MoneyWatch TikTok ban measure signed by Biden. Here’s what could happen next.
CBS News: The U.S. Senate has passed a bill including provisions that could lead to a ban on TikTok if its Chinese owner, ByteDance, doesn’t divest within a year. This legislation, part of a broader $95 billion foreign aid package for Ukraine, Israel, and other allies, has now been signed into law by President Biden. Concerns about TikTok stem from potential risks that ByteDance could share U.S. user data with the Chinese government. Despite TikTok’s efforts to mobilize its user base against the bill, the legislation moved forward. TikTok has declared the bill a threat to free speech and plans to challenge it legally. Should TikTok be forced to sell, possible buyers include major firms like Microsoft and Oracle, but complexities arise if ByteDance withholds its core algorithms. If TikTok is banned, platforms like Meta’s Instagram and Google could see significant user increases.
Akira Ransomware Group Takes in $42 Million From 250 Attacks in a Year
Security Boulevard: The Akira ransomware has amassed over 250 victims and $42 million in ransoms, according to a joint advisory from U.S. and European cybersecurity agencies. Originally targeting Windows systems, Akira quickly adapted to also attack Linux platforms, specifically VMware ESXi virtual machines, showcasing its versatility and evolution. Recent variants include “Megazord” and “Akira_v2,” with threat actors deploying these against different system architectures simultaneously within the same attack. Akira’s ability to target Linux systems reflects a broader trend as cybercriminals exploit the increasing use of Linux in critical sectors like finance and healthcare. The ransomware gains initial entry through vulnerabilities in VPN services, Remote Desk Protocol, and by exploiting weak or stolen credentials. Once inside, it establishes persistence, escalates privileges, and scouts networks to maximize impact. While Akira has shifted tactics towards data exfiltration for extortion, encryption remains a significant threat, using a sophisticated hybrid scheme for robust and tailored attacks.
Hackers Broke Into Change Healthcare’s Systems Days Before Cyberattack
Wall Street Journal ($): The ALPHV ransomware gang infiltrated the networks of UnitedHealth Group’s Change Healthcare unit for over a week before launching a crippling ransomware attack on February 21. The attackers accessed the network on February 12 and maintained presence until the ransomware deployment, raising concerns about potential extensive data theft. The incident has led to significant financial losses, with UnitedHealth reporting an impact of $870 million. While UnitedHealth paid approximately $22 million in ransom, efforts to restore systems and support affected providers are ongoing, amidst scrutiny from lawmakers and an investigation by the U.S. Department of Health and Human Services into potential breaches of sensitive patient information.
A recent survey shows a 55% year-over-year increase in active ransomware groups and an almost 20% increase in ransomware victims compared to Q1 2023.(source)
8 years ago, the GDPR was approved by the European Parliament. (source)
Charlies is a 14 year cyber security expert. He started his career in the U.S. armed forces and then transitioned into commercial roles. A security engineer by training, he's well-versed in tool deployment and administration.
Ellen bring a decade of GRC expertise to the TalPoint community. She's knowledgeable on a variety of frameworks and employs a methodical approach to compliance. She's available for needs assessments, gap assessments, internal audits, and for certain frameworks running independent 3rd party audits.
Zachary bring a 20+ year career in risk management to the TalPoint community. He's worked across healthcare, finance, and supply chain manufacturing. His broad experience offers both a holistic view of risk as well as a common sense approach to risk management.