Cyber Security Today, March 4, 2022 – Huge numbers of medical infusion pumps at risk, help for Ukrainian organizations hit by ransomware and more

Huge numbers of medical infusion pumps are at risk, help for Ukrainian organizations hit by ransomware and more.

Welcome to Cyber Security Today. It’s Friday, March 4th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.

Internet-connected devices can be scanned by anyone who has the tools. So as a test, researchers at Palo Alto Networks recently scanned for internet-connected infusion pumps used in hospitals and clinics to deliver medications to patients. What they found was 75 per cent of the 200,000 devices they found had known IT security gaps that could be compromised by attackers. That included exposure to one or more of some 40 known cybersecurity vulnerabilities. Just over half of the infusion pumps were susceptible to two known vulnerabilities disclosed in 2019. The healthcare industry has to do better than this. The study is another example of weak security of Internet of Things devices.

CrowdStrike and Avast have released help for organizations in Ukraine struck by the new HermeticRansom strain of ransomware. CrowdStrike put out a script experienced IT professionals can use to decrypt scrambled files, while Avast’s tool has an easier-to-use graphic interface. HermeticRansom is believed to be a piece of malware that deflects attention of victim organizations from its partner data wiping malware called HermeticWiper. So far both pieces of malware have only been seen in Ukraine. That may change depending on how the war with Russia goes.

IT security teams should prepare for a new type of distributed denial of service attack. Researchers at Akamai say someone has weaponized a theoretical attack found last summer by researchers at two American universities. Briefly, the strategy is to abuse what are called middleboxes, which are internet-connected devices like firewalls and content filtering systems for reflection attacks. Akamai estimates there are hundreds of thousands of middleboxes around the world vulnerable to this tactic. What’s worrisome is that it raises the ability of attackers to more easily launch bigger denial of service attacks than we’ve seen so far. That means middleboxes need to be better protected than they have been so far.

Attention software developers using the GitLab platform: You should upgrade to the latest version. Versions 13 and up have a vulnerability that could expose GitLab usernames, names, and email addresses to a remote attacker. The risk, say researchers at Rapid7, is this information could be combined with brute force password guessing or credential stuffing attacks to gain access to other corporate applications.

A lot of people are still using easy-to-guess passwords. That’s according to the latest annual identity exposure report from a security vendor called SpyCloud. Popular passwords last year included “2021,” “covid” and “mask.” Marvel movie enthusiasts chose “loki.” “falcon” and “wanda.” Sports team names remained popular. So was “freebritney.” But the top re-used passwords were the same easily-guessed ones used for years: “pass,” “password,” “123456,” “qwerty”, “111111” and …. I can’t go on, it’s too depressing. Listeners, please make each password different. Make each one out of three words that are meaningful to you that can’t be guessed. And use a password manager to keep track of them all.

Don’t forget later today the Week in Review podcast will be out. In this edition guest commentator David Shipley of Beauceron Security will talk about cyberwar, Russia and Ukraine and how a Canadian healthcare provider was hacked by two ransomware groups.

Links to details about podcast stories are in the text version at ITWorldCanada.com.

You can follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.