Friday is here! And soon the end of your favorite funny-picture-sharing Twitter bot will be too, when a certain aforementioned social media company decides to pull the plug on free access to its API. Thanks a lot, Elon.
In today’s edition:
Hospitality
Holiday hacks
—Billy Hurley, Tom McKay, Patrick Lucas Austin
|
|
Illustration: Dianna “Mick” McDougall, Source: Getty Images
A hospital often brings in suppliers: maybe a pharmacy service that handles electronic medical records, or a CT-scanning technology to inspect a broken bone. But ransomware actors target third-party imaging vendors and electronic medical records systems—meaning any third-party risk can become a first-party risk, which is no party at all.
Healthcare CISOs and industry leaders have formed the Health3PT initiative, which aims to collect best practices to address security responsibilities along the supply chain. An agreed-upon framework, its members hope, will support buyers, suppliers, and security professionals as the line blurs between a hospital environment and their partners’ environments.
“You can’t help but care about what those risks are that your partners could potentially introduce. Their hygiene is now your hygiene,” said Omar Sangurima, principal technical program manager at the Memorial Sloan Kettering Cancer Center.
Sangurima is one of many industry leaders who will be on numerous Zoom calls this year to determine the Health3PT guidelines for third-party suppliers. The best practices will largely be pulled from the HITRUST Common Security Framework (CSF), a set of risk controls that include practices like management responsibilities, segregation in networks, and user-access rights.
Health3PT plans to publish its “research on third-party risk metrics” in the first quarter of 2023.
WannaCollaborate? When WannaCry ransomware hit hospitals in 2017, the attack froze a range of Windows-based technologies, from workstations all the way down to unpatched, connected MRI devices.
Read more here.—BH
Do you work in IT or have information about your IT department you want to share? Email [email protected]
|
|
TOGETHER WITH AMAZON WEB SERVICES
|
No no, don’t go reachin’ for your umbrella—we’re talkin’ about a different type of cloud. THE cloud. You know, the one those galaxy-brained techies are always talking about, the computer thing you kinda-sorta understand when chatting with IT.
Well, Amazon Web Services is here to help clear the fog. On February 15, they’re hosting AWSome Day, a free, 3-hour cloud training conference that’ll spill all the deets on the cloud and AWS.
Curious about what you’ll get from this conference? Attendees will come away with a rock-solid understanding of how cloud computing can help your biz cut costs, save time, expedite workflows, and more.
Bring the cloud down to Earth with AWS.
|
|
Schitt’s Creek/CBC via Giphy
Ransomware gangs may have been down in terms of attack volume and income in 2022, but they’re not out—as evidenced by a recent report showing threat actors kept up their efforts over the holiday season.
In their December 2022 threat report, researchers with security firm NCC Group tracked a total of 269 ransomware attacks that month, up 2% from November. Yet the security firm said that this was unusual, as its own data (contrary to expectations) historically showed decreases “as cybercriminals, like any organization, take time to enjoy the festive season.” Last year, it saw a 37% drop in ransomware attacks from November to December.
According to NCC Group, the LockBit 3.0 ransomware-as-a-service gang—whose business model has been both massively successful and increasingly drawing heat from authorities—regained its usual lead among threat actors, responsible for 19% of attacks.
BianLian, a group that utilizes unusual Golang-based malware, more than doubled their activity from November to rank second with 12% of all attacks. Coming in third was the notorious BlackCat group at 11%, which NCC Group said also doubled its attacks from the month prior in its most active month on record.
NCC Group also observed a continued rise in distributed denial-of-service (DDoS) attacks, as well as a number of attacks in which threat actors attempted to extort targets by releasing their names, letter by letter. Matt Hull, NCC group’s global head of threat intelligence, told IT Brew this likely reflects the broader trend of ransomware gangs increasingly relying on tactics beyond encryption to coerce victims.
Keep reading here.—TM
Do you work in IT or have information about your IT department you want to share? Email [email protected] Want to go encrypted? Ask Tom for his Signal.
|
|
Do more together. Confluence is the remote-friendly team workspace where knowledge and collaboration meet. Whether you’re looking for new ways to automate or to easily share information across your entire organization, Confluence has the tools to support your team. Their free plan is packed with features to propel your team forward.
|
|
Francis Scialabba
Today’s top IT reads.
Stat: 100 million. That’s the number of users ChatGPT has two months after its launch, setting the record for fastest-growing consumer application in history. (Reuters)
Quote: “In a startling turn of events, CIOs and hiring managers of IT professionals have seen the elimination of over 100,000 jobs from the open requisition for those positions.”—Janco Associates CEO Victor Janulaitis on open IT jobs disappearing in an uncertain economic climate (Computer Weekly)
Read: CNET employees say Red Ventures, which bought the tech site in 2020, has pressured them to favor advertisers in coverage and pushed them to publish plagiarism-riddled AI-written content. (The Verge)
|
|
-
Home security company SimpliSafe is testing a service that would let a SimpliSafe agent talk to a potential intruder detected by AI.
-
Microsoft is adding AI to Teams meetings.
-
Twitter API access will soon cost developers money.
-
Samsung is following Intel’s lead—downwards.
|
|
Check out the IT Brew stories you may have missed.
|
|
|