CISA Cybersecurity Advisory: DPRK Ransomware Threats to Clinical Healthcare

On February 09, 2023, the Defense Security Agency recently released a Cybersecurity Advisory (#StopRansomware: Ransomware Attacks on Critical Infrastructure Fund DPRK Malicious Cyber Activities) which highlights the growing threat of ransomware attacks on critical infrastructure and medical devices in the United States. The report highlights the role of North Korea in funding these malicious activities and the need for organizations to take proactive measures to protect themselves.

Executive Summary

• North Korean malicious cyber activities are responsible for ransomware attacks on critical infrastructure organizations.
• Ransomware attacks are increasing and targeting critical infrastructure, including healthcare facilities.
• The ransomware is being used to fund illicit activities by North Korean state-sponsored actors.
• Organizations are encouraged to prepare for and mitigate ransomware incidents.
• Victims of ransomware attacks are encouraged to report incidents to appropriate authorities, such as the FBI or CISA in the US, and NIS, KISA, and KNPA in South Korea.
• The authors discourage paying ransoms as it may embolden adversaries to target additional organizations and fund illicit activities.

Microsegmentation is a crucial technique for protecting medical devices from ransomware attacks and limiting lateral movement in the network, as highlighted in a recent report. By dividing a network into smaller segments, this technique can prevent the spread of malware or unauthorized access, ensuring the security of medical devices in critical environments such as hospitals. As medical device security becomes increasingly important in the healthcare industry, techniques such as microsegmentation can play a critical role in safeguarding patient privacy and safety.

The report provides a number of recommendations for organizations to prepare for and mitigate ransomware incidents. These include maintaining isolated backups of data, creating and exercising a cyber incident response plan, regularly updating software and operating systems, securing and monitoring potentially risky services, implementing a user training program, requiring strong passwords and phishing-resistant multifactor authentication, and regularly updating antivirus and antimalware software.

In addition, the report recommends that organizations scan backups and follow incident response best practices in the event of a ransomware attack. It is also important for organizations to report incidents to the appropriate authorities, including the FBI and CISA, and to seek assistance from other cybersecurity authorities.

Summary recommendations from this report

• Maintain isolated backups of data, regularly test backup and restoration, and ensure all backup data is encrypted, immutable, and covers the entire organization’s data infrastructure
• Create, maintain, and exercise a basic cyber incident response plan and associated communications plan that includes response procedures for a ransomware incident, and ensure the notification procedures adhere to applicable laws
• Install updates for operating systems, software, and firmware as soon as they are released, and regularly check for software updates and end-of-life notifications
• If using Remote Desktop Protocol (RDP) or other potentially risky services, secure and monitor them closely, limit access to resources over internal networks, and use a VPN or virtual desktop infrastructure to authenticate and secure the connection
• Implement a user training program and phishing exercises to raise awareness among users about the risks of visiting websites, clicking on links, and opening attachments
• Require phishing-resistant multifactor authentication (MFA) for as many services as possible, particularly for webmail, VPNs, accounts that access critical systems, and privileged accounts that manage backups
• Use strong passwords and avoid reusing passwords for multiple accounts
• Require administrator credentials to install software and audit user accounts with administrative or elevated privileges
• Install and regularly update antivirus and antimalware software on all hosts
• Only use secure networks and consider installing and using a VPN
• Consider adding an email banner to messages coming from outside the organization indicating that they are higher risk messages
• Consider participating in the Automated Indicator Sharing (AIS) program
• If a ransomware incident occurs, follow the organization's ransomware response checklist, scan backups, and report incidents to appropriate authorities
• Apply incident response best practices found in the joint Cybersecurity Advisory, Technical Approaches to Uncovering and Remediating Malicious Activity.

The report highlights the need for organizations to take proactive measures to protect themselves from ransomware attacks, especially in the critical infrastructure and medical device sectors. Microsegmentation is a key technique that can help limit the spread of malware and protect medical devices in hospitals. Network and security IT professionals working in hospitals in the United States are encouraged to review the report and implement the recommended best practices to help protect their organizations and patients.

Maximizing Your Organization's Security with Microsegmentation: Get Expert Assistance Now

Are you looking for guidance on how to effectively implement microsegmentation in your organization? Our team of experts is here to assist you every step of the way. Schedule a complimentary consultation with us to assess your security needs and receive customized recommendations on the best approach to microsegmentation. Whether you're just starting to explore the benefits of this technology or seeking to enhance your current strategy, we're here to help.

In addition to our expert consultation services, you can also visit our resource center for valuable information on microsegmentation. Our product videos provide in-depth insights into the features and capabilities of our solutions, showing how they can enhance your organization's security posture. Don't wait any longer to experience the benefits of microsegmentation for yourself. Connect with one of our experts today and take the first step towards a more secure and compliant organization with the power of microsegmentation.