The recent ransomware attack that was uncovered earlier this week has resurfaced with some old tricks that hackers have used in the past. This new campaign seems to be targeting small businesses and individual users, who have been hit with ransomware through e-mails and spam attachments. This type of cyberattack is surprisingly lucrative for
CHS confirm that criminal hackers accessed the personal and protected health information of up to one million patients, resulting in potential identity theft and serious medical complications. The company has issued a warning to patients and urged them to take steps to protect their information, such as creating strong passwords and guarding against phishing attacks.
Community Health Systems said that hackers gained access to patient data through its use of a file-transfer software called GoAnywhere MFT, which is deployed by large businesses to share and send large sets of data securely. The health care giant said it was notified of the security incident by Fortra, and that no financial information or Social Security numbers were compromised.
According to Community Health Systems, the company is offering identity theft protection services to individuals whose information was exposed in the Fortra security breach. These services will help protect victims from potential financial losses as a result of their personal information being stolen. However, there have been no material disruptions in patient care as a result of this vulnerability.
CHS, one of the largest healthcare providers in the United States, has been identified as the victim of a data breach where patient data may have been exposed. The company has not yet specified what types of data were exposed, but it is likely that this is only the second known breach for CHS in recent years.
While no confirmed victims have been identified thus far, experts believe that the new zero-day breach could be the work of Clop, who have a history of targeting organizations using Fortra’s file-transfer technology. With such a large number of potential targets already in their crosshairs, Clop may be looking to make headlines with yet another successful attack.
If you’re a user of GoAnywhere, there’s a good chance your company is also vulnerable to this exploit. Thankfully, security experts have shared some information about the zero-day and what you can do to protect yourself. First and foremost, be sure to keep your software up-to-date. As CHS notes, this vulnerability was publicly revealed on August 2nd – meaning businesses had plenty of time to patch it if they were concerned. Additionally, make sure your passwords are strong and unique – don’t use the same password for all of your accounts. And lastly, make sure you understand how to protect yourself against online threats – including zero-days – by reading up on cybersecurity basics like cyber security FAQs .
What is the GoAnywhere vulnerability?
The zero-day vulnerability in Fortra’s GoAnywhere software was identified by security journalist Brian Krebs, who shared the full text of Fortra’s security advisory on February 2. The vulnerability allows an attacker to hijack sessions of vulnerable users by sending them a specially crafted Facebook message. The public release of the vulnerability report has been roundly criticized by cybersecurity experts, as it is only accessible through a Fortra account.
The GoAnywhere MFT zero-day remote code injection exploit is potentially devastating for businesses and can be exploited by attackers with very limited access to the system. This vulnerability could allow unauthorized individuals to interfere with the administration of the application, potentially causing serious harm. businesses should take immediate steps to ensure that this vulnerability is patched and protected from exploitation.
The flaw found in GoAnywhere makes it easy for attackers to gain access to sensitive data transmitted through the platform. Rapid7 considers the exploitability of this bug to be very high, making it a valuable tool for attackers seeking to steal valuable information from company clients.
GoAnywhere 2.x seems to have been vulnerable to a zero day attack that allowed ransomware gangs to breach organization’s confidential data sets. This vulnerability appears to be very similar to an Accellion flaw that was exploited in 2020 by the Clop ransomware gang, which resulted in the theft of sensitive data from a number of organizations including Qualys, Shell, the University of Colorado, Kroger, and Morgan Stanley.
The Clop ransomware gang is now claiming that it has already exploited two vulnerabilities to steal data from more than 130 organizations. However, the group has not provided any evidence for its claims, and at the time of writing it is unclear if either Fortra or GoAnywhere were actually used in this attack.
Fortra’s lack of response to TechGround’s questions may be an indicator of their lack of commitment to the project. While Fortra is an experienced provider of cloud-based software maintenance, their reluctance to answer our questions suggests
Should I be concerned?
There are legitimate concerns about the exploitability of the GoAnywhere vulnerability. The flaw could be easily exploited by attackers who know how to send malicious HTTP requests, and there is no evidence that this vulnerability has been used in any attack yet. Additionally, while the developers have released a patch for the GoAnywhere vulnerability, it is possible that other vulnerabilities exist
Russian speaking threat actors have been linked to cyberattacks on different organizations, both large and small. TA505 is a known criminal hacking crew that is known for deploying Clop ransomware in targeted campaigns. It is unclear if Silence was behind the attack on the customer’s network, but it’s worth noting that Russian-speaking actors are known for their willingness to target organizations of all sizes.
In recent months, ransomware has become increasingly common and intrusive. This activity – which involved the deployment of ransomware on a vulnerable machine – is likely just one example of how this type of malware can be used to achieve malicious ends.
The exploit for the GoAnywhere zero-day is being actively exploited, and judging from remarks made by Huntress, it seems that wider activity is anticipated. This could mean a lot of organizations are vulnerable to attack, so steps need to be taken to protect systems and data.
Security patches available
The emergency patch from Fortra includes fixes for several vulnerabilities that could be exploited by attackers. These vulnerabilities could allow hackers to gain access to customers’ files and registries, or even launch attacks against the company’s website. All GoAnywhere customers are urged to apply the patch as soon as possible, in order to avoid any potential harm.
The U.S. cybersecurity agency CISA added the GoAnywhere flaw to its public catalog of known exploited vulnerabilities, ordering all federal civilian executive branch agencies to patch their systems before March 3 in order to protect against the security risk.