Cybersecurity Saturday

Health IT Security reports

As a new year begins, threat actors are continuing to overwhelm providers and patients with healthcare data breaches. Some experts predict that ransomware actors will favor data exfiltration over encryption this year and that they will shift their focus to APIs and other attack vectors in order to throw off victims.

Florida-based health system Broward Health recently suffered a protected health information (PHI) breach that impacted 1.3 million individuals. Meanwhile, other healthcare organizations are still recovering from a ransomware attack on HR management solutions vendor Kronos.

Many healthcare organizations are also focused on mitigating threats associated with the recently discovered Apache Log4j vulnerability, which could have catastrophic security implications for multiple sectors if exploited.

HHS urged healthcare organizations to implement the Log4j patch and ramp up incident response functions. Healthcare organizations should also remain wary of ransomware, phishing, and other prominent cyber threats that continue to impact organizations across all sectors.

The more things change, etc.

Cyberscoop adds that

The Federal Trade Commission Tuesday warned companies that if they fail to take action to remedy a major recent software vulnerability in open-source software tool Log4j, there could be legal repercussions.

“When vulnerabilities are discovered and exploited, it risks a loss or breach of personal information, financial loss, and other irreversible harms,” the agency warned. “It is critical that companies and their vendors relying on Log4j act now, in order to reduce the likelihood of harm to consumers, and to avoid FTC legal action.”

Log4j is ubiquitous in software used throughout the technology industry, and is found in products built by companies including Amazon, Google and Microsoft. The widespread use of such technology has made it difficult to identify potential victims. At the same time, the popularity has made it an easy target for a range of cybercriminals to exploit.

Cybersecurity Dive concludes

As U.S. industries and government agencies restart operations after the winter holiday break, security researchers are warning the impacts of the Log4j vulnerability will continue to leave organizations open to potential threats in the coming weeks and months. 

“Exploitation attempts and scanning remained high during the last weeks of December,” Microsoft said in an updated blog post. Attackers have added exploits to existing malware kits and tactics, ranging from coin miners to hands-on-keyboard attacks. 

The Apache Software Foundation released version 2.17.1 of Log4j last week, the latest in a series of updates since the vulnerability was disclosed in December. The newly released fix addresses the risk of remote code execution when an attacker with certain permissions can create a malicious configuration using a JDBC Appender, according to Apache. 

And it wouldn’t be a Cybersecurity Saturday post without offering a link to Bleeping Computer’s The Week in Ransomware.