05 Aug 5 cybersecurity threats to know about right now
By Tom Sullivan for Healthcare IT News
Hackers and cybercriminals continued tapping into new techniques this summer to essentially break into IT networks, if not cripple some of those.
It’s not just Petya following in WannaCry’s footsteps, either. But since that ransomware turned wiper malware certainly grabbed the spotlight, it took the top slot in HIMSS roster of threat, vulnerability and mitigation issues in the June 2017 Healthcare and Cross-Sector Cybersecurity Report.
“While we are getting better at cybersecurity defense, cybercriminals are raising the bar in terms of their attacks,” HIMSS Director of Privacy and Security Lee Kim said.
Whether you call it plain old Petya, or the more enigmatic NotPetya or ExPetr monikers, the attack that originally looked to be ransomware, it is now widely understood, is of an even more destructive nature: wiper malware. “Although one does get a ransom note demanding ransom, there appears to be no way for the malware operators to provide a decryption key,” according to HIMSS report. “Additionally, a ‘vaccine’ has been widely publicized.”
In another June development that hospital CIOs, CISOs and infosec specialists need to know, malware can arrive and indeed infiltrate networks under the guise of files other than those pesky executables.
Cybercriminals, in fact, are using Powershell, or .LNK, files to run malicious code and serve up ransomware including Locky, while the WORM.RETADUP.A code has been used to target hospitals in Israel lately and campaigns based on web browsers, Windows updates and a 3D creation tool were spotted in the wild.
Then there’s the newfound threat inherent to PowerPoint, believe it or not. “Malicious code may run merely by hovering over a malicious URL with one’s mouse pointer. Visual Basic for Applications macros do not need to be enabled in order for this to work.” And, yes, the same technique can be used in e-mail spam campaigns — meaning, of course, that it’s time to make sure end-user education programs include the dangers or merely hovering over a nefarious link.
Hospitals running Unix operating systems Solaris and open source OS software such as Linux, OpenBSD, NetBSD and FreeBSD should pay particular attention to the Stack Clash vulnerability, for which exploit code is publicly available. Vendors have rolled out security fixes so if you’ve not already patched it’s time to do so, otherwise the exploit code can execute arbitrary code, corrupt system memory and even grant attackers full root privileges.
Back to WannaCry. Even though Petya stole the spotlight, the WannaCry ransomware is still infecting computers, devices and networks. “In the healthcare sector, the main concern is in regard to infected medical devices as this can pose a patient safety problem,” HIMSS noted and recommended ICS-CERT’s list of medical device manufacturers for updated information about protecting against WannaCry.
“The cybersecurity scene is changing so much and so rapidly,” Kim said. “This is why information sharing is so important.”
Lee Kim will be speaking more on the threat horizon at the Healthcare Security Forum beginning on 11 September 2017 in Boston.