Cybersecurity Alert Issued by United States and United Kingdom
A cybersecurity alert for healthcare and essential services was filed jointly by the United States and the United Kingdom. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the U.K. National Cyber Security Centre (NCSC) issued the alert on May 5, 2020. These agencies have detected Advanced Persistent Attacks (APT) against organizations involved in Covid-19 responses. Targeted entities include healthcare, pharmaceutical, academia, and research organizations. Local governmental agencies are also being attacked.
System Vulnerabilities Being Exploited
CISA and NCSC have reported numerous incidents of APT actors scanning pharmaceutical and medical research organization external websites for vulnerabilities. These actors are exploiting a Citrix vulnerability known as Citrix CVE-2019-19781. They are also gaining access through vulnerabilities in Virtual Private Network (VPN) products from Pulse Secure, Fortinet, and Palo Alto.
Healthcare Organizations Subjected to Password Spraying
Healthcare organizations in a number of countries are being subjected to large-scale password spraying campaigns. Password spraying is a brute force style of attack. The cyber actor uses tries a single and commonly used password against many accounts and then will attempt another. Because of the time between attempts at a single site rapid or frequent account lockouts are prevented.
Recommended Forms of Mitigation
In its cybersecurity alert for healthcare CISA recommends risk based holistic approaches to organizational cybersecurity consistent with the National Institute of Standards and Technology (NIST).
CISA other recommendations for mitigation in this alert included:
- Update VPNs, network infrastructure devices, and devices being used to remote into work environments with the latest software patches and configurations.
- Use multi-factor authentication to reduce the impact of password compromises.
- Protect the management interfaces of your critical operational systems.
- Set up a security monitoring capability.
- Review and refresh your incident management processes.
- Use modern systems and software.
According to recent studies, organizations are unprepared to meet the challenges of modern cybersecurity. CVG Strategy can help by implementing Information Security Management Systems (ISMS) that will protect your organization’s vital data and information systems. Our Subject Matter Experts can guide your business through a variety of solutions including NIST 800-171. Contact Us to learn more