The Industrial Control Systems Cyber Emergency Response Team, aka ICS-CERT, was busy in November issuing alerts about medical device makers while tech stalwarts Apple and Google sent security vulnerabilities of their own. And you thought All Hallows’ Eve made October a frightful month? Here’s what happened in November.

“Cybersecurity is a problem. It is a problem for everyone,” said Lee Kim, Director of Privacy and Security for HIMSS. “We have to get faster with patching and updating, as well as response times by vendors from researchers, customers, or others who report suspected or discovered vulnerabilities.”

Before diving into the new Apple, Google, Linux and the Huge Dirty COW threats, a quick look at the medical device makers. Kim highlighted in the new HIMSS Healthcare and Cross-sector Cybersecurity Report flaws that hospital infosec teams should understand about Philips, Siemens and Smiths Medical.
 
[HIMSS just launched its annual cybersecurity survey for 2018: Take it right here.]

Philips’ security hole, found in the workstation logging feature within its IntelliSpace Cardiovascular 2.3.0 and Xcelera R4.1L1, as well as earlier iterations, could allow an attacker to use domain authentication credentials to access the application with elevated privileges, according to ICS-CERT.

Researchers ferreted out holes in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump via which hackers could remotely garner unauthorized access and manipulate the pump’s operations. ICS-CERT noted that Smith’s said it plans to release a new version in January of 2018 that which addresses these vulnerabilities. Translation: Hang on and hope for the best until then.

The last device issue, for now anyway, belongs to Siemens Molecular imaging. Siemens itself pinpointed at least four vulnerabilities and revealed that “unauthenticated attackers could execute arbitrary code” on Windows 7-based versions of the particular PET/CT Systems.  “Siemens Healthineers is preparing updates for the affected products and recommends protecting network access to the Molecular Imaging products with appropriate mechanisms,” the company noted in its alert.

You’re invariably aware of the #IAmRoot flaw in Apple’s new macOS High Sierra 10.13 slip that could grant hackers administrator access for all the trouble of leaving the password field completely blank. Cupertino, California’s Infinite Loop resident released Security Update 2017-001 and HIMSS Kim said “if you are running an affected, vulnerable operating system, the time to patch is now.”

Patch now. Month in, month out, that’s the overt message of every credible cyber report. Huge Dirty COW, though, that’s rather unique. Get used to it.

Dirty COW is a well-known vulnerability that popular exploits use to escalate privileges in Linux systems — and Kim explained that infosec pros found a hole in Dirty COW patches and dubbed that bug Huge Dirty COW. What else would they christen it? No matter, the important thing to know is that it could affect Linux versions 2.6.38 through 4.14. 

The Google vulnerability is every bit as complex as a googolplex. (Nope, not spelled Googleplex). Google disclosed, and said it fixed, “a directory traversal vulnerability in attachment downloads for Android Gmail.” But the plot thickens thanks to three tactics required to exploit this particular vulnerability. The e-mail address must be a non-Gmail and ‘non-Gmailified’ account (as in Hotmail or Yahoo), the file has to be new and cannot overwrite an existing file, and the user has to click to download the attachment. “Successful exploitation of this vulnerability will cause a denial of service condition,” Kim explained.

The upsides to cybersecurity in November, however, are the tools researchers created to help hospitals and other businesses fight back.

Kim pointed to a new tech named Caldera that infosec teams can use after they’ve been compromised to better understand how hackers operate and the self-professed “quick and dirty” DDEtect for finding DDE links in Microsoft Office and RTF documents.

Two investigative tools also made Kim’s roster. The Japan Computer Emergency Response Team Coordination Center, otherwise known as JPCERT, created software for visualizing Windows Active Directory event log such that malicious Windows logons, for instance, can be analyzed using this tool and researchers posted new guidelines for Yara, which bills itself as a Swiss Army knife of sorts for identifying and classifying malware. 

“More and more free tools are out there to help us on the good side of things, the defenders,” Kim said. “Some of these are from the United States, Japan, and elsewhere.” 

Twitter: SullyHIT
Email the writer: tom.sullivan@himssmedia.com