CyberWire Daily - Cyberattack causes a code red on US healthcare.
Episode Date: March 4, 2024The US healthcare sector is struggling to recover from a cyberattack. Russia listens in via Webex. The former head of NCSC calls for a ransomware payment ban. An Indian content farm mimics legitimate ...online news sites. The FTC reminds landlords that algorithmic price fixing is illegal. FCC employees are targeted by a phishing campaign. Experts weigh in on NIST’s updated cybersecurity framework. Police shut down the largest German-speaking cybercrime market. Guest Mike Hanley, Chief Security Officer and the Senior Vice President of Engineering at GitHub, shares insights with Ann Johnson of Afternoon Cyber Tea. And celebrating the most inspiring women in cyber. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Mike Hanley, Chief Security Officer and the Senior Vice President of Engineering at GitHub, shares insights with Ann Johnson of Afternoon Cyber Tea. You can hear their full discussion here, and tune in to Microsoft Security’s Afternoon Cyber Tea every other Tuesday on the N2K’s CyberWire Network. Selected Reading Health-care hack spreads pain across hospitals and doctors nationwide (Washington Post) Russia’s chief propagandist leaks intercepted German military Webex conversation (The Record) Cyber ransoms are too profitable. Let’s make paying illegal (The Times UK) News farm impersonates 60+ major outlets: BBC, CNN, CNBC, Guardian… (Bleeping Computer) Price fixing by algorithm is still price fixing (Federal Trade Commission) FCC Employees Targeted in Sophisticated Phishing Attacks (SecurityWeek) Industry Reactions to NIST Cybersecurity Framework 2.0: Feedback Friday (SecurityWeek) Germany takes down cybercrime market with over 180,000 users (Bleeping Computer) Exceptional Women Recognised for Contribution to Cyber Industry at Most Inspiring Women in Cyber Awards 2024 (IT Security Guru) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
The U.S. healthcare sector struggles to recover from a cyber attack.
Russia listens in via Webex.
The former head of NCSC calls for a ransomware payment ban.
An Indian content farm mimics legitimate online news sites.
The FTC reminds landlords that algorithmic price fixing is illegal.
FCC employees are targeted by a phishing campaign. Thank you. shares insights with Ann Johnson, host of the Afternoon Cyber Tea podcast,
and celebrating the most inspiring women in cyber.
It's Monday, March 4th, 2024.
I'm Dave Bittner, and this is your CyberWire Intel Briefing.
The cybersecurity incident that struck Change Healthcare on February 21st has sent shockwaves through the U.S. healthcare system. As a subsidiary of the conglomerate UnitedHealth Group, Change Healthcare occupies
a linchpin position in the healthcare sector, processing over 15 billion claims annually
for services worth in excess of $1.5 trillion. The company's role as the principal electronic clearinghouse
connects a wide array of healthcare providers with insurance firms,
facilitating the payment process for medical services rendered
and determining patient liabilities.
This cyber attack, characterized by officials as one of the most consequential
in U.S. healthcare history,
has exposed a critical vulnerability within the system.
The disruption has precipitated a cascade of operational challenges
for healthcare entities reliant on change healthcare services.
Hospitals, pharmacies, and millions of patients have found themselves grappling
with immediate repercussions of halted health care claims processing and payment flows. In response to the unfolding crisis,
Senate Majority Leader Chuck Schumer has intervened, advocating for the Centers for
Medicare and Medicaid Services to expedite payments to the affected health care providers.
The cyber attack was executed by the Black Cat ransomware gang
and involved the theft of patient data and the encryption of company files,
with a ransom demanded for their release. Change Healthcare's response included shutting down most
of its network to contain the breach and initiating recovery efforts. The full impact of the attack is
still unfolding, with the severity
varying across different healthcare organizations based on their reliance on the compromised
systems. Efforts to mitigate the impact have included the establishment of temporary financial
assistance programs and manual processing of claims. However, these measures are seen as
stopgaps rather than solutions, highlighting the
broader challenges of cybersecurity resilience within the healthcare sector. This incident
serves as a stark reminder of the vulnerabilities inherent in centralized digital healthcare
infrastructures and the necessity for robust cybersecurity measures to safeguard against such attacks in the future.
Russia has exploited vulnerabilities in Germany's communication security,
using an intercepted conversation from Webex to stir divisions within Germany over its support for Ukraine.
The 38-minute discussion involved Bundeswehr officials, including the head of the German Air Force, deliberating on supplying Ukraine with Taurus cruise missiles, a proposal that is not without controversy in Germany.
The leak, orchestrated by RT editor and sanctioned propagandist Margarita Simonian, exposes the security lapses in using non-secure platforms
for sensitive military communications.
Germany's defense ministry acknowledges the interception,
but questions the authenticity of the circulated content.
In an article in the Times UK,
former chief executive of GCHQ's National Cyber Security Center, Kieran Martin, calls for an outright international ban on ransomware payments.
Martin criticizes the UK's lenient stance on ransomware, contrasting it with the strict no-ransom policies for terrorism by British and American leaders. The article argues against the fear of increased underground activities after a ban,
citing successful suppression of leaked data by law enforcement in the MetaBank hack.
It suggests that while governments can leverage state resources to combat ransomware,
private entities lack such capacities,
necessitating a supportive framework for victims before implementing a ban.
The piece concludes by emphasizing the urgency of addressing ransomware,
which Martin says is the most significant cyber threat to businesses.
Bleeping Computer has uncovered a content farm in India operating over 60 domains mimicking
reputable media outlets like the BBC, CNN,
and Forbes without proper attribution. These copycat sites are part of a scheme to bolster
SEO for online gambling and sell expensive advertorial slots under the guise of legitimate
media. They repost articles verbatim from credible sources. The operation also spams
forums to enhance SEO and offers advertorial placements for up to $1,000. Despite maintaining
a facade of legitimacy through Google News registration and social media presence,
the network's activities raise concerns over potential misuse for spreading disinformation.
The operation has been linked to a gambling company.
With rent prices soaring since 2020, particularly for lower-income consumers,
the use of pricing software by landlords to set rent for millions of apartments
has raised concerns over potential collusion and market
manipulation. The FTC and the Department of Justice have taken a stance against algorithmic collusion,
specifically in the residential housing market, emphasizing that using algorithms for price
fixing is still illegal. Their joint legal brief clarifies that antitrust laws apply to algorithmic pricing
strategies just as they would to traditional forms of price fixing. The agencies highlight
that agreements to use such algorithms for pricing, even with some discretion retained by
parties or instances of non-compliance, are unlawful. The brief warns businesses across all sectors that employing
algorithms for collusive practices is illegal and under scrutiny by federal agencies,
aiming to protect consumers and ensure fair competition.
Cybersecurity firm Lookout has identified a sophisticated phishing attack targeting FCC employees and users of cryptocurrency platforms,
utilizing a novel phishing kit to mimic single sign-on pages and deceive victims into disclosing login details.
The attack involves emails, SMS, and voice phishing to trick individuals into providing sensitive information
like passwords, MFA tokens, and photo IDs.
The phishing kit, capable of impersonating brands such as Binance and Coinbase,
has successfully compromised over 100 victims, mainly in the U.S.,
by creating fake websites that closely resemble legitimate services.
Lookout suggests the campaign might be conducted by a group distinct
from but inspired by the known threat actor Scattered Spider. Following the recent release
of NIST's Cybersecurity Framework 2.0, Security Week gathered feedback from industry experts
who recognize its advancements while highlighting areas needing further
development. Experts appreciate the inclusion of govern as a new pillar, emphasizing the importance
of governance in cybersecurity risk management. They command the updated framework for broadening
its applicability across different organization sizes and sectors, particularly noting its
alignment with the growing challenges
of third-party risk management. However, they also point out gaps, such as the need for more
focus on risk transfer mechanisms and cyber risk quantification to facilitate comprehensive risk
management strategies. Some feedback calls for a stronger emphasis on emerging technologies like generative AI
and a more nuanced approach to address the complexities of modern cyber environments,
including hybrid work and the use of software-as-a-service applications.
While acknowledging the framework's progress,
experts suggest that NIST could further refine the framework
by incorporating detailed guidance on managing supply chain cyber
risk and enhancing the framework's adaptability to evolve cybersecurity landscapes.
The Dusseldorf police in Germany have dismantled Crime Market, the largest German-speaking
cybercrime market, arresting six individuals, including one key operator. The platform,
with over 180,000 users, facilitated illegal trade in drugs, narcotics, and cybercrime services,
alongside offering crime-related tutorials. This crackdown involved executing 102 search warrants
across Germany and seizing evidence like cell phones, IT devices, narcotics,
and almost €600,000 in cash and assets. The operation, which began showing effects earlier
in the week with users reporting login issues, was part of a Europe-wide coordinated effort
to target both the operators and users of Crime Market. Despite the site's homepage
remaining online, a seizure notice now appears on other pages indicating law enforcement's
long-term monitoring and data confiscation efforts.
Coming up after the break,
Anne Johnson from the Afternoon Cyber Tea podcast speaks with Mike Hanley,
Chief Security Officer
and Senior Vice President of Engineering at GitHub.
Stay with us.
Do you know the status of your compliance controls right now?
Like, right now?
We know that real-time visibility is critical for security, but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
Thank you. ISO 27001. They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber. That's vanta.com slash cyber for $1,000 off.
And now, a message from Black Cloak.
Did you know the easiest way for cyber criminals to bypass your company's defenses
is by targeting your
executives and their families at home. Black Cloak's award-winning digital executive protection
platform secures their personal devices, home networks, and connected lives. Because when
executives are compromised at home, your company is at risk. In fact, over one-third of new members
discover they've already been breached.
Protect your executives and their families 24-7, 365, with Black Cloak.
Learn more at blackcloak.io.
Anne Johnson is host of Microsoft's Afternoon Cyber Tea podcast.
In this segment from a recent episode, she speaks with Mike Hanley,
Chief Security Officer and Senior Vice President of Engineering at GitHub.
Today, I am joined by Mike Hanley, who is the Chief Security Officer
and the Senior Vice President of Engineering at GitHub.
Prior to GitHub, Mike was the Vice President of Security at Duo Security,
where he built and led security research, development, and operations functions.
After Duo's acquisition by Cisco,
Mike led the transformation of Cisco's cloud security framework
and later served as the Chief Information Security Officer for Cisco.
Mike has also spent several years at CertCC
as a senior member of
the technical staff and security researcher focused on applied R&D programs for the U.S.
Department of Defense and the intelligence community. Welcome to Afternoon Cyber Team, Mike.
Thank you, Anne. It's great to be here with you.
So at GitHub, you're in this really unique role. Greg and I were talking about it. Greg's the
producer of the podcast, so for those of you who don't know who Greg is, but we were talking about this
as we were thinking about you as a guest
because you're both the executive over leading security,
but you're also the executive over leading engineering.
And in most companies, those responsibilities are split.
But as we shift left, it makes a lot of sense, right?
Bringing together security and engineering
is important today.
It's becoming even more important
for those two functions to be in lockstep.
Can you talk a little bit about your role
and your perspective about the intersection
of security and engineering?
And do you think we're going to see more of that
in the coming years in leadership roles?
Gosh, I hope so, Anne.
I hope this becomes a trend and takes off.
And I'll talk a little bit about why that is.
First, it's worth noting when I came to GitHub,
it was originally just to be
the chief security officer at the company.
So I took on the security program.
We had the opportunity to take some amazing people, some amazing capabilities, technologies,
and really just invest heavily in expanding that to support really what we see as the opportunity for GitHub
to have a massively positive impact on the broader ecosystem.
I think our mission is a little unique in that it's not just keeping GitHub secure
and making sure that we build secure products.
It's really, there's a third pillar to that,
which is having an immensely positive impact
on the security of developers,
particularly in open source,
but also commercial developers
by making it easy for them to get to good security outcomes.
So we have some great functions there,
like GitHub Security Lab, for example,
that are just doing amazing work out in open source. But the role expanded for me
a little over a year and a half ago when the opportunity came up to lead GitHub engineering
all up as well and bring those two teams together. And I think it's been very consistent
with a thesis that we have, which is security really does start with the developer. And we hear things like build security
in, not bolting it on, or we hear things about starting with security. And really what we're
saying there is we want to make it easy for developers who are building the technology
that's part of our daily lives to be secure at the furthest point left in the life cycle.
secure at the furthest point left in the lifecycle?
Well, for the CISOs, the chief security officers, the security leaders listening in, the engineering leaders who listen to the podcast, I think most will agree with everything you said.
There's also this huge need to improve the software development lifecycle to ensure that
software and code is secure from the very start.
So the leaders I talk to get often tripped up on the how.
They ask me questions like, how do
I maintain the productivity of my engineers while enabling them to build more secure software? Or
how do I skill or upskill the devs that were not trained in security? I'm curious about what mental
models that you use when you think about these challenges, what strategies you've put in place,
how do you recommend security and engineering leaders think about it, and how do you think AI is going to change all of that?
Yeah, I would start by saying, first off, I think as a security leader, when you have to wrestle with some of these hard questions,
the most important thing to remember is that you're running security, but you're really one of the company operators, first and foremost. And you're trying to figure out how do I employ the resources,
the authority, the remit, the mandate that I have as the person who's responsible for security
in such a way where it serves the business's objectives, which includes risk management and
not having a bad time from a security perspective. But it also includes shipping products. It
includes closing the books and finance on time. It includes making sure that people can access
HR systems when they need to. And that I
would basically summarize as you want to shift the thinking of the security team and function from
being the department of no to the department of yes and. And anytime somebody comes to me and says,
hey, we want to do this, like we think this is important to let's just say it's the finance team.
I find that when you start a conversation with yes and, and the and is followed by, how can we do that safely? How can we do that
in such a way where it protects customer information? How do we make sure that's consistent
with our security and compliance needs as a company? How do we do that while protecting our
employees and our intellectual property? The conversation is very different from when you
just say no. In fact, often when you say no, that's a conversation killer,
not a conversation starter.
And it gives you, I think, as a security leader,
an opportunity to learn more
about what the business is trying to accomplish.
And I think when you have that mindset
and you're trusting your counterparts
and your peers in other parts of the organization,
that they know what's best for finance,
for marketing, for sales.
And you can bring your expertise to bear on security
to meet them in the middle and find a solution that works for sales. And you can bring your expertise to bear on security to meet them in the middle
and find a solution that works for everybody.
Be sure to check out the Afternoon Cyber Tea podcast
right here on the N2K Cyber Wire podcast network
or wherever you get your podcasts. Thank you. thrilled to partner with ThreatLocker, a cybersecurity solution trusted by businesses worldwide. ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data, and ensuring your organization
runs smoothly and securely. Visit ThreatLocker.com today to see how a default deny approach can keep
your company safe and compliant.
With TD Direct Investing, new and existing clients could get 1% cash back.
Great. That's 1% closer to being part of the 1%.
Great. That's 1% closer to being part of the 1%.
Maybe, but definitely 100% closer to getting 1% cash back with TD Direct Investing.
Conditions apply. Offer ends January 31st, 2025. Visit td.com slash dioffer to learn more. And finally, last week, the Most Inspiring Women in Cyber Awards for 2024
were held at BT Tower in London, honoring 20 women for their contributions to cybersecurity.
Organized by Ascensi PR and sponsored by companies like BT and Think
Cybersecurity Limited, the event recognized achievements in closing the gender gap and
mentoring in the sector. The ceremony, celebrated globally and live-streamed, also acknowledged five
ones to watch and a Cyber Marketer of the Year. Over 100 candidates were evaluated by an esteemed panel of
judges from the industry. The awards underscored the importance of diversity and inclusion for
effective cybersecurity, with speakers highlighting the role of women's achievements and the need for
continued support and visibility for women at all career stages. The event was lauded as a significant industry moment
to champion women in cybersecurity. Bravo to all the winners.
And that's The Cyber Wire. For links to all of today's stories, check out our daily briefing
at thecyberwire.com.
Don't forget to check out the Grumpy Old Geeks podcast,
where I contribute to a regular segment on Jason and Brian's show every week.
You can find Grumpy Old Geeks where all the fine podcasts are listed.
We'd love to know what you think of this podcast.
You can email us at cyberwire at n2k.com. We're privileged that N2K and podcasts like The Cyber Wire
are part of the daily intelligence routine
of many of the most influential leaders and operators
in the public and private sector,
as well as the critical security teams
supporting the Fortune 500
and many of the world's preeminent intelligence
and law enforcement agencies.
N2K Strategic Workforce Intelligence optimizes the
value of your biggest investment, your people. We make you smarter about your team while making
your team smarter. Learn more at n2k.com. This episode was produced by Liz Stokes.
Our mixer is Trey Hester with original music by Elliot Peltzman.
Our executive producers are Jennifer Iben and Brandon Karp.
Our executive editor is Peter Kilby, and I'm Dave Bittner.
Thanks for listening. We'll see you back here tomorrow. Thank you. not only ambitious, but also practical and adaptable. That's where Domo's AI and data
products platform comes in. With Domo, you can channel AI and data into innovative uses that
deliver measurable impact. Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy. Learn more at ai.domo.com. That's ai.domo.com.