Welcome to the next edition of Forcepoint Security News—curated news meant to provide a quick look at what's happening around the cybersecurity industry. The Biden administration recently unveiled a national United States cybersecurity strategy, and lots of ransomware stories out there.
Besides Dish Network, other recent ransomware attacks on law firms and the US Marshals Service for the second time in recent years .A recent FBI report says healthcare firms suffered more ransomware attacks than any other industry in 2022.
Here are other stories getting our attention:
Forcepoint Security News
The Biden administration released a national cybersecurity strategy that advocates for more tech regulation and software liability reform, including imposing minimum security standards for critical infrastructure and shifting responsibility for maintaining cybersecurity from consumers and small businesses to larger software makers. The new approach marks a shift away from the government's emphasis on information sharing and collaboration towards a more strictly regulated approach to cybersecurity. The strategy calls for critical infrastructure owners and operators to meet minimum security standards and for software companies to be held liable for flaws in their products. The plan also seeks to harmonize future regulations to reduce the cost of compliance. The administration is leaving the details of implementation up to the agencies in charge of overseeing various critical infrastructure industries, and states and independent regulators will also play a role in shaping any future regulation.
In a recent speech at Carnegie Mellon University, the head of the Cybersecurity and Infrastructure Security Agency (CISA), Jen Easterly, called on technology companies to take more responsibility for the safety and security of their products to protect consumers from cyber threats. She criticized the lack of built-in safety features in today’s products, which she said are helping to facilitate crippling cyber and ransomware attacks. Easterly called for a fundamental shift in thinking that pushes technology and software manufacturers to prioritize safety and security during the production and design of their products. She also called for the implementation of core principles for technology manufacturers to build product safety and security into their processes. Easterly also suggested that the federal government has an important role to play in incentivizing these outcomes and operationalizing these principles.
Cyber attackers are finding ways to bypass multifactor authentication (MFA), resulting in a steady stream of security breaches. Three techniques that they use to get around the additional security are MFA flooding, proxy attacks and session hijacking. The first is aimed at taking advantage of user fatigue for security warnings, while the second allows cyber attackers to harvest the authentication mechanism in real time. The third, which is the most common, involves harvesting session cookies in the browser cache for potential use as a session hijack or pass-the-cookie attack. Organizations can deploy phishing-resistant MFA, which consists of something an employee owns, such as a hardware key, and something that they are, such as a biometric.
Dish Network has reported that a ransomware attack caused disruptions to its internal systems and call center services. The attack has potentially allowed cybercriminals to access customer information, and the company's share prices have dropped by 8% as a result. Comparitech has confirmed similar attacks on six other major internet service and utility providers since the beginning of 2023. The average ransom demand for utilities providers fell from $27.2m in 2021 to $14m in 2022, but the average number of customer records impacted surged from 192,888 to 9.8 million. The impact of such attacks on the victim company and the vast number of customers and businesses that rely on their services is significant, prompting hackers to demand ransom. Neil Jones, director of cybersecurity evangelism at Egnyte, suggests that network segmentation is crucial to breach containment, but most organizations do not segment their networks as meticulously as they should.
Cybersecurity firm Quarkslab has discovered two serious security flaws in the Trusted Platform Module (TPM) 2.0 reference library specification that could lead to information disclosure or privilege escalation. One flaw, (CVE-2023-1017) is an out-of-bounds write, while the other (i CVE-2023-1018) s an out-of-bounds read. The vulnerabilities can be triggered by malicious commands to a TPM 2.0 whose firmware is based on an affected TCG reference implementation. Large tech vendors, organizations using enterprise computers, servers, IoT devices, and embedded systems that include a TPM can be impacted, potentially billions of devices. The Trusted Computing Group has advised applying updates to address the flaws and mitigate supply chain risks.