Health-ISAC, together with the American Hospital Association (AHA), has shared guidance for healthcare data security teams to assist them to develop resilience in the event of supply chain cyberattacks like the latest SolarWinds Orion occurrence.
The white paper entitled Strategic Threat Intelligence: Preparing for the Next “SolarWinds” Event offers ideas regarding the cyberattack and looks at the factors that allowed this kind of attack to happen. The paper gives technical advice for senior company officials, C-suite professionals, and IT and information security teams to enable them to avoid and offset the same attacks.
Solutions like SolarWinds Orion get privileged access to the resources they are hired to manage. Attackers exploited those supply chain dependencies and built-in trust models in the SolarWinds Orion attack. The attackers made use of a software update system to install a backdoor into the network tracking program. When about 18,000 customers and certain companies, which include a number of government bureaus and cybersecurity companies, downloaded the update and used it, they suffered in-depth compromises. The U.S. government lately officially traced cyberattack to the Russian Foreign Intelligence Service (SVR).
Threat actors find platforms like SolarWinds Orion as appealing targets because a lot of attractive targets like big corporations and government agencies use these platforms. The platforms also have a centralized system, which manages several subsystems, networks, and solutions, and they necessitate minimal interaction with the operating system. The system features a secret, unpatched, or unidentified opening that attackers could use to have administrative control. In case that opening is explored, the attackers may get restricted or complete control of the subsystems it manages.
The attackers exploited all of those components in the SolarWinds attack. The white paper also referred to the following four incidents where identical features were taken advantage of:
- the 2003 HP OpenView vulnerability
- NotPetya attack
- WannaCry attack
- the 2021 SAP Solution Manager incident
The same cybersecurity occurrences are inclined to occur again and again, therefore it is essential to take steps to lower risk and restrict the damage that may happen. The white paper specifies the risks associated with business IT systems for instance SolarWinds Orion and gives suggestions that may be employed to enable companies to anticipate, and maybe stop, the same incidents down the road.
Advice consists of registering to ISAC to get regular and useful threat intelligence, performing vulnerability tests to spot vulnerabilities, patching immediately, sticking with the principle of least privilege, and using a system of regular validation to make sure that security settings are still efficient at preventing threats.
What is absolutely required is close cooperation between government authorities, the healthcare field, and all critical infrastructure worldwide through a formal sharing of cyber threat data and merged cyber defenses. Organizations must look at the strategic and tactical concerns mentioned in the paper to review all trusted programs used, or intending to be used, within your setting.