Industry researchers have identified a new criminal hacking group targeting healthcare organisations in the US, EU (including the UK) and the Middle East. Dubbed ‘Orangeworm’, the group operates by targeting hospitals with Trojan malware to access medical equipment and devices, including MRI scanners and X-ray equipment. Reports suggest that Orangeworm was first identified in January 2015.
The healthcare sector is a prime target for cyber attacks because of the wealth of data available through patient records. Orangeworm appears to be carefully selecting its victims, with healthcare taking the top spot for attack.
So what’s the good news?
The malware used in these attacks, Trojan.Kwampirs, has a particularly ‘noisy’ approach, which is relatively easy to detect compared with other, more sophisticated, programs. Symantec explains, “Kwampirs uses a fairly aggressive means to propagate itself once inside a victim’s network by copying itself over network shares. While this method is considered somewhat old, it may still be viable for environments that run older operating systems such as Windows XP. This method has likely proved effective within the healthcare industry, which may run legacy systems on older platforms designed for the medical community. Older systems like Windows XP are much more likely to be prevalent within this industry.”
Reliance on Windows XP was said to contribute to the NHS WannaCry attack in May 2017.
What can you do now?
The value of understanding the full range of risks facing your organisation cannot be understated. Effective planning against a known quantity can allow you to reduce or eradicate the risk and mitigate the effect on your organisation should a similar threat arise. By completing basic cyber security reviews, organisations can identify the risks they face and forecast the likelihood of these risks materialising.
IT Governance NCSC Audit and Review
Recognised and approved by the National Cyber Security Centre’s (NCSC) Certified Cyber Security Consultancy scheme, our NCSC Audit and Review is designed to provide public and private organisations with an in-depth and detailed evaluation of an organisation’s cyber security posture in relation to its compliance with UK government security objectives, policies, standards and frameworks. The scheme provides details of an organisation’s current threats and the necessary steps to mitigate against these.
Penetration testing is an effective method of determining the security of your networks and web applications, helping your organisation identify the best way of protecting its assets.
Penetration testing works by probing for vulnerabilities in your applications and networks. It is essentially a controlled form of hacking in which the ‘attackers’ operate on your behalf to find the sorts of weaknesses that criminals exploit.
The process of penetration testing involves assessing your chosen systems for any potential weaknesses that could result from poor or improper system configuration, known and unknown hardware or software flaws, and operational weaknesses in process or technical countermeasures.
An experienced penetration tester can mimic the techniques used by criminals without causing damage. These tests are usually conducted outside business hours or when networks and applications are least used, thereby minimising the impact on everyday operations.
More information on penetration testing can be found in our testing guide: Assured Security: Getting cyber secure with penetration testing >>