US authorities issue ransomware warning, and other cybersecurity news to know this month

1. US authorities issue ransomware warning

The US Federal Bureau of Investigation, the Cybersecurity and Infrastructure Security Agency, the Multi-State Information Sharing and Analysis Center, and the Department of Health and Human Services has released a joint cybersecurity advisory over RansomHub.

RansomHub, which was previously known as Cyclops and Knight, has "established itself as an efficient and successful service model" the advisory warns. Since its inception in February of this year, it has encrypted and exfiltrated data from at least 210 victims. These cover a wide variety of sectors, from water and wastewater to government services and critical manufacturing.

The advisory lists 3 actions to take to mitigate cyber threats from ransomware:

  • Install updates for operating systems, software and firmware as soon as they are released
  • Require phishing-resistant multi-factor authentification (ie, non-SMS text-based) for as many services as possible
  • Train users to recognize and report phishing attempts.

2. Switzerland to join EU security initiatives

Switzerland has joined two European Union security initiatives, including the 'Cyber Ranges Federation' project.

The Federal Council said the move was compatible with Swiss neutrality and would improve cooperation on cyber defence.

The government also said it would join the European Cyber Security Organization, with the aim of receiving information about current technological developments as well as access to a network of experts and advice.

These decisions come after an increase earlier in the year of cyberattacks and disinformation across the nation in the run-up to a summit aiming to create a pathway for peace in Ukraine.

3. News in brief: Top cybersecurity stories this month

China's cabinet has passed draft regulations on data security management, state media announced on 30 August. The cabinet said the changes were necessary to clarify security boundaries, ensure the free and orderly flow of data and classify network data protection, reports Reuters.

Transport for London (TfL) has been hit by a cyberattack with a 17-year old arrested in response, the BBC reports. TfL has warned that some customer data could have been accessed by hackers.

A Russian military unit has reportedly carried out cyberattacks on Ukrainian allies, according to a defence briefing by Western intelligence agencies. The briefing suggests that attacks were carried out both before and after the invasion of Ukraine in February 2022.

Cybercrime and other acts of sabotage cost German businesses around $298 billion in the past year – a rise of nearly a third on the year. In a survey, 90% of companies expect more cyberattacks in the next 12 months.

NHS England has announced a new cyber resilience framework for health and social care organizations. The update will change how they measure and self-report their data security capabilities and aims to ensure alignment with other sectors, reports digitalhealth.

4. More about cybersecurity on Agenda

The United States has unveiled new tools to help withstand encryption-breaking quantum computing. The release comes as quantum computing — which employs quantum mechanics to solve complex computing problems — continues to develop rapidly.

Dr Michele Mosca, CEO of evolutionQ, told the World Economic Forum that the release marks “an essential stepping stone toward the broader imperative of cryptographic resilience.” Learn more about the release and experts' reactions in this piece.

Comments