Tactical responses include multi-factor authentication (MFA), vulnerability management, regular and frequent patching and regular system and data backups.3 Strategic considerations should include Network/ Endpoint /Cloud strategy (re-)evaluation, Governance (policy and procedures) aligned with updated Network/ Endpoint /Cloud strategy and equally important, develop employee Training and Awareness campaigns.
New security flaws and malware are constantly appearing, as in the Log4j vulnerability found in December 2021, has been defined as the most critical of the last decade. The ‘Log4jShell’ bug allows an attacker to execute arbitrary code by getting a malicious string logged by a vulnerable Java application.4 This is very easy to do and Java — and thus Log4j — is everywhere. Logging in all types of software is pervasive and this bug can be triggered simply by placing a malicious string into anything that might be logged, including HTTP requests5, usernames, and even iPhone names. Microsoft reports exploitation of Log4Shell from both sophisticated state actors and commodity attackers.6 Crowdstrike identified that an actor used a Log4j exploit in an attempt to compromise a “large academic institution”.7 A Vietnamese crypto exchange was hacked after attackers used Log4Shell to access a development server that unfortunately had access to production Amazon S3 buckets.8 The Belgian Ministry of Defence was affected. 9 CISA and the Dutch NCSC are making a list of which applications use Log4j and the range of products affected is huge [see this list of affected products 10 and this list of security advisories11].
Again, vulnerability management (scanning) and regular and frequent cadence of patching, as well as analysis of appropriate cloud security configurations and settings along with User ID and credential (dead account) clean-up.
Ransomware attacks are now a permanent feature of the cyber threat landscape, increasing in number and sophistication. Ransomware as a service (RaaS) has made it easier for various threat actors — including those who have little technical knowledge — to deploy ransomware against targets. This new paradigm consists of a core group of developers who set up and maintain the ransomware and payment sites and the affiliates they recruit who breach victims’ networks and encrypt devices. One infamously notable example is the LockBit 2.0 ransomware gang.12
In the life sciences and healthcare arena, ransomware is consistently prevalent:
Because of the significance and prevalence of ransomware in its impact, the United States Cybersecurity and Infrastructure Agency published guidance on ransomware.
Lastly, and especially for life sciences, pharmaceutical and biotechnology companies, intellectual property and R&D trade secrets are prime targets not just from criminal groups, but from nation state and corporate espionage actors.
“In February 2020, a biotech company BrightGene announced it had copied Gilead’s experimental viral inhibitor Remdesivir and been granted state approval to begin mass production under the name “Ridesivir*”.
At that point, clinical trials were still underway to confirm whether Remdesivir was effective against the coronavirus. BrightGene said it acted on a sense of national duty to begin manufacturing because if the drug proved effective, a company would already have a head start on saving lives. “The company regards imitating the R&D of Ridesivir as its social responsibility,” it told the Shanghai Stock Exchange.”18
The growth in data loss and ransomware attacks on life science companies and healthcare organizations, critically exposes companies and organizations, as well as disabling medical equipment, wearable and even implanted devices. The risks are high probability and catastrophic consequences:
These threat events represent a significant concern for life science companies and healthcare organizations, where public safety is at stake. Therefore, it is critically important for organizations to be proactive in preventing threats and ensuring business continuity by having appropriate mitigation and response strategies through:
[1] https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/wastedlocker-ransomware-us
[2] https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
[3] https://www.cisa.gov/stopransomware
[4] https://nvd.nist.gov/vuln/detail/CVE-2021-44228
[5] https://blog.cloudflare.com/inside-the-log4j2-vulnerability-cve-2021-44228/
[6] https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation/
[7] https://www.cyberscoop.com/chinese-hackers-use-log4j-exploit-to-go-after-academic-institution/
[8] https://www.bleepingcomputer.com/news/security/fintech-firm-hit-by-log4j-hack-refuses-to-pay-5-million-ransom/
[9] https://www.cyberscoop.com/intruders-leverage-log4j-flaw-to-breach-belgian-defense-department/
[10] https://www.techsolvency.com/story-so-far/cve-2021-44228-log4j-log4shell/#affected-products
[11] https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592
[12] https://www.ic3.gov/Media/News/2022/220204.pdf
[13] https://www.cyberscoop.com/ransomware-beazley-insurance-claims/
[14] https://www.nbcnews.com/tech/security/cyberattack-hits-major-u-s-hospital-system-n1241254
[15] https://www.zdnet.com/article/czech-hospital-hit-by-cyber-attack-while-in-the-midst-of-a-covid-19-outbreak/
[16] https://krebsonsecurity.com/2020/03/security-breach-disrupts-fintech-firm-finastra/
[17] https://www.zdnet.com/article/france-warns-of-new-ransomware-gang-targeting-local-governments/
[18] https://risky.biz/covidespionage/
