ATTACK GROUPS TARGET HEALTHCARE

Cyberattacks have become some of the most common criminal activities of this century. That technology has been advanced to impact all sectors of industries. Every country in the world has been affected by cyberattacks. While security experts are constantly working, trying to find a solution to this problem, cyber criminals are finding new ways to make their attacks more effective.

Healthcare Security

Cyberattacks now include malware, ransomware, viruses, and worms. It’s difficult to surf the web now without encountering some type of phishing scheme. These attacks have had grave effects on large and small companies. First of all, they can lead to data loss or the exposure of confidential information. In many cases, the personal information of millions of consumers is exposed. Those affected may threaten to sue to say that the business did take every precaution to protect their personal information. Cyberattacks can also lead to loss of profits for an organization, not to mention the money and time spent trying to notify those who were affected.

Orangeworm

This is a malware that was created in 2015 which basically uses Trojan Kwampirs to ease access. In the past three years, it has been associated with attacks on hospitals. It is believed that manufacturing companies are also at risk of attacks by Orangeworm. This group is believed to be strategic, deliberate, and methodic in the manner they choose their victims. When the Orangeworm attacks, it creates a custom backdoor known as Trojan.Kwampirs. It targets the healthcare sector and related industries in the United States, Europe, and Asia.

The first Orangeworm attacks began in January 2015. From the beginning, it was clear that Orangeworm was very focused in choosing its targets. The cyber thieves who created this spent time and money researching in order to choose their victims wisely. Their attacks were specific and focused on healthcare due to its vulnerabilities.

Why health care?

It is believed that healthcare is a soft spot for cyber criminals. Firstly, most of the organizations dealing with healthcare continue to rely on old equipment. It’s not possible to install up-to-date security on older medical devices. The healthcare industry has been slow to adopt new security technology. They often cite the cost as a reason why they cannot use the most modern cyber security technology.

Secondly, cyber criminals are attracted to healthcare records because they enable medical identity fraud. Criminals find this rather lucrative. In fact, the information stolen from healthcare records is usually sold on the black market for more than ten times its price.

How Orangeworm works

Symantec explains that attacks by Orangeworm are in most instances very easy to identify because they operate with a noisy attack vector. The Orangeworm first gains access to the victim’s network. It then employs Trojan Kwampirs which is basically a backdoor Trojan. This allows them to gain access to the compromised computer remotely.

Once executed, it extracts a copy of its core DLL payload from the resource section. Next, it inserts a randomly produced string into the middle. This is aimed at ensuring that the Trojan escapes detection. The malware then creates a service simulating the configuration. This ensures that the payload is kept and retained in memory even after a reboot.

To detect whether the compromised system is used by a researcher or a high-profile individual, the Trojan collects some basic information including language settings. After determining the value of the information obtained, the Trojan will decide whether to infect other computers.

Discovery concerns

Despite being so conspicuous, Orangeworm has the ability to aggressively propagate itself once it gains access to the computer. It will then copy itself to other networks over network shares, hence Orangeworm can infect multiple computers at one time. Older versions of operating systems, such as Windows XP (still in use in some hospitals) are particularly vulnerable to this form of attacks.

Orangeworm seems to lack interest in changing its attack procedures though considered old. This could be associated with the fact that despite the age of Trojan Kwampirs and the aggressiveness with which it has been fought, not much success has been achieved. Orangeworm can still, therefore, reach its intended victim and create chaos.

Protection against this malware

Having established that this aggressive malware can have rather serious consequences on the victims, it is important to begin a very proactive program in your organization that protects your computers and network. IT professionals recommend that hospitals and other healthcare organizations replace their old computers, programs, and operating systems with new ones. This will not only make it harder for the malware to attack but will make it easier to detect it. WebFilter enabled products and Intelligence Services can be of use in protecting against Orangeworm.

Final Thoughts

Due to the importance and the confidential nature of the information contained in healthcare records, it is a necessity for healthcare providers to take all measures needed to protect this information from malware. There are established ways of protecting systems especially from Orangeworm, but it does require the assistance of an IT professional with extensive experience in this area.