The US Cybersecurity and Infrastructure Security Agency (CISA) issued a new Binding Operational Directive (BOD) on Wednesday. The new BOD, called BOD 23-02, is designed to enhance the security of federal government agencies’ systems and data by requiring the implementation of enhanced cybersecurity measures.
The BOD applies to all federal agencies and requires them to implement proactive security measures such as advanced endpoint detection and response tools, strengthening of system configurations, disabling of unused and unnecessary accounts, and implementing a vulnerability disclosure policy.
With the rise in cyberattacks on critical infrastructure, the new directive seeks to bolster the detection and prevention of such threats. In a statement, CISA Acting Director Brandon Wales affirmed that the new BOD will “foster a proactive mindset and deliver a safer and more resilient federal enterprise.”
In other news, cybersecurity firm Mandiant has released details on a new type of OT malware called CosmicEnergy. The malware is believed to be Russian in origin and primarily targets utility companies. While the malware does not appear to pose an immediate threat, experts warn that it can be used in future attacks.
Mandiant also noted that the malware shares characteristics with a separate malware framework called Proton, which has previously been associated with Russian state-sponsored hacking groups.
Meanwhile, in Switzerland, hackers have been targeting government systems using ransomware attacks. The Swiss government has confirmed that it has been the target of ongoing distributed denial of service (DDoS) attacks and the potential leak of sensitive data.
The Swiss government has warned citizens that they may experience issues when trying to access government websites and applications. Moreover, the government has advised anyone who may have been affected to change their passwords and to be cautious of suspicious activity on their accounts.
However, the Swiss government has assured the public that its critical infrastructure is still functioning and that it is working to mitigate any potential damage caused by the attacks.
In Ukraine, the Cyber Police have shut down a bot farm that was being used to promote pro-Russian propaganda and to discredit the country’s defense forces. The bot farm was reportedly responsible for more than 4,000 fake social media accounts that disseminated pro-Russian content.
In the United States, a 2021 ransomware attack has been identified as a contributing factor to the closure of an Illinois hospital. The hospital is believed to be the first healthcare facility in the US to link its closure to a ransomware attack.
According to reports, the hospital was hit by ransomware in May 2021, which resulted in the theft of confidential patient data. The incident caused significant disruptions to the hospital’s operations, ultimately leading to its closure in August 2021.
In addition, small and medium-sized businesses (SMBs) have also been hit hard by cyberattacks in the last 12 months. A new report from cybersecurity provider BlackFog found that 61% of SMBs were victims of a cyberattack during that period.
The report also found that financial fraud, phishing, and ransomware were among the most common types of cyberattacks affecting SMBs. To prevent these attacks, experts recommend deploying robust cybersecurity measures that include regular software updates and employee training on safe online practices.
Finally, a group of industry organizations has called on the White House to establish a new framework for its cybersecurity strategy. In a letter addressed to the National Security Council and the Cybersecurity and Infrastructure Security Agency, the organizations proposed a new framework that would prioritize risk management and proactive threat detection.
According to the letter, “the increase and severity of cyberattacks targeting US organizations, infrastructure, and government has demonstrated that our current approach to cybersecurity is inadequate.”
As cyberattacks continue to grow in sophistication and frequency, experts warn that organizations must remain vigilant in their cybersecurity measures and prioritize risk management to stay ahead of potential threats.