November 2022 Security Update: Healthcare Remains a Prime Target, New Critical Vulnerabilities Uncovered

Healthcare Leads Markets in Cyberattacks

A survey by cybersecurity vendor Netwrix found that 61 percent of respondents in the healthcare industry experienced a cyberattack on their cloud infrastructure from October 2021 to October 2022. Healthcare stats top other industries that average 53 percent. Phishing is the most common type of attack that healthcare organizations reported.

Dirk Schrader, VP of security research at Netwrix, explains, “The healthcare sector is a lucrative target for attackers because the chances of success are higher. The first two years of the pandemic exhausted the industry. With patient health being the main priority for these organizations, IT security resources are often too stretched and are focused on maintaining only the most necessary functions. Plus, the high value of data gives cybercriminals better opportunities at financial gain: They can either sell stolen sensitive medical information on the dark web or extort a ransom for ‘unfreezing’ the medical systems used to keep patients alive.”

The survey also investigated how quickly healthcare organizations detect security incidents in the cloud. Although 40 percent report they can detect phishing within minutes, 47 percent detect ransomware or other malware attacks, and 45 percent detect account compromise within hours, some admit it takes weeks or days to detect security incidents.

Action Items:

• Optimize or enforce security solutions, including encryption, multifactor authentication (MFA), and employee training.
• Help your healthcare clients accelerate their plans to implement data classification and security in the cloud.
• Provide healthcare organizations with solutions to monitor access and activity in the cloud.

Packagist Vulnerability Discovered

In April 2021, SonarSource discovered and disclosed a critical vulnerability in Packagist, a central component of the PHP supply chain. This fall, the company uncovered a new critical vulnerability in similar components.

The CVE-2022-24828 exploits the fact that many modern software components are built on third-party software components. The vulnerability aims to infect the supply chain.

Action Items:

• You are safe if you are using the official Packagist instance or Private Packagist.
• If you integrate Composer as a library or operate in untrusted repositories, upgrade to Composer 1.10.26, 2.2.12, or 2.3.5 so you will benefit from the security patches for this vulnerability.
• Read the SonarSource blog for details.

Critical Vulnerability Discovered in Spotify Backstage

Oxeye, a cloud-native application security provider, uncovered a critical vulnerability in Spotify’s Backstage project and calls on developers to take immediate action. The company announced on Nov.15 that the vulnerability exploits a VM sandbox escape through the third-party library vm2. The Oxeye research team was able to conduct unauthenticated remote code execution in the project.

Action Items:

• See Oxeye’s blog on the vulnerability.
• Upload Backstage version 1.5.1, which corrects the issue.

How Safe Are Chrome Extensions?

Data removal company Incogni analyzed 1,237 Chrome extension risk profiles available on the Chrome Web Store and found that nearly half (48.66 percent) have high to very high risk impact. They request permission that could potentially expose personally identifiable information (PII), distribute adware and malware, and log everything that users do, including entering passwords and financial information.

Furthermore, 27 percent of Chrome extensions collect data, and Chrome extensions used for writing collect the most data and ask for the most permissions.

Action items:

• Use caution when granting permission to extensions.
• Check the risk profile of any extension before downloading it.
• If you have any doubts about an extension, look for an alternative from a trusted developer.
• Learn more on the Incogni blog.

What’s in Store in Cyberthreats in 2023?

Digital Shadows, a ReliaQuest company, released its 2023 Threat Landscape Predictions based on its threat intelligence capabilities. Predictions include:

• The Russia-Ukraine conflict is diverting attention away from LockBit, giving the group free reign over western-based companies
• New ransomware groups are pulling talent from the business world. Digital Shadows has seen several advertisements online from hackers trying to recruit from legitimate companies.
• Russia’s military campaign will have a demonstrable impact on the cyber risk, including a spike in Russian hacktivist activity.

Action Items:

• Put security controls in place.
• Take advantage of cyberintelligence services.

For more insights and updates, visit DevPro Journal’s Security page.