Malware is lurking in Outlook invites; DragonFly set to attack
You know how important training users to avoid email phishing attacks is, but there’s another way hackers can get in: Microsoft Outlook calendar invites.
That’s right. Malicious code can be spread by exploiting the Dynamic Data exchange protocol via both Outlook e-mails and calendar invites in Rich Text Format, according to the HIMSS Healthcare and Cross-Sector Cybersecurity Report for October 2017. The report recommends keeping e-mail to plain text as a mitigation tactic.
Nefarious Outlook invites are just one of the findings this month. Another of the startling cyberthreats that HIMSS Director of Privacy and Security Lee Kim highlighted is the U.S. CERT’s warning about a group called DragonFly conducting advanced persistent threats targeting energy and other critical infrastructure, notably aviation, manufacturing, nuclear and water sectors.
What does CERT’s warning have to do with healthcare, you ask? Infosec executives and IT pros should know that even if DragonFly is not focusing on hospitals in this particular situation there could still be repercussions.
"When there is a successful campaign, other threat actors take notice and incorporate those lessons in their actions and activities in the future."
Lee Kim, HIMSS’ director of privacy and security
“The same or similar tactics, techniques, and procedures might be reused or revamped by other threat actors, whether they are cybercriminals, hackers, script kiddies or otherwise,” Kim said. “When there is a successful campaign, other threat actors take notice and incorporate those lessons in their actions and activities in the future.”
Next threat: The Security Service of Ukraine warned of a potential large-scale cyberattack on government agencies as well as private companies with the goal of causing disruption. Kim noted that such a possibility serves as another reminder that healthcare organizations should regularly update anti-virus software, backup your data and stay on top of operating system updates and patches.
As is the emergence of Bad Rabbit ransomware, which Kim pointed out has been quite prolific recently with multiple infections happening around the world.
And then there’s the Wi-Fi vulnerability. Researchers determined a method for “key re-installation attacks on Wi-Fi networks which use the WPA2 protocol.” Wi-Fi uses what Kim called a four-way handshake for every new session that sneaky cybercriminals can use to trick a victim into reinstalling a key to manipulate or replay the handshake messages. “Nearly every Wi-Fi device is vulnerable to some variant of the key reinstallation attack,” Kim said.
Large-scale infrastructure targets, Wi-Fi weaknesses, and Outlook invites bearing malware. All that leaves one wondering what next month will hold in information security.