Good evening, folks! It has been a while since my last news update. You probably recall that these have gotten a lot longer over time, so in an effort to respect our time, I will change my approach and aim for shorter. Lots to unpack lately, but one of the headline grabbers is all about setting bad precedents in ransomware response. Microsoft made one of the most confusing decisions for ‘security’ that anyone has seen, and we’re also going to have a lot more AI-related news, so let’s buckle up!

Be the Change you want to see…

As you probably recall, Change Healthcare (subsidiary of UnitedHealthcare) had a dumpster fire of a response to a major breach. The ransomware event we covered the saga of over the last few months continues to damage everyone. First, it appears that in the time since they paid their $22M ransom, Ransomware-as-a-Service groups have stepped up the pace and 44 more healthcare related firms were hit in just the month following the payout. Recorded Future, who was quoted by Wired with that stat, said it was the second-biggest single-month jump in ransom events they have ever seen.

Senator Ron Wyden (D-OR) has taken a pretty clear position in calling for the FTC and SEC to investigate Change UHC’s governance and leadership team. He’s not wrong – he pointedly called out that it was their decision to hire someone lacking the proper experience as CISO, and their decision not to support him appropriately. Congress rarely grasps how tech-related issues should work, but Senator Wyden is spot on. Let’s hope this becomes a template – until larger firms are held accountable for lapses that would sink smaller ones, they will continue to prioritize profits over us.

I say ‘us’ because 1/3rd of American’s were impacted by the change with breached data and because over 1 million patients were impacted by stalled prescriptions and care for upwards of 2 months, no doubt costing some lives. Add in the impact to clinics, providers, and pharmacies that were unable to pay their bills thanks to Change’s costly negligence, and the impact to the economy is still tangible.

Go get them, Senator.

Totally Reluctant Recall

If you have been keeping score at home, the past couple of years have been even worse for Microsoft than UHC. After showing huge improvements in core product security efficacy from roughly 2016-2021, someone decided they needed to drive margins with security sales. Talk about a conflict of interest! In the 2 years since, a steady deluge of breaches and missteps resulted in a lot of rightful scrutiny by partners, customers, and even US government investigators and lawmakers. But their market share in the EDR and SIEM space continues to grow – congrats (I guess?)!!! The Cyber Safety Review Board lit them up. This culminated with their Secure Future Initiative in early May – a promise to make security an essential part of what they do. Nice, right?

Someone should have told the product management folks and marketing team. But change is temporary, and in late May introduced a new AI-driven feature called Recall, which would provide a full 3-year look-back over everything done on the machine. Despite early objections to the sheer stupidity of collecting EVERYTHING (credentials, personal information, forms, searches, web history) and applying AI to it, they stuck to their guns and claimed all was well because it would be stored locally. Luckily no one ever managed to compromise a Windows endpoint before and get local privileges. (no sarcasm fonts to change to in this template).

Well, they finally recanted and decided not to enable it by default. But Congress hauled the CEO in for another round, and more promises were made. Should we celebrate? (font limitation again) What is confounding is that this comes hot on the heals of their SFI pledge and huge pressure & congressional testimony. That it never occurred to them that this was a super bad idea is insane.

This week in AI…

There is going to be a duality of AI use forever. Both sides will need it to get an edge up, and much like the invention of gunpowder, guidance systems, and aircraft, you don’t want to be the side without it. While legitimately bad people are using it to automate and improve their adversarial tactics (like many APTs), it is with some trepidation that one of our frequently featured companies makes headlines in this space. Well, it seems Microsoft has released a chat bot for spies based on ChatGPT. It is supposed to be hosted on a separate air-gapped tenant, but given the issues they have protecting their own senior leadership email accounts and Azure tenants, there is room for skepticism.

AI-as-a-Service options are also hitting the market, and a recent study by Wiz discovered that the market still has a long way to go to address gaps and leakage issues. I would just be happy if we evaluated AI uses in a more holistic sense. This LinkedIn post really captures and distills it down very well!

Things I am keeping an eye on

  • Scattered Spider, a threat we’ve mentioned in the past, is shifting its focus to SaaS platforms. Gotta respect always wanting to get better!
  • Sophos threat researchers uncovered a very intricate campaign that involves DLL side-loading and targets virtualized workloads in a VMWare environment. Lots of LOLBins in use there, and it speaks to the fluency of these threat actors!
  • CISA has been doing some amazing work in helping raise awareness and secure everyone. I guess it was only a matter of time before scammers tried to impersonate CISA employees and fool victims.
  • Veeam (popular enterprise backup solution) has a critical RCE that needs to be addressed pronto. We are already seeing adversaries tackle the backup solutions, as they are often relied upon but seldom protected adequately by their users.
  • Ivanti continues to smolder, with yet another high-profile flaw in another security solution. I feel for these poor folks, but there isn’t an E for effort in this space 🙁

Conclusion

Well folks, I haven’t read much, but I plan on it now that Cisco Live and a bunch of other high-importance stuff is behind me. I will look for some new wasy to change how I deliver this. Thank you for reading, and as always – please engage in the comments below! Have a great weekend!