27 Apr Malware Watch: Meet Orangeworm
Earlier this week, a hacking syndicate dubbed “Orangeworm” started targeting healthcare, IT service providers and related industries across Asia, Europe, and the United States in what appears to be a meticulously planned and targeted campaign.
Researchers from Symantec found the Kwampirs malware on series of medical devices including MRI devices and X-ray machines within large international corporations. Although the group has been around since January 2015, and the malware also several years old – its targeted attack hones in on sectors where the legacy system and outdated software are common and vulnerable.
40% of Orangeworm’s confirmed victim organizations operate in the healthcare industry, followed by manufacturing and IT (15% each), and logistics and agriculture (8% each).
The exact motive remains unclear however, the malware seems to target patient consent forms with the aim of understanding procedures within organizations. The Trojan was able to spread itself aggressively through networks by copying itself all over network shares. This particular method of duplication works well within older operating systems like Windows XP – attacks like this are tailored to healthcare targets that still have legacy systems.
The attack on healthcare is not at all surprising: with a rise in cyber attacks expected across the industry. Expect more to come.
Why hackers love healthcare targets: Primarily, they hold highly valuable data. While a single credit card has an average profit of $2000 and quickly becomes worthless once it’s blocked. A PHI (Protected Health Information) file can hold a value of $20,000 as it can be used over and over again over a longer time period and contains sensitive information like date of birth, social security number. It is often difficult for the owner to change or block its use.
Healthcare organizations are notoriously lax in their security protocol making them easy marks. Lack of investment in IT (the average healthcare organization spends around 3% of their IT budget on security) is a key issue, also frequently staff have no training meaning the front line has no information to defend the business.
Highly connected environments: Hospitals often have internet connected medical devices and accessories, which make easy entry points for hackers. Also, the networking within healthcare buildings are usually very interconnected, which means malware can duplicate very quickly – simply put, a single breach can bring an entire network down, as was seen with WannaCry within the NHS.
To prevent attacks on your healthcare Aware suggest a “layered” approach to security. Full patching should be mandatory as well as effective and consistent employee training.
If you would like to discuss comprehensive security protocol or the best way to train your employees you can discuss with Aware today.
- Audience Reporting Explained: How Do I Use it for My Business? - July 2, 2020
- What is Realtime Reporting in Google Analytics & What’s the Real Business Benefit? - June 29, 2020
- What is the Difference Between Business Continuity & Disaster Recovery? - April 2, 2020
- The Best WFH Business Software Solutions for Remote Employees - March 30, 2020
- Covid 19 Contact Form - March 23, 2020
- Power BI: Desktop vs Pro vs Premium - March 17, 2020
- 10 Benefits of Microsoft Power BI - March 16, 2020
- What is Power BI? - March 13, 2020
- Rethinking the Customer Journey: Micro Moments for digital marketing in 2020. - March 9, 2020
- Google Ads Audiences and Signals Explained - January 31, 2020