Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label White House. Show all posts
White House
CISA Cyber Security data security Google Mandiant Mandiant Threat Intelligence ransomware attacks Social Engineering White House

Rising Ransomware Attacks Highlight Persistent Cybersecurity Challenges

 


Despite global law enforcement efforts and heightened attention from the White House, ransomware incidents continue to rise unabated, according to a new report from cybersecurity firm Mandiant. Researchers at the Google-owned company identified 50 new ransomware variants in 2023, with about a third branching off existing malware. This underscores the pervasive nature of the problem and the challenges in curbing cyber extortion. 

In 2023 alone, cybercriminals amassed over $1 billion from victim ransom payments, highlighting the lucrative nature of these attacks. The healthcare sector has been particularly hard-hit, with hospitals experiencing significant disruptions. The report noted that Ascension, one of the nation's largest healthcare systems with 140 hospitals across 19 states, was recently impacted by the Black Basta ransomware variant. The ongoing outage is raising concerns about patient safety and the potential risk to lives. Mandiant's findings align with a recent White House report on national cybersecurity, which also noted an increase in ransomware attacks. 

However, one significant issue is that reporting ransomware incidents is largely voluntary. This means assessments of ransomware prevalence often rely on data from cybersecurity companies, whose understanding is based on their customer base and the cybercriminal communities they monitor. To address this, the Cybersecurity and Infrastructure Security Agency (CISA) is finalizing a mandate requiring critical infrastructure owners and operators to report ransomware payments within 24 hours. This mandate aims to provide a more comprehensive view of ransomware activity and enhance response efforts. 

Mandiant's assessment highlights a 75% year-over-year increase in posts on data leak sites, which extortionists use to pressure companies into paying ransoms. The firm noted that 2023 saw the highest number of data-leak site posts since tracking began in 2020. Additionally, there was a 20% increase in the number of investigations led by Mandiant, indicating a significant rise in ransomware activities. The most prolific ransomware variants observed were ALPHV and LOCKBIT, each accounting for 17% of all activity. The surge in ransomware attacks in 2023 followed a slight dip in extortion activities in the previous year. Mandiant researchers suggested that the dip in 2022 might have been an anomaly caused by external factors such as the Russian invasion of Ukraine or the leaked Conti chats, which may have temporarily disrupted cybercriminal operations. 

As law enforcement agencies continue to conduct global operations against ransomware gangs, the evolving tactics and persistent nature of these cybercriminals highlight the need for continuous vigilance and enhanced cybersecurity measures. The collaboration between government agencies, cybersecurity firms, and critical infrastructure operators is crucial in building a robust defense against the relentless threat of ransomware.
Read more »
White House
Cyber Attacks cybercriminals Cybersecurity Cybersecurity Strategy Threat Environment White House

White House Cybersecurity Strategy warns of "Complex Threat Environment"

 


There was a national cyber-security strategy published by the White House on March 2. It contains a list of threats to U.S. networks terrestrially and in space related to Russian and Chinese hackers. 

"Evolving intelligence" suggests many options could be explored for potential cyberattacks against critical U.S. infrastructure, as President Biden warned on Monday. 

Anne Neuberger, Mr. Biden's deputy national security adviser for cyber and emerging technology, told reporters Monday afternoon that U.S. officials have observed "preparatory work" linked to nation-state actors, despite no evidence of any specific cyberattack threat. The fact that U.S. companies are scanning their websites and hunting for vulnerabilities may indicate an increase in vulnerability-hunting activities. 

On Thursday, the Biden administration released its nationally comprehensive cybersecurity strategy. This provides the steps required to ensure the nation's cyber ecosystem is protected from threats. 

A few key pillars will be emphasized in the strategy as it moves forward. In addition to cyberattacks, these efforts include disrupting and dismantling cyber criminals, establishing international partnerships, and protecting critical infrastructure from cyberattacks. 

The White House will still need to implement Space Policy Directive 5. This was issued by the previous administration in September 2020 and focuses on space systems protection. Although the updated document replaces the Trump administration's 2018 cybersecurity strategy, the White House will continue to implement that strategy. 

It was stated in the strategy that the first pillar will enhance cybersecurity requirements for critical sectors. This will secure critical infrastructure. Public-private partnerships and federal network modernization will also be formed to keep up with cyber security threats. 

It has been interesting to see bipartisan support for several cyber bills that Congress introduced and passed last year aimed at protecting critical infrastructure. These include critical infrastructure in the health and energy sectors. 

Moreover, Kemba Walden suggested that the government should utilize all resources at its disposal, including the military and law enforcement authorities. This will disrupt malicious cyber activity and pursue perpetrators. 

Walden assumed the role of acting director after Chris Inglis resigned due to health reasons. Biden named Inglis as the first director of cyber security for the nation in 2021 following a nomination by Biden. Inglis announced his resignation in mid-February.  

There is a second pillar of the strategy that focuses on disrupting and dismantling cyber criminals, such as nation-state threats.

To protect the country's national security and public safety, the government uses every available resource to "make it harder for them to pose a threat to national security." 

Increasing collaboration and partnership with foreign partners who share the same mission is the third pillar of the strategy. The administration announced today that to counter cyberattacks it will use international coalitions among "like-minded nations." 

SPD 5 was touted as a first step toward developing an accurate and comprehensive security policy for satellites and systems that connect them to the Internet. 

The role that space systems play as vital infrastructure, as well as providers of essential services, has caused experts to warn that a growing number of attacks are being launched against them. 

A major thrust of the National Cybersecurity Strategy is the realignment of incentives so that long-term investments are prioritized. It has been suggested in recent years that the biggest, most capable, and best-positioned actors in the digital ecosystem - whether in the public or private sectors - can and should take on an increased share of the burden to mitigate cyber risk in their respective industries. Public and private sector entities must have the resources, capabilities, and incentives to choose long-term solutions over temporary fixes when faced with trade-offs between short-term fixes and long-term solutions. 

In addition, the United States remains committed to international cyber partnerships. Defendable, resilient, and value-aligned digital ecosystems will be built with allies and partners. Keeping shared interests at the forefront means promoting an environment where all states are expected to behave responsibly in global cyberspace. On the other hand, a person who displays irresponsible behavior is not only a source of cost but also isolation.

A path is outlined in this strategy to ensure our digital future is secure. By implementing it, the administration will lay the foundation for reliable cyberinfrastructure. This will enable it to achieve its infrastructure, clean energy, equity, democracy, and economic opportunity goals. At the most fundamental level, it acknowledges that cyberspace exists not for its own sake but only to be used in pursuit of our highest goals.   
Read more »
White House
Cyber Security Government & Risk Management US Federal Agencies White House

White House Directs Federal Agencies to Improve Logging Capabilities

 

The White House has directed federal agencies to improve their logging capabilities in order to accelerate cybersecurity incident response, according to a memo from the Office of Management and Budget. 

The memo, issued by acting OMB Director Shalanda Young, includes a maturity model for event log management intended to guide federal agencies' implementation of its requirements across four event logging (EL) tiers: not effective, basic, intermediate, and advanced.

"These tiers will help agencies prioritize their efforts and resources so that, over time, they will achieve full compliance with requirements for implementation, log categories, and centralized access. Agencies should also prioritize their compliance activities by focusing first on high-impact systems and high-value assets,” according to OMB. 

By working through these various tiers, federal departments will align more with the types of log management capabilities present in the private sector, according to Mike Hamilton, the former vice-chair for the Department of Homeland Security's State, Local, Tribal, and Territorial Government Coordinating Council. 

The memo follows a May 12 executive order by President Joe Biden issued following the SolarWinds hack that compromised nine federal agencies, a ubiquitous government contractor, and about 100 U.S. companies.

“Recent events, including the SolarWinds incident, underscore the importance of increased government visibility before, during, and after a cybersecurity incident. Information from logs on federal information systems — for both on-premises systems and connections hosted by third parties, such as cloud services providers — is invaluable in the detection, investigation, and remediation of cyber threats,” reads the memo. 

The departments now have 60 days to assess their capabilities against the maturity model and plan to address resource and implementation gaps. Those plans must be sent to the OMB Resource Management Office and Office of the Chief Information Officer desk officer. OMB expects federal agencies to prioritize their high-impact systems and high-value assets first as they implement EL requirements.

Agencies were also told to share logs with third parties like the FBI and Cybersecurity and Infrastructure Security Agency. “This sharing of information is critical to defend federal information systems,” reads the memo. The memo directs CISA to deploy teams to advise agencies in their assessment of their logging capabilities and release tools with the FBI to help assess logging maturity. 

Meanwhile, the Department of Commerce must have the National Institute of Standards and Technology maintain Special Publication 800-92, its “Guide to Computer Security Log Management” and incorporate the memo’s requirements into its next revision and other relevant publications.
Read more »
Subscribe to: Posts (Atom)