Tag Archive for: PlayBook

‘Vulkan’ Leak Offers a Peek at Russia’s Cyberwar Playbook

/in


Did you hear that Donald Trump got indicted this week? Of course you did. Ridiculous question. The first-ever indictment of a former US president had been looming for weeks. And now that it’s happened, the move by a Manhattan grand jury is deepening fissures in America’s already-fraught political divide. But while Trump headlines flood your feeds, there were plenty of other big stories this week, none of which have anything to do with any of that

In Germany, police are cracking down on people who post adult content to websites and platforms that lack age-verification checks, like Twitter. This has resulted in fines and threats of jail time, while some performers are deleting their accounts—or fleeing the country. This is just one of the impacts of a wave of age-verification laws sweeping the global internet.

Meanwhile, in darker corners of the internet, North Korea–backed hackers are using a rare technique to launder their stolen cryptocurrencies: paying to mine clean crypto with loot taken from their victims. The tactic is meant to throw blockchain detectives off the trail of swiped funds. Speaking of ill-gotten gains, Costa Rica is still reeling from a series of ransomware attacks last spring that left swaths of the country’s infrastructure devastated. As a result, the US government is sending $25 million in aid to help it recover. 

Most victims of cyberattacks don’t get help from the US government, however. Fortunately for them, this week Microsoft announced its new system, Security Copilot, which integrates OpenAI’s ChatGPT and home-grown artificial intelligence to help incident responders managed breaches. Of course, the best way to protect yourself from getting hacked is to make sure all your systems are fully patched and up to date.

To top it all off, this week we revealed new documents obtained through a public records request which show that Good Smile, a major toy company that creates figurines for companies like Disney, invested $2.4 million in the toxic imageboard 4chan, helping to keep the company online.

But that’s not all. Each week, we dive into the stories we weren’t able to report on ourselves. Click on the headlines to read the full stories. And stay safe…

Source…

FDA Collaborates with MITRE to update Medical Device Cybersecurity Playbook | Nexsen Pruet, PLLC

/in


On November 14, 2022, under contract with the United States Food and Drug Administration (FDA), the MITRE Corporation (MITRE), an organization that administers the National Cybersecurity Center of Excellence, a federally funded research and development center dedicated to cybersecurity, published an update to the Medical Device Cybersecurity Regional Incident Preparedness and Response Playbook (the “Playbook”). MITRE also published a Quick Start Companion Guide to the Playbook, which is shorter than the Playbook and consists of tables that align with the structure of the Playbook. MITRE, under contract with the FDA, had prepared and published the first version of the Playbook in October 2018, which followed the 2017 WannaCry ransomware attack (the first known ransomware attack to affect networked medical devices). Since the publication of the first version of the Playbook, the healthcare and public health sector has experienced an increasing number of cyber incidents. For instance, from mid-2020 through 2021, 82% of healthcare systems reported a cyberattack, 34% of which reportedly involved ransomware. Moreover, 133 healthcare entities in the United States appeared on a ransomware extortion blog in 2021.

The Playbook is a resource designed primarily for healthcare delivery organizations (HDOs), such as hospitals and large physician practices, and can be incorporated into an HDOs’ existing medical device cybersecurity response plan or serve as a starting point for HDOs that have no response plan. The Playbook outlines a framework to assist HDOs, their staff involved in medical device cybersecurity incident preparedness and response, and other stakeholders, such as device manufacturers and other entities that support HDOs’ response efforts, prepare for and respond to medical device-related cybersecurity incidents helping ensure effectiveness of medical devices and patient care and safety. The framework outlined in the Playbook is designed to provide baseline medical device cybersecurity information for emergency preparedness and response; define roles and responsibilities for internal and external responders; describe a standardized approach to response efforts that…

Source…

Biden Administration Introduces Ransomware Playbook

/in


Friday, February 11, 2022

Tech Transactions & Data Privacy 2022 Report

The ongoing ransomware threat continued to capture headlines in 2021, with sophisticated attacks shutting down key sectors of the U.S. economy. A stepped-up federal response, drawing upon public and private sector resources, has been rolled out by the Biden Administration.

What happens in a ransomware attack?

In a successful ransomware attack, criminals (typically referred to by privacy professionals as “threat actors”) begin their attack by quietly finding a virtual open door into a victim’s computer network, such as a vulnerability in the victim’s remote connection tools. Once inside, the threat actors move about the victim’s network undetected, learning as much as they can about the network’s configurations and, in many cases, where “monetizable” or other valuable or irreplaceable information is stored. After surreptitiously extending their reach to as much of the victim’s network as possible, the threat actors often steal a copy of data identified as valuable, just before deploying malware that causes all files within its reach to be rendered unreadable (i.e., to be “encrypted”). The threat actors typically drop a virtual ransom note on affected devices, declaring to the victim that it has been attacked and instructing the victim to contact the threat actor and make payment if it (1) ever wants to see its data again, (2) ever wants to re-start or unencrypt frozen data or systems, and/or (3) does not want its sensitive data published on the Dark Web. Although scenarios and outcomes can vary widely, the threat actor is typically motivated by financial gain and has done enough reconnaissance of the victim to understand the types of disruptions and economic loss that can be imposed or threatened to secure such gain.

How was 2021 different?

Ransomware reached the front pages in 2021 and stayed there through two major attacks that caused harm far beyond the targeted company. The oil and gas sector led the way in May 2021 when threat actors shut down operations at Colonial Pipeline – one of the…

Source…

Enterprise hits and misses – Tech companies respond to exploits, Amazon flexes for the holidays, and on-the-ground events get a safety playbook

/in


Lead story – Are on-the-ground events viable? Salesforce reveals lessons

One of my core pieces of advice for enterprise event planners borders on the obvious: move away from big annual shows, and give regional events a go. Salesforce was already on this, via a smaller Dreamforce in San Francisco and now, another in New York City.

Stuart breaks out the event lessons in Salesforce’s New York state of mind – Dreamforce shows real world events can be done in the US and here’s how.

Stuart shares the Salesforce method:

That’s where the next phase of Salesforce’s Dreampass offering comes in. Actually Benioff referred several times to what he called Safety Cloud, but the official branding appears to remain Dreampass. Regardless of the nomenclature, the idea remains the same – to enable organizations to create more trusted in-person events by:

  • Enabling organizations to scale collection and verification of COVID status.
  • Providing integrations with testing vendors, such as pharmacy chain CVS, as well as partners such as ‘touchless travel ID firm CLEAR and the non-profit public trust initiative The Commons Project.
  • Facilitating the creation of agile communications to keep event attendees informed about procedures and policies relating to events.
  • Centralizing data, including event registration, customer information and COVID status, for each attendee, then generating a secure multi-factor credential for the event.

Then there is the matter of verifying safety credentials, without compromising privacy. Stuart:

In addition, the recent acquisition of Credential Master is underpinning a move into Verifiable Credential Management (VCM) which allows partners to integrate with Dreampass and the wider Salesforce platform.

Some of these tools are Salesforce-specific. The methods are not. We’re still awaiting the curveballs of Omicron on the spring event calendar. But there’s no question that on-the-ground events are best served by regional approaches (limiting air travel, particularly international), and turning testing and/or vaccine validation into certified/trusted/digital routines. I still believe this should be paired with a superior virtual/hybrid approach, but that’s another story. (The…

Source…