MedCrypt
Published in

MedCrypt

Log4Shell Exposes the Mismatched Allocation of Resources in Healthcare Cybersecurity

By Axel Wirth, Chief Security Strategist at MedCrypt, Adjunct Professor at the University of Connecticut, and co-author of “Medical Device Cybersecurity for Engineers and Manufacturers”

Over the past few days the cybersecurity world has been rattled by the Log4Shell vulnerability that caused yet another mad scramble to identify whether a given organization and given system are impacted and if so, deploy the respective mitigation.

It appears that human capacity for response to these events is reaching (or already exceeding) its limits, especially since these vulnerability announcements tend to not be stable for a while with new information continually being added (in case of Log4Shell with a subsequent vulnerability in the proposed patch). Clearly, to make vulnerability management workable at scale we need better tooling to improve software transparency to the benefit of both vendors and operators.

Log4Shell earned a CVSS score of 10.0 Critical

Rightfully, Log4Shell earned a CVSS score of 10/10, positioning it in the top 5% range of disclosed vulnerabilities. Reports indicate that it is already being exploited with more than an estimated 1 million systems already having been attacked (and counting). To make matters worse, some have speculated that it is wormable and that the appearance of self-replicating malware is imminent.

As many times before, cyber adversaries have demonstrated their ability to move fast. Initial attempts to exploit the vulnerability were detected as soon as nine minutes after public disclosure. Within a few days, attacks turned from simple reconnaissance to data exfiltration and credential theft as well as started to use obfuscation techniques to evade compensating controls like firewalls.

At the time of this writing it has been reported that 40% of corporate networks have been targeted and that nation-state adversaries have been using the vulnerability in their attacks.

Frequency of attempts to test or exploit the Log4j flaw, seen across 58 countries over a 48-hour period (Source: McAfee)

We are on a concerning trajectory with more and more vulnerabilities of higher impact being discovered increasingly frequently. We are still in the weeds with Nucleus:13 and, just in time for the holidays, Log4Shell comes along.

As a medical device manufacturer, it’s critical to rapidly identify affected product versions, communicate to customers, and provide a patch (or other mitigation). On the user side, health systems need to identify affected systems, prioritize based on risk and exposure, and deploy patches.

The key to mitigation is proper software component transparency at scale. Manual efforts have let us down to date and demonstrate the need for a vulnerability management tool that provides reliable vulnerability analysis and enables the manufacturer to identify affected products and versions. Then subsequently enable the operator, via connection to their asset management system, to identify the physical devices. In other words, SBOM is the glue between the two and provides for efficient vulnerability lookup and communication.

Not meaning to downplay the need for human intervention, but the increasing prevalence of deeply embedded and pervasive vulnerabilities means resources must be allocated where they are most impactful. Applying resources (e.g., people) to the complex and time consuming identification process is inefficient, results in loss of valuable cycles, and leaves too much time for the attacker to benefit from their latest opportunity.

Strategy to date has not substantially protected nor enabled rapid remediation. What got us here will not bring us to a safer and more secure healthcare environment.

Learn more about Heimdall, the SBOM and Vulnerability Management tool from MedCrypt

--

--

--

Proactive Healthcare Security in a Few Lines of Code

Recommended from Medium

Deepfake Malware Can Trick Radiologists Into Believing You Have Cancer

{UPDATE} 2048 Tile Pairing PRO Hack Free Resources Generator

Security Product Evaluations

Dead Man Switch

{UPDATE} Train Hill Driving Sim Hack Free Resources Generator

[Solved] How to stay safe on the internet?

Umbrella Network Hacked: $700K Lost

3 Things to be aware of to design the best Bug Bounty program

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
MedCrypt

MedCrypt

More from Medium

Cyber Security Association Newsletter-January 2022

Security Countermeasures in risk management

Write a Security Policy in 4 steps

Mini Virtual Lab with OSSIM & OSSEC