Cookie Consent by Free Privacy Policy Generator 📌 AA20-126A: APT Groups Target Healthcare and Essential Services

🏠 Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeiträge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden Überblick über die wichtigsten Aspekte der IT-Sicherheit in einer sich ständig verändernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch übersetzen, erst Englisch auswählen dann wieder Deutsch!

Google Android Playstore Download Button für Team IT Security



📚 AA20-126A: APT Groups Target Healthcare and Essential Services


💡 Newskategorie: Sicherheitslücken
🔗 Quelle: us-cert.gov

Original release date: May 5, 2020

Summary

This is a joint alert from the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC).

CISA and NCSC continue to see indications that advanced persistent threat (APT) groups are exploiting the Coronavirus Disease 2019 (COVID-19) pandemic as part of their cyber operations. This joint alert highlights ongoing activity by APT groups against organizations involved in both national and international COVID-19 responses. It describes some of the methods these actors are using to target organizations and provides mitigation advice.

The joint CISA-NCSC Alert: (AA20-099A) COVID-19 Exploited by Malicious Cyber Actors from April 8, 2020, previously detailed the exploitation of the COVID-19 pandemic by cybercriminals and APT groups. This joint CISA-NCSC Alert provides an update to ongoing malicious cyber activity relating to COVID-19. For a graphical summary of CISA’s joint COVID-19 Alerts with NCSC, see the following guide.

COVID-19-related targeting

APT actors are actively targeting organizations involved in both national and international COVID-19 responses. These organizations include healthcare bodies, pharmaceutical companies, academia, medical research organizations, and local governments.

APT actors frequently target organizations in order to collect bulk personal information, intellectual property, and intelligence that aligns with national priorities.

The pandemic has likely raised additional interest for APT actors to gather information related to COVID-19. For example, actors may seek to obtain intelligence on national and international healthcare policy, or acquire sensitive data on COVID-19-related research.

Targeting of pharmaceutical and research organizations

CISA and NCSC are currently investigating a number of incidents in which threat actors are targeting pharmaceutical companies, medical research organizations, and universities. APT groups frequently target such organizations in order to steal sensitive research data and intellectual property for commercial and state benefit. Organizations involved in COVID-19-related research are attractive targets for APT actors looking to obtain information for their domestic research efforts into COVID-19-related medicine.

These organizations’ global reach and international supply chains increase exposure to malicious cyber actors. Actors view supply chains as a weak link that they can exploit to obtain access to better-protected targets. Many supply chain elements have also been affected by the shift to remote working and the new vulnerabilities that have resulted.

Recently CISA and NCSC have seen APT actors scanning the external websites of targeted companies and looking for vulnerabilities in unpatched software. Actors are known to take advantage of Citrix vulnerability CVE-2019-19781[1],[2] and vulnerabilities in virtual private network (VPN) products from Pulse Secure, Fortinet, and Palo Alto.[3],[4]

COVID-19-related password spraying activity

CISA and NCSC are actively investigating large-scale password spraying campaigns conducted by APT groups. These actors are using this type of attack to target healthcare entities in a number of countries—including the United Kingdom and the United States—as well as international healthcare organizations.

Previously, APT groups have used password spraying to target a range of organizations and companies across sectors—including government, emergency services, law enforcement, academia and research organizations, financial institutions, and telecommunications and retail companies.

Technical Details

Password spraying is a commonly used style of brute force attack in which the attacker tries a single and commonly used password against many accounts before moving on to try a second password, and so on. This technique allows the attacker to remain undetected by avoiding rapid or frequent account lockouts. These attacks are successful because, for any given large set of users, there will likely be some with common passwords.

Malicious cyber actors, including APT groups, collate names from various online sources that provide organizational details and use this information to identify possible accounts for targeted institutions. The actors will then “spray” the identified accounts with lists of commonly used passwords.

Once the malicious cyber actor compromises a single account, they will use it to access other accounts where the credentials are reused. Additionally, the actor could attempt to move laterally across the network to steal additional data and implement further attacks against other accounts within the network.

In previous incidents investigated by CISA and NCSC, malicious cyber actors used password spraying to compromise email accounts in an organization and then, in turn, used these accounts to download the victim organization’s Global Address List (GAL). The actors then used the GAL to password spray further accounts.

NCSC has previously provided examples of frequently found passwords, which attackers are known to use in password spray attacks to attempt to gain access to corporate accounts and networks. In these attacks, malicious cyber actors often use passwords based on the month of the year, seasons, and the name of the company or organization.

CISA and NCSC continue to investigate activity linked to large-scale password spraying campaigns. APT actors will continue to exploit COVID-19 as they seek to answer additional intelligence questions relating to the pandemic. CISA and NCSC advise organizations to follow the mitigation advice below in view of this heightened activity.

Mitigations

CISA and NCSC have previously published information for organizations on password spraying and improving password policy. Putting this into practice will significantly reduce the chance of compromise from this kind of attack.

CISA’s Cyber Essentials for small organizations provides guiding principles for leaders to develop a culture of security and specific actions for IT professionals to put that culture into action. Additionally, the UK government’s Cyber Aware campaign provides useful advice for individuals on how to stay secure online during the coronavirus pandemic. This includes advice on protecting passwords, accounts, and devices.

A number of other mitigations will be of use in defending against the campaigns detailed in this report:

Contact Information

CISA encourages U.S. users and organizations to contribute any additional information that may relate to this threat by emailing [email protected].

The NCSC encourages UK organizations to report any suspicious activity to the NCSC via their website: https://report.ncsc.gov.uk/.

Disclaimers

This report draws on information derived from CISA, NCSC, and industry sources. Any findings and recommendations made have not been provided with the intention of avoiding all risks and following the recommendations will not remove all such risk. Ownership of information risks remains with the relevant system owner at all times.

CISA does not endorse any commercial product or service, including any subjects of analysis. Any reference to specific commercial products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply their endorsement, recommendation, or favoring by CISA.

References

Revisions

  • May 5, 2020: Initial Version

This product is provided subject to this Notification and this Privacy & Use policy.

...



📌 Ransomware groups continue to target healthcare, critical services; here’s how to reduce risk


📈 37 Punkte

📌 Ransomware groups continue to target healthcare, critical services; here’s how to reduce risk


📈 37 Punkte

📌 AA20-302A: Ransomware Activity Targeting the Healthcare and Public Health Sector


📈 32.02 Punkte

📌 Chinese, Iranian, and Russian APT groups target 2020 US election


📈 31.92 Punkte

📌 APT groups target journalists and media organizations since 2021


📈 31.92 Punkte

📌 Tomiris and Turla APT Groups Collaborate to Target Government Entities


📈 31.92 Punkte

📌 AA20-283A: APT Actors Chaining Vulnerabilities Against SLTT, Critical Infrastructure, and Elections Organizations


📈 31.31 Punkte

📌 AA20-345A: Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data


📈 30.71 Punkte

📌 Russian APT groups target European governments ahead of May Elections


📈 30.13 Punkte

📌 Iran-Linked APT groups target energy, industrial sectors with ZeroCleare Wiper


📈 30.13 Punkte

📌 China-linked APT groups target telecom companies in Southeast Asia


📈 30.13 Punkte

📌 Sigstore protects Apt archives: apt-verify & apt-sigstore


📈 28.78 Punkte

📌 A Look at 3 Illicit Mining Groups Who Target Enterprise Services


📈 26.7 Punkte

📌 AA20-205A: NSA and CISA Recommend Immediate Actions to Reduce Exposure Across Operational Technologies and Control Systems


📈 23.52 Punkte

📌 Current user groups vs current process groups.


📈 23.09 Punkte

📌 CVE-2019-0797 Windows Zero-Day exploited by FruityArmor and SandCat APT Groups


📈 22.93 Punkte

📌 APT Groups Finding Success with Mix of Old and New Tools


📈 22.93 Punkte

📌 Anomali Cyber Watch:  APT Groups, Data Breach, Malspam, and More


📈 22.93 Punkte

📌 APT Groups Expand Reach to New Industries and Geographies


📈 22.93 Punkte

📌 Modern Asian APT groups’ tactics, techniques and procedures (TTPs)


📈 22.93 Punkte

📌 Alien Labs 2019 Analysis of Threat Groups Molerats and APT-C-37


📈 22.93 Punkte

📌 5 APT Hacker Groups Attack Linux Servers, Windows and Android Platform Using RAT’s For Past 10 Years


📈 22.93 Punkte

📌 APT groups chain VPN and Windows Zerologon bugs to attack US government networks


📈 22.93 Punkte

📌 APT groups use ransomware TTPs as cover for intelligence gathering and sabotage


📈 22.93 Punkte

📌 SMBs and regional MSPs are increasingly targeted by state-sponsored APT groups


📈 22.93 Punkte

📌 Ethics Groups Say Barr’s Use of DOJ Is Shredding Its Essential Independence


📈 22.61 Punkte

📌 Bitglass 2019 Healthcare Breach Report: Hacking And IT Incidents Account For Nearly Half Of All Healthcare Data Breaches


📈 22.39 Punkte

📌 CISO Conversations: UW Medicine and Sentara Healthcare CISOs Talk Healthcare Security


📈 22.39 Punkte

📌 Data Breaches and Healthcare: Is India Lacking in Healthcare Data Security?


📈 22.39 Punkte

📌 Cyberespionage groups increasingly target journalists and media organizations


📈 22.33 Punkte

📌 Cyberespionage groups increasingly target journalists and media organizations


📈 22.33 Punkte

📌 Essential Phone: Essential PH-1 bald auch in Europa erhältlich


📈 22.12 Punkte

📌 Australian government looks to make Essential Eight essential


📈 22.12 Punkte











matomo