepared to respond to cybersecurity threats. They also reinforced that cybersecurity remains one of the most pressing challenges facing our nation due to our reliance on interconnected systems and increasingly complex cyberattacks. 
    • “Nicholas Leiserson, Assistant National Cyber Director for Cyber Policy and Programs for the Office of the National Cyber Director (ONCD) – the lead federal agency for harmonizing cybersecurity regulations – discussed the challenges the office faces when trying to promote harmonization. David Hinchman, Director of Information Technology and Cybersecurity at the Government Accountability Office, discussed how regulators can best tailor cybersecurity requirements to promote a cohesive response to protect themselves and critical infrastructure owners and operators from cyberattacks.”  
  • Cyberscoop reports on the hearing and a related CISA action.
  • Cybersecurity Dive adds,
    • “Sen. Ron Wyden, D-Ore., is urging the HHS to require large healthcare organizations to improve their cybersecurity practices as increasing attacks and data breaches rock the industry. “Sen. Ron Wyden, D-Ore., is urging the HHS to require large healthcare organizations to improve their cybersecurity practices as increasing attacks and data breaches rock the industry. 
    • “In a letter to Secretary Xavier Becerra, the chairman of the Senate Committee on Finance said the agency’s approach to regulating healthcare cybersecurity is “woefully inadequate,” leaving the sector vulnerable to attack.” 

From the cybersecurity vulnerabilities and breaches front,

  • Cybersecurity Dive (June 6) and HHS’s Health Sector Cybersecurity Coordination Center (HC3) (June 7) discuss vulnerabilities to Snowflake’s cloud platform.
    • On June 02, 2024, Snowflake observed an increase in cyber threats targeting accounts on their cloud data platform. The vulnerability is possibly associated with CVE-2023-51662. HC3 strongly encourages all users to review the following advisory, and to apply any mitigations to prevent serious damage from occurring to the Healthcare and Public Health (HPH) sector.
  • Dark Reading informs us,
    • “SolarWinds has released its version 2024.2, including a variety of new features and upgrades, along with patches for three different security vulnerabilities.
    • “Notably, one high-severity SWQL injection bug, tracked under CVE-2024-28996 (CVSS 7.5), was reported to SolarWinds security by Nils Putnins, a penetration tester affiliated with the North Atlantic Treaty Organization (NATO), the company reported along with the new release. The other flaws fixed in the latest SolarWinds update included a high-severity cross-site scripting flaw, tracked under CVE-2024-29004 (CVSS 7.1), and a medium-severity race condition vulnerability affecting the Web console, tracked under CVE-2024-28999 (CVSS 7.1), the company said.”
  • HC3 issued on June 4 threat guidance concerning Baxter Welch Allyn vulnerabilities. Baxter Welch Allen manufactures medical devices.

From the ransomware front,

  • Per Cybersecurity Dive,
    • “Ransomware activity surged last year as attackers flocked to legitimate remote access tools to break into enterprise networks, Mandiant said in a Monday [June 3] report. “Ransomware activity surged last year as attackers flocked to legitimate remote access tools to break into enterprise networks, Mandiant said in a Monday [June 3] report.
    • “There were 4,520 posts on data leak sites last year, a 75% increase from 2022. Threat groups use data leak sites to make claims and ramp up pressure on alleged victims. The number of posts surged to more than 1,300 in the third quarter, setting a quarterly record, Mandiant said. The firm tracked more than 1,200 data leak site posts in the second quarter.
    • “In 2023, Mandiant led 20% more investigations involving ransomware than the previous year, underscoring further evidence of a swell in attacks. “The slight dip in extortion activity in 2022 was an anomaly,” the incident response and research firm said.”
  • Per Fierce Healthcare, “Ascension targets June 14 for system-wide EHR restoration after ransomware attack.”
  • Statescoop lets us know,
    • “Victims of ransomware attacks by the Russian ransomware group LockBit can now unlock their encrypted data for free using the 7,000 decryption keys obtained by the FBI, a federal official announced during an event in Boston on Wednesday [June 4]. “Victims of ransomware attacks by the Russian ransomware group LockBit can now unlock their encrypted data for free using the 7,000 decryption keys obtained by the FBI, a federal official announced during an event in Boston on Wednesday.
    • “The announcement comes after law enforcement took down the group’s infrastructure in February through “Operation Cronos,” an international operation designed to disrupt LockBit’s business model and expose members of the ransomware gang, FBI Cyber Division Assistant Director Bryan Vorndran said in a keynote Wednesday at the 2024 Boston Conference on Cyber Security.
    • “Though the gang still operates, reports show the mission disrupted its activities.
    • “From our ongoing disruption of LockBit, we now have over 7,000 decryption keys and can help victims reclaim their data and get back online,” Vorndran said.”

From the cybersecurity defenses front,

  • Cybersecurity Dive tells us
    • “Telecommunications, media and technology companies are outperforming other sectors in cybersecurity, with more advanced defenses and cyber governance models, Moody’s said Thursday in a report on the sector.” Telecommunications, media and technology companies are outperforming other sectors in cybersecurity, with more advanced defenses and cyber governance models, Moody’s said Thursday in a report on the sector.
    • “Companies in these sectors accelerated cybersecurity spending by more than 125% on average during the last five years, compared to a 100% growth rate over that period for all global companies, according to the report. Technology companies doubled their cybersecurity spending over the five-year period while telecom businesses increased spending by more than 250%. 
    • “Cybersecurity spending nearly doubled during the past five years, accounting for 10% of companies’ technology budgets in 2023, according to Moody’s. The report is based on Moody’s research and a survey of more than 1,700 respondents.”
  • Here’s a link to Dark Reading’s CISO corner.