CISO Daily Update - March 7, 2024
NEW DEVELOPMENTS
$100 Million a Day? Cash Flow Disruptions Roil Healthcare Industry After Cyberattack
Source: The Record
The cyberattack on Change Healthcare is causing significant cash flow disruptions in the healthcare industry–potentially costing large players up to $100 million a day. While some experts view it as deferred revenue rather than lost money, the attack has hindered healthcare organizations' ability to handle insurance filings and has significantly impacted pharmacy operations. UnitedHealth Group's efforts to assist healthcare providers have been criticized for being insufficient. Despite calls for support from government officials, including Senate Majority Leader Charles Schumer, the situation remains challenging with continued impact on healthcare systems of all sizes.
HHS Aiding Organizations Hit by Change Healthcare Cyberattack
Source: Security Week
HHS is taking action to address potential cash flow concerns among healthcare providers, including hospitals, doctors, and pharmacies, resulting from difficulties in submitting claims and receiving payments. The Centers for Medicare & Medicaid Services (CMS) has instructed Medicare Administrative Contractors (MACs) to expedite claims processing and to accept paper claims while also encouraging other payers to expedite solutions to meet this requirement. CMS will recommend removing or relaxing authorization and requirements for certain healthcare plans until the issues are resolved. Additionally, CMS is exploring accelerated payment opportunities for affected hospitals facing cash flow challenges.
Hacked WordPress Sites Use Visitors’ Browsers to Hack Other Sites
Source: Bleeping Computer
Hackers are targeting WordPress sites in a large-scale campaign–switching from injecting crypto wallet drainer scripts to hijacking visitors' browsers for brute force attacks on other sites. Sucuri discovered the attack where compromised WordPress sites load scripts that force visitors' browsers to attempt login credentials on other websites. This tactic aims to build a vast network of compromised sites for future attacks. Over 1,700 sites have been hacked with these scripts, potentially creating a distributed brute force army. The motive for the switch is likely to evade detection and expand their portfolio of compromised sites.
Lockbit 3.0’s Bungled Comeback Highlights the Undying Risk of Torrent-Based (P2P) Data Leakage
Source: Security Affairs
LockBit 3.0, a ransomware group facing challenges after a coordinated takedown of its web infrastructure, continues to pose a threat through disseminating leaked victim data via peer-to-peer (P2P) torrent networks. Cybersecurity firm Resecurity has observed a significant increase in peers accessing LockBit 3.0 data via torrents–indicating continued interest from underground actors and former affiliates. The group announced new stolen data to be released within 15 days, with some records being previously undisclosed. Using P2P platforms to distribute data leaks via torrent files is a significant tactic employed by LockBit 3.0. This approach allows ransomware operators to make stolen data widely accessible even if their infrastructure is disrupted. Users downloading these torrent-based ransomware links become active participants in the data leak by seeding the files–similar to sharing pirated content.
Fake Skype, Zoom, Google Meet Sites Infecting Devices with Multiple RATs
Source: Hackread
Beware of fake online meeting platforms impersonating Skype, Google Meet, and Zoom, which are infecting Android and Windows devices with Remote Access Trojans (RATs). Zscaler's ThreatLabz researchers uncovered this scam wherein malicious actors distribute RATs through fraudulent meeting sites to steal sensitive data and control compromised devices. The attackers utilize shared web hosting and URLs resembling genuine sites to lure users into downloading malware. Clicking on Android or Windows buttons initiates the download of malicious files. These fake sites imitate legitimate meeting platforms, increasing the risk of falling victim to the scam. RATs can compromise devices, enabling attackers to access sensitive information, monitor user activity, and potentially control infected devices. To safeguard against such threats, users are advised to verify URLs, meeting invitations, and software downloads from official sources and employ anti-malware software.
Watch Out, Ghostsec and Stourmous Groups Jointly Conducting Ransomware Attacks
Source: Security Affairs
GhostSec and Stormous, two cybercrime groups, have formed an alliance to conduct ransomware attacks targeting organizations worldwide. This joint campaign utilizes a new ransomware variant called GhostLocker 2.0 and includes a ransomware-as-a-service (RaaS) operation. The attacks impacted organizations across various countries, including targeting critical infrastructure and technology companies in Israel. The ransomware encrypts files with the extension ".ghost" and demands victims safeguard encryption IDs for use in negotiations–with a 7-day leak notice if contact is not made. GhostSec offers affiliates a control panel and a ransomware builder tool with customizable options.?
New Linux Malware Alert: ‘Spinning YARN’ Hits Docker, Other Key Apps
Source: Hackread
Cado Security Labs has uncovered a new Linux malware campaign dubbed "Spinning YARN," targeting misconfigured servers running Apache Hadoop YARN, Docker, Confluence, and Redis. This malware exploits vulnerabilities in popular Linux software, including a vulnerability in Confluence (CVE-2022-26134) to launch Remote Code Execution (RCE) attacks and infect new hosts. The attackers deploy various payloads, including Golang binaries and shell scripts, to compromise systems, install cryptocurrency miners, spawn reverse shells, and maintain persistent access. They employ sophisticated techniques such as use of Docker containers and rootkits to evade detection.?
领英推荐
VULNERABILITIES TO WATCH
CISA Adds Android Pixel and Sunhillo Sureline Bugs to Its Known Exploited Vulnerabilities Catalog
Source: Security Affairs
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities to its Known Exploited Vulnerabilities catalog, namely CVE-2023-21237 affecting Android Pixel devices and CVE-2021-36380 affecting Sunhillo SureLine OS. The Android Pixel vulnerability allows for local information disclosure without additional execution privileges. The Sunhillo SureLine vulnerability permits arbitrary command execution with root privileges, potentially leading to complete system compromise. Limited, targeted exploitation has been observed. Federal agencies must address these vulnerabilities by March 26, 2024, as per Binding Operational Directive (BOD) 22-01, and private organizations are advised to review the catalog and mitigate these vulnerabilities in their infrastructure.
Android’s March 2024 Update Patches Critical Vulnerabilities
Source: Security Week
Android's March 2024 security update addresses 38 vulnerabilities, including two critical flaws in the System component, potentially leading to remote code execution and elevation of privilege. These flaws affect Android 12, 12L, 13, and 14. The update arrives in two parts, with the first part patching 11 vulnerabilities and the second part resolving 25 vulnerabilities in various components such as AMLogic, Arm, MediaTek, and Qualcomm. Google also released patches for over 50 vulnerabilities in Pixel devices, including 16 critical-severity flaws. Users are urged to update their devices promptly to mitigate these security risks.
SPECIAL REPORTS
How Security Leaders Can Break Down Barriers to Enable Digital Trust: Part 2
Source: Infosecurity Magazine
Part 2 of "How Security Leaders Can Break Down Barriers to Enable Digital Trust" focuses on overcoming challenges to digital trust within businesses. This entails overcoming siloed thinking and encouraging cross-functional collaboration. Establishing a cross-functional digital trust team is critical, led by individuals with cross-functional leadership and advocacy experience. Organizational support, particularly from the CEO and C-suite, is critical to the success of these projects. Furthermore, incident response is important in establishing digital trust, with an emphasis on transparency, humility, and quick action. Security executives are encouraged to proactively advance digital trust within their businesses, leveraging their leadership talents and working across functions to achieve meaningful results.
Cyber Insights 2024: OT, ICS and IIoT
Source: Security Week?
In 2024, operational technology (OT) will face increased cybersecurity challenges and continue to be a prominent target for attackers and nation-state threat groups. The confluence of IT and OT, combined with the development of industrial control systems (ICS) and Industrial Internet of Things (IIoT) devices, increases complexity and vulnerability to cyber threats. Vulnerabilities continue due to old systems, insufficient security controls, and difficulties applying updates and fixes. IIoT devices play an important role in OT progress but offer new vulnerabilities. Additionally, geopolitical tensions raise concerns about cyberwarfare targeting critical infrastructure–further highlighting the need for robust OT security measures. Overall, the cybersecurity threat landscape for OT will continue to escalate in 2024.
The Challenges of AI Security Begin With Defining It
Source: Darkreading
Security for AI is gaining significant attention in the tech landscape, with numerous startups emerging and incumbents rushing to incorporate AI-relevant security features. However, the exact definition of "AI security" remains elusive due to the evolving nature of AI development. Nevertheless, several key problem categories have emerged: visibility, data leak prevention, AI model control, and building secure AI applications.
10 Essential Processes for Reducing the Top 11 Cloud Risks
Source: Darkreading
The Cloud Security Alliance (CSA) identifies the "Pandemic 11" as the top cloud security challenges, ranging from misconfigurations to organized cyber threats. Addressing these risks requires implementing robust processes and strategies. Here are ten essential ways to mitigate these cloud security risks: Serious Identity Program, API Integration Platform-as-a-Service (PaaS), Regular Configuration Audits, Future-State Architecture and Strategy, Security in Software Development Life Cycle (SDLC), Automated Third-Party Risk Management, Vulnerability Management Automation, Thorough Auditing, Security Oversight for Serverless and Container Environments, Investment in Threat Hunting.
Great content and insight!