Hacking the US Government -- Legally

Jeremy Kirk • December 8, 2021

Most federal executive branch agencies in the U.S. now have vulnerability disclosure policies. John Jackson and Jackson Henry of the security research group Sakura Samurai say those policies ensure they don't get into legal trouble for helping improve cybersecurity.

Breach Notification

Senate Considering Several Cyber Measures in Annual NDAA

Latest

Breach Notification

Maryland Health Dept. Systems Still Affected by Incident

Marianne Kolbasuk McGee • December 7, 2021

While the Maryland Department of Health's public website is operational again after a weekend network security incident, certain systems continue to be offline. Officials are asking employees not to use state-issued computers as state authorities and law enforcement agencies investigate.

Active Defense & Deception

'We're Hitting Ransomware Groups,' US and Allies Confirm

Mathew J. Schwartz • December 7, 2021

It's no surprise that as some ransomware-wielding criminals have been hitting healthcare, pipelines and other sectors that provide critical services, governments have been recasting the risk posed by ransomware not just as a business threat but as an urgent national security concern.

Electronic Healthcare Records

Medical Workers Plead Guilty to PHI Access-Related Crimes

Marianne Kolbasuk McGee • December 6, 2021

A medical biller in Florida and an emergency medical technician in New York have each pleaded guilty in two separate federal cases involving the criminal misuse of patient information. One case involved healthcare fraud and identity theft, and the other criminal HIPAA violations.

Breach Notification

Incident Response: Best Practices in the Age of Ransomware

Mathew J. Schwartz • December 6, 2021

Good news on the breach prevention and incident response front: More businesses are getting more mature practices in place, although as attackers continue to improve their efforts, so too must defenders, says incident response expert Rocco Grillo of consultancy Alvarez & Marsal.

3rd Party Risk Management

Alert: 'Cuba' Ransomware Slams Critical Sector Organizations

Prajeet Nair • December 4, 2021

The FBI warns that the "Cuba" ransomware-wielding attackers have extorted $43.9 million in ransom payments from victims after compromising at least 49 organizations across five critical infrastructure sectors - financial services, government, healthcare, manufacturing and IT - since early November.

Incident & Breach Response

Researcher: Healthcare Staffing Database Exposed Worker PII

Marianne Kolbasuk McGee • December 3, 2021

A security researcher says a misconfigured, non-password-protected database of a healthcare staffing company potentially exposed the personal information in about 170,000 medical worker records. The staffing firm, however, disputes the details of what was allegedly contained in the database.

Business Continuity Management / Disaster Recovery

BIO-ISAC: Beware of Tardigrade Attacks on Biomanufacturers

Marianne Kolbasuk McGee • December 3, 2021

The Bioeconomy Information Sharing and Analysis Center is warning biotechnology organizations, including vaccine makers and other biomanufacturers, of escalating threats involving Tardigrade malware, which experts say is used to launch ransomware and other potentially serious attacks.

Business Continuity Management / Disaster Recovery

Ransomware Operations Double Down on Data Leak Sites

Mathew J. Schwartz • December 3, 2021

Many ransomware-wielding attackers continue to rely on initial access brokers to easily gain deep access to victims' systems, allowing them to steal data and attempt to pressure victims into paying via data leak sites. Researchers say that the number of victims being listed on such sites has surged.

Account Takeover Fraud

ISMG Editors: Are We Close to Cracking Cybercrime Ecosystem?

Anna Delaney • December 3, 2021

In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including how the FBI has seized bitcoins from an alleged REvil ransomware affiliate, how to mitigate risks from BIN attacks and the latest COVID-19 trends globally.

Business Continuity Management / Disaster Recovery

Need to Negotiate a Ransomware Payoff? Newbies: Start Here

Anna Delaney • December 3, 2021

The latest edition of the ISMG Security Report features an analysis of best practices for negotiating a ransom payment. Also featured: Busting Zero Trust myths and the dangers of mythologizing defenders.

Critical Infrastructure Security

Cyber Officials Outline Critical Infrastructure Protections

Dan Gunderman • December 2, 2021

Several cybersecurity officials charged with safeguarding U.S. critical infrastructure on Thursday outlined both current progress and the complexity of today's network defense. Oversight officials also testifying before the House discussed top-line items that remain outstanding among major agencies.

Business Continuity Management / Disaster Recovery

FBI Seizes Bitcoins From Alleged REvil Ransomware Affiliate

Mathew J. Schwartz • December 1, 2021

The FBI has seized 39.9 bitcoins worth $2.3 million from an alleged affiliate of the notorious REvil - aka Sodinokibi - ransomware group. A forfeiture notice filed by the government accuses Russian national Aleksandr Sikerin of having amassed the cryptocurrency via victims' ransom payments.