◆ A report from the HHS Health Sector Cybersecurity Coordination Center (HC3) found that in early 2022, ransomware groups increasingly turned to legitimate software during intrusions.^[1] Software used included remote access, encryption, file transfer and open-source tools, as well as internal Microsoft utilities. In this approach, threat actors leverage what is already available in the target environment instead of deploying custom tools and malware, HC3 said. Attackers that use legitimate software for malicious actions are less likely to see their activity flagged by antivirus or endpoint detection tools, because malicious actions are more likely to blend in with normal administrative tasks, HC3 said. The agency recommended several mitigation strategies, including using the host firewall to restrict file-sharing communications, deploying network intrusion detection and prevention systems that use network signatures, using multifactor authentication for user and privileged accounts, and configuring access controls and firewalls to limit access to domain controllers and systems used to create and manage accounts.

◆ An information technology specialist has been indicted on a federal criminal charge for allegedly hacking into the server of an Oak Lawn, Illinois, health care company where he formerly worked as a contractor.^[2] Aaron Lockner of Downers Grove allegedly illegally accessed the server on April 16, 2018, according to an indictment returned May 24 by a U.S. district court in Chicago. This intrusion impaired medical examinations, treatment and care of multiple individuals, the indictment stated. Lockner had previously performed information security and technology work for the health care company and had access to its computer network, the indictment alleged. Two months before the cyberattack, Lockner had sought and was denied an employment position with the health care company. If convicted, Lockner faces up to 10 years in federal prison.