Table of Contents:

• Massive Cyberattack Hits Ukrainian Government
• CISA, FBI, and NSA Release Cybersecurity Advisory on Russian Cyber Threats to U.S. Critical Infrastructure
• Iranian Intel Cyber Suite of Malware Uses Open Source Tools
• Microsoft Releases January 2022 Security Updates
• CISA Adds 15 Known Exploited Vulnerabilities to Catalog
• New HC3 Resources for HPH Stakeholders
• Upcoming Webinar: The Patient Safety Threat of Ransomware
• Engineering Trustworthy Secure Systems: Draft NIST SP 800-160 Volume 1 Revision 1 Available for Comment
• HPH Sector Ransomware Resource Library
• Latest CISA Vulnerability Summary

Massive Cyberattack Hits Ukrainian Government

Multiple open source outlets are reporting a massive cyberattack in Ukraine that warned Ukrainians to "be afraid and expect the worst." The cyberattack took over websites of the Ukrainian Ministry of Foreign Affairs, Cabinet of ministers and security and defense council. To be noted, the Ukrainian Embassy in the U.S was also impacted. This attack comes as Kyiv and its allies have sounded the alarm about a possible new Russian military offensive against Ukraine.

Additional Resources

• Reuters: Massive Cyberattack Hits Ukrainian Government Websites as West Warns on Russia Conflict
• Washington Post: Ukraine's Official Websites Hit by Massive Cyberattack Amid High Tensions with Russia

CISA, FBI, and NSA Release Cybersecurity Advisory on Russian Cyber Threats to U.S. Critical Infrastructure

The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and the National Security Agency released a joint Cybersecurity Advisory (CSA),  Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure. The CSA provides an overview of Russian state-sponsored cyber operations; commonly observed tactics, techniques, and procedures (TTPs); detection actions; incident response guidance; and mitigations. This advisory is being released by CISA, FBI, and NSA as a part of their continuing cybersecurity mission with interagency partners to warn organizations of potential cyber threats. 

CISA, the FBI, and NSA encourage the cybersecurity community-especially critical infrastructure network defenders-to adopt a heightened state of awareness and to conduct proactive threat hunting. Additionally, they strongly urge network defenders to implement the CSA's recommendations and mitigations, which will help organizations improve their functional resilience by reducing the risk of compromise or severe business degradation. Find the full CSA at CISA.gov.
 

Iranian Intel Cyber Suite of Malware Uses Open Source Tools

U.S. Cyber Command's Cyber National Mission Force (CNMF) has identified multiple open-source tools used by an Iranian advanced persistent threat (APT) group known as MuddyWater. According to CNMF, "MuddyWater has been seen using a variety of techniques to maintain access to victim networks. These include side-loading DLLs in order to trick legitimate programs into running malware and obfuscating PowerShell scripts to hide command and control functions." U.S. Cyber Command has released malware samples attributed to MuddyWater to the malware aggregation tool and repository, VirusTotal.

CISA encourages users and administrators to review U.S. Cyber Command's press release, Iranian intel cyber suite of malware uses open source tools, as well as their  VirusTotal page for more information.
 

Microsoft Releases January 2022 Security Updates

Microsoft has released 96 security fixes including updates to address six zero-day vulnerabilities. Users and administrators are encouraged to review Microsoft's January 2022 Security Update Summary and Deployment Information and apply the necessary updates. The most severe flaw addressed today is CVE-2022-21907, a critical, remote code execution flaw in the "HTTP Protocol Stack." Microsoft says the flaw affects Windows 10 and Windows 11, as well as Server 2019 and Server 2022.

Additional information

• ZDNET: Microsoft January 2022 Patch Tuesday: Six zero-days, over 90 vulnerabilities fixed
• SANS: Microsoft Patch Tuesday - January 2022
• KrebsOnSecurity: 'Wormable' Flaw Leads January 2022 Patch Tuesday

CISA Adds 15 Known Exploited Vulnerabilities to Catalog

CISA has added 15 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise.

New HC3 Resources for HPH Stakeholders

The Health Sector Cybersecurity Coordination Center (HC3) was created by HHS to aid in the protection of vital, healthcare-related controlled information and ensure that cybersecurity information sharing is coordinated across the HPH Sector. This week HC3 has three new resources for HPH stakeholders.

• January 6, 2022 - Mespinoza-GOLD BURLAP-Cyborg Spider Analyst Note
• January 10, 2022 - December 2021 Vulnerability Bulletin

• January 11, 2022 - Russian Sponsored Threats Alert

Upcoming Webinar: The Patient Safety Threat of Ransomware

Despite the world-changing consequences of the COVID-19 pandemic, healthcare cybersecurity threats have only increased in incidence and severity, with ransomware infections crippling a record number of healthcare delivery organizations in 2021. Evolving vulnerabilities like the recent log4j exploit have further demonstrated the need to improve resilience in order to protect patient safety.

Digital Disease: The Patient Safety Threat of Ransomware- a webinar on Thursday, January 20th, at 11:00 EST, will bring together multiple expert perspectives to discuss recent lessons learned and provide insight focused on the patient safety paradigm.

In collaboration with our colleagues at The George Washington University in Washington, D.C., this special event features brief addresses from Dr. Kevin Fu, Acting Director of Medical Device Cybersecurity at the US Food and Drug Administration, Dr. Natalie Sullivan, an emergency and disaster medicine specialist and security researcher with firsthand experience of caring for patients during a ransomware attack, Mr. John Riggi, National Advisor for Cyber and Risk for the American Hospital Association, and Professor Arkady Yerukhimovich, a computer security and cryptography expert. Register and learn more at here .

Engineering Trustworthy Secure Systems: Draft NIST SP 800-160 Volume 1 Revision 1 Available for Comment

The National Institute of Standards and Technology (NIST) released the draft of a major revision to Special Publication (SP) 800-160 Volume 1, Engineering Trustworthy Secure Systems . This publication is intended to serve as a reference and educational resource for engineers and engineering specialties, architects, designers, and personnel involved in the development of trustworthy secure systems and system components. The guidance can be applied selectively by organizations, individuals, or engineering teams to improve the security and trustworthiness of systems and system components.

NIST is interested in your feedback on the specific changes made to the publication during this update, including the organization and structure of the publication, the presentation of the material, its ease of use, and the applicability of the technical content to current or planned systems engineering initiatives.

A public comment period for this document is open through February 25, 2022. See the publication details for a copy of the draft publication and instructions for submitting comments using the comment template provided.

HPH Sector Ransomware Resource Library

The HPH Sector Highlights- Cybersecurity Edition features this continually growing HPH Ransomware Resource Library in every weekly bulletin. Ransomware attacks were responsible for almost 50% of all healthcare data breaches in 2020. The library has a variety of resources that you can use to keep your healthcare facility protected from ransomware attacks.

• StopRansomware.gov
• CISA Cyber Security Evaluation Tool (CSET): the Ransomware Readiness Assessment (RRA)
• CISA Fact Sheet: Protecting Sensitive and Personal Information from Ransomware-Caused Data Breaches
• HC3 and 405(d)'s Prepare, React, and Recover from Ransomware guide
• FBI IC3 Webpage for Ransomware
• FBI Flash: Indicators of Compromise Associated with Cuba Ransomware
• FBI Flash: Tactics, Techniques, and Indicators of Compromise Associated with Hello Kitty/FiveHands Ransomware
• FBI Flash: Indicators of Compromise Associated with Ranzy Locker Ransomware
• FBI Flash on Hive Ransomware
• FBI Flash on Indicators of Compromise Associated with OnePercent Group Ransomware
• CISA, FBI, and NSA joint Cybersecurity Advisory (CSA) on BlackMatter Ransomware
• Malware Analysis Report (MAR) on DarkSide Ransomware
• Alert AA21-131A: DarkSide Ransomware: Best Practices for Preventing Business Disruption from Ransomware Attacks
• NIST's Tips and Tactics for Dealing with Ransomware
• HHS HC3 Homepage
• New Zealand Computer Emergency Response Team guide on ransomware protection for businesses
• VirusTotal Report: Ransomware in a Global Context
• Ransomware Task Force: Combating Ransomware Report
• Software Engineering Institute Resources for Preparing and Responding to Ransomware
• Coveware Q3 2021 Ransomware Report

Latest CISA Vulnerability Summary

The latest CISA Vulnerability Bulletin  provides a summary of new vulnerabilities that have been recorded by the NIST National Vulnerability Database (NVD) in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Comments and Questions

If you have comments or questions, send an email to CIP@hhs.gov. The CIP team will work to answer your inquiries or connect you to the proper entity. 

Traffic Light Protocol (TLP) Designation: WHITE

Did someone forward this to you? 

Subscribe to HPH Sector communications.


Disclaimer: ASPR provides the above sources of information for the convenience of the HPH Sector community and is not responsible for the availability or content of the information or tools provided, nor does ASPR endorse, warrant or guarantee the products, services or information described or offered. It is the responsibility of the user to determine the usefulness and applicability of the information provided. 

U.S. Department of Health & Human Services, Office of the Assistant Secretary for Preparedness & Response
200 C Street, SW
Washington, DC 20024