DarkReading.com reported that “New guidance expands the frame to consider organizations beyond critical infrastructure; it also addresses governance and supply chain cybersecurity.”  The February

 26, 2024 Report entitled “NIST Releases Cybersecurity Framework 2.0” (https://www.darkreading.com/ics-ot-security/nist-releases-cybersecurity-framework-2-0) which included these comments:

The new framework builds on its long-standing, cyber-risk-reducing recommendations to include the concerns of organizations outside of its initial focus on critical infrastructure.

NIST released its first CSF in 2014, at the direction of a presidential executive order to help organizations, specifically critical infrastructure, mitigate cybersecurity risk. The CSF 2.0 builds on the existing five basic functions (Identify, Protect, Detect, Respond, and Recover) and has been updated to include a sixth, Govern. NIST’s CSF 2.0 also addresses supply chain risks.

“Developed by working closely with stakeholders and reflecting the most recent cybersecurity challenges and management practices, this update aims to make the framework even more relevant to a wider swath of users in the United States and abroad,” according to a statement from Kevin Stine, chief of NIST’s Applied Cybersecurity Division.

NIST noted CSF 2.0 includes a reference tool cybersecurity teams can use to gather guidance data, as well as a searchable catalog, and a wide offering of references to help organizations of all sizes and sophistication levels implement the new framework.

Good news for the US government and vendors regulated by NIST!

First published at https://www.vogelitlaw.com/blog/good-news-nist-releases-cybersecurity-framework-20

SCMagazine.com reported that “The U.S. government has been focused on protecting critical infrastructure this week with a push by CISA, the EPA and FBI to educate the water and wastewater systems sector on how to better secure their facilities from cyberattacks – and the Feb. 21 Biden administration executive order (EO) to further bolster the maritime sector and offer improved security requirements for the nation’s ports.”  The February 22, 2024 report entitled “US sounds cybersecurity alarm over water systems in latest wave of China-linked warnings” (https://www.scmagazine.com/news/us-offensive-to-protect-critical-infrastructure-points-to-growing-cyber-conflict-with-china) included these comments:

All of this comes in the wake of Thursday’s news that at least 500 documents posted on GitHub last week exposed that a Chinese hacking group linked to Beijing – i-SOON – has launched attacks over the past decade on at least 14 governments worldwide as well as critical infrastructure.

“The I-Soon leaks show a company competing for low-value contracts coming from many parts of China’s government to conduct hacking campaigns,” said Dakota Cary, strategic advisory consultant at SentinelOne, who co-authored a Feb. 21 blog on i-SOON with Aleksandar Milenkoski. “The price point of these operations, like hacking into the Vietnamese Ministry of the Economy for $55,000, suggests a mature hack-for-hire market in China. As FBI Director Christopher Wray has testified to the number of hackers China’s government employs in comparison to the U.S., we can now see the evidence of their maturity in the fees on offer to hackers.”

Anyone surprised? I doubt it!

First published at https://www.vogelitlaw.com/blog/china-cyber-threat-to-us-water-systems


CIO.com reported that “After years of marching to the cloud migration drumbeat, CIOs are increasingly becoming circumspect about the cloud-first mantra, catching on to the need to turn some workloads away from the public cloud to platforms where they will run more productively, more efficiently, and cheaper.”  The February 27, 2024 report entitled ” CIOs rethink all-in cloud strategies” (https://www.cio.com/article/1309572/cios-rethink-all-in-cloud-strategies.html) Included these comments from David Linthicum (former chief cloud strategy officer at Deloitte):

…many enterprise CIOs who got caught up in the race to the cloud are now fixing their “misadventures” by seeking out the ideal platforms for various applications — whether that is in a private cloud, on an industry cloud, within their own data centers, through a managed service provider, on the edge, or orchestrated in a multicloud architecture…

And these comments from John Musser (senior director of engineering for Ford Pro at Ford Motor Co.) whose team found it more cost effective to run some workloads on a high-performance computing (HPC) cluster in the company’s data center than on the cloud:

It’s a form of rightsizing, trying to balance around cost effectiveness, capability, regulation, and privacy,…Even though we’ll often do it in the cloud, doesn’t mean we should always do it in the cloud.

It’s about time since Cloud has taken over TOO MUCH!

First published at https://www.vogelitlaw.com/blog/finally-cios-have-realized-that-cloud-computing-has-been-oversold-and-are-ready-to-move-back-to-on-prem


SCMagazine.com reported that “A multinational operation involving law enforcement agencies from 11 countries has struck a decisive blow to the LockBit group, the world’s most prolific ransomware-as-a-service (RaaS) gang. A taskforce of 17 agencies including the FBI, the UK’s National Crime Agency (NCA), and Europol took control of key LockBit infrastructure including numerous dark web websites.”  The February 20, 2024 report entitled “LockBit gang hobbled by international takedown” (http://tinyurl.com/44dd7n3c) included these comments:

 The takedown of the Russian-speaking gang’s operations is the latest in a growing number of actions that have disrupted cybercriminal groups’ activities over recent months.

An FBI official told Bloomberg law enforcement from 11 different countries took part in the operation, which seized 11,000 domains used by LockBit and its ransomware affiliates. The operation, which disrupted LockBit’s infrastructure and targeted its malware deployment system, took place over recent days, the official said.

An NCA spokesperson confirmed LockBit’s operations had been “disrupted as a result of international law enforcement action”.

As a result of the takedown, several LockBit dark web websites were displaying messages indicating they were under NCA control, following the actions of an international taskforce called “Operation Cronos”.

Wonderful news for the king of RaaS!!

First published at https://www.vogelitlaw.com/blog/lockbit-the-most-prolific-raas-ransomeware-as-a-service-struck-by-11-counties


SCMagazine.com reported that Department of Justice Press Release (http://tinyurl.com/26zn8wbt) that “A January 2024 court-authorized operation has neutralized a network of hundreds of small office/home office (SOHO) routers that GRU Military Unit 26165, also known as APT 28, Sofacy Group, Forest Blizzard, Pawn Storm, Fancy Bear, and Sednit, used to conceal and otherwise enable a variety of crimes.”  The February 16, 2024 report in SCMagazine.com entitled “Feds remove Ubiquiti router botnet used by Russian intelligence” (http://tinyurl.com/5b7tuuwa) included these comments from said Deputy Attorney General Lisa Monaco:

For the second time in two months, we’ve disrupted state-sponsored hackers from launching cyber-attacks behind the cover of compromised U.S. routers,

The article also included these comments:

In the wake of the earlier Volt Typhoon botnet takedown, the Cybersecurity and Infrastructure Security Agency (CISA), prepared together with the FBI, published guidance on security design improvements for SOHO device manufacturers. The guidance urged manufacturers to build security into the design, development, and maintenance of SOHO routers to prevent threat groups from compromising them and using them as a launching pad to attack critical infrastructure.

I am sure no one is surprised by this news!

First published at https://www.vogelitlaw.com/blog/small-officehome-office-soho-routers-which-have-been-part-of-a-russian-large-credential-harvesting-has-been-dismantled-by-the-fbi


CNN.com reported that “A finance worker at a multinational firm was tricked into paying out $25 million to fraudsters using deepfake technology to pose as the company’s chief financial officer in a video conference call, according to Hong Kong police.”  The February 4, 2024 article entitled “Finance worker pays out $25 million after video call with deepfake ‘chief financial officer’” (https://www.cnn.com/2024/02/04/asia/deepfake-cfo-scam-hong-kong-intl-hnk?cid=ios_app” included these comments:

The elaborate scam saw the worker duped into attending a video call with what he thought were several other members of staff, but all of whom were in fact deepfake recreations, Hong Kong police said at a briefing on Friday.

“(In the) multi-person video conference, it turns out that everyone [he saw] was fake,” senior superintendent Baron Chan Shun-ching told the city’s public broadcaster RTHK.

Chan said the worker had grown suspicious after he received a message that was purportedly from the company’s UK-based chief financial officer. Initially, the worker suspected it was a phishing email, as it talked of the need for a secret transaction to be carried out.

However, the worker put aside his early doubts after the video call because other people in attendance had looked and sounded just like colleagues he recognized, Chan said.

Believing everyone else on the call was real, the worker agreed to remit a total of $200 million Hong Kong dollars – about $25.6 million, the police officer added.

Anyone surprised? Haha!

First published at https://www.vogelitlaw.com/blog/ai-helped-create-deepfake-cfo-for-25million-bec


Computerworld reported that “Apple is planning its first AI acquisition for 2024, a German firm called brighter AI, according to an online news report.” The February 5, 2024 article entitled “Apple has eye on building bigger genAI data sets” (http://tinyurl.com/bde7fxau) and included these comments:

Apple is beginning to act on its generative AI (genAI) plans. Machine vision intelligence at scale generates huge quantities of data. Not all of that data should exist, so how does one ensure the information that is being used and conceivably stored is appropriate, of good quality, and legitimate?

Not only this, but how can a company use public sourced video data to train machine intelligence models without breaching privacy law? Apple has an idea for this. It’s allegedly preparing to acquire brighter AI, according to 9to5Mac.

The German firm, recently called “Europe’s hottest AI start-up,” describes itself as generative AI for privacy.”

Based on deep learning tech, the company’s solutions anonymize images and videos to help companies meet data protection regulations. This goes a little deeper than you think. Apple already has its own tech for tasks like deleting people and car registration data from images in Maps.

Interesting, what do you think?

First published https://www.vogelitlaw.com/blog/who-is-surprised-that-apple-plans-to-build-bigger-genai-data-sets


HealthcareInfoSecurity.com reported that “The Federal Trade Commission is the latest regulatory agency taking action against fundraising and customer relationship management software provider Blackbaud in the aftermath of a 2020 ransomware incident that compromised the data of tens of thousands of clients and millions of consumers.” The February 1, 2024 report entitled ” FTC Blasts Blackbaud’s ‘Shoddy’ Practices in Ransomware Hack” (http://tinyurl.com/4d3vps7f) included these comments from Samuel Levine (director of the FTC’s Bureau of Consumer Protection):

Blackbaud’s shoddy security and data retention practices allowed a hacker to obtain sensitive personal data about millions of consumers,…

Companies have a responsibility to secure data they maintain and to delete data they no longer need.

And these comments:

The FTC’s complaint against the company says that on Feb. 7, 2020, an attacker gained access to Blackbaud’s self-hosted legacy product databases and remained undetected for over three months, until May 20, 2020, when a member of the firm’s engineering team identified a suspicious login on a backup server.

By using a Blackbaud customer’s login and password to access the customer’s Blackbaud-hosted database, the attacker was able to freely move across multiple Blackbaud-hosted environments by compromising existing vulnerabilities and local administrator accounts, subsequently creating new administrator accounts, the FTC said.

The hacker exfiltrated “massive amounts” of consumer data belonging to Blackbaud’s customers, including millions of consumers’ unencrypted personal information, such as full name, age, birthdate, Social Security number, home address, phone number, email address and financial information – including bank account information, estimated wealth and identified assets, the FTC said.

Medical information was also compromised in the hack, including patient and medical record identifiers, treating physician names, health insurance information, medical visit dates, reasons for seeking medical treatment, gender, religious beliefs, marital status, spouse names, spouses’ donation history, employment information – including salary, educational information and account credentials, the FTC said.

Interesting story!

First published https://www.vogelitlaw.com/blog/ftc-not-happy-about-blackbauds-shoddy-practices-in-ransomware-hack


SCMagazine.com reported that “The healthcare sector increasingly relies on interconnected information systems. This digital transformation opens new security gaps and makes the industry a prime target for cybercrime.” The January 26, 2024 report entitled ” Here’s how AI can enhance cybersecurity in healthcare” (http://tinyurl.com/5yft8s39) included these points on “How AI can lend a hand” :

When working in concert with conventional defenses, AI can make the pendulum swing toward safety. It offers the following ways to improve cybersecurity in healthcare, as well as many other sectors:

*Advanced threat detection: Machine learning algorithms have an unparalleled capacity to analyze network traffic, user behavior, and system logs in real time. AI-powered endpoint protection systems can monitor individual medical devices, even those offline, for suspicious activity. This helps identify subtle deviations from the norm, pinpoint zero-day attacks, and minimize response times.

*Predictive security: AI models analyze historical data to foresee vulnerabilities and prioritize security measures. The technology can also leverage external threat intelligence feeds to learn about emerging attack vectors and adapt its defenses accordingly. Industry-specific risk simulation and modeling help optimize protections based on likely attack scenarios. All of this lets healthcare organizations proactively address potential threats before they materialize.

*Automated responses: AI can automatically initiate defense mechanisms, such as isolating infected systems, blocking suspicious traffic, or rolling back unauthorized changes. It can also dynamically adjust firewall rules based on real-time threat intel and suspicious activity. This keeps damage down and reduces the need for human intervention. Setting up decoy systems and honeypots to lure and trap bad actors is another area where AI excels.

*Continuous monitoring and adaptation: AI systems can learn from successful attacks and near misses, continuously improving their threat detection and response capabilities over time. Their algorithms adapt to new attack patterns and changing environments without the need for manual intervention. This ensures consistent vigilance and responsiveness.:

 What do you think about using AI in Healthcare Cybersecurity?

First published at https://www.vogelitlaw.com/blog/healthcare-cybersecurity-can-be-enhanced-with-ai


NOT A SURPRISE SINCE 95% OF ALL LAWSUITS SETTLE that Computerworld.com reported that “While details of the settlement have not been disclosed, Google’s lawyers, reportedly, maintain that the internet giant did not violate Bates or Singular’s patents in any manner.”  The January 25, 2024 article entitled “Google settles $1.7 billion lawsuit over AI chips patent” (http://tinyurl.com/yp3znddh) included these comments about the AI Chip market:

The worldwide AI chip market size, according to xResearch, was valued at $14.9 billion in 2022 and is predicted to grow at a compound annual rate of growth (CAGR) of 40.5% to touch $227.6 billion by 2030.

The AI chip market is currently dominated by Nvidia but has also been investment from chip giants Intel and AMD.

Interesting update on AI chips!