US cybersecurity strategy update on the way
Deputy assistant national cyber director for cyber policy and programs Brian Scott announced that an update for the national cybersecurity strategy implementation plan will arrive by the end of Q3 this year. Scott says this will include an update on software liability reform with the White House calling a symposium of law professors on the issue at the end of March. This could include a safe harbor exemption on software liability for companies that follow secure development best practices. The updated document will also attempt to harmonize the regulatory requirements for critical infrastructure companies.
US Treasury issues first spyware sanctions
The government announced sanctions against Tal Dilian, the founder of the spyware company Intellexa, as well as another Intellexa business leader, Sara Aleksandra Fayssal Hamou. The Treasury justified the sanction, saying that Intellexa developed spyware that targeted Americans, including government officials and journalists. The sanctions also impacted the Intellexa Consortium, a group of companies that resell Intellexa spyware in different countries, which includes the developer of Predator spyware, Cytrox Holdings ZRT. The sanctions prohibit US business dealings with the listed companies and individuals.
UK denies responsibility for ALPHV takedown
Sites belonging to the ALPHV/Blackcat ransomware organizations updated to show a takedown notice from a group of international law enforcement agencies. Including the UK’s National Crime Agency. These sites recently went dark after a breach involving UnitedHealth Group’s Change Healthcare, but it remained unclear what happened. However, an NCA spokesperson said, “I can confirm any recent disruption to ALPHV infrastructure is not a result of NCA activity.” This lends credence to the idea this represents an exit scam by the group to walk away with affiliate ransom money.
(Reuters)
Change Healthcare attack causing cash flow issues
When we talk about fallout from a cyberattack, it generally involves dealing with IT infrastructure outages or assessing data loss. But the recent Change Healthcare attack that we just referenced resulted in major cash flow issues for hospital and pharmacy networks. Analysts speaking to The Record estimate this amounts to about $100 million a day in “deferred revenue.” The attack continues to impact insurance filings at a large number of healthcare organizations. This makes dealing with the crisis more of a business continuity challenge than a typical cyberattack.
Huge thanks to our sponsor, Conveyor
It might sound like every other compliance software claim out there, but there’s a reason our customers have dubbed Conveyor their ‘favorite security tool of the year’.
Test our market-leading AI in a free proof of concept at www.conveyor.com
CISA reports on Super Tuesday
In a statement, the agency said no “specific or credible threats” appeared to impact Super Tuesday voting in the US. The agency said it provided comprehensive support throughout election night for any issues that may crop up with election infrastructure partners. CISA did comment on a four-hour outage of Meta services yesterday, saying it was aware of the global scope, but that it was not aware of any specific malicious or election-related activity that caused it. This marks the last large-scale single-day test of US voting infrastructure ahead of November’s presidential election.
US blocks AMD’s AI chip for China
Since the US imposed sanctions on shipping high-end AI training chips, we’ve seen Nvidia creating custom lower-performance chips for that market. AMD hoped to get in on this market with a lower power level AI-focused chip meant to meet the Commerce Department’s rules and not require an export license. However Bloomberg’s sources say the Bureau of Industry and Security informed AMD it would still require a license to export the chip to China. No word if or when AMD will submit a license application for the chip.
RA ransomware expands globally
Trend Micro reports the RA World ransomware group shows signs of increasing sophistication, despite only first appearing in April. It recently targeted several Latin American healthcare organizations with advanced detection avoidance techniques. Since emerging, the group has hit a global list of targets across the US, Germany, India, and South Korea. The group uses Babuk ransomware source code that initially leaked in 2021, but uses extensive customization. Trend Micro researchers note this kind of leaked source code lowers the barrier to entry for threat actors, while allowing them to focus resources outside of ransomware development.
Cloudflare announces LLM security solution
The company’s new Firewall for AI aims to provide a layer between potential threat actors and an LLM, serving to identify potential attacks or malicious prompts before they go out. The new firewall deploys in front of any LLM on Cloudflare’s existing Workers AI solution. The idea being this could block prompt injection threats at scale without human intervention.