Cyberattack causes a code red on US healthcare.

The US healthcare sector struggles to recover from a cyberattack. Russia listens in via Webex. The former head of NCSC calls for a ransomware payment ban. An Indian content farm mimics legitimate online news sites. The FTC reminds landlords that algorithmic price fixing is illegal. FCC employees are targeted by a phishing campaign. Experts weigh in on NIST’s updated cybersecurity framework. Police shut down the largest German-speaking cybercrime market. Guest Mike Hanley, Chief Security Officer and the Senior Vice President of Engineering at GitHub, shares insights with Ann Johnson of Afternoon Cyber Tea. And celebrating the most inspiring women in cyber. 

Today is March 4th, 2024. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

The US healthcare sector is still recovering from a cyberattack. 

The cybersecurity incident that struck Change Healthcare on February 21 has sent shockwaves through the U.S. healthcare system. As a subsidiary of the conglomerate UnitedHealth Group, Change Healthcare occupies a linchpin position in the healthcare sector, processing over 15 billion claims annually for services worth in excess of $1.5 trillion. The company's role as the principal electronic clearinghouse connects a wide array of healthcare providers with insurance firms, facilitating the payment process for medical services rendered and determining patient liabilities.

This cyberattack, characterized by officials as one of the most consequential in U.S. healthcare history, has exposed a critical vulnerability within the system. The disruption has precipitated a cascade of operational challenges for healthcare entities reliant on Change Healthcare's services. Hospitals, pharmacies, and millions of patients have found themselves grappling with the immediate repercussions of halted healthcare claims processing and payment flows.

In response to the unfolding crisis, Senate Majority Leader Charles E. Schumer has intervened, advocating for the Centers for Medicare and Medicaid Services to expedite payments to the affected healthcare providers. 

The cyberattack was executed by the Black Cat ransomware gang and involved the theft of patient data and the encryption of company files, with a ransom demanded for their release. Change Healthcare's response included shutting down most of its network to contain the breach and initiate recovery efforts. The full impact of the attack is still unfolding, with the severity varying across different healthcare organizations based on their reliance on the compromised systems.

Efforts to mitigate the impact have included the establishment of temporary financial assistance programs and manual processing of claims. However, these measures are seen as stopgaps rather than solutions, highlighting the broader challenges of cybersecurity resilience within the healthcare sector. This incident serves as a stark reminder of the vulnerabilities inherent in centralized digital healthcare infrastructures and the necessity for robust cybersecurity measures to safeguard against such attacks in the future.

Russia listens in via Webex.

Russia has exploited vulnerabilities in Germany's communication security, using an intercepted conversation from Webex, to stir divisions within Germany over its support for Ukraine. The 38-minute discussion involved Bundeswehr officials, including the head of the German air force, deliberating on supplying Ukraine with Taurus cruise missiles, a proposal that is not without controversy in Germany. The leak, orchestrated by RT editor and sanctioned propagandist Margarita Simonyan, exposes the security lapses in using non-secure platforms for sensitive military communications. Germany's defense ministry acknowledges the interception but questions the authenticity of the circulated content. 

The former head of NCSC calls for a ransomware payment ban. 

In an article in The Times UK, former chief executive of GCHQ’s National Cyber Security Centre Ciaran Martin calls for an outright international ban on ransomware payments. Martin criticizes the UK's lenient stance on ransomware, contrasting it with the strict no-ransom policies for terrorism by British and American leaders. The article argues against the fear of increased underground activities post-ban, citing successful suppression of leaked data by law enforcement in the Medibank hack. It suggests that while governments can leverage state resources to combat ransomware, private entities lack such capacities, necessitating a supportive framework for victims before implementing a ban. The piece concludes by emphasizing the urgency of addressing ransomware, which Martin says is the most significant cyber-threat to businesses.

An Indian content farm mimics legitimate online news sites.

BleepingComputer has uncovered a content farm in India operating over 60 domains mimicking reputable media outlets like the BBC, CNN, and Forbes, without proper attribution. These copycat sites are part of a scheme to bolster SEO for online gambling and sell expensive advertorial slots under the guise of legitimate media. They repost articles verbatim from credible sources. The operation also spams forums to enhance SEO and offers advertorial placements for up to $1000. Despite maintaining a facade of legitimacy through Google News registration and social media presence, the network's activities raise concerns over potential misuse for spreading disinformation. The operation has been linked to a gambling company.

The FTC reminds landlords that algorithmic price fixing is illegal. 

With rent prices soaring since 2020, particularly for lower-income consumers, the use of pricing software by landlords to set rent for millions of apartments has raised concerns over potential collusion and market manipulation. The FTC and the Department of Justice have taken a stance against algorithmic collusion, specifically in the residential housing market, emphasizing that using algorithms for price fixing is still illegal. Their joint legal brief clarifies that antitrust laws apply to algorithmic pricing strategies just as they would to traditional forms of price fixing. The agencies highlight that agreements to use such algorithms for pricing, even with some discretion retained by parties or instances of non-compliance, are unlawful. The brief warns businesses across all sectors that employing algorithms for collusive practices is illegal and under scrutiny by federal agencies, aiming to protect consumers and ensure fair competition.

FCC employees are targeted by a phishing campaign. 

Cybersecurity firm Lookout has detected a sophisticated phishing attack targeting FCC employees and users of cryptocurrency platforms, utilizing a novel phishing kit to mimic single sign-on pages and deceive victims into disclosing login details. The attack involves emails, SMS, and voice phishing to trick individuals into providing sensitive information like passwords, MFA tokens, and photo IDs. The phishing kit, capable of impersonating brands such as Binance and Coinbase, has successfully compromised over 100 victims, mainly in the U.S., by creating fake websites that closely resemble legitimate services. Lookout suggests the campaign might be conducted by a group distinct from, but inspired by, the known threat actor Scattered Spider.

Experts weigh in on NIST’s updated cybersecurity framework.

Following the release of NIST's Cybersecurity Framework (CSF) 2.0, SecurityWeek gathered feedback from industry experts, who recognize its advancements while highlighting areas needing further development. Experts appreciate the inclusion of 'govern' as a new pillar, emphasizing the importance of governance in cybersecurity risk management. They commend CSF 2.0 for broadening its applicability across different organization sizes and sectors, particularly noting its alignment with the growing challenges of third-party risk management. However, they also point out gaps such as the need for more focus on risk transfer mechanisms and cyber risk quantification to facilitate comprehensive risk management strategies. Some feedback calls for a stronger emphasis on emerging technologies like GenAI and a more nuanced approach to address the complexities of modern cyber environments, including hybrid work and the use of SaaS applications. While acknowledging the framework's progress, experts suggest that NIST could further refine CSF by incorporating detailed guidance on managing supply chain cyber risk and enhancing the framework's adaptability to evolving cybersecurity landscapes.

Police shut down the largest German-speaking cybercrime market.

The Düsseldorf Police in Germany dismantled Crimemarket, the largest German-speaking cybercrime market, arresting six individuals, including one key operator. The platform, with over 180,000 users, facilitated illegal trade in drugs, narcotics, and cybercrime services, alongside offering crime-related tutorials. This crackdown involved executing 102 search warrants across Germany and seizing evidence like cell phones, IT devices, narcotics, and almost 600,000 euros in cash and assets. The operation, which began showing effects earlier in the week with users reporting login issues, was part of a Europe-wide coordinated effort to target both the operators and users of Crimemarket. Despite the site's homepage remaining online, a seizure notice now appears on other pages, indicating law enforcement's long-term monitoring and data confiscation efforts.

 

Coming up next is an excerpt of Ann Johnson’s discussion with Mike Hanley, CSO and the Senior VP of Engineering at GitHub, from Ann’s podcast Afternoon Cyber Tea.

 

Celebrating the most inspiring women in cyber. 

And finally, last week the The Most Inspiring Women in Cyber Awards 2024 were held at BT Tower in London, honoring 20 women for their contributions to cybersecurity. Organized by Eskenzi PR and sponsored by companies like BT and Think Cyber Security Ltd, the event recognized achievements in closing the gender gap and mentoring in the sector. The ceremony, celebrated globally and live-streamed, also acknowledged five 'Ones to Watch' and a Cyber Marketeer of the Year. Over 100 candidates were evaluated by an esteemed panel of judges from the industry. The awards underscored the importance of diversity and inclusion for effective cybersecurity, with speakers highlighting the role of women's achievements and the need for continued support and visibility for women at all career stages. The event was lauded as a significant industry moment to champion women in cybersecurity.

Bravo to all the winners.

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

We’d love to know what you think of this podcast. You can email us at cyberwire@n2k.com—your feedback helps us ensure we’re delivering the information and insights that help keep you a step ahead in the rapidly changing world of cybersecurity.

We’re privileged that N2K and podcasts like the CyberWire are part of the daily intelligence routine of many of the most influential leaders and operators in the public and private sector, as well as the critical security teams supporting the Fortune 500 and many of the world’s preeminent intelligence and law enforcement agencies.

N2K strategic workforce intelligence optimizes the value of your biggest investment—people. We make you smarter about your team, while making your team smarter. Learn more at n2k.com.

 

This episode was produced by Liz Stokes. Our mixer is Tré Hester, with original music by Elliott Peltzman. Our executive producers are Jennifer Eiben and Brandon Karpf. Our executive editor is Peter Kilpe, and I’m Dave Bittner. Thanks for listening.