Explore the strategies used to disrupt cybercrime group, Storm-1152

Here is a interesting article from Microsoft on how Russian cyberthreat actor work.

Gain insight into the cybercrime ecosystem with this overview of the Storm-1152 organization and the disruption of their fraudulent activities. Read the story from the Microsoft Digital Crimes Unit on Security Insider to:

  • Learn how Storm-1152 created and sold fraudulent Microsoft accounts that bypassed identity verification systems.
  • Discover how cybercriminals used Storm-1152 services to conduct cyberattacks like ransomware.
  • See how Microsoft and its partners seized Storm-1152’s websites and disrupted its operations.

Discover how Russian cyberthreat actors are exploiting war fatigue Get a behind-the-scenes look at how Russia is using cyberattacks to gain an advantage in the war in Ukraine.

Learn more

Just Published | Final SP 800-66r2, Implementing the HIPAA Security Rule: A Cybersecurity Resource Guide

NIST published the final version of Special Publication (SP) 800-66r2 (Revision 2), Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule: A Cybersecurity Resource Guide. This publication, revised in collaboration with the U.S. Department of Health and Human Services (HHS) Office for Civil Rights, provides guidance for regulated entities (i.e., HIPAA-covered entities and business associates) on assessing and managing risks to electronic Protected Health Information (ePHI), identifies typical activities that a regulated entity might consider implementing as part of an information security program, and presents guidance that regulated entities can utilize in whole or in part to help improve their cybersecurity posture and assist with achieving compliance with the HIPAA Security Rule.

To assist regulated entities, key document content has been posted online. A list of resources (e.g., guidance, templates, tools) that regulated entities can consult for assistance about particular topics has been hosted on the SP 800-66r2 web page (see under “Supplemental Material” in the gray Documentation box). Additionally, the key activities, descriptions, and sample questions from the tables in Section 5 of the publication have been posted in NIST’s Cybersecurity and Privacy Reference Tool (CPRT). The content in CPRT also includes mappings of the HIPAA Security Rule’s standards and implementation specifications to NIST Cybersecurity Framework Subcategories and SP 800-53r5 security controls as well as listings of NIST publications relevant to each HIPAA Security Rule standard. Readers may draw upon these NIST publications and mappings for assistance in implementing HIPAA Security Rule standards and implementation specifications.

NIST appreciates and looks forward to further collaboration and feedback from the community. Questions or ideas?

Reach out to us at sp800-66-comments@nist.gov.

Read More

 NIST: New PPFL Blog Post and CRC Update

In our last privacy-preserving federated learning blog post, we discussed known privacy attacks in federated learning and provided recent examples from the research literature. In this new post, Data Distribution in Privacy-Preserving Federated Learning, we define and explain the different ways data can be distributed, or partitioned, among participants in federated learning systems.  Learn more in the third post in our series.   

Data Distribution in Privacy-Preserving Federated Learning by David Darais, Joseph Near, Dave Buckley, and Mark Durkee

Read the post.  

In addition to our new blog post, we have an update on our NIST Collaborative Research Cycle (CRC), an ongoing effort to benchmark, compare, and investigate deidentification technologies. The CRC program asks the research community to deidentify a compact and interesting dataset called the NIST Diverse Communities Data Excerpts, demographic data from communities across the U.S. sourced from the American Community Survey. We’ve received more than 450 deidentified instances of the data along with detailed abstracts describing how each was privatized. Approaches include differential privacy, generative adversarial networks, k-anonymity, statistical disclosure limitations and many others from both open-source tools and proprietary algorithms. We conducted an extensive standardized evaluation of each deidentified instance using a host of fidelity, utility, and privacy metrics, using our tool, SDNist. We’ve packaged the data, abstracts, and evaluation results into a human- and machine-readable archive. The research community is currently using these tools to drive research. 

In December, we held a workshop showcasing research efforts using the CRC resources. See the CRC website to access recordings of the sessions and the draft proceedings. The program continues to accept data and will be planning additional workshops. Subscribe to the CRC mailing list for updates. 

We encourage readers to ask questions and share knowledge using the contribute section of the Privacy Engineering Collaboration Space. You can also contact us at collabspace@nist.gov or privacyeng@nist.gov.

Meanwhile—stay tuned for the next privacy-preserving federated learning blog post!  


All the best, 
NIST Privacy Engineering Program

Overview of the NIST Cybersecurity Framework (CSF) 2.0 Small Business Quick Start Guide

Event Date: March 20, 2024

Event Time: 2:00 p.m. to 2:45 p.m. ET

Event Location: Virtual

Event Description:

Did you hear the big news? The NIST Cybersecurity Framework 2.0 was published on February 26, 2024. If that wasn’t exciting enough, we also published the CSF 2.0 Small Business Quick Start Guide along with it.

As a supplement to the CSF 2.0, the new Small Business Quick Start Guide provides small-to medium-sized businesses (SMB) with resources and considerations to kick-start their cybersecurity risk management strategy using the CSF 2.0.

During the webinar on March 20, 2024, we will spend 30 minutes providing an overview of the Small Business Quick Start Guide, will highlight other new CSF 2.0 resources, and we will reserve 15 minutes at the end for audience questions. 

Register Here

Russian SVR Actors Targeting Cloud Infrastructure

The Cybersecurity and Infrastructure Security Agency (CISA) in partnership with UK National Cyber Security Centre (NCSC) and other US and international partners released this Joint Cybersecurity Advisory providing recent tactics, techniques, and procedures (TTPs) used by Russian Foreign Intelligence Service (SVR) cyber actors—also known as APT29, the Dukes, CozyBear, and NOBELIUM/Midnight Blizzard—to gain initial access into a cloud environment.
The NCSC has previously detailed how SVR cyber actors have targeted governmental, think tank, healthcare and energy targets for intelligence gain. It has now observed SVR actors expanding their targeting to include aviation, education, law enforcement, local and state councils, government financial departments, and military organizations.
The authoring agencies encourage network defenders and organizations review the joint advisory for recommended mitigations. For more information on APT29, see joint advisory Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally or visit CISA’s Russia Cyber Threat Overview and Advisories  page. For more guidance on cloud security best practices, see CISA’s Secure Cloud Business Applications (SCuBA) Project.

The NIST CSF 2.0 is HERE

CSF 2.0 ResourcesNIST CSF 2.0 QUICK LINKS

Explore our Full Suite of Resources:
CSF 2.0
Quick Start Guides
CSF 2.0 Profiles
CSF 2.0 Informative References
Cybersecurity & Privacy Reference Tool (CPRT)
CSF 2.0 Reference Tool
CSF 2.0 Website (Homepage)
Official NIST News Announcement

The NIST Cybersecurity Framework (CSF) development process all started with Executive Order (EO)13636 over a decade ago, which called for building a set of approaches (a framework) for reducing risks to critical infrastructure. Through this EO, NIST was tasked with developing a “Cybersecurity Framework.” We knew that, to do this the right way, NIST would need to work alongside industry, academia, and other government agencies. This is exactly what we did—and have been doing over the past 10 years—as the CSF became more popular around the globe.

We also knew that the CSF needed to be a living document that should be refined, improved, and evolve over time. To address current and future cybersecurity challenges and improvements, NIST set out on the journey of developing the CSF 2.0. Along the way, NIST has solicited input via formal Requests for Information, workshops and smaller meetings, suggestions from users and non-users alike, and draft documents for public comment. This all resulted in CSF Versions 1.0 and 1.1 and, most recently, a draft of CSF 2.0…

Read the Blog

NIST Releases Version 2.0 of Landmark Cybersecurity Framework

NIST Releases Version 2.0 of Landmark Cybersecurity Framework The National Institute of Standards and Technology (NIST) has updated the widely used Cybersecurity Framework (CSF), its landmark guidance document for reducing cybersecurity risk. The new 2.0 edition is designed for all audiences, industry sectors and organization types, from the smallest schools and nonprofits to the largest agencies and corporations — regardless of their degree of cybersecurity sophistication. In response to the numerous comments received on the draft version, NIST has expanded the CSF’s core guidance and developed related resources to help users get the most out of the framework. These resources are designed to provide different audiences with tailored pathways into the CSF and make the framework easier to put into action.
Read More

NICE | advancing cybersecurity education and workforce

NICE 2024 Banner with NICE Logo Only Early Bird Registration is Now Open!
June 3 – 5, 2024 | Dallas, Texas   Registration is now open for the 2024 NICE Conference and Expo in Dallas, Texas, taking place from June 3 to 5, 2024! Secure early bird rates from February 27 to March 19, 2024.
This year’s theme, “Strengthening Ecosystems: Aligning Stakeholders to Bridge the Cybersecurity Workforce Gap,” highlights our shared responsibility to work together to build an integrated ecosystem of cybersecurity education, training, and workforce development. Through collaboration and partnerships, we will cultivate a stronger community that is dedicated to building a knowledgeable and skilled workforce.
Register Now! NICE Conference Reserve Your Room A limited block of discounted rooms will be available at a prevailing government rate of $164/night (room rate does not include tax or any applicable fees) to those registering for the conference.

Make sure to reserve your room at the Sheraton Dallas!
Reserve Now!

NIST: Data Distribution in Privacy-Preserving Federated Learning

Our first post in the series introduced the concept of federated learning and described how it’s different from traditional centralized learning – in federated learning, the data is distributed among participating organizations, and share model updates (instead of raw data).

What kinds of techniques can we use to build privacy-preserving federated learning systems? It turns out to depend heavily on how the data is distributed. This post defines and explains the different ways data can be distributed, or partitioned, among participants in federated learning systems. Future posts in the series will describe specific techniques applicable in each situation.

Data partitioning schemes describe how data is distributed among participating organizations, as compared to the centralized scheme in which one party holds all the data.

  • In a horizontal partitioning scheme, the rows of the data are distributed among the participants.
  • In a vertical partitioning scheme, the columns of the data are distributed among the participants. 

Combinations of the two are also possible—we’ll get to those at the end of this post…

Read the Blog

CISA, FBI, and HHS Release an Update to #StopRansomware Advisory on ALPHV Blackcat

Today, CISA, the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) released an update to the joint advisory #StopRansomware: ALPHV Blackcat to provide new indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) associated with the ALPHV Blackcat ransomware as a service (RaaS). ALPHV Blackcat affiliates have been observed primarily targeting the healthcare sector.

CISA, the FBI, and HHS urge network defenders to review the updated joint advisory to protect and detect against malicious activity.

All organizations are encouraged to share information on incidents and anomalous activity to CISA’s 24/7 Operations Center at report@cisa.gov or via our Report page, and/or to the FBI via your local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov.  For more on ransomware, visit stopransomware.gov.