Security Researchers have this week identified a new hacking group that has been targeting global healthcare organisations with a malware that is remotely accessing medical equipment such as X-Rays and MRI machines.
The group has been active since January 2015, and works by accessing IT systems using a trojan known as Kwampirs – this then installs a custom backdoor on the systems that it targets before collecting information on its host. As well as accessing medical equipment, the attack also appears to be observing machines that patients use to complete consent firms – basically, they are reaping healthcare records and patient data.
The trojan predominantly targets healthcare organisations but has also been found to attack manufacturing, IT and logistics company. 5% of Orangeworm’s global victims are based in the UK.
Simon Townsend, CTO – EMEA at IT and Security company, Ivanti commented below.
Simon Townsend, CTO – EMEA at Ivanti:
“Aside from the fact that Orangeworm is accessing extremely sensitive patient data, the most troubling part of this story is that the attack has been ongoing since January 2015. That’s over three years that the malware has been successfully exploiting systems that are running on legacy and older operating systems.
The Centre for Internet Security releases cybersecurity controls regularly with thorough advice on how to defend against these sorts of attacks. Yet the ongoing proliferation of cybercrime that looks to exploit vulnerable technologies shows that these guidelines aren’t being wholly followed by many organisations. It doesn’t matter if you have the most up-to-date technology in the world – if the tech was developed by humans, it likely contains mistakes. For this reason, IT and Security teams need to be on the ball ensuring that as soon as vulnerabilities are identified, that they are fixed.
Basic cybersecurity defences such as patching, application control, and removal of administrative privileges all help reduce risks like malware from executing on organisations’ environments in the first place. It is my hope that upcoming regulations such as the GDPR and NIS Directive, which encourage compliance with data privacy and cybersecurity laws by threatening organisations with immense fines, finally force us all to sit up and take note of the security threatscape. Many of the high profile attacks of the last year, the NotPetyas and WannaCrys, could have largely been fended off with back to basics cybersecurity controls.
Whilst it was announced over the weekend that the NHS signed a new agreement whereby Microsoft will be upgrading all machines to Windows 10, thus helping to eliminate the severe issues caused by out-of-date legacy systems, this doesn’t mean that they need to take their foot of the gas when it comes to cybersecurity defences.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.