3 Interesting Articles

CISA Launches Ransomware Warning Pilot for Critical Infrastructure

NextGov: The Cybersecurity and Infrastructure Security Agency (CISA) announced on Monday that it has created a pilot program to identify weaknesses within critical infrastructure systems that are known to be taken advantage of by ransomware groups. The ransomware vulnerability warning pilot (RVWP) first began on January 30, 2023 when CISA contacted 93 organizations “identified as running instances of Microsoft Exchange Service with a vulnerability called ‘ProxyNotShell,’ which has been widely exploited by ransomware actors.” The pilot program was created in response to a requirement of CISA to the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) and will be coordinated with the Joint Ransomware Task Force, also established by CIRCIA.

New Biden Cybersecurity Strategy Assigns Responsibility to Tech Firms

NY Times: Ever since the George W. Bush administration from 20 years ago, administrations have issued a cybersecurity strategy but President Biden’s new strategy offers greater mandates on private industry and expands the role of the government to be proactive to preemptive cyberattacks, especially from abroad. The Biden administration released their new strategy on Thursday that calls on software makers and the American industry to take greater responsibility to ensure that their systems won’t be hacked. They also want to increase efforts by the FBI and the Defense Department to disrupt activities of hackers and ransomware groups globally. The government is now concluding that voluntary reports from companies on system intrusions are insufficient from the constant attacks and companies should be required to meet minimum cybersecurity standards. While this strategy is a policy document and not an executive order, it is a significant shift toward the “public-private partnerships” that the government has discussed for years.

Millions of AT&T Customers Notified of Data Breach at Third-Party Vendor

Security Week: AT&T, one of the largest carriers in the US with about 200 million wireless customers, was impacted by a data breach. Roughly 9 million customers had their Customer Proprietary Network Information accessed by a hacker who breached one of their vendor’s systems and in turn exposed customer’s account information. While AT&T states that the information was several years old and the issue has been resolved, some users reported that the exposed data included names, email addresses, phone numbers, account numbers and payment plan information.

2 Stats You Should Know

The average age of a hacker is 35 years old, with the youngest hackers being in their teens and the oldest in their 60s. (source)

48% of organizations have experienced a ransomware attack over the past 12 months, and SaaS data was the target of more than half of them at 51%. (source)

1 More Thing

Did The Simpsons predict the Silicon Valley Bank collapse in 1994?

https://www.linkedin.com/posts/talpoint-us_bart-simpson-starts-a-bank-run-activity-7042248088379396096-_jlu