Happy New Year! This week's Weekly Debrief covers possible Iranian cyberattacks, FBI's warning on Maze ransomware, false flag cyberattacks, the possibility of a single congressional cyber committee, CCPA, and a House bipartisan bill to update COPPA.
"Recent US military action in Baghdad could prompt retaliatory attacks against US organizations, it says. Concerns about an Iranian cyber response to the recent American military strike in Baghdad grew this week with the US Department of Homeland Security urging organizations to be on heightened alert for denial-of-service and other more destructive attacks."
"The FBI recently began warning the private sector of a rise in Maze ransomware attacks, where the cybercriminals pose as legitimate security vendors or government agencies to encrypt and steal data. In November, the hacking group threatened to publicly release stolen data in an extortion attempt.According to the advisory, Maze cyberattacks began hitting US organizations in November. Officials are calling on security leaders to bolster protections as attacks increase."
"False flags are a favorite technique of cyber attackers connected to Russian intelligence, but they don't have a monopoly on the practice. A false flag cyberattack is when a hacker or hacking group stages an attack in a way that attempts to fool their victims and the world about who's responsible or what their aims are."
"The last few months of cyberattacks, especially ransomware incidents, demonstrated healthcare providers aren’t fully prepared for the new age of sophisticated threats. As the Department of Homeland Security alerts to the increased cybersecurity risk to infrastructure, it begs the question: What comes next in terms of threats and preparation for the healthcare sector?"
"What if a single Congressional committee in each chamber had oversight for cybersecurity issues? That’s one of the organizational fixes the bipartisan U.S. Cyberspace Solarium Commission, a bipartisan organization created in 2019 to develop a multipronged U.S. cyber strategy, is considering recommending to lawmakers. Such an approach would consolidate the disparate committees with jurisdiction over cyber issues."
"The California Consumer Privacy Act is being touted as one of the strongest privacy regulations in the U.S. enacted so far. However, though the CCPA was adopted on January 1, 2020, the act still has several loose ends and privacy loopholes that need to be fleshed out.At a high level ,the CCPA mandates strict requirements for companies to notify users about how their user data will be used and monetized along with giving them straightforward tools for opting out."
"A pair of House lawmakers introduced a bipartisan bill Thursday to update a decades-old law designed to protect children's online privacy. The bill comes amid growing concern that children are encountering increasingly sophisticated threats online. The Preventing Real Online Threats Endangering Children Today Act (PDF), introduced by Republican Rep. Tim Walberg of Michigan and Democratic Rep. Bobby Rush of Illinois, aims to strengthen the Children's Online Privacy Protection Act of 1998 (COPPA) to address the ever-evolving digital landscape, the lawmakers said."