Follow ISA Cybersecurity on LinkedIn for the latest cybersecurity news
Weekly CyberTip: The importance of IoMT inventories
While IoMT (Internet of Medical Things) devices help make healthcare environments more efficient and effective, they can create security exposures unless they are properly configured and maintained at current patch levels. Attacks on these devices can cause service disruptions; and since IoMT gear can house personal or sensitive information, a security breach can also compromise patient privacy and safety. Asset tracking solutions can help you identify what is (and even what should not be) on your network, and give you the insight to stay on top of securing these key parts of your infrastructure by identifying device misconfigurations, new patch availability, and more.
CISA warns of critical IoMT vulnerability
On April 27, CISA issued an advisory regarding a vulnerability in several models of Illumina DNA research devices. This critical IoMT flaw has been assigned a CVSS base score of 10, the highest rating possible. It is being tracked as CVE-2023-1968.
The vulnerability affects Illumina’s Universal Copy Service (UCS) v2.x, which is used in equipment “that may be specified either for clinical diagnostic use in sequencing a person’s DNA for various genetic conditions or for research use only,” according to the advisory. “An unauthenticated malicious actor could use UCS to listen on all IP addresses, including those capable of accepting remote communications.”
“An unauthorized user could exploit the vulnerability by: taking control remotely; altering settings, configurations, software, or data on the instrument or a customer’s network; or impacting genomic data results in the instruments intended for clinical diagnosis, including causing the instruments to provide no results, incorrect results, altered results, or a potential data breach,” added a corresponding bulletin from the Food & Drug Administration.
Both Illumina, which is among the world’s largest manufacturers of medical devices that handle bioanalysis and DNA sequencing, and CISA have advised that no known public exploits of the vulnerability have been found as yet. However, healthcare organizations are urged to patch their systems as soon as possible. Current versions are available from Illumina’s support portal.
Google announces milestone in fight against cyber criminals
In an April 26 blog post, Google reported that a federal judge in the Southern District of New York unsealed their civil action against the malware distributors of Cryptbot, a type of malware designed to identify and steal sensitive information from infected computers. The malware distributors offer malicious versions of software (including Google Chrome) to infect machines, then steal information like “including authentication credentials, social media account logins, cryptocurrency wallets, and more,” according to the post. “The stolen data is then harvested and sold to bad actors for use in data breach campaigns.”
The court order helps Google fight back against the cyber criminals in a number of ways. Google is conducting “ongoing technical disruption efforts against the distributors and their infrastructure,” and is using the court order to “take down current and future domains that are tied to the distribution of CryptBot,” which will slow the spread of the malware.
Cisco warns of vulnerability in Unified Communications software
On April 26, Cisco published an advisory regarding its Prime Collaboration Deployment (PCD) software used with the Unified Communications platform. The vulnerability, which will be tracked as CVE-2023-20060, is a cross-site scripting (XSS) issue affecting the PCD’s web-based management interface. The bug was first identified by a researcher at the NATO Cyber Security Centre (NCSC).
The researcher determined that the web client does not properly validate user-supplied input, allowing an attacker to exploit this vulnerability by persuading a user of the interface to click a specially-crafted link. A successful exploit could allow the unauthenticated attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
No patches or workarounds are currently available for the bug, though Cisco expects to have a security update available in early May.
U.S. logistics and storage giant suffers second cyber attack in under three years
Global logistics and cold storage firm Americold continues to recover from a cyber attack on April 25. The incident caused the company to shut down its network to isolate the intrusion, knocking out internal systems, communications, and the corporate website. The site was restored by April 27, and full services are expected to resume during the week of May 1, according to reporting by Bleeping Computer.
Americold was hit by a previous cyber attack in November 2020. That incident had a significant effect on operations, taking out phone systems, email, inventory management, and order fulfillment processes.
Americold has not provided any public statements on the root cause of either incident.
Yellow Pages Canada hit by cyber attack
On April 24, Yellow Pages Canada confirmed that the company had been the victim of a cyber attack and data breach. According to a spokesperson quoted by CityNews Toronto, “Based on our investigation to date, we have reason to believe that the unauthorized third party stole certain personal information from servers containing YP employee data and limited data relating to our business customers.” Yellow Pages Canada advised that they have notified all individuals personally affected by the data breach.
The company’s services have now “substantially” been restored after the attack, which is believed to have been launched by Russian-based ransomware-as-a-service criminal group Black Basta.