As ransomware operators continue to expand the impact of their malware, CISA is proposing new requirements to help protect sensitive data, while the SEC is coming down on organizations that downplayed a historical breach. Learn all about these stories and more in this week's Friday Five.
CISA Proposes New Security Requirements to Protect GOVT, Personal Data by BILL TOULAS
CISA has proposed security requirements to prevent adversarial states from accessing sensitive U.S. personal and government-related data, especially in transactions with potential data exposure to "countries of concern." This proposal, part of Executive Order 14117, impacts sectors like AI, cloud services, telecom, health, finance, and defense. Requirements include maintaining a monthly asset inventory, rapid vulnerability remediation, enforcing multi-factor authentication, logging security events, limiting data access, employing encryption, and more. Public input is invited on regulations.gov under CISA-2024-0029 to refine these guidelines.
Ransomware Attacks on Health Care Sector are Driving Increase in Emergency Patient Care by Tim Starks
Per a recent Microsoft report, ransomware attacks on the healthcare sector have surged 300% since 2015, posing significant patient safety risks. Iranian hackers are the primary perpetrators, targeting hospitals, clinics, and any facility where patient care can be disrupted, leading to increased cardiac arrest and stroke incidents at unaffected hospitals receiving overflow patients. The average ransom paid by healthcare organizations is $4.4 million. Microsoft and experts like Jeff Tully, co-director at UC San Diego’s Center for Healthcare Cybersecurity, stress the importance of developing resilience and a ransomware response plan to mitigate these impacts on critical care technologies and patient outcomes.
SEC Charges Companies for Downplaying SolarWinds Breaches by Lawrence Abrams
The SEC charged four tech companies with misleading investors about the impact of their breaches in the 2020 SolarWinds Orion hack, claiming that these companies allegedly minimized their cyber incidents, concealing the extent of unauthorized access and data exposure. The SEC’s investigation found that the organizations misrepresented risks as hypothetical, downplayed the scale of accessed files, used "generic terms" in their reporting, and omitted details on stolen code and credentials. The SolarWinds breach affected numerous companies and U.S. government agencies, and as a result, the organizations have agreed to settle and pay nearly a combined $7 million.
Meet the Chinese ‘Typhoon’ Hackers Preparing for War by Carly Page
China-backed hackers, described as an "epoch-defining threat," are increasingly targeting U.S. critical infrastructure to prepare for potential cyberattacks in case of a U.S.-China conflict, with key groups including Volt Typhoon, Flax Typhoon, and Salt Typhoon. Volt Typhoon, first identified in 2023, infiltrated infrastructure sectors by exploiting outdated devices, while Flax Typhoon, discovered in 2021, used a botnet to disguise attacks on U.S. networks. Salt Typhoon recently compromised wiretap systems at major telecom providers, potentially exposing sensitive U.S. surveillance data. The U.S. has disrupted several of these botnets but continues investigating this significant and complex cyber threat.
MACOS-Focused Ransomware Attemtps Leverage Lockbit Brand by Kevin Poireault
A threat actor is experimenting with macOS-targeted ransomware, dubbed “macOS NotLockBit,” based on an old LockBit builder, according to a recent report. This malware only functions on Macs using Intel chips or those with Rosetta and gathers system data before exfiltrating files. It uses asymmetric encryption, rendering decryption impossible without the attacker’s private key, and displays a LockBit 2.0 banner, despite lacking genuine LockBit code. The malware faces challenges due to Apple’s security prompts, but future versions may seek to bypass these barriers. Although ransomware on macOS remains rare, attackers see potential in adapting the double extortion tactics commonly used on other platforms to Apple devices.
