The modern cyber threat landscape requires healthcare organizations to constantly evaluate their defensive posture and cybersecurity strategy to ensure malicious cyber criminals cannot gain access to highly sensitive patient health information (PHI). One traditional approach for validating an organization’s cybersecurity defenses is consultation with a professional “red team” for penetration testing. These engagements are designed to explore vulnerabilities in an organization’s security posture and provide reports of any shortcomings that require remediation.
A recent article from Health IT Security, Abuse of Legitimate Tools Threatens Healthcare Cybersecurity, reports on the trend of cyber criminals abusing popular penetration testing applications such as Cobalt Strike, Mimikatz, and PowerShell Empire in offensive cyber operations targeting healthcare organizations (HCOs).
According to John Whetstone, VP of Managed Cybersecurity Services at ClearDATA, “A major part of building resilient and anti-fragile healthcare cybersecurity defenses is to hire professional help to evaluate your existing cyber defenses and present new threat vectors you may not have considered before.”
As a former leader of a cybersecurity team at NSS Labs charged with conducting offensive security exercises to evaluate the efficacy of commercial endpoint & cloud workload protection software, Whetstone continues, “If hiring a 3rd party to conduct these evaluations isn’t an option, organizations should invest in their existing workforce and upskill blue teamers to be able to execute simulated attacks against the organization.”
Improving Testing Using Cyber Threat Intelligence
Determining where to initially focus efforts will likely appear as one of the toughest hills to climb as organizations unpack DIY security efficacy testing. According to Whetstone, “this is a great example of where cyber threat intelligence (CTI) is extremely helpful and should be used to provide a blueprint for prioritizing your testing.
Familiarizing yourself with the tools and techniques that threat actors are using to compromise environments is key to being able to identify and defend against them during a real attack. Many of the tools employed by both threat actors and red teams are open source and made readily available on sites like Github or shipped in penetration testing distributions of Linux like Kali or Parrot Security.”
Targeting Software Vulnerabilities in the Cloud
While the cloud has changed so much of how we manage IT technology, one thing remains constant: software vulnerabilities. Software vulnerabilities, especially ones commonly found in internet-exposed workloads like Log4j, several MSFT exchange, and VPN remote code execution vulnerabilities have been a favorite target of threat actors in the last year. Penetration testing tools such as Cobalt Strike and Metasploit offer a wide variety of ways to target and easily exploit these existing software flaws. As a result, it is important to underscore the value of proactive software vulnerability detection and on-going patch management during any conversation about security efficacy or penetration testing.
Stay One Step Ahead With Expert Help
Healthcare cybersecurity can be akin to a game of cat and mouse: organizations are constantly trying to outsmart the bad guys that want to break down defenses and steal valuable data. While penetration testing and red team engagements are valuable components of any cyber defense, we advise healthcare organizations to partner with trusted experts to holistically evaluate their entire cloud security posture.
This relationship can accelerate an organization’s defensive tempo as well as optimize the response of security operations to minimize impact from cyber threat actors targeting your organization.
If you are looking to assess potential vulnerabilities in your existing IT infrastructure from a trusted cloud expert, reach out to the ClearDATA team for a free consultation today.