Cybersecurity Briefing: November 16, 2020 - Escalating Threat Landscape

# Lead Story: Schneider Electric Advisory on Drovorub Malware On November 16, 2020, a significant security advisory was released regarding the Drovorub Linux malware, linked to the APT28 threat group, believed to be Russian state-sponsored. This malware enables hackers to establish backdoor access to Linux systems, allowing for file theft and remote control capabilities. Organizations utilizing Linux platforms must prioritize patching and monitoring to mitigate potential breaches. The advisory emphasizes the importance of robust security measures against state-sponsored threats. CISO Series

# Secondary Item 1: Healthcare Vulnerabilities Bulletin The U.S. Department of Health and Human Services (HHS) issued a bulletin on critical vulnerabilities affecting healthcare systems, highlighting the need for immediate action. Microsoft released 112 patches, including 24 severe vulnerabilities classified as remote code execution risks that could allow attackers to execute malicious code. This can significantly impact critical applications like Exchange Server and Microsoft Teams. Organizations in the healthcare sector must ensure timely updates to safeguard patient data and system integrity. HHS.gov

# Secondary Item 2: Rise in Ransomware Incidents Reports on November 16 indicated a worrying trend in escalating ransomware attacks across various sectors, particularly finance and healthcare. Ransomware has been responsible for a significant portion of cyber incidents during this period, with attackers increasingly targeting organizations that are critical to COVID-19 response efforts. Organizations must remain vigilant and enhance their defenses against such attacks to protect sensitive information and maintain operational continuity. Hackmageddon

# Secondary Item 3: Cyber Espionage Efforts Intensify Analysts reported a surge in cyber espionage activities, particularly against entities involved in critical sectors such as healthcare, especially those working on COVID-19 vaccines. These attacks highlight a concerning trend in targeting organizations crucial to public health. Stakeholders are urged to bolster their security postures to protect sensitive research and data from state-sponsored actors seeking to exploit vulnerabilities in these high-stakes environments. HACKMAGEDDON

Analyst Perspective

The events of November 16, 2020, underscore a rapidly evolving cybersecurity landscape characterized by state-sponsored threats, significant vulnerabilities in critical sectors, and an alarming rise in ransomware incidents. Organizations, particularly in healthcare, must prioritize cybersecurity measures and enhance their incident response strategies to safeguard against these persistent and evolving threats. The ongoing pandemic has only intensified the focus of threat actors, making it imperative for organizations to stay ahead of the curve in their cybersecurity efforts.