HC3 TLP Clear: White Paper: ownCloud Vulnerability Under Active Attack

Executive Summary

The ownCloud platform allows organizations to store, synchronize, and share files and other content, as well as collaborate and consolidate work processes. This platform is known to be deployed across the U.S. health sector, among other industries. The nature of this platform provides cyber-attackers with a target that can potentially provide access to sensitive health information, as well as a staging point for further attacks. Three vulnerabilities were recently identified in certain versions of ownCloud, the most egregious of which is known to be under active attack. HC3 recommends healthcare organizations running ownCloud identify vulnerable instances and prioritize implementation of the mitigation steps in this document.

Platform Overview

The ownCloud platform is described on its website as an “open-source file sync, share and content collaboration software that lets teams work on data easily from anywhere, on any device.” The company reports 500 enterprise customers and 200 million users worldwide. It serves the health sector, among other industries, where it has noted that it “enables users to collaborate while retaining digital sovereignty, empowering them to easily edit, share, and access files regardless of device or location. Tailored open– source solutions without backdoors or vendor lock-ins.” Its stated capabilities include HIPAA compliance, securely storing and sharing sensitive patient data, and frictionless collaboration among medical professionals, among other features. A capabilities document can be found here. The nature of this platform is such that it needs to be integrated into the information infrastructure of a customer organization to function, which provides attackers with a target that can potentially provide access to sensitive information, as well as a staging point for further attacks.

View the detailed report below.