Kaspersky Lab’s researchers have discovered evidence of an emerging and alarming trend: more and more advanced cyber threat actors are turning their attention to attacks against the healthcare sector. The infamous PlugX malware has been detected in pharmaceutical organizations in Vietnam, aimed at stealing precious drug formulas and business information.

 

PlugX malware is a well-known remote access tool (RAT). It is usually spread via spear phishing and has previously been detected in targeted attacks against the military, government and political organizations. The RAT has been used by a number of Chinese-speaking cyber threat actors, including Deep Panda, NetTraveler or Winnti. In 2013, it was discovered that the latter – responsible for attacking companies in the online gaming industry – had been using PlugX since May 2012. Interestingly, Winnti has also been present in attacks against pharmaceutical companies, where the aim has been to steal digital certificates from medical equipment and software manufacturers.

 

PlugX RAT allows attackers to perform various malicious operations on a system without the user’s permission or authorization, including – but not limited to – copying and modifying files, logging keystrokes, stealing passwords and capturing screenshots of user activity. PlugX, as with other RATs, is used by cyber criminals to discreetly steal and collect sensitive or profitable information for malicious purposes.

 

RAT usage in attacks against pharmaceutical organizations indicates that sophisticated APT actors are showing an increased interest in capitalizing on the healthcare sector.

 

Kaspersky Lab products successfully detect and block the PlugX malware.

 

Private and confidential healthcare data is steadily migrating from paper to digital form within medical organizations. While the security of the network infrastructure of this sector is sometimes neglected, the hunt by APTs for information on advancements in drug and equipment innovation is truly worrying. Detections of PlugX malware in pharmaceutical organizations demonstrate yet another battle that we need to fight – and win – with cyber criminals,” said Yury Namestnikov, security researcher at Kaspersky Lab.

 

Other key findings for 2017 in the research include:

  • More than 60% of medical organizations had malware on their servers or computers;
  •  Philippines, Venezuela and Thailand topped the list of countries with attacked devices in medical organizations.

 

In order to stay protected, Kaspersky Lab experts advise businesses to take the following measures:

  • Remove all nodes that process medical data from public and secure public web portals;
  • Automatically update installed software using patch management systems on all nodes, including servers.
  • Perform network segmentation: refrain from connecting expensive equipment to the main LAN of your organization
  • Use a proven corporate grade security solution in combination with anti-targeted attack technologies and threat intelligence, such as Kaspersky Threat Management and Defense solution. These are capable of spotting and catching advanced targeted attacks by analyzing network anomalies and giving cybersecurity teams full visibility over the network and response automation.

 

For more recommendations, please visit Securelist.com.

 

To learn more about PlugX attacks and healthcare cyber security, read our blogpost on Securelist.com.


RECOMMENDED ARTICLE FOR TECHWORLD


 
Fighting Ransomware: Kaspersky Lab Saved $53M for its Clients in 2015
Techworld Date Posted: 9 June 2016 10:59 AM | 207 Views
Kaspersky Lab has announced that in 2015, its solutions protected 443,920 users and corporate customers worldwide from crypto-ransomware, depriving cybercriminals of nearly $ 53 million in illegal earnings. Crypto-ransomware, and the cybercriminals that use it,.... See More
 
Fighting Ransomware: Kaspersky Lab Saved $53M for its Clients in 2015
Techworld Date Posted: 10:59 AM | 207 Views
Kaspersky Lab has announced that in 2015, its solutions protected 443,920 users and corporate customers worldwide from crypto-ransomware, depriving cybercriminals of nearly $ 53 million in illegal earnings. Crypto-ransomware, and the cybercriminals that use it,...See More

 
TRIAL and ERROR: Kaspersky Lab Unearths iOS Cryptomining Attacks, Careless Mistakes by Roaming Mantis
Techworld Date Posted: 24 September 2018 4:57 PM | 149 Views
Just five months after Kaspersky Lab’s first report on the DNS hijacking operation to infect Android smartphones in Asia, the attack dubbed ‘Roaming Mantis’ remains highly active, exploring new tricks and techniques to extend.... See More
 
TRIAL and ERROR: Kaspersky Lab Unearths iOS Cryptomining Attacks, Careless Mistakes by Roaming Mantis
Techworld Date Posted: 4:57 PM | 149 Views
Just five months after Kaspersky Lab’s first report on the DNS hijacking operation to infect Android smartphones in Asia, the attack dubbed ‘Roaming Mantis’ remains highly active, exploring new tricks and techniques to extend...See More

Rafael Aquino
The Computer Age Gap
Techworld • By: Rafael Aquino | Date Posted: 13 July 2017 9:13 AM | 395 Views
I remember more than once hearing a person of higher age saying “...too many computers.” It gives me a feeling of insecurity. What about computers? Are computers bad? Did they ever hurt anyone directly?. See More
Rafael Aquino
The Computer Age Gap
Techworld • By: Rafael Aquino | Date Posted: 9:13 AM | 395 Views
I remember more than once hearing a person of higher age saying “...too many computers.” It gives me a feeling of insecurity. What about computers? Are computers bad? Did they ever hurt anyone directly?See More

 
ASRock Kicks Off Mini PC Revolution with the World’s 1st Micro-STX DeskMini RX/GTX System
Techworld Date Posted: 31 January 2017 3:31 AM | 361 Views
Consumers nowadays are seeking for a tiny yet powerful computing gear. Hence, ASRock made its refresh DeskMini system debut at the recently concluded CES 2017.. See More
 
ASRock Kicks Off Mini PC Revolution with the World’s 1st Micro-STX DeskMini RX/GTX System
Techworld Date Posted: 3:31 AM | 361 Views
Consumers nowadays are seeking for a tiny yet powerful computing gear. Hence, ASRock made its refresh DeskMini system debut at the recently concluded CES 2017.See More

 
Philippine Robotics Team Awarded to Compete Globally
Techworld Date Posted: 24 August 2018 4:33 PM | 243 Views
Various schools across the country will represent the Philippines at the World Robotics Olympiad 2018 (WRO 2018) happening on November 15 to 19 in Chiang Mai, Thailand, after being proclaimed as winners of the.... See More
 
Philippine Robotics Team Awarded to Compete Globally
Techworld Date Posted: 4:33 PM | 243 Views
Various schools across the country will represent the Philippines at the World Robotics Olympiad 2018 (WRO 2018) happening on November 15 to 19 in Chiang Mai, Thailand, after being proclaimed as winners of the...See More

 
UBTECH OPENS ROBOTICS SUMMER WORKSHOP
Techworld Date Posted: 8 May 2018 3:07 PM | 273 Views
The introduction and availability of programmable robots (Robotics) at brickand-mortar stores are still unrecognizable. For most, these robots are too expensive for a “toy” without even exploring its value and benefits to their kids,.... See More
 
UBTECH OPENS ROBOTICS SUMMER WORKSHOP
Techworld Date Posted: 3:07 PM | 273 Views
The introduction and availability of programmable robots (Robotics) at brickand-mortar stores are still unrecognizable. For most, these robots are too expensive for a “toy” without even exploring its value and benefits to their kids,...See More

PCBG Contributing Writer
The Race to 64-bit
Techworld • By: PCBG Contributing Writer | Date Posted: 3 March 2018 8:47 AM | 164 Views
When you install an OS, sometimes the installer would say something along the lines of “Your architecture does not support this operating system” and would prompt you to install another. See More
PCBG Contributing Writer
The Race to 64-bit
Techworld • By: PCBG Contributing Writer | Date Posted: 8:47 AM | 164 Views
When you install an OS, sometimes the installer would say something along the lines of “Your architecture does not support this operating system” and would prompt you to install anotherSee More

PCBG Contributing Writer
Buckle Up for This Year’s E-Sports and Gaming Summit
Techworld • By: PCBG Contributing Writer | Date Posted: 26 October 2017 2:36 PM | 283 Views
The E-Sports and Gaming Summit (ESGS) 2017 is bound to grace the SMX Convention Center in Pasay City on October 27-29 (Friday-Sunday) for a no-holds barred gaming extravaganza and introduction of new local and.... See More
PCBG Contributing Writer
Buckle Up for This Year’s E-Sports and Gaming Summit
Techworld • By: PCBG Contributing Writer | Date Posted: 2:36 PM | 283 Views
The E-Sports and Gaming Summit (ESGS) 2017 is bound to grace the SMX Convention Center in Pasay City on October 27-29 (Friday-Sunday) for a no-holds barred gaming extravaganza and introduction of new local and...See More

 
Olympic Destroyer Is Back, Targeting Chemical, Biological Threat Protection Entities in Europe
Techworld Date Posted: 26 June 2018 4:58 PM | 330 Views
Kaspersky Lab researchers tracking the Olympic Destroyer threat that famously struck the opening of the Winter Olympic Games in Pyeongchang with a destructive network worm have discovered that the hacking group behind it is.... See More
 
Olympic Destroyer Is Back, Targeting Chemical, Biological Threat Protection Entities in Europe
Techworld Date Posted: 4:58 PM | 330 Views
Kaspersky Lab researchers tracking the Olympic Destroyer threat that famously struck the opening of the Winter Olympic Games in Pyeongchang with a destructive network worm have discovered that the hacking group behind it is...See More

 
Nearly Half of Advanced Targeted Attacks in Q3, 2017 Came from Chinese-Speaking Actors
Techworld Date Posted: 23 November 2017 3:51 PM | 199 Views
The third quarter of 2017 clearly demonstrated that Chinese-speaking actors have not “disappeared” and are still very much active, conducting cyber-espionage campaigns against a wide range of countries and industry verticals. . See More
 
Nearly Half of Advanced Targeted Attacks in Q3, 2017 Came from Chinese-Speaking Actors
Techworld Date Posted: 3:51 PM | 199 Views
The third quarter of 2017 clearly demonstrated that Chinese-speaking actors have not “disappeared” and are still very much active, conducting cyber-espionage campaigns against a wide range of countries and industry verticals. See More


Power by

Download Free AZ | Free Wordpress Themes