Medical devices remain easy marks for data thieves

From the Security Info Watch news article:

…According to the researchers, attackers leveraged the shellcode technique to exploit numerous medical devices including a Radiation Oncology system, a Respiratory Position Management System, a Flouroscopy Radiology system and an X-Ray machine. They found that malware was discovered moving laterally within the network. By utilizing Deception technology, some healthcare institutions were able to identify the attack, which would have otherwise gone undetected. Upon finding what was thought to be a vulnerable target, but was in fact a deception trap, the malware injected malicious code. This set an alert in motion allowing administrators to identify the attack and understand the attacker’s tactics. The discovered attack utilized shellcode execution leveraging a small module of code as a payload to exploit a software vulnerability. In these instances, the trap allowed the malware to proceed in order to analyze the attack, however, the device was not vulnerable. This com­plex attack then invoked a file transfer to load the necessary file to set up additional command and control functions.

What made this attack unique was that the attacker’s sophisticated tools were camou­flaged inside an out-of-date MS08-067 worm wrapper, enabling the attack to successfully move between networks. After observing a pattern, researchers concluded that the attackers intentionally packaged tools targeting older and more vulnerable Windows XP or Windows 7 operating systems devoid of adequate endpoint cyber defenses. By masking new tools in outdated worm code, the attackers were also able to evade security alerts by the standard hospital workstations installed with up-to-date endpoint cyber defenses since the newer operating systems simply “ignored” the attack…

Read more at the link:

About Author: GHCAN Admin

Comments are closed.