#NSBCS.008 - Safeguarding Email Environments - Australian Hospitals at Risk
Safeguarding Email Environments - Australian Hospitals at Risk
A study by global cybersecurity firm Proofpoint identified concerning gaps in the cybersecurity measures of leading Australian leading hospitals, exposing critical healthcare infrastructure to potential cyberattacks - https://securitybrief.com.au/story/alarming-cybersecurity-gaps-found-in-australia-s-top-hospitals
The study employed Domain-based Message Authentication, Reporting and Conformance (DMARC) to analyse the practices of 70 Australian hospitals. A DMARC is is an email validation system to help safeguard against cyber criminals from utilising domain names for malicious purposes, verifying a sender’s identity before a message is delivered.
The results highlighted that 97% of Australia’s leading hospitals did indeed have a DMARC protocol but only 64% had implemented it to the recommended level for blocking suspicious emails.
Research also showed that 77% of public health institutions have properly adopted DMARC in comparison to 44% of private hospitals, demonstrating a higher susceptibility rate for the latter to cyberattacks.
Email-based phishing attacks are a prevalent tactic employed by cybercriminals, and hospitals are a prime target given the sensitive data they store. Information at health institutions can include date of birth, gender, bank account details, and medical history. This sensitive information is lucrative for cybercriminals, as actors may leverage it for a variety of reasons such as exploiting patient data on the dark web for financial leverage.
This findings are of concern because the healthcare sector is continuously investing into technology to digitalise medical records and devices, leaving data in a vulnerable environment especially if security measures are being overlooked. Having robust measures like effective DMARC protocols, is important towards enhancing the cybersecurity posture and resilience of the healthcare sector against the attack vector strategies of cybercriminals.
By implementing effective cybersecurity measures, public and private Australian hospitals can safeguard the integrity, availability and confidentiality of organisational sensitive data. These practices are not only important for the reputation of the healthcare sector but more importantly maintaining public trust concerning the protection of personal sensitive information.
At NSB Cyber we can support your organisation in adopting the appropriate cybersecurity measures to maintain resilience and a strong posture against evolving threats in a modern technology landscape. Implementing cybersecurity best practices is the most effective means in securing and protecting organisational sensitive data, ensuring that your company is taking No Steps Backward!
For information on NSB Cyber’s Cyber Resilience capabilities or to book a meeting with our team, click here.
What we read this week
Mac Users Beware: New Trojan-Proxy Malware Spreading via Pirated Software - Cybercriminals are targeting Mac users with a new Trojan-Proxy malware disguised as cracked software. This malware can turn your computer into a proxy server for illegal activities, with attackers performing criminal acts on behalf of the victim. The end goal of this campaign for threat actors is to launch the Trojan-Proxy, masking itself as the WindowServer process on macOS to evade detection. To protect yourself, avoid downloading software from untrusted sources and always update your macOS to the latest version.
Microsoft: OAuth apps used to automate BEC and cryptomining attacks - Threat actors are exploiting Microsoft's OAuth system with fake apps, automating business email compromise (BEC) attacks and cryptocurrency mining on victims' devices. Victims are unknowingly granting access to malicious and high-privileged OAuth apps, allowing attackers to steal data, impersonate executives, and mine for crypto without their consent. Microsoft urges users to review authorised OAuth apps, revoke suspicious access, and be cautious with online interactions.
Sophos backports RCE fix after attacks on unsupported firewalls - Hackers were actively exploiting a flaw in older versions of Sophos Firewall firmware , allowing them to remotely execute code on vulnerable systems. Sophos has now been forced to backport a security update for CVE-2022-3236 after discovering cybercriminals were exploiting this shortcoming. The security update was automatically applied to most devices, but some older devices were not patched, leaving over 4,000 internet-exposed appliances vulnerable to attacks in January 2023. Sophos recommends that users update to the latest version of the software to address the vulnerability, and for those unable to upgrade, Sophos suggests restricting wide-area network (WAN) access to the User Portal and Webadmin.
Kyivstar Mobile Attack Plunges Millions in Ukraine Into Comms Blackout - Threat actors have orchestrated a sophisticated denial-of-service (DoS) attack against Kyivstar, Ukraine's largest mobile operator. The attack flooded Kyivstar's network with a lot of Russian controlled traffic, significantly impacting Ukraine's communication infrastructure. The attack is believed to be the work of Russian actors. The timing of the attack, just hours after Russia launched a series of missile strikes against Ukraine, suggests that it was intended to disrupt communications within the country.
Lazarus Group Using Log4j Exploits to Deploy Remote Access Trojans - Lazarus Group, a North Korean hacking group, is targeting VMWare Horizon servers with Log4Shell exploit. This vulnerability allows the threat actors to deploy previously undocumented remote access trojans (RATs) like NineRAT, DLRAT, and BottomLoader. NineRAT, designed for stealthy operations, uses Telegram for command and control, allowing remote attackers to gather system information, upload/download files, and even control the malware's lifecycle. DLRAT, also leveraged in this campaign, prioritises stealth and evades detection, further enhancing the group's ability to conduct malicious activities undetected.
References
https://thehackernews.com/2023/12/mac-users-beware-new-trojan-proxy.html
https://www.bleepingcomputer.com/news/security/microsoft-oauth-apps-used-to-automate-bec-and-cryptomining-attacks/
https://www.bleepingcomputer.com/news/security/sophos-backports-rce-fix-after-attacks-on-unsupported-firewalls/
https://www.darkreading.com/ics-ot-security/kyivstar-mobile-attack-ukraine-comms-blackout
https://thehackernews.com/2023/12/lazarus-group-using-log4j-exploits-to.html
For further information on how to build and maintain cyber resilience and defend with confidence against the potential for cyber-attacks, including how to access NSB Cyber’s Cyber Threat Intelligence (CTI) reporting tailored to your enterprise technology, geography, sector or brand, contact us via our website or at info@nsbcyber.com.