Recently unidentified hackers breached companies in the healthcare industry along with several other sectors as part of a large scale cyber espionage attack. Researchers are still gathering information on the malware campaign.
A data breach can be catastrophic to organizations, especially those that process sensitive information. This includes covered entities that must demonstrate HIPAA compliance and due diligence when safeguarding protected health information (PHI).
SEE ALSO: HIPAA compliant email
Cyber espionage is no joke, which is why the ongoing investigation involves governmental agencies.
These cyber attackers were looking to steal sensitive information from U.S. defense contractors and other targets. The goal appears to be to maintain long-term access within a hacked system.
The coordinated attacks began in September and continued throughout October, taking advantage of a vulnerability in password-management software. In fact, the U.S. Cybersecurity and Infrastructure Agency (CISA) released an alert on September 16 about the vulnerability (CVE-2021-40539) in Zoho’s ManageEngine ADSelfService Plus.
The threat group remains unidentified though Ryan Olsen, an executive at Palo Alto, revealed that the tactics and tools point to a well-known Chinese nation state threat actor.
Unfortunately, the hackers successfully infiltrated nine global organizations from healthcare and other industries including energy, technology, education, and defense.
Palo Alto researchers believe that more victims will emerge. U.S. agencies, including CISA, are currently tracking the problem and the threat group.
Cyber espionage (or cyberspying) is the practice of obtaining information without permission on the Internet or through cyberattacks on a system or network. Victims may be individuals, organizations, or governments. The aim could be money, sabotage, or intelligence.
In this case, the hackers want credentials (i.e., passwords) to gain longstanding access to a variety of organizations. This cyberattack was an advanced persistent threat (APT) which normally hide inside a network for a prolonged period before an attack even occurs.
Cyber espionage is nothing new. Indeed, a CISA alert from 2020 provided a warning about foreign threats:
Foreign cyber actors continue to exploit publicly known—and often dated—software vulnerabilities against broad target sets, including public and private sector organizations. Exploitation of these vulnerabilities often requires fewer resources as compared with zero-day exploits for which no patches are available.
This particular incident is more likely just the beginning of a spying campaign.
Protect yourself—begin with patching
Palo Alto Networks made it clear: organizations that use Zoho software must update their systems. In fact, Zoho provided a patch for CVE-2021-40539 though it is unknown how many organizations have utilized it.
On November 3, CISA even issued a directive to federal civilian agencies to promptly update hardware and software. According to CISA, the directive is a “clear message to all organizations across the country” to address actively exploited vulnerabilities.
While it is important to continuously patch and update, the best overall approach to cybersecurity is a layered one. This is especially true for organizations that still rely on legacy systems.
To start with, Palo Alto mentioned the need to monitor networks and systems for a sign of a breach. Second, given the nature of this breach, it is important to utilize strong access controls along with employee awareness training to ensure proper use.
Finally, having a business continuity plan in place in case of a breach could limit the amount of time a cyberattacker spends in a system. If discovered and mitigated right away, cyber espionage may be unlikely in the first place.
Solid method of protection: strong email security
Paubox Email Suite Plus protects email from inbound and outbound threats like phishing, spam, viruses, and malware. Our HITRUST CSF certified solution also offers a new, patent-pending security feature, Zero Trust Email, which adds another layer of verification before an email gets delivered.
The best method of protection against cyber espionage is robust cybersecurity. Keep your systems up-to-date and protect all entry points from threat groups at all times.