Welcome to the February edition of the CyberCapsule. In this edition, we discuss the efforts from the Pentagon, HHS, and DOE to combat ongoing cyberattacks. We also discuss the ongoing world of threat actors, with an emphasis on their successes and failures.

CONSIDER THIS

Throwing Money At The Problem. On January 4, 2024, the Department of Energy announced it is offering up to $70 million toward research projects to reduce energy delivery infrastructure risk due to cyberattacks.

AI To The Rescue. On January 11, 2024, the Pentagon's National Defense Industrial Strategy announced it will use artificial intelligence and analytics to defend critical infrastructure.

Doctor's Orders. On January 24, 2024, HHS revealed cybersecurity performance goals to better equip the healthcare sector prepare for cybersecurity threats.

It's No Secret They Provide A Service. On January 26, 2024, the Secret Service announced it reestablished a Cyber Investigations Advisory Board (CIAB) to "prevent and disrupt criminal use of cyberspace."

What You Don't Know Can Hurt You. On January 30, 2024, the Government Accountability Office revealed that federal agencies charged with overseeing manufacturing, energy, health care and transportation sectors are largely uncertain on whether companies in these sectors have adopted recommended ransomware protections.

AS THE WORLD TURNS

BlackBasta Encryption Pattern Not That Complicated. On January 2, 2024, researchers revealed a weakness in the encryption algorithm, potentially allowing victims to unencrypt certain files.

You Get a Consumer Record, You Get a Consumer Record, You Get a Consumer Record. On January 2, 2024, hackers released 50 million consumer records from individuals across the world.

Ya Gotta Give (to Cybersecurity Budget). On January 2, 2024, researches posted statistics about ransomware activity in 2023 – over 2,200 organizations were targeted, with an average cost of $1.5 million.

BigMac Attack. On January 3, 2024, a security researcher indicated 21 new malware families targeting macOS in 2023. This represents a 50% jump from 2022.

Giving Life to Expired Cookies. That is what multiple malware families were found doing; exploiting the Google OAuth endpoint MultLogin to revive expired authentication cookies and allowing unauthorized access to Google accounts.

A Little Warning Would Be Nice. On January 26, 2024, the Identity Theft Resource Center reported that data breaches rose 78% in 2023, mainly from zero-day and supply chain attacks.

For more information, visit our Data Privacy & Cybersecurity Practice page to find an experienced attorney in your area. Read more about data privacy and cybersecurity on our blog, Digital Insights.

Click on our map of the United States, then choose "Data Breach Notification Statutes" or "Information Security Standards," and then click on the specific state for which you would like information.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.