Cyber Intelligence Weekly

Cyber Intelligence Weekly (May 12, 2024): Our Take on Three Things You Need to Know

Welcome to our weekly newsletter where we share some of the major developments on the future of cybersecurity that you need to know about. Make sure to follow my LinkedIn page as well as Echelon’s LinkedIn page to receive updates on the future of cybersecurity!

To receive these and other curated updates to your inbox on a regular basis, please sign up for our email list here: https://echeloncyber.com/ciw-subscribe

Before we get started on this week’s CIW, I’d like to highlight a wonderful trip to RSA 2024! Me, @Chris Furtick and @Launa Rich had a wonderful time exploring the expo hall, attending information packed learning sessions and networking with partners and peers all across San Francisco! While it can be very exhausting, we view it as a necessary learning experience and networking experience that cybersecurity professionals can all benefit from. Hope to see you there next year!

Expo Hall Fun With Chris!
CrowdStrike Takes Over SF Moma
Going Live at the PlexTrac Booth!

Solution Partner Highlight – Fortinet

Fortinet

Echelon Risk + Cyber proudly cultivates a diverse network of strategic relationships with leading vendors in the cybersecurity industry. These collaborations empower Echelon to deliver premium services to our clients through cutting-edge technology and valuable insights. In our ongoing effort to bring top-shelf knowledge, each week, we want to spotlight a distinguished partner solution offered at Echelon. This week’s focus is on Fortinet’s FortiGate Next-Generation Firewall (NGFW).

Fortinet’s NGFW transcends traditional firewalls, offering unparalleled enterprise security across any edge and scale. Fueled by advanced artificial intelligence/machine learning and FortiGuard services, it orchestrates automated, end-to-end security policies, threat protection, and user experience optimization. With AI/ML-powered services, inline sandbox detection, integrated ZTNA enforcement, and SASE compatibility, it safeguards hybrid deployment models across hardware, software, and Software-as-a-Service.

Fortinet

Available in appliance, virtual, hosted, cloud, and container formats, FortiOS empowers organizations with SSL Deep Inspection, Application Control, FortiGuard Antivirus, IPS, DNS Security, Email Filter, Web and Video Filtering, Natively Integrated Proxy, Security Fabric Integration, and comprehensive automation-driven network management.

Fortinet’s FortiGate NGFW allows you to provide effective security everywhere. With FortiGate you can secure hybrid cloud environments, prevent lateral spread, manage vulnerabilities and stop threats, protect users and the perimeter, secure hyperscale architectures, and secure industrial and OT environments.

Away we go!

1. LockBit Lockdown, U.S. Indicts Key Ransomware Developer

The U.S. Justice Department recently announced charges against Dimitry Yuryevich Khoroshev, a Russian national believed to be the mastermind behind the notorious LockBit ransomware. Since its inception in September 2019, LockBit has become one of the most destructive ransomware groups globally, targeting over 2,500 victims in more than 120 countries and extracting at least $500 million in ransom payments. Khoroshev, known by aliases including "LockBitSupp" and "putinkrab", is charged with multiple counts of fraud, extortion, and causing intentional damage to protected computers, facing up to 185 years in prison if convicted. This development marks a significant step in the ongoing efforts to curb cybercrime, as U.S. authorities continue to dismantle ransomware operations and hold perpetrators accountable.

In an extensive operation involving international cooperation, the LockBit ransomware infrastructure was significantly disrupted earlier this year. This coordinated action included seizing control of servers and public-facing websites used by the group, effectively diminishing its operations and credibility. The U.S. Department of the Treasury has also imposed sanctions on Khoroshev, highlighting the severity of his alleged cybercriminal activities. Meanwhile, law enforcement agencies encourage victims of LockBit attacks to report incidents to aid in decryption efforts and prevent future attacks.

The ongoing LockBit investigation underscores the commitment of U.S. and international law enforcement to combatting cyber threats. Authorities have also announced substantial rewards for information leading to the apprehension of individuals associated with LockBit, signaling the high stakes involved in tracking down and prosecuting cybercriminals. As the case against Khoroshev progresses, it serves as a stark reminder of the global impact of ransomware and the importance of cybersecurity vigilance.

2. Critical Condition: Cyberattack Disrupts Ascension Health's Nationwide Operations

Ascension, a major healthcare network in the U.S., recently experienced a significant cyberattack that disrupted operations across its facilities nationwide, including those in Michigan. The attack, which began early Wednesday morning, led to a shutdown of the network's computer systems, affecting clinical operations and forcing healthcare staff to revert to manual, paper-based methods to maintain patient care. The situation echoed technological practices from decades past, as staff were unable to access medical records, labs, radiology, or place electronic orders. The health system is currently working with Mandiant, a cybersecurity firm, to investigate the breach and determine if any sensitive information was compromised.

The disruption has had a considerable impact on patient care, with more stable patients being diverted to nearby hospitals due to the outage. Ascension's statement highlighted their immediate response to the incident and their ongoing efforts to restore services and assess the extent and duration of the disruption. This cyberattack underscores the growing vulnerability of healthcare systems to digital threats, which not only compromise patient care but also risk the leakage of protected health information.

Amidst this cybersecurity crisis, Ascension is also navigating a strategic restructuring, with plans to spin off several of its hospitals in Michigan. This move, part of a broader operational shift within the healthcare provider, aims to enhance service delivery by aligning more closely with local health partners. However, the current cyberattack highlights the challenges healthcare networks face in safeguarding patient information and maintaining operational continuity in an increasingly digital landscape.

3. FBI Urges Increased Surveillance Under Section 702 Amidst Controversy

Reporters from Wired have allegedly received an internal email from FBI Deputy Director, urging FBI personnel to utilize warrantless searches under Section 702 of the Foreign Intelligence Surveillance Act (FISA) for investigating U.S. persons. This controversial program allows for broad surveillance activities without requiring a warrant, specifically targeting communications where at least one participant is a foreign entity believed to be outside the U.S. Despite prior misuse of this program, including instances where it was employed to monitor U.S. protestors and journalists, recent legislative actions have extended Section 702, incorporating new procedures which the FBI claims will prevent future abuses.

Abbate's email highlights a directive to FBI agents to continue employing Section 702 to justify the necessity of such surveillance tools, stressing adherence to legal standards and new procedural safeguards. This move has sparked criticism from various quarters, including U.S. Representative Zoe Lofgren, who argues that the agency’s pro-surveillance stance contradicts its previous assurances during debates over the program's reauthorization. In defense, the FBI maintains that the directive is in full compliance with enhanced privacy protections recently legislated.

Despite the controversy, Section 702 remains a cornerstone of U.S. surveillance strategy, touted as crucial by supporters for protecting national security. However, its broad scope and the potential for overreach continue to raise significant privacy and civil liberty concerns. Critics and some lawmakers continue to call for stricter oversight and clearer limitations on the program to prevent unwarranted intrusions into Americans' private communications.

Thanks for reading!

About us: Echelon is a full-service cybersecurity consultancy that offers wholistic cybersecurity program building through vCISO or more specific solutions like penetration testing, red teaming, security engineering, cybersecurity compliance, and much more! Learn more about Echelon here: https://echeloncyber.com/about

Sign Up for Weekly Cyber Intelligence Delivered to Your Inbox

Sign up to get Cyber Intelligence Weekly in your inbox.