On 15 April 2021, the Cyber Security Agency of the Singapore Computer Emergency Response Team (“SingCert“) issued an alert urging administrators of internet-connected devices to patch their systems immediately.
Given the increasing number of cyberattack cases in past months, organizations would do well to check that all internal systems have been patched and up to date. In line with SingCert’s recommendations, organizations should also continue to monitor all patches released closely, as well as any malicious activity on all network traffic, and configure systems to rely on internal domain name system servers.
In more detail
On 15 April 2021, SingCert issued an alert urging administrators of internet-connected devices to patch their systems immediately. The urgent announcement was prompted by its discovery of vulnerabilities in over 100 million internet-connected devices, which included fitness wearables and medical equipment.
According to cyber-security company Forescout Research Labs, the vulnerabilities in question are known as “Name:Wreck”. These could potentially compromise four popular sets of rules, or “stacks,” which dictate how devices communicate with one another over the internet.
Primary organizations affected were those in the government and healthcare sectors, while others implicated included retail, entertainment and technology firms. Amongst the potentially affected equipment are ultrasound machines, patient monitors, medical imaging equipment and even defibrillators.
According to Forescout, once the vulnerabilities are exploited, it could result in major government data hacks, amongst others. In the healthcare setting, a cyber-attacker may reportedly exploit the Name:Wreck bug to compromise ultrasound machines that utilize connections to a website to obtain firmware updates. The attacker could then use the bug to re-channel the machines to his own website to download a malicious firmware, and thereafter direct the malware to upload all medical records to his site.
SingCert has advised that if patching is unavailable, administrators should try to enhance segmentation controls and undertake network hygiene measures, which include the isolation of vulnerable devices.