Global Cyber Pulse: 18 December, 2024

December 18, 2024 | Cybersecurity
By Ashwani Mishra, Editor-Technology, 63SATS

The U.S. government has released a draft National Cyber Incident Response Plan (NCIRP) for public comment, outlining roles during critical cyber incidents. In Nebraska, the Attorney General is suing Change Healthcare over a ransomware attack that exposed sensitive data, disrupting healthcare services. Bishop Fox reports over 25,000 SonicWall devices vulnerable to critical flaws, exploited by ransomware groups like Fog and Akira. Meanwhile, India’s DRDO is emphasizing cyber defense and deterrence as vital priorities, urging youth involvement. Lastly, Dragos highlights evolving ransomware tactics in Q3 2024, driven by new groups, rebranding, and advanced operational technology exploits.

1. U.S. Drafts New National Cyber Incident Response Plan (NCIRP)

The U.S. government has unveiled a draft National Cyber Incident Response Plan (NCIRP), outlining roles and responsibilities for public and private sector organizations during significant cyber incidents. Released by the Cybersecurity and Infrastructure Security Agency (CISA), the draft updates the 2016 NCIRP to reflect changes in the threat landscape, federal policies, and organizational capabilities.

Open for public comment until January 15, 2025, the plan provides a flexible structure for businesses to coordinate with government agencies after Level 2 or higher cyber incidents, which could impact public health, national security, or economic stability.

2. Nebraska Attorney General Sues Change Healthcare Over Data Breach

The Nebraska Attorney General has filed a lawsuit against Change Healthcare, owned by UnitedHealth Group (UHG), following a February ransomware attack that exposed sensitive patient data and disrupted healthcare services.

The lawsuit alleges violations of Nebraska’s consumer protection and data security laws, accusing Change Healthcare of failing to implement adequate security measures. Attorney General Mike Hilgers described the breach as “historic,” noting its impact on medical payment processing systems, privacy, and financial data security.

3. Over 25,000 SonicWall Devices Vulnerable to Critical Flaws

A report by cybersecurity firm Bishop Fox reveals that over 25,000 SonicWall SSL VPN devices are vulnerable to critical flaws, with 20,000 running unsupported firmware. These vulnerabilities have been exploited by ransomware groups like Fog and Akira to gain access to corporate networks.

Using tools such as Shodan and BinaryEdge, Bishop Fox also identified 430,363 publicly exposed SonicWall firewalls, highlighting the urgent need for organizations to update and secure their systems.

4. DRDO Focuses on Cyber Defense and Deterrence in India

With India emerging as a prime target for cyberattacks, the Defence Research and Development Organisation (DRDO) is prioritizing advancements in cyber defense and deterrence, according to DRDO Chairman Samir Kamat.

Speaking at IIT Bombay’s Techfest, Kamat compared cybersecurity to nuclear strategy, emphasizing the need for deterrence to discourage attacks. He urged young talent to contribute to strengthening India’s cyber resilience, highlighting the dual importance of defense and deterrence capabilities.

5. Dragos Reports Shifting Trends in Ransomware Landscape

Industrial cybersecurity vendor Dragos reported significant shifts in the ransomware landscape during Q3 2024, driven by new groups, rebranding, and expanded initial access broker operations. Prominent groups like RansomHub, LockBit3.0, and Play maintained their dominance, while emerging players exploited vulnerabilities in IT and operational technology (OT) systems.

According to senior threat hunter Abdulrahman H. Alamri, ransomware operators adapted to disruptions by leveraging technological advancements and strategic realignments, showcasing the evolving nature of cyber threats.