Following the WannaCry ransomware attack, IoT security solutions company ZingBox is offering recommendations to the healthcare industry on how to best protect itself from the newest potential threat originating from ‘Hidden Cobra’.
To assist the many organizations struggling with the successful navigation and management of their security vulnerabilities, ZingBox is offering their SaaS-based IoT Security solution at no cost to healthcare organizations for a limited time use.
“Although many of the affected vulnerabilities are more commonly found on devices with browsers, infection of just one such device can cause a new wave of attacks against connected medical devices,” said Xu Zou, CEO and Co-founder of ZingBox. “ZingBox recommends healthcare organizations ensure no browsers are used on connected medical devices move PCs to non-IoT device networks.”
“We have been contacted by many healthcare organizations since the WannaCry outbreak. We are making a commitment to assist these organization gain the much-needed visibility and security of their IoT environment with no strings attached,” said Xu Zou.
IoT Guardian, ZingBox’s SaaS-based security solution, leverages machine learning to discover, assess risk, baseline normal behavior, detect anomalous activities and provide real-time remediation across an organization’s entire IoT footprint. The patent-pending solution has a deep grasp of each IoT device’s personality, analyzing communication to and from every device, watching constantly for deviations in behavior and providing alerts for suspicious behavior.
HHS’s Office for Civil Rights (OCR) recently issued a cyber notice to the healthcare industry about a potential threat to critical infrastructure sectors, such as healthcare, by a malicious cyber group called Hidden Cobra, also known as Lazarus Group suspected to be behind the WannaCry attack.
The threat relates to the same type of vulnerability that allowed WannaCry to spread. Importantly, simply installing Microsoft patches will not necessarily protect from Hidden Cobra since they use a range of vulnerabilities. Despite Microsoft releasing several patches, the vulnerabilities exploited do not only apply to Microsoft OS. Software such as Silverlight, Adobe Flash and Hangul Word Processor are also exploited by this threat actor.
According to the notice, these vulnerabilities allow an attacker to remotely run programs or attacks on systems. This could allow an attacker to perform a wide range of actions including exfiltrating documents or data, or gain access to other internal systems via the local network once initial access is gained.
Two reports were released by Microsoft and DHS about multiple vulnerabilities with Microsoft products, including the Windows operating system, and a threat by a group DHS labels as “Hidden Cobra”. Both relate to the same type of vulnerability that allowed WannaCry to spread. Importantly, simply installing the Microsoft patches will not necessarily protect form “Hidden Cobra” since they use a wide range of vulnerabilities. DHS states “Hidden Cobra” targets are “…the media, aerospace, financial, and critical infrastructure sectors in the United States and globally”, so targeting of the Healthcare and Public Health sector systems and devices in the U.S. is possible.