HIMSS has published its June Healthcare and Cross-Sector Cybersecurity Report, in which warnings have been issued to healthcare organizations about the risk of hackers exploiting vulnerabilities in application programming interfaces (APIs), tampering with cookies, distributed denial of service (DDoS) attacks and man-in-the-middle attacks. Healthcare companies are likewise advised to be alert to the possibility that isolated networks may not be as secure as believed, as a new attack method has been uncovered that could allow these isolated networks to be compromised using USB devices.
Improvements to perimeter defenses is making it harder for cybercriminals to gain entry to healthcare networks. As a result, alternative strategies are being used by hackers to gain access to healthcare data. API vulnerabilities are weak points that several cybersecurity experts believe could become a major new attack vector.
The use of APIs is now commonplace. It is quicker and easier to make use of a third-party apps than for healthcare organizations to develop their own applications, and APIs allow healthcare organizations to do that. According to a study by One-Poll, typically, businesses now handle 363 APIs and 2/3 of companies leave the APIs open to the general public or their business partners. Just like any software solution, when there are vulnerabilities, hackers will exploit them. Security Week‘s Torsten George discussed a number of ways that APIs could be taken advantage of to access sensitive information.
By allowing the use of Unicode characters in domain names, cybercriminals can quickly create very convincing domains with homographs for use in phishing campaigns. For example, it is possible to use the Cyrillic small letter a to replace a regular a, or use the Latin small letter iota or the dotless i, to replace an i. Farsight Security has detailed this attack method in its Global Internationalized Domain Name Homograph Report.
Eleven Paths has detailed another attack method that exploits hidden networks using USB devices. This method of attack can allow access to isolated computer systems not accessible via the Internet. If you just disconnect a computer from its WiFi connection and disconnect the ethernet cable, it may not be enough to prevent malicious actors from gaining access to the device.