Jump to content

New exploits target hospital devices, places patients at risk


Batu69

Recommended Posts

'Medjack 2' describes the latest weapons in the hacker arsenal used to hijack medical devices.

screen-shot-2016-06-22-at-15-33-48.jpg

TrapX

 

It is not just the enterprise, banks and individuals that are targeted by cybercriminals looking to cash in on data and rinse bank accounts.

Things have taken a more sinister turn with the introduction -- and evolution -- of attacks specifically designed to compromise medical devices, which places both patient health and information at serious risk.

 

A new report released by security firm TrapX on Monday highlights how this trend is becoming more and more serious, and healthcare organizations must sit up and take note of these emerging threats before it is too late.

 

We've already seen ransomware attacks levied against hospitals this year which have successfully disrupted critical services and taken down full systems, with some hospitals giving in and paying a ransom to resume operating.

 

This kind of malware, although often heartbreaking for victims and capable of immense disruption, is not in the same ballpark as other attacks which are striking hospitals for the purpose of tampering with devices and data.

 

The report, "Anatomy of an Attack - Medical Device Hijack 2" (.PDF), is based on medical hijack attacks detected between late 2015 and early 2016, expanding on TrapX's original MedJack 1 research.

The team found that attacks which target medical devices deployed in hospital PC systems and networks are on the rise and often contain backdoors, botnet connections and remote access tunnels for cyberattackers to manipulate devices.

Greg Enriquez, CEO of TrapX Security commented:

Quote

"Sophisticated attackers are going after healthcare institutions, and they are highly motivated to gain access to valuable patient records that can net them high dollars on the black market [...] MedJack 1 was not an anomaly but rather highlighted the beginnings of a growing trend, a trend that's become prevalent as attackers leverage sophisticated attack techniques to steal sensitive patient data while remaining undetected."

 

Some of the report highlights include:

  • Attackers were found to repackage and disguise advanced tools within old, Windows-based worms which were ignored by security software as outdated, harmless malware -- but would then seek out old PC systems to compromise.
  • Old malware variants were commonly used to attack medical devices as many of them have no security protection whatsoever, and there is no need to use sophisticated, expensive software once a network has been infiltrated;
  • Backdoors were often installed afterwards, allowing for spying, data theft and providing an avenue to deploy malware payloads including ransomware;
  • X-ray machines, radiation systems, fluoroscopy radiology systems and linac gating devices were all found to be constant targets for attackers.

By compromising medical systems, attackers could not only potentially tamper with live-saving devices -- such as altering dosage rates or turning systems off and on -- but they can also use vulnerabilities to steal valuable medical and patient data over time.

 

Medical device hijacking is only one threat element hospitals face today. Healthcare organizations have been forced to take cybersecurity more seriously since the recent spate of ransomware-based attacks at a number of hospitals this year, but to combat the more complex problem of medical device hijacking, solutions need to come from the top.

 

Hospital budgets and board decisions have to come into play if healthcare organizations are going to be able to keep patients safe from these threats in the future. It may not seem likely that such a malicious attack would occur against a patient using a critical medical device, but in today's world, anything is possible.

 

"Healthcare organizations need to implement strategies that review and remediate existing medical devices, better manage medical device end-of-life and carefully limit access to medical devices," noted Moshe Ben Simon, TrapX Security co-founder and vice president. "It becomes essential to leverage technology and processes that can detect threats from within hospital networks."

 

Article source

Link to comment
Share on other sites


  • Replies 3
  • Views 588
  • Created
  • Last Reply

TED dot com hosted a speech wherein the author held that all your devices can be hacked...

 

Including medical devices:

 

All your devices can be hacked...

 

MEDIA VIA THE LINK BELOW...

 

Could someone hack your pacemaker?

 

Avi Rubin shows how hackers are compromising cars, smartphones and medical devices,

and warns us about the dangers of an increasingly hack-able world.

 

http://www.ted.com/talks/avi_rubin_all_your_devices_can_be_hacked

 

:(

Link to comment
Share on other sites


Internet-connected medical devices such as MRI machines, CT scanners and dialysis pumps are increasingly being targeted by hacker seeking to steal patient medical records from hospitals. Attackers consider the devices soft digital targets, seldom guarded with same security as client PCs and servers within hospitals.

 

In a report by security firm TrapX Labs, researchers found that the dearth of cyber defenses on clinical IoT medical equipment was tied to a resurgence of old malware such as networm32.kido.ib and the notorious Conficker worm. In its paper MEDJACK.2 Hospitals Under Siege (PDF), researchers describe how modern hospital security systems overlook protecting internet-connected devices running Windows XP or unpatched versions of Windows 7 and Windows 8 making them an easy target for ancient worms.

 

“The malware utilized for this attack was specifically selected to exploit older versions of Windows… It enabled the attacker to install a backdoor within the enterprise, from which they could launch their campaign and quietly exfiltrate data and perhaps cause significant damage using a ransomware attack,” TrapX wrote in its report.

 

In its 2009 heyday Conficker was estimated to have infected between 9 million to 15 million computers. The computer worm was known for constantly morphing as Conficker authors regularly updated the code. The worm targets Microsoft’s Windows operating system and was notorious for cracking passwords, hijacking Windows computers and enlisting them into botnets that distributed spam and installed scareware.

 

Researchers say they have captured new samples of the Conficker worm that has been updated with an enhanced ability to laterally move within a network and target specific types of medical devices. Researchers say malware is being delivered via spear phishing attacks against hospital staff. Researchers say once Conficker or networm32.kido.ib infects and wends its way inside a network attackers use command-and-control instructions to deliver additional “more sophisticated” malware to devices.

 

“Wrapped inside an out-of-date malware wrap­per for networm32.kido.ib, we determined that the malware was in fact quite sophisticated, and capable of ‘jumping’ or moving between networks successfully. The almost harmless net­worm, easily ignored by Windows 7 patched systems, Windows 8 platforms and new oper­ating systems, exploited a vulnerability within Windows XP to load a RAT (remote access tool) so the attacker could load sophisticated, state of the art attacker software components,” according to the report.

 

In its previous 2015 report TrapX noticed similar types of attacks inside hospitals and healthcare facilities. What’s new is, “These old worms such as Conficker are being used in tandem with much more sophisticated payloads that are able to go deeper into a hospital network and target specific devices that can gain criminals easier access to patient records,” said Moshe Ben-Simon, co-founder of Trapx Labs.

 

Patient records are quickly becoming a hot commodity on the dark web. Ben-Simon said medical records are known to hold greater value on the black market over other items such as credit card data. That’s because criminals can steal a patient’s identity and not just extend credit in their names, but also have costly prescriptions filled. “Insurance pays for the prescription and attackers can resell the drugs on the black market,” Ben-Simon said.

 

TrapX estimates that medical records fetch $10 to $20 per record on the black market versus about $5 for one financial profile.

Last week records for 655,000 patients wound up on the web that were allegedly stolen from three healthcare organizations. In the case of these records, attackers claim to have obtained the data via a remote desktop protocol attack.

 

According to the TrapX report, which studied real-world infections at three hospitals, a forensic investigation revealed that the presence of the Conficker worm failed to generate any cybersecurity alarms. TrapX reported the Conficker worm went unnoticed out of a lack of concern for the ancient vulnerability. “Medical devices are ‘black boxes’ and their internal software operations are not visible to the hospital cyber defense team. They run out of date operating systems, such as Windows 7 or Windows XP which are highly vulnerable and almost completely unprotected,” wrote researchers.

 

Ben-Simon said those medical devices are extremely attractive targets because each one of them is highly connected and link to a community additional vulnerable medical devices that link to high value patient data. “All it takes is one successful at­tempt for the attacker to establish a backdoor, find and steal data, or use automated tools to set a ransomware attack in motion,” according to the report.

Article source

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...