Cybersecurity Saturday

David ErmerCybersecurity

From Capitol Hill, Politico tells us about developments in privacy and cybersecurity legislative efforts.

From the cyber vulnerabilities front —

  • The HHS Health Sector Cybersecurity Coordination Center (HC3) issued its monthly vulnerabilities bulletin for October 2022.
  • The Cybersecurity and Information Security Agency (CISA) added another known exploited vulnerability to its catalog.
  • ZDNet reports on a “concerning” tactic that hackers are using to dodge multi-factor authentication.
  • Health IT Security adds “Numerous cloud attacks are successfully exploiting the healthcare sector for financial gain, according to a newly released 2022 Cloud Security Report by cybersecurity vendor Netwrix.”

Cybersecurity Dive warns us

More than one-third of respondents said it took their organization longer to assess the scope, stop and recover from a holiday or weekend attack compared to a weekday, according to a Cybereason survey published Wednesday November 16]. Larger organizations with more than 2,000 employees were even more likely to experience delays.

Organizations would lose more money as a result of a ransomware attack on a weekend or holiday than they were a year ago, according to Cybereason. One-third of respondents said their organization lost more money from a holiday or weekend ransomware attack, up from 13% in 2021.

Organizations in education and travel and transportation reported a greater likelihood of financial losses from a holiday or weekend attack instead of a weekday. About 2 in 5 respondents in those industries said their organization suffered a larger economic impact.

From the ransomware front —

Health IT Security reports

HHS, the Federal Bureau of Investigation (FBI), and the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint cybersecurity advisory about Hive ransomware actors. The ransomware actors have been repeatedly targeting critical infrastructure, especially the healthcare sector since they were first observed in June 2021.

As of November 2022, Hive ransomware actors have victimized more than 1,300 companies globally and gained $100 million in ransom payments. The group has claimed multiple healthcare victims, including an attack on Memorial Health System in August 2021 that resulted in appointment cancellations, clinical disruptions, and EHR downtime. * * *

Healthcare organizations should secure and monitor RDP, install updates for software, firmware, and operating systems as soon as they are released, and maintain offline data backups. In addition, organizations were encouraged to enable PowerShell Logging and install and regularly update antivirus software.

The federal bodies also urged organizations to prepare for the event of a ransomware attack by reviewing the security postures of third-party vendors, implementing a recovery plan, and documenting external remote connections.

In the event of a Hive ransomware attack, organizations should isolate infected systems, secure backups, and turn off other computers and devices to manage the attack. Paying the ransom is also highly discouraged, as it may incentivize threat actors to continue victimizing organizations.

“This is another example of foreign-based, primarily Russian-speaking, hackers attacking U.S. health care, John Riggi, the American Hospital Association’s (AHA) national advisor for cybersecurity and risk, said in a subsequent announcement.

Here is Bleeping Computer’s current Week in Ransomware.

Other news this week are new reports on rising ransomware operations:

From the cybersecurity defenses front

  • The National Institutes of Standards and Technology issued SP 800-125, which is a “Guide to a Secure Enterprise Network Landscape.”
  • Forbes provides a new approach to closing the cybersecurity talent gap.