Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Cross-platform malware. Show all posts

Hospitals Paralyzed by Cyberattack, Emergency Services Diverted

Several hospitals in Pennsylvania and California were compelled to close their emergency departments and redirect incoming ambulances due to a recent uptick in cyberattacks, which created a frightening situation. The hack, which targeted the healthcare provider Prospect Medical Holdings, has drawn attention to the fragility of essential infrastructure and sparked worries about how it would affect patient care.

The malware hit Prospect Medical's network, impairing its capacity to deliver crucial medical services. No other option was available to the hospitals that were impacted by the attack other than to temporarily close their emergency rooms and divert ambulance traffic to other hospitals.

The severity of the situation cannot be understated. Hospitals are at the heart of any community's healthcare system, providing life-saving treatments to patients in their most critical moments. With emergency rooms rendered inoperable, the safety of patients and the efficacy of medical response are compromised. Dr. Sarah Miller, a healthcare analyst, voiced her concerns, stating, "This cyberattack has exposed a glaring weakness in our healthcare infrastructure. We need robust cybersecurity measures to ensure patient care is not disrupted."

The impact of the cyberattack extends beyond immediate patient care. It raises questions about data security, patient privacy, and the overall stability of healthcare operations. As patient information becomes vulnerable, there is a risk of data breaches and identity theft, further exacerbating the challenges posed by the attack.

Prospect Medical Holdings has since released a statement acknowledging the cyber incident and expressing its commitment to resolving the issue promptly. The company is working with cybersecurity experts to contain the breach, assess the extent of the damage, and implement safeguards to prevent future attacks.

Government agencies, including the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA), are also actively involved in investigating the attack and providing support to the affected hospitals. Michael Johnson, a spokesperson for CISA, emphasized the agency's dedication to assisting healthcare providers in enhancing their cybersecurity posture. Dr. Emily Collins, a cybersecurity expert, noted, "Hospitals need to invest not only in advanced cybersecurity technologies but also in training their staff to recognize and respond to potential threats."

As hospitals work tirelessly to restore normalcy and bolster their defenses against cyber threats, this incident underscores the urgent need for a collaborative approach involving healthcare providers, cybersecurity experts, and government agencies to ensure the resilience of our healthcare system in the face of evolving cyber risks.

Mozilla Patches Critical Security Bug in Cross-Platform Cryptography library

 

Mozilla has patched a critical bug present in the NSS (Network Security Services) cross-platform cryptographic library that could be potentially abused by threat actors to crash a susceptible device and even implement arbitrary code. 

The vulnerability tracked as CVE-2021-43527, was discovered by Tavis Ormandy, a renowned bug-hunter with Google Project Zero who named the flaw “BigSig.” 

“I've discovered a critical vulnerability in Network Security Services (NSS). NSS is the Mozilla project's cross-platform cryptography library. In 2021, all good bugs need a catchy name, so I'm calling this one "BigSig",” Ormandy explained in a blog post.

According to Ormandy, the flaw could have directed to a heap-based buffer overflow while verifying DER-encoded DSA or RSA-PSS signatures in multiple email users and PDF viewers that use the NSS versions prior to 3.73 or 3.68.1 ESR. 

All applications that depend on NSS for managing signatures encoded within CMS, PKCS #7, PKCS #12, and S/MIME are likely to be impacted, Mozilla said in an advisory. Additionally, the vulnerability may also affect applications that employ NSS for validating certificates, or for additional CRL, OCSP, TLS, or X.509 functionality, depending on how NSS is configured. The exploitation of the flaw could allow an attacker to crash an application or potentially achieve arbitrary code execution.

“This vulnerability does NOT impact Mozilla Firefox. However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted,” Mozilla says. 

The vulnerability exists because a VFYContext structure that NSS manufactures to store data when verifying a digital signature could only accommodate maximum signature sizes of 16384 bits (RSA at 2048 bytes). Thus, signatures larger than that would lead to a buffer overflow, Ormandy explained. 

“The untrusted signature is simply copied into this fixed-sized buffer, overwriting adjacent members with arbitrary attacker-controlled data,” Ormandy said. The security researcher also observed that the security bug can be easily reproduced and that multiple algorithms are affected.

“The bug is that there are simply no bounds checking at all; sig and key are arbitrary-length, attacker-controlled blobs, and cx->u is a fixed-size buffer. The hashobj member contains function pointers, so redirecting execution is trivial,” Ormandy concluded.

Java Bot, a cross-platform malware capable of running on Windows, Mac and Linux


Security researchers at Kaspersky has came across a cross-platform malware which is capable of running on Windows, Mac and Linux.

The malware is completely written in Java.  Even the exploit used for delivering the malware is also well-known Java exploit(CVE-2013-2465) which makes the campaign completely cross-platform.

Once the bot has infected a system, it copies itself into user's home directory as well as add itself to the autostart programs list to ensure it gets executed whenever user reboots the system.

Once the configuration is done, the malware generates an unique identifier and informs its master.  Cyber criminals later communicates with this bot through IRC protocol.

The main purpose of this bot is appeared to be participate in Distributed-denial-of-service(DDOS) attacks.  Attacker can instruct the bot to attack a specific address and specify a duration for the attack.

The malware uses few techniques to make the malware analysis and detection more difficult.  It uses the Zelix Klassmaster obfuscator.  This obfuscator  not only obfuscate the byte code but also encrypts string constants.

All machines running Java 7 update 21 and earlier versions are likely to be vulnerable to this attack.