New cybersecurity threats unwrapped: Hidden Cobra, public safety apps, Western Digital My Cloud

The North Korean government’s malicious activity also made it into this month’s cybersecurity report from HIMSS.
By Tom Sullivan
10:39 AM
Share

Hidden Cobra virus from North Korea is one of the threats in this month's HIMSS Healthcare and Cross-Sector Cybersecurity report. Credit: Twitter

December saw another round of cyber threats emerge that highlight healthcare’s need to better communicate. That means hospitals sharing threat information with each other, researchers alerting tech vendors when they uncover vulnerabilities, and getting the word out to consumers.

“We still take a lot of things for granted,” said Lee Kim, Director of Privacy and Security at HIMSS. “We still need to bridge the vendor-consumer divide.”   

That’s Kim’s takeaway after compiling this month’s HIMSS Healthcare and Cross-Sector Cybersecurity Report.

Western Digital My Cloud is one example. Mitre’s Common Vulnerability and Exposures pointed to a hole through which hackers can get root-level privileges in the personal storage device — and do so without authenticating.

[Also: Cybersecurity is hard, got it? But let's stop blaming hospitals for every breach]

On the international scene, meanwhile, the U.S. Computer Emergency Readiness Team, working in conjunction with the FBI and the Department of Homeland Security, pinpointed seven malicious executable variants that North Korea’s government uses. CERT explained that Hidden Cobra is the name it and other U.S. agencies use for North Korea’s malicious cyber activity, while Bankshot refers to the Trojan malware  North Korea deploys.

“FBI has high confidence that Hidden Cobra actors are using malware variants in conjunction with proxy servers to maintain a presence on victim networks and to further network exploitation,” U.S. CERT said.

To that end, CERT recommends that hospitals and other enterprises employ some of the basic infosec blocking and tackling to safeguard against North Korean threats, including keeping operating systems and antivirus software current, restricting users from downloading unwanted apps, enforcing password policies, being careful about opening and scanning attachments, installing personal firewalls and keeping pace with the latest threats.

Another federal agency, the Centers for Disease Control and Prevention, posted its Supply Chain Disaster Preparedness Manual recently, aimed specifically at healthcare supply chain and emergency managers.

And then there’s the Securing Mobile Applications for First Responders report from Homeland Security, which revealed that 32 of 33 tested public safety applications have security holes that could let nefarious actors slip in to access a smartphone’s camera, contacts, audio recording, SMS message and hard-coded credentials – the most personal stuff, in other words.

“I just don’t think many people understand what it means for an attacker to be able to eavesdrop on a connection or get control over a device or gain root or administrator privileges on a machine,” Kim said. “If I am a researcher and I discover a vulnerability, is it fair to disclose it if the vendor fails to act on it? How many ordinary users are aware of the exploitable dangers and how their systems may be affected?” 

Future-proofing security

Why cybersecurity is top of mind for forward-looking healthcare orgs.

Twitter: SullyHIT
Email the writer: tom.sullivan@himssmedia.com