Cyber Risk Update 3 MAY 2024

This is a selection of this week's events.  Join the conversation for more news and advisories, and connect on our discord server.  CIKR Cyber Sentinels discord server. This server is focused on cybersecurity collaboration with critical infrastructure stakeholders. (TLP Clear Only) Invite: https://discord.gg/PGz3NDKb5V  

Join (ISC)2 East Bay Chapter, membership is free! https://isc2-eastbay-chapter.org/membership/

Events

• RSA Conference next week, I will see you there. Moscone Center, May 6 - 9, 2024  *Standard Period savings is off the Onsite price of a regular Full Conference Pass. The Standard Period ends May 3 at 11:59 PM PT.  https://www.rsaconference.com/

  • Most interesting products to see at RSAC 2024 (CSO) https://www.csoonline.com/article/2097067/most-interesting-products-to-see-at-rsac-2024.html

• Remember Public Sector Day free and on Monday. RSA Public Sector Day, May 6 11am-3pm, Hilton 333 O’Farrell St. San Francisco, CA 94102 https://carahevents.carahsoft.com/Event/Details/445617-web

Incidents

• Rehab Hospital Chain Hack Affects 101,000; Facing 6 Lawsuits. At Least 33 Ernest Health Facilities in 12 States Are Reporting Breaches https://www.healthcareinfosecurity.com/rehab-hospital-chain-hack-affects-101000-facing-6-lawsuits-a-25004

• Andrew Witty, CEO of UnitedHealth Group, said this week in a House subcommittee meeting that an estimated one-third of Americans may have had their data compromised in the Change Healthcare ransomware incident. https://www.cnbc.com/2024/05/01/unitedhealth-ceo-one-third-of-americans-could-be-impacted-by-change-healthcare-cyberattack.html

• REvil Hacker Gets Nearly 14-Year Sentence https://www.govinfosecurity.com/breach-roundup-revil-hacker-gets-nearly-14-year-sentence-a-25002

• Hacker Sentenced After Years of Extorting Psychotherapy Patients. Two years after a warrant went out for his arrest, Aleksanteri Kivimäki finally has been found guilty of thousands of counts of aggravated attempted blackmail, among other charges. https://www.darkreading.com/cyberattacks-data-breaches/hacker-sentenced-after-years-of-extorting-psychotherapy-patients

Guidance and Recourses

• CISA published a blog for National Small Business Week informing small businesses on how eliminate potential risks for threats from the People’s Republic of China. CISA blog: Under the Digital Radar: Defending Against People’s Republic of China’s Nation-State Cyber Threats to America’s Small Businesses.  https://www.cisa.gov/news-events/news/under-digital-radar-defending-against-peoples-republic-chinas-nation-state-cyber-threats-americas

• A “software bill of materials” (SBOM) has emerged as a key building block in software security and software supply chain risk management. An SBOM is a nested inventory, a list of ingredients that make up software components.  While not a brand new concept, the ideas and implementation have advanced since 2018 through a number of collaborative community effort, including National Telecommunications and Information Administration’s (NTIA) multistakeholder process. https://www.cisa.gov/sbom

• NIST offers guidance on AI risk management https://www.csoonline.com/article/2097119/nist-publishes-new-guides-on-ai-risk-for-developers-and-cisos.html

Editorial

• San Francisco Interim CIO Michael Makstman: ‘Make the Technology Meaningful’ https://insider.govtech.com/california/news/san-francisco-interim-cio-make-the-technology-meaningful

• Software Security: Too Little Vendor Accountability, Experts Say https://www.darkreading.com/cyber-risk/software-security-too-little-vendor-accountability-experts-say

Trends

• Chief Risk Officers Say Cybersecurity Most Pressing Risk: Survey https://www.insurancejournal.com/magazines/mag-features/2024/04/15/769327.htm

• IoT Tech News: Global agencies warn of increased cyberattacks against OT devices https://www.iottechnews.com/news/2024/may/02/global-agencies-warn-of-increased-cyberattacks-against-ot-devices

• Cyberattacks involving Kerberoasting rose 583 percent last year, with threat actor Vice Spider responsible for more than a quarter of those incidents, according to CrowdStrike’s 2023 Threat Hunting Report.

• The Record from Recorded Future News: Newly identified botnet targets decade-old flaw in unpatched D-Link devices https://therecord.media/goldoon-botnet-unpatched-dlink-routers

• CISA warned 1,750 organizations of ransomware vulnerabilities last year. Only half took action. More than half of CISA’s ransomware vulnerability warning pilot alerts were sent to government facilities, healthcare and public health organizations. https://www.cybersecuritydive.com/news/cisa-ransomware-vulnerability-warnings/714951/

• 5 key takeways from Verizon’s 2024 Data Breach Investigations Report https://www.csoonline.com/article/2096991/5-key-takeways-from-verizons-2024-data-breach-investigations-report.html

TTP & Malware

• Report shows rise in use of sophisticated hacking tactics "'Terrifying' trend: Over 11 million malware attacks recorded globally in past 4 years" https://www.hcamag.com/asia/specialisation/hr-technology/terrifying-trend-over-11-million-malware-attacks-recorded-globally-in-past-4-years/485771

Nation States

• Pro-Russia hackers target OT weaknesses in critical infrastructure (05/02) https://www.scmagazine.com/news/pro-russia-hackers-target-ot-weaknesses-in-critical-infrastructure

• Iranian hackers harvest credentials through advanced social engineering campaigns https://www.csoonline.com/article/2097509/iranian-hackers-harvest-credentials-through-advanced-social-engineering-campaigns.html

• US warns of North Korean hackers using email security flaws for phishing attacks https://www.nextgov.com/cybersecurity/2024/05/us-warns-north-korean-hackers-using-email-security-flaws-phishing-attacks/396279/

Governance Risk and Compliance

• Biden Signs New Security Memo to Safeguard Critical Infrastructure (05/02) https://otakukart.com/biden-signs-new-security-memo-to-safeguard-critical-infrastructure

• Experts Say White House Memo Overlooks Space Cyber Risks (05/02) https://www.govinfosecurity.com/experts-say-white-house-memo-overlooks-space-cyber-risks-a-25001

Legislative Watch

• Bipartisan Senate bill on AI security would bolster voluntary cyber reporting processes https://fedscoop.com/senate-bill-on-ai-security-bolster-voluntary-cyber-reporting

• New CISA incident reporting draft rule deemed excessive https://www.scmagazine.com/brief/new-cisa-incident-reporting-draft-rule-deemed-excessive

• Electricity providers in Europe will soon have to perform cybersecurity risk assessments for regulators, including disclosing incidents, reporting threats and implementing safeguards, under upcoming rules that aim to prevent hacks from causing blackouts in the region. https://www.wsj.com/articles/new-eu-cyber-rules-for-electricity-providers-aim-to-prevent-cascading-outages-ecd4c71e

• The FCC just doled out big privacy fines. It could soon lose that power. https://www.washingtonpost.com/politics/2024/04/30/fcc-just-doled-out-big-privacy-fines-it-could-soon-lose-that-power/

• Federal Privacy Bill’s Vagueness Threatens Ad-Supported Business https://news.bloombergtax.com/daily-labor-report/federal-privacy-bills-vagueness-threatens-ad-supported-business

Career

• C-suite to cyber pros: Try and tone down the technical jargon. CISO’s complain executives don’t understand cyber-related issues, but clear communication from both sides is critical to creating an aligned security culture. https://www.itpro.com/business/business-strategy/c-suite-to-cyber-pros-try-and-tone-down-the-technical-jargon

• Microsoft is embedding deputy CISOs in its product groups  https://www.bloomberg.com/news/articles/2024-05-02/microsoft-adds-security-chiefs-to-product-groups-in-wake-of-hacking-woes