Feds: Health sector bad actors 'actively leveraging' Log4J vulnerabilities

The Health Sector Cybersecurity Coordination Center released a threat brief this past week about the vulnerabilities in Log4J, a Java-based logging tool known to have multiple potential security flaws.  

After the discovery of the vulnerabilities in November 2021, Apache has released multiple Log4J updates. However, said HC3, the healthcare sector remains at high risk – and adversaries are “actively leveraging these vulnerabilities.”  

Several state-sponsored actors are believed to be taking advantage of Log4J’s vulnerabilities, including those from China, Iran and Russia. Microsoft has also reported that Turkey and North Korea have been leveraging the exploit.

In terms of those other than state-sponsored actors, HC3 pointed to ransomware operators – specifically Conti, which it labeled as a “prolific threat” to the health sector – as posing potential dangers.

The agency outlined several short-term and long-term vulnerability mitigations, including downloading the latest version of Log4J and continuing to monitor the Apache site and vendors for more patches.  

In terms of future strategies, the HC3 brief noted that any sophisticated cyber-defense program must include mechanisms for asset inventory, vulnerability management, defense in depth, acquisitions and resilience.  

“Vulnerabilities in ubiquitous apps will present similar issues in the future,” the agency noted.  

CISA says every org is at risk

Meanwhile, the Cybersecurity and Infrastructure Security Agency published an insight this past week urging U.S. organizations to implement cybersecurity measures sooner rather than later.  

“Every organization in the United States is at risk from cyber threats that can disrupt essential services and potentially result in impacts to public safety,” the agency warned.  

The insight document pointed specifically to the attacks on Ukrainian government websites earlier this month, noting that similar malware has been deployed in the past to damage critical infrastructure.  

“This CISA Insights is intended to ensure that senior leaders at every organization in the United States are aware of critical cyber risks and take urgent, near-term steps to reduce the likelihood and impact of a potentially damaging compromise,” read the briefing.   

The agency included several tips to reduce the likelihood of a damaging cyber intrusion; to detect any suspicious activity quickly, to prepare to respond if an intrusion occurs, and to maximize durability in the case of a destructive incident.  

“By implementing the steps above, all organizations can make near-term progress toward improving cybersecurity and resilience,” said CISA officials.

Kat Jercich is senior editor of Healthcare IT News.
Twitter: @kjercich
Email: [email protected]
Healthcare IT News is a HIMSS Media publication.

Source: Read Full Article