Huge numbers of medical infusion pumps are at risk, help for Ukrainian organizations hit by ransomware and more.
Welcome to Cyber Security Today. Itโs Friday, March 4th. Iโm Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
Internet-connected devices can be scanned by anyone who has the tools. So as a test, researchers at Palo Alto Networks recently scanned for internet-connected infusion pumps used in hospitals and clinics to deliver medications to patients. What they found was 75 per cent of the 200,000 devices they found had known IT security gaps that could be compromised by attackers. That included exposure to one or more of some 40 known cybersecurity vulnerabilities. Just over half of the infusion pumps were susceptible to two known vulnerabilities disclosed in 2019. The healthcare industry has to do better than this. The study is another example of weak security of Internet of Things devices.
CrowdStrike and Avast have released help for organizations in Ukraine struck by the new HermeticRansom strain of ransomware. CrowdStrike put out a script experienced IT professionals can use to decrypt scrambled files, while Avastโs tool has an easier-to-use graphic interface. HermeticRansom is believed to be a piece of malware that deflects attention of victim organizations from its partner data wiping malware called HermeticWiper. So far both pieces of malware have only been seen in Ukraine. That may change depending on how the war with Russia goes.
IT security teams should prepare for a new type of distributed denial of service attack. Researchers at Akamai say someone has weaponized a theoretical attack found last summer by researchers at two American universities. Briefly, the strategy is to abuse what are called middleboxes, which are internet-connected devices like firewalls and content filtering systems for reflection attacks. Akamai estimates there are hundreds of thousands of middleboxes around the world vulnerable to this tactic. Whatโs worrisome is that it raises the ability of attackers to more easily launch bigger denial of service attacks than weโve seen so far. That means middleboxes need to be better protected than they have been so far.
Attention software developers using the GitLab platform: You should upgrade to the latest version. Versions 13 and up have a vulnerability that could expose GitLab usernames, names, and email addresses to a remote attacker. The risk, say researchers at Rapid7, is this information could be combined with brute force password guessing orย credential stuffing attacks to gain access to other corporate applications.
A lot of people are still using easy-to-guess passwords. Thatโs according to the latest annual identity exposure report from a security vendor called SpyCloud. Popular passwords last year included โ2021,โ โcovidโ and โmask.โ Marvel movie enthusiasts chose โloki.โ โfalconโ and โwanda.โ Sports team names remained popular. So was โfreebritney.โ But the top re-used passwords were the same easily-guessed ones used for years: โpass,โ โpassword,โ โ123456,โ โqwertyโ, โ111111โ and โฆ. I canโt go on, itโs too depressing. Listeners, please make each password different. Make each one out of three words that are meaningful to you that canโt be guessed. And use a password manager to keep track of them all.
Donโt forget later today the Week in Review podcast will be out. In this edition guest commentator David Shipley of Beauceron Security will talk about cyberwar, Russia and Ukraine and how a Canadian healthcare provider was hacked by two ransomware groups.
Links to details about podcast stories are in the text version at ITWorldCanada.com.
You can follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.