The Health Sector Cybersecurity Coordination Center on Oct. 28 released a report on the "Miracle Exploit," a set of critical vulnerabilities affecting Oracle applications. "These vulnerabilities give an attacker the ability to execute remote code on victim systems without authentication or detection," said Scott Gee, AHA deputy national advisor of cybersecurity and risk. "Organizations using affected Oracle products are advised to apply patches urgently to avoid exploitation." 
 
The health sector and others Oct. 29 were also alerted to an unrelated threat from a Russian cyber actor called "Midnight Blizzard," who has been observed conducting a spear phishing campaign delivering phishing emails to targets in various sectors. According to Microsoft, the campaign is likely used to gather information from targets. The alert includes additional information, mitigations, hunting queries and indicators of compromise.  
 
Midnight Blizzard was observed impersonating Microsoft employees and sending emails with social engineering lures related to Microsoft, Amazon Web Services and the concept of Zero Trust. Successful attacks provide the threat actor with sensitive information from the compromised device as the threat actor-controlled server maps the victims’ local device resources to their server. 
 
“These phishing emails are well-crafted and targeted to the recipient,” said Gee. “From a cybersecurity perspective, some best practices can help to mitigate both of these dangerous attacks. Effective patch management prevents the Oracle vulnerability and training allows users to recognize phishing emails and — more importantly — not click on unknown links in emails, preventing the phishing attack. Both of these preventative measures are listed in the essential Cybersecurity Performance Goals. The AHA strongly recommends that all health care organizations, including third party suppliers, implement the voluntary CPGs. These guidelines will help to harden your defenses against cyberattacks.”  
 
For more information on this or other cyber and risk issues contact Gee at sgee@aha.org. For the latest threat information and other cyber and risk resources visit www.aha.org/cybersecurity
 

Related News Articles

Headline
AHA President and CEO Rick Pollack was recently a guest on Pinkston's "To the Point" podcast to discuss the future of U.S. health care, touching on a range of…
Headline
The Cybersecurity and Infrastructure Security Agency, FBI and other federal agencies have created a webpage with the latest cyberthreat updates and information…
Headline
The Cybersecurity and Infrastructure Security Agency Oct. 31 issued an alert on a large-scale spear-phishing campaign targeting organizations in several…
Headline
A new AHA Cyber Intel blog by John Riggi, AHA’s national advisor on cybersecurity and risk, examines current trends and challenges in health care regarding…
Chairperson's File
Cyberattacks are increasing and expected to reach record numbers in the U.S. by the end of 2024. Although no field or industry is immune from attacks that…
Headline
A joint advisory issued Oct. 16 by the FBI, the Cybersecurity and Infrastructure Security Agency, the National Security Agency and international agencies warn…