The FBI, Cybersecurity and Infrastructure Security Agency, and Multi-State Information Sharing & Analysis Center recently provided actionable intelligence and encouraged organizations to implement recommendations to protect their networks from LockBit 3.0 ransomware, which is more evasive than previous versions.
“The Lockbit ‘ransomware as a service’ gang, which has targeted health care globally in crippling attacks, has continued to evolve their tactics to evade initial detection upon penetration of networks, even by advanced cybersecurity controls,” said John Riggi, AHA’s national advisor for cybersecurity and risk. “The initial attack vector remains the same though, including exploitation of remote desktop protocol and phishing emails. As further indication of state sponsorship or at least tolerance of these gangs, this ransomware will not ‘detonate’ if it detects Russian language settings, among others, on the infected computer. Regardless of what cybersecurity framework your organization uses, we strongly concur with the recommendation to test your organization’s security program against the identified threat behaviors mapped to the MITRE ATT&CK framework in the advisory. This will help ensure that limited cybersecurity resources are efficiently applied in a threat-driven versus compliance-driven manner.”
In related news, the Senate Homeland Security and Governmental Affairs Committee yesterday held a hearing examining cybersecurity risks to the health care sector. Witnesses included Scott Dresen, chief information security officer for Corewell Health, a large integrated health system in Michigan.
“The increasing frequency of attack from nation state actors and organized crime has created a sense of urgency within the healthcare sector and we need help from the United States government to respond to these threats more effectively,” Dresen said.
Specifically, he called for enhancing existing partnerships with and between federal agencies, expanding the sharing of actionable threat intelligence, incentivizing access to affordable technology to defend against advanced threats, ensuring there is an adequate cyber workforce, and reforming legislation to encourage the adoption of best practices while not penalizing the victims of cyberattacks.
AHA recommended similar policies in a December letter to Sen. Mark Warner, D-Va.
For the latest cyber and risk news, resources and threat intelligence, click here.