As Chinese ATPs and other cybercriminals escalate attacks against U.S. critical infrastructure, changes to cybersecurity standards and practices may be on the way for healthcare organizations and government agencies. Learn all you need to know in this week's Friday Five.
SENATE BILL EYES MINIMUM CYBERSECURITY STANDARDS FOR HEALTH CARE INDUSTRY BY MATT BRACKEN
Senators Ron Wyden and Mark Warner introduced the Health Infrastructure Security and Accountability Act to enforce mandatory minimum cybersecurity standards for healthcare providers, health plans, and related entities. The bill follows the catastrophic ransomware attack on UnitedHealth’s Change Healthcare, which exposed over 100 million patients' sensitive health data. The bill aims to strengthen protections, mandate audits of critical health systems, and hold executives accountable, including potential jail time for misleading the government on cybersecurity compliance. It also proposes $1.3 billion in investments to help hospitals, particularly rural ones, enhance their cyber defenses, addressing cybersecurity gaps across the industry to prevent future attacks.
NIST PROPOSES BARRING SOME OF THE MOST NONSENSICAL PASSWORD RULES BY DAN GOODIN
NIST has proposed updates to its Digital Identity Guidelines, eliminating outdated and counterproductive password requirements like periodic resets, the use of specific character types, and security questions. The new guidelines emphasize common sense practices, such as prohibiting mandatory password changes unless there's evidence of compromise and setting minimum password lengths of eight characters, with a recommendation of at least 15. NIST also suggests allowing longer passwords and discouraging knowledge-based authentication (KBA). These changes aim to improve cybersecurity by addressing the inefficiency and risks of current password rules, though they are not yet universally binding. NIST is accepting public comments on the proposal until October 7.
U.S. INDICTS 2 TOP RUSSIAN HACKERS, SANCTIONS CRYPTEX BY BRIAN KREBS
The U.S. government has issued sanctions and indictments against key figures involved in significant cybercrime operations. This includes Timur Shakhmametov, who allegedly operated the carding site Joker's Stash, and Sergey "Taleon" Ivanov, whose cryptocurrency exchange Cryptex is tied to money laundering. Joker’s Stash, active from 2014 to 2021, sold payment cards stolen in major data breaches, earning over $280 million. Ivanov’s Cryptex facilitated laundering for ransomware and other cybercriminals, handling over $1.6 billion in transactions. The Treasury Department's actions emphasize the crackdown on Russian-based money laundering and illicit financial networks.
CHINA'S 'SALT TYPHOON' COOKS UP CYBERATTACKS ON US ISPS BY TARA SEALS
The advanced persistent threat (APT) "Salt Typhoon," allegedly backed by China, has infiltrated U.S. Internet service providers (ISPs), potentially stealing information and setting the stage for disruptive attacks, enabling surveillance of high-value individuals in sectors like government and military. Analysts suggest the campaign could have military motivations, with parallels to previous Chinese APT operations such as Volt Typhoon, which targeted U.S. infrastructure for disruption. Despite established security practices, many ISPs still have significant vulnerabilities, leaving critical infrastructure susceptible to firmware and supply chain attacks from China-linked APTs.
TRANSPORT, LOGISTICS ORGS HIT BY STEALTHY PHISHING GAMBIT BY NATE NELSON
A group of North American transportation and logistics companies has been targeted in sophisticated business email compromise (BEC) attacks since May. An unknown actor hijacked at least 15 email accounts, embedding malware into ongoing email conversations to exploit the trust built over time. Initially, the attacker used Google Drive files to deliver malware, but later switched to the "ClickFix" technique, tricking users into executing malicious code via fake error messages. Transport and logistics companies are attractive targets due to their numerous business connections and large financial transactions, offering cybercriminals opportunities for further exploitation, including redirecting shipments.
