Agencies issue cyberthreat alerts, risk mitigation resources

Oct 20, 2023 - 02:24 PM
FDAcybersecurity

The Cybersecurity and Infrastructure Security Agency, FBI and Multi-State Information Sharing and Analysis Center this week alerted organizations to a critical vulnerability affecting certain versions of the Atlassian Confluence Data Center and Server that enables malicious actors to obtain access to victim systems and continue active exploitation post-patch. The agencies strongly encourage network administrators to immediately apply the recommended upgrades and recommended responses to indicators of compromise. The FBI and CISA also recently released updated recommendations to protect against AvosLocker ransomware. 
 
In other cyber news, federal agencies this week released guidance to help organizations reduce the risk of ransomware incidents and phishing attacks, and updated guidance to help software manufacturers demonstrate their commitment to secure by design principles and customers ask for products that are secure by design.
 
“In the past two weeks government agencies have not only been very pro-active in warning us of the latest cyber threats, but have also issued very useful resources to help us counter those threats,” said John Riggi, AHA’s national advisor for cybersecurity and risk. “The AvosLocker threat operates as a ransomware-as-a-service and exploits unsecured remote desktop tools on premises. Unrelated but highly advanced and persistent actors are targeting the Confluence Data Center and Sever through an Atlassian Confluence vulnerability, once again demonstrating that cyberthreat actors are aggressively and equally targeting our on-premises and hosted technology. On the positive side, agencies have concurrently issued very useful and detailed guides to help prevent ransomware and phishing attacks and better secure our technology. The premise of ‘secure by design’ is to shift the primary responsibility for cybersecurity from end users to technology developers at the design phase of the technology.”
 
For more information on cyber and risk issues, contact Riggi at jriggi@aha.org. For the latest cyber and risk resources and threat intelligence, visit aha.org/cybersecurity.

Related News Articles

Headline
Agencies release guidance on hardening network devices in response to cyber espionage campaign by hackers linked to Chinese government
New guidance released yesterday by the Cybersecurity and Infrastructure Security Agency, National Security Agency and FBI informs health care and other…
Headline
Advisory warns of activity by BianLian ransomware group 
A joint advisory released Nov. 20 by the Federal Bureau of Investigation, Cybersecurity and Infrastructure Security Agency and international partners warns of…
Headline
DOJ: Russian national charged with cybercrimes for ransomware attacks on hospitals, other entities 
The Department of Justice Nov. 18 announced criminal charges against Evgenii Ptitsyn, a Russian national, for allegedly administering the sale, distribution…
Headline
UN Security Council meeting discusses impact of ransomware attacks on hospitals 
A United Nations Security Council meeting the week of Nov. 4 discussed ransomware and the severe impacts that cyberattacks can have on hospitals and health…
Headline
AHA's Pollack breaks down role of hospitals in the future of health care on Pinkston podcast 
AHA President and CEO Rick Pollack was recently a guest on Pinkston's "To the Point" podcast to discuss the future of U.S. health care, touching on a range of…
Headline
Agencies provide cyberthreat updates and resources leading up to election 
The Cybersecurity and Infrastructure Security Agency, FBI and other federal agencies have created a webpage with the latest cyberthreat updates and information…