The World of Cyber Security: A Month In Retrospect - August

August has been a tumultuous month in the cybersecurity landscape. From pivotal strategies unveiled by global cybersecurity agencies to rising cyber threats, this period has been both revealing and unsettling. Here, we discuss the highs and lows of the month, focusing on the challenges faced by the cyber industry in the UK, Europe, USA, and Australia.

‍

‍

Quick, Compassionate Support Promised for Cyberattack Victims by Australian Cyber Security Centre

‍

‍

Abigail Bradshaw, the head of the Australian Cyber Security Centre (ACSC), has committed to providing fast and empathetic support for firms and public agencies that fall victim to cyberattacks. Bradshaw clarified that the ACSC is not a regulatory body; its primary mission is to minimise harm.

‍

Companies and public organisations concerned about cyber breaches can expect immediate help aimed at mitigating customer impact. Bradshaw encouraged key infrastructure entities to participate in a threat intelligence sharing platform and urged small-to-medium businesses to join ACSC's partnership program, which currently boasts 140,000 members. This program is dedicated to enhancing cybersecurity defences and best practices.

‍

"Anyone reaching out for help can expect a 24/7 response that is both discrete and compassionate, with the primary goal of harm reduction," Ms. Bradshaw went on to say. “We are not a regulator, so the primary purpose for the Australian Cyber Security Centre’s assistance is harm minimisation….” she reaffirmed.

‍

This support strategy aligns with the government's broader approach to bolstering national resilience, as outlined in the recent Defence Strategic Review. The Signals Directorate and the ACSC are now collaboratively offering coordinated cyber assistance to civil and defence agencies alike.

‍

‍

Health Authorities Alert Sector of Double-Extortion Threats from Emerging Rhysida Group in UK and Australia

‍

The Health Sector Cybersecurity Coordination Centre, under the Department of Health and Human Services, has issued an urgent alert warning about a new threat targeting healthcare and public health organisations in the UK and Australia. The culprit is Rhysida, a nascent ransomware-as-a-service (RaaS) group that emerged in May 2023.

‍

Rhysida employs a double-extortion strategy, using phishing campaigns and Cobalt Strike techniques to infiltrate networks and deploy ransomware. If ransom demands are not met, the group threatens to publicly release the stolen data. Despite being in its early stages, as evidenced by its rudimentary features and the program name Rhysida-0.1, the group has already targeted multiple sectors, including education, government, manufacturing, technology, and managed services. It has now extended its focus to healthcare and public health organisations.

‍

Hospital providers  have been among the recent targets, prompting warnings for increased vigilance in network security measures. Rhysida leaves ransom notes in the form of PDF documents on affected drives, revealing clues about the types of systems it aims for—those capable of handling PDF documents. These notes instruct victims to pay the ransom in Bitcoin via the group's portal.

‍

Victims are spread across several countries, encompassing Western Europe, North and South America, and Australia, making Rhysida a rapidly growing global threat.

‍

‍

CISA Unveils a 3 year Comprehensive Cybersecurity Strategy

‍

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has unveiled a comprehensive three-year strategic plan, marking a significant milestone since its establishment in 2018. The plan focuses on three core pillars: addressing immediate threats, fortifying the cyber terrain, and scaling security. This strategic approach aims to provide a structured framework for enhancing cybersecurity across various sectors.

CISA's newly revealed three-year strategic plan underscores the agency's commitment to safeguarding national cybersecurity and critical infrastructure. 

‍

‍

With a focus on collaborative risk reduction, resilience building, and information sharing, this plan seeks to strengthen the nation's cybersecurity posture. Here are the key highlights of CISA's strategic vision:

‍

1. Spearheading National Cyber Defense:

• CISA will lead the charge in defending cyberspace and critical infrastructure.
• The agency aims to protect against cyber threats targeting critical infrastructure, government entities, the private sector, and the public.
• Emphasis on proactive risk reduction and mitigation of significant cyber risks to the country's National Critical Functions.

‍

2. Enhancing Critical Infrastructure Resilience:

• CISA is dedicated to reducing risks and bolstering the resilience of America's critical infrastructure.
• The focus is on preparing critical infrastructure to adapt to changing conditions and swiftly recover from disruptions.
• A national effort is underway to identify vulnerable systems, assess their criticality, and manage and mitigate risks effectively.
• CISA collaborates with critical infrastructure owners and operators to enhance security against cyberattacks and physical threats.

‍

3. Promoting Operational Collaboration and Information Sharing:

• Collaboration and partnership lie at the heart of CISA's mission.
• The agency is actively challenging conventional approaches and working closely with government, industry, academic, and international partners.
• The goal is to foster forward-leaning, action-oriented collaboration, and to strengthen the agency's regional presence for more effective stakeholder support.

‍

4. Unifying as One CISA:

• CISA's success hinges on a unified approach, integration of functions, capabilities, and a dedicated workforce.
• Building a culture of excellence based on core values, teamwork, innovation, inclusion, ownership, empowerment, transparency, and trust.
• A commitment to operating efficiently and cost-effectively as a unified team.

‍

CISA's three-year strategic plan reflects a holistic approach to cybersecurity, emphasising preparedness, resilience, collaboration, and unity in the face of evolving cyber threats and challenges.

‍‍‍

‍

Routine Vulnerabilities: The 'Dirty Dozen'‍

‍

The Five Eyes intelligence alliance released the 'Dirty Dozen' list, revealing the top vulnerabilities of 2022. Shockingly, many are recurring issues from previous years. Entities globally must do better in patching these known vulnerabilities to avoid being low-hanging fruit for cybercriminals.

The Five Eyes intelligence alliance, comprising the US, UK, Australia, Canada, and New Zealand, has provided an important resource for cybersecurity professionals: a list of the 12 most exploited vulnerabilities of 2022. The collaboration between these countries emphasises the global nature of the cybersecurity challenge.

‍

According to the US Cybersecurity and Infrastructure Security Agency (CISA), cyber attackers in 2022 mainly targeted older software vulnerabilities, particularly unpatched, internet-facing systems. This points to a concerning trend where many organisations overlook the importance of patching older vulnerabilities, even when new ones emerge.

‍

According to NCSC advisory, posted on the 3rd of August, the UK and allies reaffirmed, more than half of the top vulnerabilities listed for 2022 also appeared on the previous year’s list, highlighting how malicious cyber actors continued targeting previously disclosed flaws in internet-facing systems – despite security updates being available to fix them. 

‍

Some vulnerabilities highlighted include:

• Fortinet SSL VPNs: This vulnerability has been known since 2018 and can be exploited through a path traversal bug to control system files. Its persistent exploitation indicates organisations' lax attitude toward timely patching.
• Zoho ManageEngine ADSelfService Plus: Chinese hackers utilised an RCE vulnerability in this software in late 2021. Despite the release of a patch in September that year, it remains a favourite among attackers.
• Atlassian's Confluence Server and Data Center: Another software with a RCE vulnerability from 2021 that's still widely exploited.
• Log4Shell: The Apache Log4j exploit from 2021 that had a global impact is still a prevalent method used by criminals to breach secure systems.

‍

Assessing Ongoing Cybersecurity Challenges: The Resilience Needed in a Persistent State of Volatility

The realm of cybersecurity continues to grapple with unrelenting volatility, even as August's headlines shed light on the present landscape. These news reports not only offer a snapshot of current vulnerabilities and adversities but also serve as a stark reminder that uncertainty remains high. In the face of this persistent turbulence, it is evident that companies, policymakers, and cybersecurity professionals must prioritise resilience and adaptability as they navigate the evolving landscape.