The Healthcare Cybersecurity Coordination Center published on October 28 a report on the “Miracle Exploit,” a set of critical vulnerabilities affecting Oracle applications. “These vulnerabilities give an attacker the ability to execute code remotely on victim systems without authentication or detection,” said Scott Gee, AHA’s deputy national advisor for cybersecurity and risk. “Organizations using affected Oracle products are advised to urgently apply patches to avoid the exploit.”

The health sector and others October 29 were also alerted to an unrelated threat from a Russian cyber actor called “Midnight Blizzard,” which was observed during a spear phishing campaign delivering phishing emails to targets in various sectors. According to Microsoft, the campaign is likely being used to collect information from targets. The alert includes additional information, mitigations, hunting queries, and indicators of compromise.

Midnight Blizzard was observed impersonating Microsoft employees and sending social engineering bait emails related to Microsoft, Amazon Web Services, and the concept of Zero Trust. Successful attacks provide the threat actor with sensitive information from the compromised device because the server controlled by the threat actor maps the resources of the victims’ local devices to their server.

“These phishing emails are well-crafted and targeted,” Gee said. “From a cybersecurity perspective, some best practices can help mitigate these two dangerous attacks. Effective patch management prevents the Oracle vulnerability and training allows users to recognize phishing emails and, more importantly, not click on unknown links in emails, preventing the phishing attack. Both preventive measures are listed in the essentials Cyber ​​Security Performance Objectives. The AHA strongly recommends that all health care organizations, including third-party providers, implement voluntary CPGs. These guidelines will help you strengthen your defenses against cyber attacks.”

For more information on this or other cyber and risk issues, contact Gee at [email protected]. For the latest threat information and other cyber and risk resources, visit www.aha.org/cybersecurity.