Cyber Briefing ~ 07/17/2024
McCrary Institute
Working to protect and advance U.S. interests in the areas of cyber and critical infrastructure security.
This news segment provides an in-depth look at the cyber insurance market, its history, and its growing importance in addressing the evolving cyber threat landscape. The discussion explores how cyber insurance covers a range of costs associated with cyber incidents, from incident response and business interruption to litigation. It also delves into the unique challenges posed by cyber risks, such as the potential for nation-state attacks and the impact on critical infrastructure, which may exceed the insurance industry's capacity to cover. The conversation examines the potential need for a federal framework similar to the Terrorism Risk Insurance Act (TRIA) to serve as a backstop for catastrophic cyber events. The summary highlights the importance of proactive planning and the need for a collaborative approach between industry and government to build national cyber resilience. The discussion emphasizes the insurance industry's role in setting security standards, incentivizing risk management, and providing valuable data and insights to inform policymaking. Overall, the segment underscores the growing significance of cyber insurance in the broader effort to mitigate and respond to the increasing cyber risks facing businesses and the nation.
UnitedHealth has raised its full-year outlook for cyberattack impacts to between $2.3 billion and $2.45 billion due to the ongoing effects of the cyberattack on its subsidiary, Change Healthcare. The attack, one of the worst to hit the US healthcare sector, has led to a decrease in profit and has affected the information of an estimated one-third of Americans.
AT&T is facing a proposed class action lawsuit in Texas after hackers stole six months' worth of mobile phone customer data, compromising personally identifiable information. The lawsuit alleges negligence and unjust enrichment by AT&T for failing to protect consumer data adequately. The company paid hackers around $400,000 to delete the stolen data. The Federal Communications Commission is currently investigating the breach.
A database called RockYou2024 containing nearly 10 billion unique plaintext passwords was leaked online, making it the most extensive password compilation ever. Researchers warn that this massive trove of leaked credentials significantly raises the risk of credential stuffing and other cyber attacks. They advise resetting exposed passwords, enabling multi-factor authentication, and using password managers.
The Florida Center for Cybersecurity, known as Cyber Florida, is taking action to address the increasing number of cyber attacks in the state. Cyber Florida aims to raise awareness through research and outreach initiatives and provide resources, education, and training to individuals, businesses, and critical infrastructure to enhance cyber awareness. The recent cyber attacks on the Florida Department of Health and the Florida Department of Juvenile Justice highlight the need for improved cybersecurity measures. Cyber Florida was established in 2014 by the Florida State Legislature to make Florida a national leader in cybersecurity education.
UnitedHealth Group forecasts a more significant impact on earnings this year due to the February hack at its tech unit. The company expects a 30-cent higher hit to full-year adjusted profit, attributed to the loan program for affected healthcare providers and the costs of notifying customers about the potential data breach. The hack affected the Change Healthcare unit and disrupted services and payments to doctors and healthcare facilities. UnitedHealth has restored most affected services but maintains its full-year adjusted profit forecast.
Former President Donald Trump's allies are working on an executive order focused on AI that would initiate a series of "Manhattan Projects" to develop military technology and review regulations. The order aims to create industry-led agencies to evaluate AI models and strengthen systems against foreign adversaries, presenting a contrasting strategy to the Biden administration's approach. The GOP platform also includes repealing the Biden AI executive order, with Republicans advocating for AI development rooted in free speech and human flourishing.
The recent ransomware attack on CDK Global has raised questions about applying the Securities and Exchange Commission's (SEC) cybersecurity reporting rules. While some auto dealers affected by the breach notified the SEC, CDK's parent company, Brookfield Business Partners, does not believe the incident will have a material impact. The discrepancy highlights the ambiguity of the SEC rules regarding when companies must report cyber incidents. The definition of "material" is crucial, relying on the company's assessment of whether a reasonable investor would want to know about the incident. The CDK Global hack's downstream effects on the U.S. auto industry have further complicated the issue, leaving the boundaries of materiality and cyber incident reporting thresholds unsettled.
The Healthcare Cybersecurity Act, introduced by Senators Jacky Rosen, Todd Young, and Angus King, aims to improve cybersecurity in the healthcare sector by directing collaboration between the Cybersecurity and Infrastructure Security Agency and the HHS. The bill also proposes creating a special liaison within CISA to coordinate responses during cyberattacks in the industry.
Ransomware activity increased in the second quarter of 2021, with threat groups listing 1,237 organizations on data leak sites, marking a 20% jump from the previous quarter. U.S.-based businesses accounted for over half of the victims. The surge in May was mainly driven by the ransomware group LockBit, while a slower June resulted in a 13% decline in the total count of victims compared to the previous year. Ransomware groups exploit unpatched VPNs and remote desktop protocol tools or use social engineering campaigns to gain initial access to victim networks. The use of legitimate credentials obtained by infostealer malware is also rising. Despite disruptions to the ransomware-as-a-service ecosystem, ransomware activity is expected to continue increasing in the short term and reach peak levels by the end of 2024.
A study by the Linux Foundation and the Open Source Security Foundation revealed that almost one-third of software development professionals lack familiarity with secure software development practices. The report also found that 70% of professionals rely on on-the-job training to learn about incorporating security into their development practices, which typically takes five years of experience to achieve minimal knowledge. Challenges cited include lack of time, awareness, and training. This knowledge gap poses concerns as malicious hackers increasingly target critical vulnerabilities, prompting industry and federal officials to prioritize secure development practices in the software supply chain.
The recent cyberattack on Change Healthcare has potentially compromised the personal information of up to 1 in 3 Americans, leading to identity theft and fraud concerns. Attorneys general from several states have warned consumers to be vigilant and watch for suspicious activity. The lack of details and delayed notification from Change Healthcare has sparked frustration among cybersecurity experts and lawmakers. The extent of the compromised data is described as "bone-chilling," and the potential for various fraud schemes is a significant concern. Congress may explore ways to protect consumers and improve the notification process.
CDK Global, the software firm serving car dealerships in the US, has reportedly paid a $25 million ransom to hackers following a cyberattack. The payment was made in cryptocurrency to a ransomware group called BlackSuit. CDK has not publicly commented on the matter.
Recommended by LinkedIn
The US Poultry and Egg Association held its 2024 Financial Management Seminar, highlighting insights on cybersecurity issues, economic forecasts and leadership principles. Speakers stressed the cybersecurity threats to farms and potential legal issues from attacks. Mark Jordan of LEAP Market Analytics provided an economic update noting inflation cooling but still high, increased corn and soybean production, which should lower 2025 feed costs, and protein demand easing from pandemic levels but remaining elevated historically.
The cyberattack targeting CDK Global Inc, which handles the financial transaction side of car buying for over 15,000 car dealerships in the US, ended after CDK reportedly paid a $25 million ransom in bitcoin to the hackers behind the ransomware called BlackSuit. The attack had crippled car dealers for two weeks forcing them to revert to paper processes.
In the past year, nearly every Hong Kong company surveyed has experienced identity-related breaches, including phishing and deepfake attacks. The CyberArk report revealed that 98 out of 100 companies in Hong Kong admitted to facing such breaches, highlighting the city's ongoing vulnerability. Phishing attacks, including those utilizing deepfake technology, were the most prevalent. Adopting cloud services and artificial intelligence contributes to the increase in identity-related breaches. CyberArk emphasizes the need for a holistic cybersecurity strategy to secure human and machine identities.
Hacktivist group Nullbulge claims responsibility for leaking over a terabyte of data from Disney's internal messaging channels. They gained access via a compromised employee's computer. The leaked files contain conversations about software development, recruitment, and upcoming gaming collaborations. Nullbulge targeted Disney due to concerns about artist contracts and the company's use of AI. Disney is currently investigating the matter.
Google is in talks to acquire cloud cybersecurity start-up Wiz for $23 billion, which would be its biggest deal yet. The recent AT&T hack highlights the urgency for Google to strengthen its cloud services' security. This acquisition could give Google an advantage in the cloud space and spur more tech M&A activity in cybersecurity. Other cybersecurity companies like Palo Alto Networks, CyberArk, and CrowdStrike could also benefit from the increased focus on information security.
The SEC has implemented new disclosure obligations for D&Os regarding cybersecurity incidents and climate-related information. These requirements have increased exposure and government regulation, impacting underwriters, brokers, and adjusters. Claims related to data breaches and failure to meet carbon footprint expectations are becoming more common. The presentation will address litigation, liability exposure, and insurance issues related to these concerns.
Quantinuum, a quantum computing startup backed by JP Morgan Chase, has claimed quantum supremacy over Google's Sycamore machine with its new 56-qubit computer. The system demonstrated a 100-fold performance improvement compared to Google's previous record. Quantinuum asserts that its quantum computer is already impossible to emulate with classical supercomputers and offers significant power efficiency advantages. While the benchmark used, the Random Circuit Sampling algorithm, may not have practical applications, Quantinuum's achievement marks a milestone in the quantum computing industry.
A federal appeals court has temporarily halted the reinstatement of net neutrality rules until August 5th, pending further consideration. The court is examining whether the Federal Communications Commission's (FCC) reclassification of Internet service providers (ISPs) under Title II of the Communications Act is justified. The FCC, currently led by a Democratic majority, voted to bring back net neutrality in April. However, broadband providers have challenged this action, and the court's decision is influenced by the recent Supreme Court ruling that weakened the Chevron deference doctrine.
The Army has officially activated Charlie Company, also known as Capybara Company, completing the activation of the 11th Cyber Battalion. With the activation of Charlie Company, the battalion now has four companies and five established expeditionary cyber and electromagnetic activities teams, providing tactical cyber operations, electronic warfare, and information ops capabilities. The goal is to have 12 teams capable of providing offensive cyber capabilities and information advantage functions by September 2027.
Security experts say over a dozen organizations using Squarespace for their domains had their websites hijacked last week. Weak default security settings enabled this after Squarespace acquired domains from Google. Hackers could take over accounts by supplying an email tied to the domain before the owner claimed it. Researchers advise enabling MFA, removing unneeded accounts, and disabling reseller access to secure Squarespace accounts.
AT&T disclosed that hackers stole six months of call and text message records for its 127 million cellular network customers. The data breach occurred between May and October 2022 and on January 2, 2023. While it did not include personal info or message content, the metadata stolen presents a major security threat. AT&T is working with law enforcement to investigate the breach.
Subscribe to our LinkedIn Cyber Briefing.
Subscribe to the daily Cyber Briefing email.
Subscribe to our Cyber Focus podcast.
Copyright © 2024 Auburn University's McCrary Institute. All Rights Reserved.
I read these McCrary Institute briefings every day to find useful info about what's happening in the cybersecurity ecosystem. Thanks for all the great coverage.