Malware Watch: Meet Orangeworm

27 Apr Malware Watch: Meet Orangeworm

Earlier this week, a hacking syndicate dubbed “Orangeworm” started targeting healthcare, IT service providers and related industries across Asia, Europe, and the United States in what appears to be a meticulously planned and targeted campaign.


Researchers from Symantec found the Kwampirs malware on series of medical devices including MRI devices and X-ray machines within large international corporations. Although the group has been around since January 2015, and the malware also several years old – its targeted attack hones in on sectors where the legacy system and outdated software are common and vulnerable.


40% of Orangeworm’s confirmed victim organizations operate in the healthcare industry, followed by manufacturing and IT (15% each), and logistics and agriculture (8% each).


The exact motive remains unclear however, the malware seems to target patient consent forms with the aim of understanding procedures within organizations. The Trojan was able to spread itself aggressively through networks by copying itself all over network shares. This particular method of duplication works well within older operating systems like Windows XP – attacks like this are tailored to healthcare targets that still have legacy systems.


The attack on healthcare is not at all surprising: with a rise in cyber attacks expected across the industry. Expect more to come.


Why hackers love healthcare targets: Primarily, they hold highly valuable data. While a single credit card has an average profit of $2000 and quickly becomes worthless once it’s blocked. A PHI (Protected Health Information) file can hold a value of $20,000 as it can be used over and over again over a longer time period and contains sensitive information like date of birth, social security number. It is often difficult for the owner to change or block its use.


Healthcare organizations are notoriously lax in their security protocol making them easy marks. Lack of investment in IT (the average healthcare organization spends around 3% of their IT budget on security) is a key issue, also frequently staff have no training meaning the front line has no information to defend the business.


Highly connected environments: Hospitals often have internet connected medical devices and accessories, which make easy entry points for hackers. Also, the networking within healthcare buildings are usually very interconnected, which means malware can duplicate very quickly – simply put, a single breach can bring an entire network down, as was seen with WannaCry within the NHS.


To prevent attacks on your healthcare Aware suggest a “layered” approach to security. Full patching should be mandatory as well as effective and consistent employee training.


If you would like to discuss comprehensive security protocol or the best way to train your employees you can discuss with Aware today.