Healthcare cybersecurity experts from Cynerio and Rubicon Labs commented below on Orangeworm, a cyber crime group that is targeting the health sector and related industries in the US, Europe and Asia in a suspected corporate espionage campaign. Orangeworm has been observed deploying a custom backdoor known as Trojan.Kwampirs within large international organizations, researchers at Symantec have discovered. The targeted organizations include healthcare providers, pharmaceutical firms, IT service providers for healthcare, and equipment manufacturers that serve the healthcare industry.
“We’re seeing the unfolding of one of the most dangerous scenarios for connected healthcare. A persistent and polymorphic worm that is specifically adapted to exploiting unprotected network shares in old Windows networks – which are very common in medical devices. This threat is attacking mission-critical devices such as MRI machines and is able lurk inside these devices, perform lateral movement within the network and download additional malicious functionality as per the attacker’s choice.
The fact that this threat was most successful in healthcare systems brings to light some of the biggest pain points in the security posture of this industry today: unpatched devices, permissive network configurations and a complete lack of visibility and control over medical devices, their servers and their network peers.”
Rod Schultz, Chief Product officer at Rubicon Labs:
“Legacy operating systems will always be a rich attack surface for well-constructed viruses like Orangeworm. These older systems have well-understood and, many times, documented flaws that are exploited by these viruses. The verticals being attacked seem to be a direct indicator of who is using this outdated technology. As long as there is something to be stolen from these devices, older operating systems executing in a modern environment will continue to encounter this type of profiteering and attacks.”
ISBuzz Team embodies the collaborative efforts of the dedicated staff at Information Security Buzz, converging a wide range of skills and viewpoints to present a unified, engaging voice in the information security realm. This entity isn't tied to a single individual; instead, it's a dynamic embodiment of a team diligently working behind the scenes to keep you updated and secure. When you read a post from ISBuzz Team, you're receiving the most relevant and actionable insights, curated and crafted by professionals tuned in to the pulse of the cybersecurity world. ISBuzz Team - your reliable compass in the fast-evolving landscape of information security
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.