Cybersecurity Saturday

David ErmerCybersecurity, Generative AI

From the cybersecurity policy front,

  • Federal News Network tells us,
    • “White House officials are contemplating a new cybersecurity executive order that would focus on the use of artificial intelligence.
    • “Federal cybersecurity leaders, convening at the Billington Cybersecurity Conference in Washington this past week, described AI as both a major risk and a significant opportunity for cyber defenders.
    • ‘White House Deputy National Security Advisor Anne Neuberger called AI a “classic dual use technology.” But Neuberger is bullish on how it could improve cyber defenses, including analyzing logs for cyber threats, generating more secure software code, and patching existing vulnerabilities.
    • “We see a lot of promise in the AI space,” Neuberger said. “You saw it in the president’s first executive order. As we work on the Biden administration’s potentially second executive order on cybersecurity, we’re looking to incorporate some particular work in AI, so that we’re leaders in the federal government in breaking through in each of these three areas and making the tech real and proving out what’s possible.”
  • Per a Labor Department Employee Benefit Security Administration press release,
    • “In its continuing effort to protect U.S. workers’ retirement and health benefits, the U.S. Department of Labor today updated current cybersecurity guidance confirming that it applies to all types of plans governed by the Employee Retirement Income Security Act, including health and welfare plans, and all employee retirement benefit plans.
      • “The new Compliance Assistance Release issued by the department’s Employee Benefits Security Administration provides best practices in cybersecurity for plan sponsors, plan fiduciaries, recordkeepers and plan participants. The release updates EBSA’s 2021 guidance and includes the following:
      • Tips for Hiring a Service Provider: Helps plan sponsors and fiduciaries prudently select a service provider with strong cybersecurity practices and monitor their activities, as ERISA requires.
      • Cybersecurity Program Best Practices: Assists plan fiduciaries and recordkeepers in mitigating risks. 
      • Online Security Tips: Offers plan participants who check their online retirement accounts with rules for reducing the risk of fraud and loss.”
  • Cybersecurity Dive lets us know,
    • “The White House Office of the National Cyber Director launched a program Wednesday to help fill the gap of about 500,000 available cybersecurity jobs across the country. 
    • “Service for America, a program developed alongside the Office of Management and Budget and the Office of Personnel Management, is a recruitment and hiring push that will help connect Americans with available jobs in cybersecurity, technology and artificial intelligence. 
    • “The program’s major emphasis is to reach job candidates without traditional qualifications, such as computer science or engineering backgrounds. 
    • “Many Americans do not realize that a cyber career is available to them,” National Cyber Director Harry Coker Jr. said in a blog post released Wednesday. “There is a perception that you need a computer science degree and a deeply technical background to get a job in cyber.”
    • “In reality, Coker said people of all backgrounds can find well-paying jobs in cybersecurity, and the White House has been promoting efforts to connect a new generation of prospective candidates into those positions.”
  • and
    • “Marsh McLennan and Zurich Insurance Group on Thursday [September 5] issued a call for government intervention to help resolve the growing risk of catastrophic cyber events and a multibillion dollar gap in terms of what the current insurance market can absorb. 
    • “The cyber insurance market has seen significant growth in recent years, and is expected to exceed $28 billion in gross written premiums in 2027, more than double the amount written in 2023, according to a whitepaper released by the firms Thursday.  
    • “However, the companies warn a risk protection gap of about $900 billion exists between insured losses and economic losses due to cyberattacks. Many small- to medium-sized businesses are either underinsured or carry no coverage to protect against such losses.” 

From the cyber vulnerabilities and breaches front,

  • Per a Centers for Medicare Services press release,
    • “The Centers for Medicare & Medicaid Services (CMS) and Wisconsin Physicians Service Insurance Corporation (WPS) are notifying people whose protected health information or other personally identifiable information (PII) may have been compromised in connection with Medicare administrative services provided by WPS. WPS is a CMS contractor that handles Medicare Part A/B claims and related services for CMS.  
    • “The notification comes following discovery of a security vulnerability in the MOVEit software, a third-party application developed by Progress Software and used by WPS for the transfer of files in providing services to CMS. WPS is among many organizations in the United States that have been impacted by the MOVEit vulnerability. The security incident may have impacted PII of Medicare beneficiaries that was collected in managing Medicare claims as well as PII collected to support CMS audits of healthcare providers that some individuals who are not Medicare beneficiaries have visited to receive health care services.
    • “CMS and WPS are mailing written notifications to 946,801 current people with Medicare whose PII may have been exposed, informing them of the breach and explaining actions being taken in response.”
  • Cybersecurity Dive reports,
    • “Federal authorities in the U.S. and nine other countries warn that threat groups affiliated with Russia’s military intelligence service are targeting global critical infrastructure and key resource sectors, according to a joint cybersecurity advisory released Thursday. 
    • “Threat groups affiliated with a specialist unit of the Russian General Staff Main Intelligence Directorate have targeted government services, financial services, transportation systems, energy, and healthcare sectors of NATO members and countries in Europe, Central America and Asia, officials said in the advisory.
    • “To date, the FBI has observed more than 14,000 instances of domain scanning across at least 26 NATO members and several additional EU countries,” authorities said in the advisory. The attackers have defaced victim websites, scanned infrastructure, and exfiltrated and leaked stolen data.”
  • The Cybersecurity and Infrastructure Security Agency added three known exploited vulnerabilities to its catalog:
  • Dark Reading adds,
    • “This week the US Cybersecurity and Infrastructure Security Agency (CISA) warned about two new industrial control systems (ICS) vulnerabilities in products widely used in healthcare and critical manufacturing — sectors prone to attract cybercrime.
    • “The vulnerabilities affect Baxter’s Connex Health Portal and Mitsubishi Electric’s MELSEC line of programmable controllers. Both vendors have issued updates for the vulnerabilities and recommended mitigations that customers of the respective technologies can take to further mitigate risk.”
  • Per Cybersecurity Dive,
    • “Just over half of businesses in the U.S. and U.K. have been targets of a financial scam powered by “deepfake” technology, with 43% falling victim to such attacks, according to a survey by finance software provider Medius.
    • “Of the 1,533 U.S. and U.K. finance professionals polled by Medius, 85% viewed such scams as an “existential” threat to their organization’s financial security, according to a report on the findings published last month. Deepfakes are artificial intelligence-manipulated images, videos, or audio recordings that are bogus yet convincing.
    • “More and more criminals are seeing deepfake scams as an effective way to get money from businesses,” Ahmed Fessi, chief transformation and information officer at Medius, said in an interview. These scams “combine phishing techniques with social engineering, plus the power of AI.”

From the ransomware front,

  • Tech Radar points out,
    • “Research from Searchlight Cyber has shown the number of ransomware groups that operated in the first half of 2024 rose to 73, up from 46 in the same period of 2023. The findings suggest law enforcement’s efforts to curb cyber criminal groups have seen some success, especially in disrupting the operations of notorious group BlackCat, which has since dissolved.
    • “Groups were targeted by law enforcement in ‘Operation Cronos’, which facilitated the arrests of two people, took down 28 servers, obtained 1,000 decryption keys, and froze 200 crypto accounts – all linked to the infamous LockBit organization.
    • “Although the number of groups has risen, the number of victims has fallen, which indicates a potential diversification rather than growth of ransomware groups. Other Ransomware as a Service (RaaS) groups such as RansomHub and BlackBasta have become more active, complicating the landscape for cyber security.
  • Tripwire fills us in about Cicada ransomware.
  • ‘Per Cybersecurity Dive,
    • “A previously disclosed cyberattack at Halliburton disrupted parts of its operations and information was stolen in connection with the incident, the company said in a filing with the Securities and Exchange Commission Tuesday. 
    • “Halliburton discovered the attack in late August and immediately shut off certain services as a proactive measure. It continues to offer its products and services across the globe, the company said.
    • “The Houston company has incurred and will continue to incur certain expenses related to the attack. However, it does not expect the attack to have a material impact on its financial condition or results of operations.”

From the cybersecurity defenses front,

  • The Wall Street Journal reports,
    • “Cybersecurity professionals are reporting modest budget increases amid the need to defend against new hacking threats and secure emerging technologies such as artificial intelligence.
    • “Spending on cybersecurity is rising 8% this year, compared with 6% in 2023, according to a survey of chief information security officers published Thursday by cybersecurity consulting firm IANS and recruiting company Artico Search. The survey polled 755 CISOs from April into August, with 681 completing its budget section.
    • “Despite the small improvement, security spending is growing at a lower rate than the 17% increase in 2022. Still, the shift indicates a gradual recovery after companies slowed cyber spending and in some cases froze hiring after the pandemic, said Steve Martano, an Artico partner and IANS faculty member. 
    • “People are feeling more optimistic than they were six months ago,” Martano said, adding that more cybersecurity leaders are seeing small budget increases and there are signs the security job market will improve.”
  • Dark Reading offers a commentary on “How CISOs Can Effectively Communicate Cyber-Risk. A proximity resilience graph offers a more accurate representation of risk than heat maps and risk registers,and allows CISOs to tell a complex story in a single visualization.”
  • ISACA offers a commentary on “The Never-ending Quest: Why Continuous Monitoring is Crucial for Cybersecurity.”
  • If you work for or represent a small or medium sized HIPAA covered entity or business associate, you may want to “register for an introductory webinar [to held on September 10 at noon ET and September 11 at 3 pm] on the free Security Risk Assessment Tool (SRA Tool) hosted by Altarum with the U.S. Department of Health and Human Services Office for Civil Rights (OCR) and the Assistant Secretary for Technology Policy (ASTP). The webinar will also feature changes in SRA Tool version 3.5, available in September 2024.”
  • Security Week shares a discussion between CSOs Jaya Baloo from Rapid7 and Jonathan Trull from Qualys about the route, role, and requirements in becoming and being a successful CISO.

Leave a Reply

Your email address will not be published. Required fields are marked *