skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition
Federal Authorities Warn Healthcare Sector of Godzilla Webshell Threat

Federal Authorities Warn Healthcare Sector of Godzilla Webshell Threat

/ 4 min read

stories , cybersecurity , ransomware , healthcare , data breaches , webshells

Quick take - Federal authorities have issued a warning to the healthcare sector about the Godzilla webshell, a sophisticated backdoor attributed to Chinese threat actors, urging organizations to adopt risk mitigation measures to protect against potential cyberattacks.

Fast Facts

  • Federal authorities have issued a warning about the Godzilla webshell, a sophisticated Chinese-language backdoor that can stealthily execute commands and manipulate files.
  • The U.S. Department of Health and Human Services (HHS) urges healthcare organizations to adopt risk mitigation measures due to the threat posed by this webshell, attributed to Chinese nation-state actors.
  • The Godzilla webshell’s public availability on GitHub increases the risk of cyberattacks, particularly ransomware targeting protected health information and hospital operations.
  • It is designed to be less detectable than other variants, employing advanced encryption and supporting reconnaissance activities to gather system information.
  • Recommendations for healthcare organizations include applying software updates, using network segmentation, and following HHS’s Cybersecurity Performance Goals to enhance their cybersecurity defenses.

Urgent Warning Issued to Healthcare Sector Regarding Godzilla Webshell

Federal authorities have issued an urgent warning to the healthcare sector regarding the Godzilla webshell. This sophisticated Chinese-language backdoor is known for its stealth capabilities and ability to execute commands and manipulate files.

Risk Mitigation Measures

The U.S. Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HHS HC3) has emphasized the need for healthcare organizations to adopt risk mitigation measures. This warning comes in light of the emerging threat posed by the Godzilla webshell.

Following this warning, the American Hospital Association (AHA) has alerted its members about the potential risks. The Godzilla webshell is attributed to Chinese nation-state threat actors with high confidence.

The webshell has raised alarm due to its public availability on GitHub. This availability allows other threat actors to acquire and modify its code for malicious purposes. The accessibility of the Godzilla webshell increases the risk of cyberattacks, particularly concerning ransomware aimed at stealing protected health information and disrupting hospital operations.

Scott Gee from the AHA highlighted that the healthcare sector is frequently targeted by cyberattacks, underscoring the importance of vigilance within the sector.

Stealth and Detection Challenges

The Godzilla webshell is designed to be less detectable than existing variants. It allows attackers to manage files on victim systems, including uploading, downloading, deleting, and modifying files. The webshell employs advanced encryption standards for its network traffic, complicating detection efforts by cybersecurity professionals.

Additionally, the Godzilla webshell supports reconnaissance activities, enabling attackers to gather information about operating systems, network configurations, and software versions.

Federal officials have documented previous attacks utilizing the Godzilla webshell. Notably, campaigns in November 2021 exploited a known authentication bypass vulnerability (CVE-2021-40539) in Zoho’s ManageEngine ADSelfService Plus. Microsoft and Palo Alto Networks identified these campaigns and attributed them to a Chinese group known as DEV-0322, which targeted at least nine organizations, including those in the healthcare sector.

More recently, in February 2023, AhnLab Security Emergency Response Center reported an attack campaign by the APT Dalbit that also employed the Godzilla webshell.

Recommendations for Healthcare Organizations

The Health-Information Sharing and Analysis Center (Health-ISAC) has noted a rise in ransomware and malware incidents within the healthcare sector. However, it has not directly observed the Godzilla webshell being used. Errol Weiss, the chief security officer of Health-ISAC, supports HHS’s warning and encourages organizations to adhere to the recommendations provided.

Recommendations to mitigate the risks associated with the Godzilla webshell include applying the latest software updates and patches for user organizations of ADSelfService Plus. A comprehensive defense-in-depth approach is advised to enhance detection capabilities. Tools such as network segmentation and endpoint detection are recommended. Furthermore, healthcare organizations are encouraged to implement the voluntary Cybersecurity Performance Goals published by HHS in January.

These measures aim to bolster the cybersecurity posture of healthcare organizations against evolving threats.

Original Source: Read the Full Article Here

Check out what's latest

New File Transfer Protocol Developed for Enhanced Security and Performance
New File Transfer Protocol Developed for Enhanced Security and Performance
Study Introduces Benchmark for Evaluating Cryptographic Protocols
Study Introduces Benchmark for Evaluating Cryptographic Protocols
Study Reveals Vulnerabilities of LLMs to Bit-Flip Attacks
Study Reveals Vulnerabilities of LLMs to Bit-Flip Attacks