Friday Five: Real-Life Cyber Consequences, New Ransomware Stats, & More

CISA PROPOSES NEW SECURITY REQUIREMENTS TO PROTECT GOVT, PERSONAL DATA BY BILL TOULAS

CISA has proposed security requirements to prevent adversarial states from accessing sensitive U.S. personal and government-related data, especially in transactions with potential data exposure to "countries of concern." This proposal, part of Executive Order 14117, impacts sectors like AI, cloud services, telecom, health, finance, and defense. Requirements include maintaining a monthly asset inventory, rapid vulnerability remediation, enforcing multi-factor authentication, logging security events, limiting data access, employing encryption, and more. Public input is invited on regulations.gov under CISA-2024-0029 to refine these guidelines.

Read more

RANSOMWARE ATTACKS ON HEALTH CARE SECTOR ARE DRIVING INCREASE IN EMERGENCY PATIENT CARE BY TIM STARKS

Per a recent Microsoft report, ransomware attacks on the healthcare sector have surged 300% since 2015, posing significant patient safety risks. Iranian hackers are the primary perpetrators, targeting hospitals, clinics, and any facility where patient care can be disrupted, leading to increased cardiac arrest and stroke incidents at unaffected hospitals receiving overflow patients. The average ransom paid by healthcare organizations is $4.4 million. Microsoft and experts like Jeff Tully, co-director at UC San Diego’s Center for Healthcare Cybersecurity, stress the importance of developing resilience and a ransomware response plan to mitigate these impacts on critical care technologies and patient outcomes.

Read more

SEC CHARGES TECH COMPANIES FOR DOWNPLAYING SOLARWINDS BREACHES BY LAWRENCE ABRAMS

The SEC charged four tech companies with misleading investors about the impact of their breaches in the 2020 SolarWinds Orion hack, claiming that these companies allegedly minimized their cyber incidents, concealing the extent of unauthorized access and data exposure. The SEC’s investigation found that the organizations misrepresented risks as hypothetical, downplayed the scale of accessed files, used "generic terms" in their reporting, and omitted details on stolen code and credentials. The SolarWinds breach affected numerous companies and U.S. government agencies, and as a result, the organizations have agreed to settle and pay nearly a combined $7 million. 

Read more

MEET THE CHINESE ‘TYPHOON’ HACKERS PREPARING FOR WAR BY CARLY PAGE

China-backed hackers, described as an "epoch-defining threat," are increasingly targeting U.S. critical infrastructure to prepare for potential cyberattacks in case of a U.S.-China conflict, with key groups including Volt Typhoon, Flax Typhoon, and Salt Typhoon. Volt Typhoon, first identified in 2023, infiltrated infrastructure sectors by exploiting outdated devices, while Flax Typhoon, discovered in 2021, used a botnet to disguise attacks on U.S. networks. Salt Typhoon recently compromised wiretap systems at major telecom providers, potentially exposing sensitive U.S. surveillance data. The U.S. has disrupted several of these botnets but continues investigating this significant and complex cyber threat.

Read more

MACOS-FOCUSED RANSOMWARE ATTEMPTS LEVERAGE LOCKBIT BRAND BY KEVIN POIREAULT

A threat actor is experimenting with macOS-targeted ransomware, dubbed “macOS NotLockBit,” based on an old LockBit builder, according to a recent report. This malware only functions on Macs using Intel chips or those with Rosetta and gathers system data before exfiltrating files. It uses asymmetric encryption, rendering decryption impossible without the attacker’s private key, and displays a LockBit 2.0 banner, despite lacking genuine LockBit code. The malware faces challenges due to Apple’s security prompts, but future versions may seek to bypass these barriers. Although ransomware on macOS remains rare, attackers see potential in adapting the double extortion tactics commonly used on other platforms to Apple devices.

Read more