Hacker Group Targets Healthcare Providers

Uploaded on 2018-05-09 in TECHNOLOGY--Hackers, NEWS-News Analysis, FREE TO VIEW, BUSINESS-Services-Health & Welfare

Data security vendor Symantec is warning of a new and significantly dangerous hacker ring targeting large healthcare organisations in the United States, Europe and Asia.

“Symantec has identified a previously unknown group called Orangeworm that has been observed installing a custom backdoor called Trojan.Kwempirs,” the vendor notes.

Orangeworm is looking for targets to engage in corporate espionage in healthcare and other industries. Targets are chosen carefully and deliberately with extensive planning before an attack is made, Symantec experts contend. Data from the security organisation suggests that healthcare is the top target for the hackers, it says that 39 percent of attacks have been aimed at healthcare organisations, with manufacturing, information technology, logistics and agriculture also in their crosshairs.

So far, Symantec has found Kwempirs malware placed on diagnostic imaging machines in healthcare organisations. Additionally, Orangeworm was observed to have an interest in machines used to assist patients in completing consent forms for required procedures.

The vendor acknowledges that exact motives of the Orangeworm group are unclear, but the company believes other industries have been targeted as part of a larger supply chain attack to enable Orangeworm to get access to healthcare organisations.

“While these industries appear to be unrelated, we found them to have multiple links to healthcare, such as large manufacturers that produce medical imaging devices sold directly into healthcare firms, IT organisations that provide support services to medical clinics, and logistical organisations that deliver healthcare products.”

The installed backdoor into an organisation collects information from the infected computer, which Symantec surmises can help a hacker know if the computer is used by a researcher or a higher-value target. 

“Once Orangeworm determines that a potential victim is of interest, it proceeds to aggressively copy the backdoor across open network shares to infect other computers.”  

Further, with healthcare’s reliance on older operation systems, particularly Windows XP, Orangeworm does not appear to be overly concerned about being discovered.

Information-Management

You Might Also Read: 

British Healthcare System Spends £150m Extra On Cybersecurity:

Cyber Attacks Focus On Healthcare:
 

« Re-Thinking The Threat Of Ransomware
How To Beat The Hackers »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

Fuel Recruitment

Fuel Recruitment

Fuel Recruitment is a specialist recruitment company for the IT, Telecoms, Engineering, Consulting and Marketing industries.

CyberArk Software

CyberArk Software

CyberArk is an established leader in privileged access management and offers the most complete set of Identity Security capabilities.

Sucuri

Sucuri

Sucuri provide a complete website security solution to protect against hacks and clean up after security incidents.

CyberPlat

CyberPlat

CyberPlat is an integrated broad-based multibank Internet payment system. It is the largest electronic payment system in Russia and CIS.

Trustlook

Trustlook

Trustlook's SECUREai engine delivers the performance and scalability needed to provide total threat protection against malware and other forms of attack.

Viasat

Viasat

Viasat is a provider of high-speed satellite broadband services and secure networking systems covering military and commercial markets.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

ACPL Systems

ACPL Systems

We offer leading-edge technology solutions, expert professional and managed services and proven methodologies to ensure your data is protected and business risks are reduced.

Bio-Morphis

Bio-Morphis

Bio-Morphis Reflex solution is a paradigm shift in the approach to information systems security.

astarios

astarios

astarios provide near-shore software development services including secure software development (DevSecOps), quality assurance and testing.

SecureWorx

SecureWorx

SecureWorx are a secure multi-cloud MSP, a provider of advanced IT security services and an independent cyber security advisory.

Sentra

Sentra

Sentra is focused on improving data security practices within the cloud, mitigating the risks of damaging data leaks by providing comprehensive visibility into critical data assets.

Arcanna.ai

Arcanna.ai

Using a wide range of out-of-the box integrations, Arcanna.ai continuously learns from existing enterprise cybersecurity experts and scales your team’s capacity to deal with threats.

UNS Inc.

UNS Inc.

UNS is a top services partner for multiple leaders in the global cybersecurity industry – we do business in 40 countries, including the United States, Canada, Chile, and Colombia.

Harbor Networks

Harbor Networks

Harbor Networks is a communications systems integrator and managed services provider. We provide business consultation services for voice and data communication technology.

Akto

Akto

Akto, the plug & play API security platform. Discover your APIs, run tests and find business logic vulnerabilities at ludicrous speed.