The Health Sector Cybersecurity Coordination Center on Oct. 28 released a report on the "Miracle Exploit," a set of critical vulnerabilities affecting Oracle applications. "These vulnerabilities give an attacker the ability to execute remote code on victim systems without authentication or detection," said Scott Gee, AHA deputy national advisor of cybersecurity and risk. "Organizations using affected Oracle products are advised to apply patches urgently to avoid exploitation." 
 
The health sector and others Oct. 29 were also alerted to an unrelated threat from a Russian cyber actor called "Midnight Blizzard," who has been observed conducting a spear phishing campaign delivering phishing emails to targets in various sectors. According to Microsoft, the campaign is likely used to gather information from targets. The alert includes additional information, mitigations, hunting queries and indicators of compromise.  
 
Midnight Blizzard was observed impersonating Microsoft employees and sending emails with social engineering lures related to Microsoft, Amazon Web Services and the concept of Zero Trust. Successful attacks provide the threat actor with sensitive information from the compromised device as the threat actor-controlled server maps the victims’ local device resources to their server. 
 
“These phishing emails are well-crafted and targeted to the recipient,” said Gee. “From a cybersecurity perspective, some best practices can help to mitigate both of these dangerous attacks. Effective patch management prevents the Oracle vulnerability and training allows users to recognize phishing emails and — more importantly — not click on unknown links in emails, preventing the phishing attack. Both of these preventative measures are listed in the essential Cybersecurity Performance Goals. The AHA strongly recommends that all health care organizations, including third party suppliers, implement the voluntary CPGs. These guidelines will help to harden your defenses against cyberattacks.”  
 
For more information on this or other cyber and risk issues contact Gee at sgee@aha.org. For the latest threat information and other cyber and risk resources visit www.aha.org/cybersecurity
 

Related News Articles

Headline
The FBI Aug. 20 released an advisory warning of malicious activity by Russian cyber actors targeting end-of-life devices running an unpatched vulnerability in…
Headline
The Cybersecurity and Infrastructure Security Agency, Environmental Protection Agency, National Security Agency, FBI and international agencies Aug. 13…
Headline
The Department of Justice Aug. 11 announced a series of actions taken against the BlackSuit ransomware group, also known as “Royal,” including the disruption…
Headline
The FBI, Cybersecurity and Infrastructure Security Agency and international agencies July 29 released a joint advisory on recent tactics by the Scattered…
Headline
Microsoft July 22 released an update on the ongoing cyberattacks to SharePoint servers used within organizations, attributing the incidents to China-based…
Headline
The FBI, Cybersecurity and Infrastructure Security Agency, Department of Health and Human Services, and Multi-State Information Sharing and Analysis Center…