Monday, June 24, 2024

Fake vitals, real threats

Presented by Threatlocker: Delivered every Monday by 10 a.m., Weekly Cybersecurity examines the latest news in cybersecurity policy and politics.
Jun 24, 2024 View in browser
 
POLITICO's Weekly Cybersecurity newsletter logo

By Joseph Gedeon

Presented by 

Threatlocker

With help from Maggie Miller

Driving the day

Hackers can manipulate hospital equipment to show fake patient vitals, potentially leading to misdiagnosis and delayed treatment. Researchers are working to expose these vulnerabilities before it's too late.

HAPPY MONDAY and welcome to MORNING CYBERSECURITY! I’m off all week, see you in July.

Have any tips or secrets to share with MC? Or thoughts on what we should be covering? Find me on X at @JGedeon1 or email me at jgedeon@politico.com. You can also follow @POLITICOPro and @MorningCybersec on X. Full team contact info is below.

A message from ThreatLocker®:

Ransomware Protection for Seamless Business Operations. The ThreatLocker® Zero Trust Endpoint Protection Platform allows security teams to mitigate cyber threats, including zero-days, unseen network footholds, and ransomware attacks initiated by user error or shadow IT. ThreatLocker® makes this possible by implementing a “deny-by-default, allow only what is absolutely necessary” security posture, allowing organizations the ability to set policy-based controls and prevent cyber incursions. Experience why federal government customers trust ThreatLocker®, start your free trial today!

 
Today's Agenda

The Transportation Department is holding a meeting of the transit advisory committee for safety, and on the agenda is an update from the cyber and data security systems subcommittee. 9 a.m.

Critical Infrastructure

HELPING HAND FOR OT — In a state-of-the-art room nestled in Switzerland that looks more like a hospital ward than a high-tech lab, researchers are working to expose vulnerabilities in medical devices that millions of Americans rely on daily.

It’s here where the next ransomware attack on hospitals is being simulated — and hopefully prevented.

Safeguarding medical devices has also become a priority in Washington, where the Biden administration has cleared action after action to push back against rising attacks on the fledgling health care sector over the last few months.

Edgard Capdevielle, CEO of the Swiss lab Nozomi Networks told Maggie they’re testing for “very, very real” risks to hospital equipment — especially since the companies that produce this equipment haven’t always been focused on cybersecurity.

“Those vendors are in the business of producing equipment that produces test results, not cybersecurity, so I think hospitals in particular are probably the highest level of vulnerability,” Capdevielle said.

— A helping hand: Threats to OT systems is a problem worldwide — particularly in Ukraine, where the nation’s energy and other critical systems face a constant bombardment by missiles and cyberattacks more than two years into Russia’s invasion.

According to Capdevielle, the Swiss lab has also helped Ukrainian defenders root out vulnerabilities in key networks.

“We’re very involved in Ukraine, specifically the organizations that run power over there,” he said.

Some other key takeaways:

  • Nozomi Lab researchers demonstrated real-time manipulation of patient vital signs on standard hospital monitors, highlighting the potential for misdiagnosis or delayed treatment.
  • A common ultrasound machine was compromised within minutes using a simple USB drive, mimicking a ransomware attack that could cripple hospital operations.
  • Even basic equipment like refrigerator temperature monitors were found to have exploitable weaknesses.
  • The lab is used to test a range of OT systems, including traffic lights and other OT equipment used in modern cities, along with manufacturing systems. 

— Meanwhile in Washington: The White House is finalizing new rules for the hospital sector within the next few weeks.

"We're working on a rule related to minimum cybersecurity practices for hospitals," Deputy National Security Adviser Anne Neuberger said at a Semafor event last week.

It comes in the wake of high-profile attacks on Change Healthcare in February and United Kingdom health services earlier in June. The White House said there’s been a 130 percent spike in Russian cybercriminal attacks on U.S. health systems in recent months.

Other than releasing new mandates, the administration also recently secured pledges from Google and Microsoft to offer discounted cybersecurity services to rural hospitals — a tacit acknowledgment of the gaps in the health care sector.

 

JOIN US ON 6/26 FOR A TALK ON AMERICA’S SUPPLY CHAIN: From the energy grid to defense factories, America’s critical sites and services are a national priority. Keeping them up and running means staying ahead of the threat and protecting the supply chains that feed into them. POLITICO will convene U.S. leaders from agencies, Congress and the industry on June 26 to discuss the latest challenges and solutions for protecting the supply lines into America’s critical infrastructure. REGISTER HERE.

 
 

Want to receive this newsletter every weekday? Subscribe to POLITICO Pro. You’ll also receive daily policy news and other intelligence you need to act on the day’s biggest stories.

On the Hill

SMALL BUT MIGHTY — The Department of Defense could receive approval to fund seven software and digital technology pilot programs out of this week’s House Appropriations bill, covering areas from cybersecurity to space domain awareness.

While they’re only a teeny mention in the legislation, you can expect these programs to utilize agile development methods for various stages, including research, testing and maintenance.

Key programs include:

  • Defensive CYBER
  • Risk Management Information
  • Maritime Tactical Command and Control
  • Space Domain Awareness Software

However, the bill prohibits initiating additional software pilots in fiscal year 2025, signaling a cautious approach to evaluate current programs before expansion.
— Get right: Congress is also impatiently waiting for DOD to get its act together on tech supply chain security. The House Appropriations Committee is eagerly expecting a report on the agency’s progress, while simultaneously nudging the Pentagon to fully embrace recommendations from a recent Government Accountability Office report.

— Not a flop: The GAO's scorecard on the DOD’s information and communications technology supply chain risk management is a mixed bag. Out of seven key practices, the Pentagon has fully implemented four and partially implemented three.

Now, Congress is urging DOD to cast a wider net in its component reviews for commercial IT and encrypted data storage products. On the to-do list are:

  • Getting the DOD CIO to commit to a timeline for a department-wide ICT supply chain risk management strategy
  • Implementing counterfeit detection procedures before deploying products
 

Understand 2024’s big impacts with Pro’s extensive Campaign Races Dashboard, exclusive insights, and key coverage of federal- and state-level debates. Focus on policy. Learn more.

 
 
Vulnerabilities

MULTI-CAR PILEUP — Major auto retail software provider CDK Global might have to pay tens of millions of dollars in ransom to hackers who’ve crushed its systems since Wednesday, a person familiar with the situation told Bloomberg on Friday.

While these situations are fluid, the attack has ripped through the U.S. auto dealer network,which serves over 15,000 North American retail locations. The company is facing pressure to restore services quickly as giants like Sonic and Penske Automotive struggle with manual workarounds.

The unnamed person also tells Bloomberg the attacking group comes from an Eastern European country.

The company said in a statement to MC that it notified law enforcement, launched an investigation with third-party experts and has “begun the restoration process.” But if CDK decides to pay the ransom, it could set a precedent for future attacks in the sector.

CDK did not share whether the payment would be paid or who the perpetrator could be.

— Funny thing, that timing: The attack comes as cybersecurity risk has surged to the top of the auto industry's worry list.

The 2024 State of Smart Manufacturing Report released last week revealed that cybersecurity is now the number one external obstacle for automotive manufacturers, up from ninth place just a year ago. This heightened concern matches the sector's rapid digitalization, with 97 percent of manufacturers now using or evaluating smart manufacturing technology, up from 85 percent in 2023.

The International Scene

PARIS OLYMPICS — Kremlin-linked hacktivists are said to be ramping up their attacks on France, signaling what could be a prelude to a more aggressive campaign targeting the Paris Olympics.

According to hacktivist tracker CyberKnow, attackers are noting on Telegram that they are upping DDoS attacks as a sort of training exercise ahead of the Olympics, which kick off at the end of next month. Some notable groups to watch are: CyberArmyofRussia_Reborn, Hacknet, Noname05716 and Cyber Dragon.

While those attacks can’t steal data, they’re designed to overwhelm and crash networks and prompted the French government to activate a crisis response back in March.

— Recent history: This offensive follows a pattern of Russia-aligned groups targeting Western infrastructure. The CyberArmyofRussia_Reborn group has been linked by cybersecurity firm Mandiant to the notorious Sandworm unit within the Kremlin — and it has already claimed breaches of U.S. and European utilities earlier this year.

 

A message from ThreatLocker®:

Advertisement Image

 
Tweet of the Weekend

Mark Cuban reached out to Google on X to say that his personal Gmail got hacked (posting the actual email address) over the weekend, and then deleted the post. Sigh.

Source: https://x.com/rootsecdev/status/1804678996141174800

@rootsecdev/X

Quick Bytes

UNDER PRESSURE — CISA's "secure by design" pledge hopes to leverage customer pressure to push tech companies towards stronger cybersecurity, writes Justin Doubleday for the Federal News Network.

LISTEN TO THIS — The first episode of a brand new podcast dives into Microsoft Recall, dark patterns in big tech AI, Brad Smith's testimony, Apple's new cloud infrastructure and more. Listen to Security Conversations here.

AI is already wreaking havoc on global power systems” (Bloomberg)

The Cyber Calendar

Tuesday 

Sierra co-founder and OpenAI chair Bret Taylor is joining Washington Post Live for a virtual discussion on the widespread adoption of AI. Noon.

Wednesday

The House Homeland Security committee is holding a hearing to address America’s cyber workforce shortage. 10 a.m.

Thursday

The HHS cyber subcommittee is holding a hearing on protecting critical infrastructure. 2 p.m.

Chat soon. 

Stay in touch with the whole team: Joseph Gedeon (jgedeon@politico.com); John Sakellariadis (jsakellariadis@politico.com); Maggie Miller (mmiller@politico.com); and Heidi Vogt (hvogt@politico.com).

A message from ThreatLocker®:

Cybersecurity compliance frameworks exist to assist federal agencies and organizations in constructing robust cybersecurity strategies and keep them ahead of threats. However, each framework is often ambiguous, making it challenging to ensure the outlined requirements are met. ThreatLocker® has created a free downloadable asset, “The IT Professional’s Blueprint for Compliance”, to equip cybersecurity leaders with compliance best practices. This eBook includes cybersecurity compliance for:

• NIST SP 800-171
• NIST Cybersecurity Framework (CSF)
• The Center for Internet Security (CIS) Critical Security Controls (CSC)
• The Health Insurance Portability and Accountability Act (HIPAA)

With the capabilities of the ThreatLocker® Zero Trust Endpoint Protection Platform implemented into their cybersecurity strategy, organizations in any industry across the United States can check off the requirements of most compliance frameworks and sleep better at night knowing they are protected from the most devastating of cyberattacks, such as ransomware.

 
 

Follow us on Twitter

Heidi Vogt @HeidiVogt

Maggie Miller @magmill95

John Sakellariadis @johnnysaks130

Joseph Gedeon @JGedeon1

 

Follow us

Follow us on Facebook Follow us on Twitter Follow us on Instagram Listen on Apple Podcast
 

To change your alert settings, please log in at https://login.politico.com/?redirect=https%3A%2F%2Fwww.politico.com/settings

This email was sent to edwardlorilla1986.paxforex@blogger.com by: POLITICO, LLC 1000 Wilson Blvd. Arlington, VA, 22209, USA

Unsubscribe | Privacy Policy | Terms of Service

No comments:

Post a Comment

J.P. Morgan preparing for market meltdown?

Why is J.P. Morgan stockpiling silver? ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ...