The CyberWire Daily Briefing

"American Hospital Association and Health ISAC issue threat bulletin on ransomware."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.   Accessed on 03 August 2024, 0031 UTC.

Content and Source:  https://thecyberwire.com/newsletters/daily-briefing/13/147.

Please check link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).


 V13 | Issue 147 | 8.2.24

Daily Briefing for 08.02.24

SUMMARY
By the CyberWire staff

At a glance.

  • American Hospital Association and Health-ISAC issue threat bulletin on ransomware.
  • Russian hackers freed in prisoner swap.
  • Threat actors abuse TryCloudflare to deliver RATs.

American Hospital Association and Health-ISAC issue threat bulletin on ransomware.

The American Hospital Association (AHA) and Health-ISAC yesterday issued a joint threat bulletin regarding ransomware attacks in the healthcare industry, citing recent attacks against Octapharma, Synnovis, and OneBlood. While these attacks "appear to be unrelated and have been conducted by separate Russian-speaking ransomware groups," the report states that "the unique nature and proximity of these ransomware attacks - targeting aspects of the medical blood supply chain within a relatively short time frame, is concerning."

The AHA and Health-ISAC say "these incidents provide ample reason and impetus for HDOs, hospitals, and health systems to review contingency plans for possible disruption to the blood supply chain and other mission and life-critical medical supplies." The report recommends reviewing single points of failure and incorporating "multiple suppliers of these critical supplies into their supply-chain strategy to create redundancy in the event that one mission-critical supplier becomes inoperable as a result of a cyberattack."

Florida-based OneBlood was hit by ransomware on Wednesday and has issued an urgent call for blood donations. Synnovis, a pathology lab provider in the UK that sustained a ransomware attack in June, doesn't expect to fully recover until early autumn.

If you're on the front line, we've got your back.

Mark your calendar for mWISE™, the unique cybersecurity conference from Mandiant, now part of Google Cloud. Built by practitioners for practitioners, it runs from September 18–19, 2024 in Denver, Colorado.

What makes mWISE different from other cybersecurity conferences? It’s a targeted event with hands-on learning for frontline practitioners. The intimate setting allows you to make one-on-one connections with leaders in the field. And best of all, it’s focused on learning without the sales pitches.

Russian hackers freed in prisoner swap.

The US government has released two cybercriminals as part of a prisoner swap with Russia, CyberScoop reports. The deal secured the release of sixteen people from Russia, including three American citizens and one American green-card holder. Moscow received eight citizens in exchange, including convicted cybercriminals Vladislav Klyushin and Roman Seleznev. Klyushin had been serving nine years for his role in "an elaborate hack-to-trade scheme that netted approximately $93 million through securities trades based on confidential corporate information stolen from U.S. computer networks." Seleznev was serving fourteen years for his involvement in a $50 million identity theft and credit card fraud operation.

87% of executives use personal devices with zero security.

What’s the easiest way for cybercriminals to get around your company’s defenses? By attacking executives at home. Once executives leave your network, they become easy targets for hijacking, credential theft, and reputational harm. Close the at-home security gap with BlackCloak Concierge Cybersecurity & Privacy™. Award-winning day-and-night protection for executives and their families. Learn more 

Threat actors abuse TryCloudflare to deliver RATs.

Researchers at Proofpoint warn that threat actors are abusing the TryCloudflare free service to distribute malware. The researchers note, "In June and July, nearly all observed campaigns delivered Xworm, but previous campaigns also delivered AsyncRAT, VenomRAT, GuLoader, and Remcos. Some campaigns will lead to multiple different malware payloads, with each unique Python script leading to the installation of a different malware."

Proofpoint adds, "Campaign message volumes range from hundreds to tens of thousands of messages impacting dozens to thousands of organizations globally. In addition to English, researchers observed French, Spanish, and German language lures. Xworm, AsyncRAT, and VenomRAT campaigns are often higher volume than campaigns delivering Remcos or GuLoader. Lure themes vary, but typically include business-relevant topics like invoices, document requests, package deliveries, and taxes."

D.C.’s Premier Gathering of Cybersecurity Visionary Leaders

N2K CyberWire is proud to partner with DMV Rising 2024 to celebrate the remarkable accomplishments of the DMV's cybersecurity community, and provide a unique opportunity to foster new connections and innovative ideas. Join us on September 12, 2024 to experience firsthand why the DMV region is the beating heart of cyber innovation. Register now to secure your spot. 

Notes.

Today's issue includes events affecting Russia, the United Kingdom, and the United States.

SPONSORED EVENTS
Watch now: Generative AI for Security (Virtual, Jul 15 - Aug 4, 2024) In this AWS and SANS webinar, experts will provide an overview of generative artificial intelligence (AI), things to consider in leveraging generative AI for security, best practices for implementing a phased approach, and diving deeper into Amazon Bedrock. Watch now.
Upcoming Cyber Security Summits (Multiple Cities, Aug 20 - Sep 6, 2024) Join us In-Person and network over breakfast, lunch & a cocktail reception on 8/20 in Detroit, 8/22 in Portland, 8/27 in San Antonio and 9/6 in Chicago! Learn about the latest threats and solutions from The FBI, U.S. DHS/CISA, City of Detroit, City of Chicago & more. Earn CPE/CEU credits with your attendance. Get 50% off admission w/ code CSS24-CYBERWIRE at CyberSecuritySummit.com (Only $125 with code)
Upcoming webinar: Unpacking the 2024 Ransomware Landscape (Virtual, Aug 22, 2024) Join David Bittner and Deepen Desai, Chief Security Officer at Zscaler, on August 22nd for an exclusive deep dive into the latest findings from the Zscaler ThreatLabz 2024 Ransomware Report. In this discussion, we will highlight critical insights into the most targeted industries and regions, uncover the dynamics behind a record ransom payout, discuss emerging ransomware families to watch, and share predictions for the upcoming year. Register now to secure your spot.
DMV Rising, D.C.’s Premier Conference for Cyber Execs. (Virtual and Washington, DC, US, Sep 12, 2024) The Washington, D.C. Maryland, and Virginia (DMV) region has established itself as a top-tier player in the global cyber industry. Join us on September 12, 2024 to celebrate the remarkable accomplishments of the DMV's cybersecurity community, connect with the brilliant minds shaping the future of the field, and experience firsthand why the DMV region is the beating heart of cyber innovation. Register now to secure your spot.
ISC2 Security Congress 2024 (Virtual / Las Vegas, NV, US, Oct 14 - 16, 2024) Join us at ISC2 Security Congress, October 14-16 in Las Vegas or online. Connect with global cyber experts, hear from four keynote speakers, and participate in one of eight pre-conference workshops. Discover cutting-edge insights and advance your skills in cybersecurity. Don’t miss out!
SELECTED READING

Attacks, Threats, and Vulnerabilities

Hackers abuse free TryCloudflare to deliver remote access malware (BleepingComputer) Researchers are warning of threat actors increasingly abusing the Cloudflare Tunnel service in malware campaigns that usually deliver remote access trojans (RATs).

APT41 likely compromised Taiwanese government-affiliated research institute with ShadowPad and Cobalt Strike (Cisco Talos Blog) ShadowPad, widely considered the successor of PlugX, is a modular remote access trojan (RAT) only seen sold to Chinese hacking groups.

"ERIAKOS" Scam Campaign: Detected by Recorded Future’s Payment Fraud Intelligence Team (Recorded Future) Discover how Recorded Future uncovered the ERIAKOS scam campaign with 608 fraudulent e-commerce websites targeting Facebook users.

Legislation, Policy, and Regulation

CISA Names First Chief Artificial Intelligence Officer (CISA) Today, the Cybersecurity and Infrastructure Security Agency (CISA) announced its first CISA Chief Artificial Intelligence Officer, Lisa Einstein. This selection reflects CISA’s commitment to responsibly use AI to advance its cyber defense mission and to support critical infrastructure owners and operators across the United States in the safe and secure development and adoption of AI.

EPA Told to Address Cyber Risks to Water Systems (Infosecurity Magazine) The US Government Accountability Office has told the Environmental Protection Agency to urgently develop a strategy to tackle rising cyber-threats to the water industry

Litigation, Investigation, and Law Enforcement

US releases Russian hackers and spies as part of prisoner swap (The Record) The U.S. sent convicted cybercriminals Roman Seleznev and Vladislav Klyushin to Russia in a prisoner exchange that involved Wall Street Journal reporter Evan Gershkovich and Marine veteran Paul Whelan.

INDUSTRY EVENTS

For a complete running list of events, please visit the Event Tracker.

Events

Unpacking the 2024 Ransomware Landscape: Insights and Strategies from ThreatLabz (Virtual, Aug 22, 2024) This live discussion on the latest findings from the Zscaler ThreatLabz 2024 Ransomware Report highlights the most targeted industries and regions, the dynamics behind a ransom payout, emerging ransomware families, and predictions for 2025. Register now.

SecureWorld Manufacturing & Retail Virtual Conference (Virtual, Aug 28, 2024) Join with cybersecurity professionals for training and information sharing through an interactive online experience. Earn 6 CPE credits learning from nationally recognized industry leaders. The agenda offers 12+ educational presentations, including panel discussions, breakout sessions, and keynotes. Connect with your peers in the Networking Lounge, enter to win prizes, and see demos and resources from top solution vendors in the Exhibitor Hall.

SANS Network Security Las Vegas 2024 (Las Vegas (and virtual), Nevada, USA, Sep 4 - 9, 2024) At SANS Network Security 2024, choose from 41 interactive courses with hands-on labs. Practice your skills and compete against your peers during NetWars Tournaments, and network with your instructor and industry colleagues in real-time. Each course includes electronic and printed books, and several courses align with GIAC certifications!

Jailbreak Brewing Company Security Summit (Laurel, Maryland, USA, Sep 6, 2024) Join some of the world's best security researchers as they talk about disinformation; the misleading and deliberate deception in today's connected world, both from the technical and policy sides at the only computer security event held at a production brewery. Attendance is limited to 150 to keep the Security Summit small and encourage conversation between speakers, attendees, and sponsors. Tickets include breakfast, lunch, and an awesome time to chat with fellow security experts. Come participate in the talks, the conversation, and the beer!

DMV Rising 2024 (Washington, DC, Sep 12, 2024) DMV Rising is D.C.'s premier cybersecurity event, bringing together cybersecurity executives to tackle tough problems, share new insights, and explore innovative solutions emerging in D.C., Maryland, and Virginia.

SPONSOR & SUPPORT
Grow your brand, generate leads, and fill your funnel.
With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.

Comments

Popular posts from this blog

SecurityWeek Briefing.

SecurityWeek Briefing.

Cyber War Newswire