FBI, CISA warn of serious nation state cyber threats, other top vulnerabilities

May 13, 2020 - 03:38 PM
cybersecurity

China and its proxies have been observed attempting to identify and illicitly obtain valuable intellectual property and public health data related to vaccines, treatments and testing from networks and personnel affiliated with COVID-19-related research, which could jeopardize the delivery of secure, effective and efficient treatment options, the FBI and CISA warned today.

In addition, the agencies yesterday issued alerts providing very specific technical details on the tools and infrastructure used by cyber actors of the North Korean government to conduct cyberattacks under a campaign collectively referred to as “Hidden Cobra (),” as well as the top 10 most exploited vulnerabilities by state and other cyber actors from 2016 to 2019.

According to the analysis, malicious cyber actors most often exploited vulnerabilities in Microsoft’s Object Linking and Embedding technology and the ubiquitous Web framework known as Apache Struts.

“These three reports combined are extraordinary in highlighting the variety, magnitude and sophistication of the cyber threats we are facing in health care,” said John Riggi, AHA senior advisor for cybersecurity and risk. “Most concerning are the threats to COVID-19 research which could have significant impact to public health. We certainly applaud the cooperation and coordination among the government agencies for timely release of these reports with such actionable technical specificity. They will go a long way in helping health care providers defend against these serious cyber threats.”

Questions on cybersecurity and risk may be directed to Riggi at jriggi@aha.org.

Related News Articles

Headline
FDA announces software patch available for Contec, Epsimed patient monitors to address vulnerabilities
The Food and Drug Administration yesterday released a safety notice announcing a software patch is available to address cybersecurity vulnerabilities in…
Headline
Agencies release fact sheet on potential of malicious activity by Iranian cyber actors 
The Cybersecurity and Infrastructure Security Agency, FBI, Department of Defense Cyber Crime Center and the National Security Agency June 30 released a fact…
Headline
OSHA proposes removing remaining requirements of its COVID-19 emergency temporary standard
The Occupational Safety and Health Administration June 30 released a proposed rule to remove what remains of its emergency temporary standard for occupational…
Headline
CMS warns of phishing fax scheme; AHA monitoring other reported social engineering schemes 
The Centers for Medicare & Medicaid Services today announced it has identified a fraud scheme targeting Medicare providers and suppliers. CMS said scammers…
Headline
Agencies issue advisory on updated tactics by Play ransomware group
The FBI, Cybersecurity and Infrastructure Security Agency and Australian Cyber Security Centre June 4 released an advisory on updated actions and tactics used…
Headline
Agencies release guidance on AI data security 
The National Security Agency, Cybersecurity and Infrastructure Security Agency and international partners May 22 released guidance on securing data used for…