Cybersecurity News of the Week, March 10, 2024

This week’s essential cybersecurity and privacy news for the cyber-aware and the cyber-concerned. Designed to educate, support, and advocate.

Stan’s Top of the News

This week’s Top of the News is the continuing disruption of America’s health care system resulting from the cyberattack on Change Healthcare. To put the magnitude of the disruption in context, Change Healthcare manages one of every three patient records — amounting to 15 billion transactions a year and an estimated $100 million per day.

  • Just this morning the US Department of Health and Human Services issued a Letter to Health Care Leaders on Cyberattack on Change Healthcare, writing “As you know, last month Change Healthcare was the target of a cyberattack that has had significant impacts on much of the nation’s health care system. The effects of this attack are far-reaching; Change Healthcare, owned by UnitedHealth Group (UHG), processes 15 billion health care transactions annually and is involved in one in every three patient records. The attack has impacted payments to hospitals, physicians, pharmacists, and other health care providers across the country. Many of these providers are concerned about their ability to offer care in the absence of timely payments, but providers persist despite the need for numerous onerous workarounds and cash flow uncertainty. … In a situation such as this, the government and private sector must work together to help providers make payroll and deliver timely care to the American people. The Biden-Harris Administration has taken action by removing challenges for health care providers and addressing this cyberattack head on. Now, we are asking private sector leaders across the health care industry – especially other payers – to meet the moment. … The Biden-Harris Administration remains committed to ensuring that all Americans can access needed care in spite of this cyberattack. We urge the private sector to quickly identify and carry out solutions. Specifically, we call on UnitedHealth Group , other insurance companies, clearinghouses, and health care entities to take additional actions to mitigate the harms this attack places on patients and providers, particularly our safety net providers.
  • Medicare announces emergency funds for doctors affected by Change Healthcare hack: Federal health officials on Saturday said they would offer emergency funding to physicians, physical therapists and other professionals that provide outpatient health care, following a cyberattack that crippled the nation’s largest processor of medical claims and left many organizations in financial distress.
  • Industry in need of ‘immediate relief’ following cyberattack on Change Healthcare, hospital group says: The American Hospital Association is accusing the parent company of Change Healthcare — which for two weeks has dealt with a cybersecurity incident that has caused disruptions at pharmacies nationwide — of failing to adequately address the issues healthcare providers face getting reimbursed for services as a result of the attack.
  • With Cyberattack Fix Weeks Away, Health Providers Slam United: Hospitals, doctors and clinics expressed frustration that they will have to wait even longer for reimbursements after hackers paralyzed the largest U.S. billing clearinghouse. … More than two weeks after a cyberattack, financially strapped doctors, hospitals and medical providers on Friday sharply criticized UnitedHealth Group’s latest estimate that it would take weeks longer to fully restore a digital network that funnels hundreds of millions of dollars in insurance payments every day.

From SecureTheVillage

  • Small and Midsize Organizations. Take your security to the next level. Apply Now! If you’re a small business, nonprofit, or IT / MSP in the greater Los Angeles area, apply NOW for LA Cybersecure, a pilot program with coaching and guidance that costs less than two cups of coffee a week. The LA Cybersecure Pilot Program is funded by a grant from the Center for Internet Security (CIS) Alan Paller Laureate Program.
  • Family Protection Newsletter: Did you know we created the Family Protection Newsletter for non-cyber experts? For your parents, friends, those who need to protect themselves in a digital world. Sign up or share with a friend! Click here to learn more and quickly add to your free subscription! 
  • How Hackable Are You? Think your defenses are strong. Find out as SecureTheVillage tests you on five basics. Get our Baker’s Dozen information security controls. Please take our short test as your answers will help you and guide us to improve community safety.
  • Upcoming events. Please join us.
    • Los Angeles Cybersecurity Workforce Coalition: The monthly meeting of the workforce coalition, Tue, April 2 , 1:00 pm – 2:00 pm PT. The LA Cybersecurity Workforce Coalition is for employers, educators, government, nonprofits, and others with a professional interest in the cybersecurity workforce challenge.
    • Information Security Threat Briefing – A DFPI / FBI / SecureTheVillage Collaboration: SecureTheVillage in collaboration with the CA Department of Financial Protection and Innovation (DFPI) is hosting a cybersecurity threat briefing specifically designed for financial institutions, other fintech organizations, and their IT service providers, MSPs, insurance brokers, and others. FBI Supervisory Special Agent (SSA) Michael Sohn is the keynote speaker. Friday, April 19, 8:30 am – 10:00 am PT.
  • Please Support SecureTheVillage: We need your help if we’re to build a world of CyberGuardians TM. Please donate to SecureTheVillage. Thank you. It takes a village to secure the village. TM

Cyber Humor

Cybersecurity Nonprofit of the Week  …  US Valor

Kudos this week to US Valor, a nonprofit with two intertwined objectives: (1) helping veterans transition back into civilian life and (2) helping America meet our cybersecurity workforce challenge. US Valor does this through an innovative Department of Labor approved Apprenticeship Program. The US Valor Cybersecurity Apprenticeship Program (CAP) is all about helping transitioning military personnel and U.S. Veterans experience a smooth transition from military life to the civilian world through its Department of Labor Registered Apprenticeship Program (RAP). I’m a proud member of US Valor’s Advisory Board and I encourage you to support them.

Section 2 – Let’s Be Careful Out There. And Let’s Help Others Who Aren’t Yet Cyber-Aware. 

Another story on the importance of having different passwords for different systems. Reusing passwords has become very high risk.

  • Stolen passwords are a hacker goldmine now: Hackers increasingly rely on legitimate user accounts over malware to break into some of the biggest companies. … Why it matters: Finding someone’s password or authentic browser session tokens is pretty easy on the dark web thanks to a growing dark-net market where hackers buy and sell information stolen from years of data breaches. … Hackers using stolen user accounts to exfiltrate data from a company’s network can more easily disguise their activities — averting detection from traditional cyber monitoring tools.

Another warning, this from the BBB, on online dating dangers.

And a warning from The Points Guy on protecting your points and miles, including some good advice.

  • Warning: How fraudsters are using social engineering to steal points and miles: 11 min read.  Imagine logging in to your credit card account and seeing that your hard-earned points balance has been drained to zero. This is exactly what happened to TPG reader Tyler from St. Louis recently when he opened his Chase app. … Tyler (who prefers to use his first name only) is a self-described “award travel hobbyist.” While waiting for his car to be serviced, he was killing time by planning out award travel to see if he could meet or beat the point value based on TPG valuations (which is better than mindlessly scrolling social media, in our humble opinion). … Knowing he hadn’t recently redeemed any points, he assumed the zero balance was a glitch. “I quit the app and tried again, and it was still zero,” he recalled. “I then decided to look through the transaction history and saw two attempts to cash out the points a couple of weeks prior. The first was for an even number and was canceled. The second was for the specific amount of points I had in my account, and that attempt was successful,” he continued. … That was when he called Chase to try and find out why his points had disappeared and who was behind it.

Section 3 – Cybersecurity and Privacy News for the Cyber-Concerned.

Lots of national cyber security news this week.

  • Espionage Probe Finds Communications Device on Chinese Cranes at U.S. Ports: Lawmakers’ discovery has fueled worries in Washington that the China-built equipment could be a national-security threat at America’s ports. … WASHINGTON—A congressional probe of Chinese-built cargo cranes deployed at ports throughout the U.S. has found communications equipment that doesn’t appear to support normal operations, fueling concerns that the foreign machines may pose a covert national-security risk. … The installed components in some cases include cellular modems, according to congressional aides and documents, that could be remotely accessed. … The discovery of the modems by lawmakers, which hasn’t been previously reported, has added to concerns in Washington about port security and China. The Pentagon and intelligence officials at other agencies in the Biden administration have grown increasingly alarmed by the potential threat of disruption and espionage presented by the giant cranes built by ZPMC, a China-based manufacturer that accounts for nearly 80% of ship-to-shore cranes in use at U.S. ports. 
  • Biden Acts to Stop Sales of Sensitive Personal Data to China and Russia: In an attempt to limit blackmail and other harm, he issued an executive order asking the Justice Department to write rules restricting sales to six countries. … President Biden issued an executive order Wednesday seeking to restrict the sale of sensitive American data to China, Russia and four more countries, a first-of-its-kind attempt to keep personally identifying information from being obtained for blackmail, scams or other harm. … The president asked the Justice Department to write rules restricting the sale of information about Americans’ locations, health and genetics to China, Russia, Iran, North Korea, Cuba and Venezuela, as well as any entities linked to those countries. The restrictions would also cover financial information, biometric data and other types of information that could identify individuals and sensitive information related to the government. … The White House said this kind of sensitive data could be used for blackmail, “especially for those in the military or national security community,” and against dissidents, journalists and academics.
  • U.S. bans maker of spyware that targeted a senator’s phone: The Treasury Department banned the company, Intellexa, from doing business in the U.S. … The Treasury Department on Tuesday banned a notorious creator of software that can hack smartphones and turn them into surveillance devices from doing business in the U.S. … The sanctions constitute the most aggressive action taken by the U.S. government against a spyware company. … The company, Intellexa, develops a software called Predator, which can take over a person’s phone and turn it into a surveillance device. Predator and other major spyware programs boast capabilities such as secretly turning on the user’s microphone and camera, downloading their files without their knowledge and tracking their location.
  • Microsoft Says Russian-Sponsored Hackers Still Using Stolen Information: Company said in January that hackers took information from email accounts of its leadership team and other employees. … Microsoft said a Russian state-sponsored hacking group that stole information from its senior leadership team is still using that information to gain unauthorized access to its internal systems. … The technology company disclosed in January that the group, which it has identified as Midnight Blizzard, had extracted information from a small percentage of employee email accounts, including members of its senior leadership team and employees in its cybersecurity and legal teams. … Since that disclosure, the group has used that information to gain access to Microsoft’s source code repositories and internal systems, the company said Friday. … The volume of some aspects of the attack, including password sprays, jumped 10-fold in February compared with the already large volume Microsoft encountered in January, it said. … “Midnight Blizzard’s ongoing attack is characterized by a sustained, significant commitment of the threat actor’s resources, coordination, and focus,” Microsoft said. … The company said that its investigations of Midnight Blizzard activities are continuing and that it is coordinating efforts with federal law enforcement.

A report from UK’s Chartered Institute of Information Security has some disturbing news.

  • Cyber workers turning to crime, warns study: Disgruntled cybersecurity workers, including code developers and AI experts, are offering their services on the dark web for extra cash. On top of that, other professions whose work may have been jeopardized by machine learning are also hiring themselves out to criminals. … What’s more, if the problem is not addressed by better salaries and working conditions, the cybersecurity industry could risk losing as many as one in ten workers to cybercrime. … The stark warning comes from the Chartered Institute of Information Security (CIISec), which trawled the dark web and found some alarming advertisements put up there by seasoned cybersecurity professionals.

Cyberattacks on the banking sector are in the news this week.

  • Banks Face ‘Hacktivist’ Cyberattacks: Politically motivated hackers are the main driver behind a surge in denial-of-service attacks against banks and other financial services firms worldwide, researchers say. … Banks and other financial firms are facing a barrage of cyberattacks that aim to temporarily disrupt their websites and apps, primarily driven by a surge in so-called hacktivists who target companies in geopolitical hot spots. … Hackers are using new and more aggressive tactics to take down or slow access to companies’ websites and online services. The hacks, typically considered a low-level nuisance, can be damaging for banks that need to be accessible all the time, said Teresa Walsh, global head of intelligence for the Financial Services Information Sharing and Analysis Center, a nonprofit that facilitates the sharing of information about cyber threats among financial firms. … “Even just being offline for a minute can cause huge reputational risks,” she said. … Denial-of-service attacks targeting financial services companies grew by 154% in 2023, compared with the year before, according to a new report Wednesday from FS-ISAC and cybersecurity company Akamai Technologies. … . The data reflects attacks against 225 financial services companies located in 39 different countries, all of which are Akamai customers. 
  • First BofA, Now Fidelity: Same Vendor Behind Third-Party Breaches: The private information of more than 28,000 people may have been accessed by unauthorized actors, thanks to a cyber incident at service provider Infosys McCamish — the same third party recently responsible for the Bank of America breach.

The recent leak of information about China’s hacking continues to bring valuable information of the role of the Chinese government in China’s cybercrime economy.

  • Behind the doors of a Chinese hacking company, a sordid culture fueled by influence, alcohol and sex: BEIJING (AP) — The hotel was spacious. It was upscale. It had a karaoke bar. The perfect venue, the CEO of the Chinese hacking company thought, to hold a Lunar New Year banquet currying favor with government officials. There was just one drawback, his top deputy said. “Who goes there?” the deputy wrote. “The girls are so ugly.” … So goes the sordid wheeling and dealing that takes place behind the scenes in China’s hacking industry, as revealed in a highly unusual leak last month of internal documents from a private contractor linked to China’s government and police. China’s hacking industry, the documents reveal, suffers from shady business practices, disgruntlement over pay and work quality, and poor security protocols. … Private hacking contractors are companies that steal data from other countries to sell to the Chinese authorities. Over the past two decades, Chinese state security’s demand for overseas intelligence has soared, giving rise to a vast network of these private hackers-for-hire companies that have infiltrated hundreds of systems outside China. … Though the existence of these hacking contractors is an open secret in China, little was known about how they operate. But the leaked documents from a firm called I-Soonhave pulled back the curtain, revealing a seedy, sprawling industry where corners are cut and rules are murky and poorly enforced in the quest to make money.

A walk down memory lane on the shifting role of the CISO.

  • 30 years of the CISO role – how things have changed since Steve Katz: The first-ever CISO was mostly a technically oriented executive. They’ve since evolved into masters of risk management, threat mitigation, regulatory compliance, data privacy, and much more.  … When Steve Katz became the first-ever CISO in 1995, Netscape Navigator was the world’s most popular browser, Mark Zuckerberg was in middle school, smartphones were a decade away, and SSL 2.0 was brand new. … Katz was offered the job of chief information security officer (a brand-new position that had never existed before) by Citicorp while the bank was still reeling from an incident the previous year in which hackers tried to steal $10 million through fraudulent international fund transfers. The cyber crooks made off with $400,000 before Citicorp foiled their scam. “It was two Russian kids out of St. Petersburg who were trying to find a way to get free telephone service,” Katz recalled in a 2021 interview for author Todd Fitzgerald’s CISO Stories podcast.

Section 4 – Managing  Information Security and Privacy in Your Organization.

The recent breach of CISA systems is a reminder of the importance of having a robust and well-practiced incident response plan.

  • CISA forced to take two systems offline last month after Ivanti compromise: Hackers breached the systems of the Cybersecurity and Infrastructure Security Agency (CISA) in February through vulnerabilities in Ivanti products, officials said. … A CISA spokesperson confirmed to Recorded Future News that the agency “identified activity indicating the exploitation of vulnerabilities in Ivanti products the agency uses” about a month ago. … “The impact was limited to two systems, which we immediately took offline. We continue to upgrade and modernize our systems, and there is no operational impact at this time,” the spokesperson said. … “This is a reminder that any organization can be affected by a cyber vulnerability and having an incident response plan in place is a necessary component of resilience.”

Down the Technology Rabbit Hole.

  • CISA, NSA share best practices for securing cloud services: The NSA and the Cybersecurity and Infrastructure Security Agency (CISA) have released five joint cybersecurity bulletins containing on best practices for securing a cloud environment. … These guides focus on a identity and access management solutions, key management solutions, encrypting data in the cloud, managing cloud storage, and mitigating risks from managed service providers. … Cloud services have become immensely popular for the enterprise as they provide managed servers, storage, and applications without them having to manage their own infrastructure.
  • Researchers warn that the critical vulnerability CVE-2024-21762 in Fortinet FortiOS could potentially impact 150,000 exposed devices. In February, Fortinet warned that the critical remote code execution vulnerability CVE-2024-21762 (CVSS score 9.6) in FortiOS SSL VPN was actively exploited in attacks in the wild.
  • Cisco Patches High-Severity Vulnerabilities in VPN Product: High-severity flaws in Cisco Secure Client could lead to code execution and unauthorized remote access VPN sessions. … Cisco on Wednesday announced patches for two high-severity vulnerabilities in Secure Client, the enterprise VPN application that also incorporates security and monitoring capabilities.

Become A CyberGuardian

Protect your community: take the CyberGuardian Pledge, join our email list, get invited to events.

Take the Pledge