{"id":35739,"date":"2023-02-17T15:07:08","date_gmt":"2023-02-17T20:07:08","guid":{"rendered":"https:\/\/www.itworldcanada.com?p=528405"},"modified":"2023-02-21T09:33:22","modified_gmt":"2023-02-21T14:33:22","slug":"cyber-security-today-week-in-review-for-friday-february-17-2023","status":"publish","type":"post","link":"https:\/\/technewsday.com\/staging\/cyber-security-today-week-in-review-for-friday-february-17-2023\/","title":{"rendered":"Cyber Security Today, Week in Review for Friday, February 17, 2023"},"content":{"rendered":"<p data-ar-index=\"0\">Welcome to Cyber Security Today. This is the Week in Review edition for the week ending Friday, February 17th, 2023. I\u2019m Howard Solomon, contributing reporter on cybersecurity for <em>ITWorldCanada.com<\/em> and TechNewsday.com in the U.S.<\/p>\n<p data-ar-index=\"1\"><iframe style=\"border: none;\" title=\"Libsyn Player\" src=\"https:\/\/html5-player.libsyn.com\/embed\/episode\/id\/25958286\/height\/90\/theme\/custom\/thumbnail\/yes\/direction\/forward\/render-playlist\/no\/custom-color\/000000\/\" width=\"100%\" height=\"90\" scrolling=\"no\" allowfullscreen=\"allowfullscreen\"><\/iframe><\/p>\n<table style=\"width: 100%;\">\n<tbody>\n<tr>\n<td><a href=\"https:\/\/www.amazon.com\/ITWC-Cyber-Security-Today\/dp\/B07BRNG89P\/ref=sr_1_1?s=digital-skills&amp;ie=UTF8&amp;qid=1522688435\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"aligncenter wp-image-396718 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-alexa-200.png\" alt=\"Cyb er Security Today on Amazon Alexa\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<td><a href=\"https:\/\/www.google.com\/podcasts?feed=aHR0cDovL2N5YmVyc2VjdXJpdHl0b2RheS5saWJzeW4uY29tL3Jzcw%3D%3D\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"thumbnail aligncenter wp-image-408712 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2018\/09\/sub-gp-200.png\" alt=\"Cyber Security Today on Google Podcasts\" width=\"200\" height=\"74\" \/><\/a><\/td>\n<td><a href=\"https:\/\/itunes.apple.com\/ca\/podcast\/cyber-security-today\/id1363182054\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"aligncenter wp-image-396720 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-itunes-200.png\" alt=\"Subscribe to Cyber Security Today on Apple Podcasts\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p data-ar-index=\"2\"><strong>In a few minutes<\/strong> David Shipley of New Brunswick\u2019s <a href=\"https:\/\/www.beauceronsecurity.com\/\" rel=\"noopener\">Beauceron Security<\/a> will be here to discuss some recent cybersecurity news. One is that Canadian government and hospital leaders <a href=\"https:\/\/www.itworldcanada.com\/article\/management-lack-of-money-blamed-for-poor-cybersecurity-at-canadian-hospitals\/527412\" rel=\"noopener\">got a shellacking on a webinar<\/a> for not putting enough funds into healthcare cybersecurity. David will have thoughts on that.<\/p>\n<p data-ar-index=\"3\">We\u2019ll also talk about the compromise of the GoAnywhere MFT managed file transfer service, <a href=\"https:\/\/mandiant.widen.net\/s\/lnltwn85jj\/global-perspectives-on-threat-intelligence-2-08-23\" rel=\"noopener\">whether cyber threat intelligence is used well<\/a> and <a href=\"https:\/\/www.kaspersky.com\/blog\/speak-fluent-infosec-2023\/\" rel=\"noopener\">why corporate managers and IT security staff don\u2019t communicate better<\/a>. But first a look back at some of the headlines from the past seven days:<\/p>\n<p data-ar-index=\"4\"><strong>A variant of the Mirai botnet<\/strong> is being used to infect a number of internet-connected devices with old and unpatched vulnerabilities. These include Atlassian\u2019s Confluence collaboration suite, the FreePBX telephony management suite, the Mitel AWC audio conferencing platform, the DrayTek Vigor router, surveillance cameras and more. <a href=\"https:\/\/unit42.paloaltonetworks.com\/mirai-variant-v3g4\/\" rel=\"noopener\">According to researchers at Palo Alto Networks,<\/a> infected devices create a new botnet for spreading malware or to launch denial of service attacks. These device are being compromised by brute force credential attacks. IT administrators of any device that connects to the internet must make sure they have secure passwords.<\/p>\n<p data-ar-index=\"5\"><strong>Attackers are still exploiting<\/strong> unpatched versions of Windows Exchange. <a href=\"https:\/\/blog.morphisec.com\/proxyshellminer-campaign\" rel=\"noopener\">According to researchers at Morphisec<\/a> the latest campaign installs cryptomining software on computers. By stealing computing power attackers get to mine for cryptocurrency faster \u2014 and slow computers from doing company business. IT departments that for some reason haven\u2019t installed two-year-old patches to close the Exchange vulnerabilities need to scan systems for compromise, then install the patches.<\/p>\n<p data-ar-index=\"6\"><strong>Atlassian is the latest company<\/strong> to be a victim of a successful cyber attack on an outside service provider. <a href=\"https:\/\/cyberscoop.com\/atlassian-hack-employee-data-seigedsec\/\" rel=\"noopener\">According to Cyberscoop<\/a>, Atlassian initially acknowledged the theft of company data held by a service called Envoy. Envoy is used to co-ordinate in-office resources. A hacking group called SiegedSec posted what appears to be the names and email addresses of Atlassian employees. Atlassian makes the Confluence, Jira and Trello project management and collaboration suites. The company says no customer data was stolen.<\/p>\n<p data-ar-index=\"7\"><strong>UPDATE:<\/strong> Atlassian now says the data theft wasn\u2019t from Envoy but from one of its own employees. <a href=\"https:\/\/techcrunch.com\/2023\/02\/17\/atlassian-and-envoy-briefly-blame-each-other-for-data-breach\/\" rel=\"noopener\">TechCrunch says<\/a> an Atlassian official told it that after closer investigation the attacker had actually compromised Atlassian data from the Envoy app \u201cusing an Atlassian employee\u2019s credentials that had been mistakenly posted in a public repository by the employee \u2026 The compromised employee\u2019s account was promptly disabled eliminating any further threat to Atlassian\u2019s Envoy data.\u201d<\/p>\n<p data-ar-index=\"8\"><strong>Washington is bringing<\/strong> its talent together to better protect American technology. <a href=\"https:\/\/www.justice.gov\/opa\/pr\/justice-and-commerce-departments-announce-creation-disruptive-technology-strike-force\" rel=\"noopener\">The new Disruptive Technology Strike Force<\/a> will include experts from the FBI, Homeland Security and federal prosecutors to strengthen supply chains and protect critical technology from being stolen or illegally exported. This includes knowledge about supercomputers, quantum computers, artificial intelligence, advanced manufacturing and biosciences.<\/p>\n<p data-ar-index=\"9\"><strong>And a Russian man<\/strong> was convicted this week by a Boston jury for his part in a scam that used inside knowledge of the finances of publicly-traded companies to get rich. The man and other co-conspirators hacked into and stole about-to-be published earnings information of companies from two corporate filing firms. How did they do it? By stealing employees\u2019 passwords. It is alleged the group netted US$90 million. The man, who was arrested in Switzerland and extradited to the U.S., will be sentenced in May. His alleged accomplices are at large.<\/p>\n<p data-ar-index=\"10\"><em>(The following transcript is part of the discussion. To hear the full conversation play the podcast.)<\/em><\/p>\n<p data-ar-index=\"11\"><strong>Howard:<\/strong> Let\u2019s start with the state of cybersecurity in the healthcare care sector. Participants on a Globe and Mail webinar this week had a lot to say about the poor state of cybersecurity at Canadian hospitals. They blame small budgets for hospitals having outdated IT equipment. And the lack of support from hospital executives in Canada. Provincial governments supply most of the budgets of hospitals. COVID didn\u2019t help, the panelists said, because hospitals had to scramble to buy solutions in the short term so that administrative staff could work from home, and that opened up cybersecurity risk. David, who\u2019s to blame?<\/p>\n<p data-ar-index=\"12\"><strong>David Shipley:<\/strong> I\u2019m going to be controversial and say we are. And by that I mean those of us in Canada that consistently picture health care as being doctors, nurses and sometimes allied Health care workers. But if our conversation consistently is about lack of doctors, nurses or staff and not about the tools that they need to enable them we miss the story. The one silver lining to IT disasters and ransomware at hospitals is that they have categorically demonstrated the value of IT: When you don\u2019t have IT working properly in a modern Canadian or an American hospital your capacity is reduced by 75 to 90 per cent. That\u2019s massive. Yet we consistently underinvest \u2014 not just in security tools, because this isn\u2019t just a story about not having antivirus or SOCs [security operations centres] or all these things, but even in the basics. Patient record systems are massively outdated. They don\u2019t even necessarily have encryption enabled. We are in a health IT Code Red and it still can\u2019t get the attention of policymakers. Why? because we\u2019re not taking it seriously as Canadians.<\/p>\n<p data-ar-index=\"13\"><strong>Howard:<\/strong> Well, the federal government has just offered billions of dollars to the provinces and territories for health care. Some of it can go to modernizing IT systems but to my knowledge none of is dedicated to cyber. That doesn\u2019t mean that upgrading systems and policies won\u2019t be cyber-related, but there\u2019s that huge chunk of money that we\u2019ve been talking about in Canada in the past week and no conversation about that relating to cyber.<\/p>\n<p data-ar-index=\"14\">The other thing is I can\u2019t help but notice that Newfoundland, Nova Scotia and New Brunswick \u2014 to name three of the smaller provinces in Canada \u2014 all have budget surpluses. I just have to wonder with the money sloshing around, the provinces have money to spend on hospital cybersecurity if they want to.<\/p>\n<p data-ar-index=\"15\"><strong>David:<\/strong> I don\u2019t know if they have the money that\u2019s needed for not just cybersecurity but the overhaul of IT. The fact is that is going to be a decade-long adventure. New Brunswick, where I live, is also a province where their debt has doubled in the last decade. We\u2019re not fiscally healthy. We\u2019ve shown a few signs of life, and particularly with the influx of Ontarians to our province as a result of the pandemic. That\u2019s been a net benefit from an income tax point of view. But it\u2019s not a long-term good health indicator. That being said, the provinces do own the delivery of health care, they do own the underinvestment in it. But at the end of the day politicians put the money where people ask them to. And until we evolve the conversation to be about more than staffing, to be about the actual IT equipment that\u2019s required which is so fundamental to changing the equation [nothing will change]. This also speaks to the executives who are terrible at understanding risk. We will go with the stuff that we have the greatest handle on. Until the eruption of ransomware gangs into health care \u2014 which is even worse now that North Korea is getting more serious about it \u2014 we didn\u2019t take it seriously as a risk. And, unfortunately, you can\u2019t have downtime in a hospital There\u2019s never a good time to plan a rip-and-replace of IT equipment. But that\u2019s exactly the kind of effort we have to pour into this. We missed a freight train-size opportunity to tie IT modernization and cybersecurity outcomes into the health care story, and that\u2019s on everybody: The federal government, the provinces and us as Canadians, for not demanding it \u2026<\/p>\n<p data-ar-index=\"16\">I briefly participated on the board of one of Canada\u2019s healthcare corporations, so I got a small insight into this. And their struggles are so enormous in terms of staffing challenges, the physical infrastructure that they\u2019re trying to run, trying to keep things modernized. Keep in mind that many hospitals in this country still have to fundraise to get necessary medical capital equipment. We still have to hit the streets with a tin can to get new CT scanners in some hospitals in Canada. It\u2019s really hard to make a compelling case for spending multimillions of dollars upgrading our patient information system which you [taxpayers and patients] will never see. You will never understand how that [positively] impacts the patient flow. And I think the challenge is we haven\u2019t necessarily spoken the language of capacity and impact on patients of IT. The translation issue is that their [poliitcians and hospital executives] focus has always been patient outcomes. We probably haven\u2019t been as clear about how vital IT is to patient outcomes.<\/p>\n<p data-ar-index=\"17\">The post <a href=\"https:\/\/www.itworldcanada.com\/article\/cyber-security-today-week-in-review-for-friday-february-17-2023\/528405\">Cyber Security Today, Week in Review for Friday, February 17, 2023<\/a> first appeared on <a href=\"https:\/\/www.itworldcanada.com\/\">IT World Canada<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This episode features a discussion on who&#8217;s to blame for poor cybersecurity at hospitals and why management and IT security staff don&#8217;t c<\/p>\n","protected":false},"author":17,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[360,16],"tags":[389],"class_list":["post-35739","post","type-post","status-publish","format-standard","hentry","category-podcasts","category-security","tag-cyber-security-today"],"acf":[],"_links":{"self":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/35739","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/comments?post=35739"}],"version-history":[{"count":3,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/35739\/revisions"}],"predecessor-version":[{"id":35809,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/35739\/revisions\/35809"}],"wp:attachment":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media?parent=35739"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/categories?post=35739"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/tags?post=35739"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}