Kaspersky Lab’s researchers have discovered evidence of an emerging and alarming trend: more and more advanced cyber threat actors are turning their attention to attacks against the healthcare sector. The infamous PlugX malware has been detected in pharmaceutical organizations in Vietnam, aimed at stealing precious drug formulas and business information.

 

PlugX malware is a well-known remote access tool (RAT). It is usually spread via spear phishing and has previously been detected in targeted attacks against the military, government and political organizations. The RAT has been used by a number of Chinese-speaking cyber threat actors, including Deep Panda, NetTraveler or Winnti. In 2013, it was discovered that the latter – responsible for attacking companies in the online gaming industry – had been using PlugX since May 2012. Interestingly, Winnti has also been present in attacks against pharmaceutical companies, where the aim has been to steal digital certificates from medical equipment and software manufacturers.

 

PlugX RAT allows attackers to perform various malicious operations on a system without the user’s permission or authorization, including – but not limited to – copying and modifying files, logging keystrokes, stealing passwords and capturing screenshots of user activity. PlugX, as with other RATs, is used by cyber criminals to discreetly steal and collect sensitive or profitable information for malicious purposes.

 

RAT usage in attacks against pharmaceutical organizations indicates that sophisticated APT actors are showing an increased interest in capitalizing on the healthcare sector.

 

Kaspersky Lab products successfully detect and block the PlugX malware.

 

Private and confidential healthcare data is steadily migrating from paper to digital form within medical organizations. While the security of the network infrastructure of this sector is sometimes neglected, the hunt by APTs for information on advancements in drug and equipment innovation is truly worrying. Detections of PlugX malware in pharmaceutical organizations demonstrate yet another battle that we need to fight – and win – with cyber criminals,” said Yury Namestnikov, security researcher at Kaspersky Lab.

 

Other key findings for 2017 in the research include:

  • More than 60% of medical organizations had malware on their servers or computers;
  •  Philippines, Venezuela and Thailand topped the list of countries with attacked devices in medical organizations.

 

In order to stay protected, Kaspersky Lab experts advise businesses to take the following measures:

  • Remove all nodes that process medical data from public and secure public web portals;
  • Automatically update installed software using patch management systems on all nodes, including servers.
  • Perform network segmentation: refrain from connecting expensive equipment to the main LAN of your organization
  • Use a proven corporate grade security solution in combination with anti-targeted attack technologies and threat intelligence, such as Kaspersky Threat Management and Defense solution. These are capable of spotting and catching advanced targeted attacks by analyzing network anomalies and giving cybersecurity teams full visibility over the network and response automation.

 

For more recommendations, please visit Securelist.com.

 

To learn more about PlugX attacks and healthcare cyber security, read our blogpost on Securelist.com.


RECOMMENDED ARTICLE FOR TECHWORLD


 
PH Faces Increasing App-Driven Attacks
Techworld Date Posted: 7 September 2017 1:56 PM | 406 Views
MANILA, PHILIPPINES - The attack surface created by app-driven transformation is expanding rapidly, with 72 percent of the total number of attacks focused on user identities and applications, the gateway to personal data. This.... See More
 
PH Faces Increasing App-Driven Attacks
Techworld Date Posted: 1:56 PM | 406 Views
MANILA, PHILIPPINES - The attack surface created by app-driven transformation is expanding rapidly, with 72 percent of the total number of attacks focused on user identities and applications, the gateway to personal data. This...See More

 
Far Eastern University Team Wins First Intercollegiate PUBG Competition
Techworld Date Posted: 24 July 2018 5:15 PM | 789 Views
The FEU_ANBU team of Far Eastern University has emerged as the champions of the inaugural MSI-NVIDIA University League PlayerUnknown’s Battleground (PUBG) Tournament, the first intercollegiate competition in the Philippines.. See More
 
Far Eastern University Team Wins First Intercollegiate PUBG Competition
Techworld Date Posted: 5:15 PM | 789 Views
The FEU_ANBU team of Far Eastern University has emerged as the champions of the inaugural MSI-NVIDIA University League PlayerUnknown’s Battleground (PUBG) Tournament, the first intercollegiate competition in the Philippines.See More

 
Clean Machines: Startup’s Bots Sweep Up Corporate Campuses
Techworld Date Posted: 4 March 2019 3:49 PM | 74 Views
Gregg Ratanaphanyarat and Dawei Ding joined the ranks of college dropouts in 2016, leaving Penn State to launch a robotics startup for outdoor cleaning.. See More
 
Clean Machines: Startup’s Bots Sweep Up Corporate Campuses
Techworld Date Posted: 3:49 PM | 74 Views
Gregg Ratanaphanyarat and Dawei Ding joined the ranks of college dropouts in 2016, leaving Penn State to launch a robotics startup for outdoor cleaning.See More

 
Kaspersky Lab Researcher Creates Free Software Tool for Collecting Remote Evidence after Cyber-Attacks
Techworld Date Posted: 14 July 2017 1:12 PM | 208 Views
To overcome the need for investigators to travel far and wide to gather evidence from infected computers after a cyberattack, a Kaspersky Lab expert has developed a simple tool that can remotely collect vital.... See More
 
Kaspersky Lab Researcher Creates Free Software Tool for Collecting Remote Evidence after Cyber-Attacks
Techworld Date Posted: 1:12 PM | 208 Views
To overcome the need for investigators to travel far and wide to gather evidence from infected computers after a cyberattack, a Kaspersky Lab expert has developed a simple tool that can remotely collect vital...See More

 
Transcend Is Honored with Five Taiwan Excellence Awards 2019
Techworld Date Posted: 21 November 2018 1:25 PM | 138 Views
Transcend Information, Inc. (Transcend®), a worldwide leader in storage and multimedia products, is proud to announce that five of its state-of-the art products have been awarded the 2019 Taiwan Excellence Award for their innovation.. See More
 
Transcend Is Honored with Five Taiwan Excellence Awards 2019
Techworld Date Posted: 1:25 PM | 138 Views
Transcend Information, Inc. (Transcend®), a worldwide leader in storage and multimedia products, is proud to announce that five of its state-of-the art products have been awarded the 2019 Taiwan Excellence Award for their innovation.See More

 
NVIDIA Supersizes PC Gaming with New Breed of Big Format Gaming Displays
Techworld Date Posted: 8 January 2018 4:42 PM | 264 Views
Created in conjunction with NVIDIA hardware partners Acer, ASUS and HP, BFGDs integrate a high-end 65-inch, 4K 120Hz HDR display with NVIDIA® G-SYNC® technology together with NVIDIA SHIELDTM, the world’s most advanced streaming device.. See More
 
NVIDIA Supersizes PC Gaming with New Breed of Big Format Gaming Displays
Techworld Date Posted: 4:42 PM | 264 Views
Created in conjunction with NVIDIA hardware partners Acer, ASUS and HP, BFGDs integrate a high-end 65-inch, 4K 120Hz HDR display with NVIDIA® G-SYNC® technology together with NVIDIA SHIELDTM, the world’s most advanced streaming device.See More

 
Transcend Releases Fast, Stylish StoreJet 600 for Mac
Techworld Date Posted: 27 September 2017 4:59 PM | 236 Views
Transcend Information Inc., a leading manufacturer of storage and multimedia products, is proud to announce the release of the StoreJet 600 for Mac. Housed in a stunning metallic casing, this light and durable StoreJet.... See More
 
Transcend Releases Fast, Stylish StoreJet 600 for Mac
Techworld Date Posted: 4:59 PM | 236 Views
Transcend Information Inc., a leading manufacturer of storage and multimedia products, is proud to announce the release of the StoreJet 600 for Mac. Housed in a stunning metallic casing, this light and durable StoreJet...See More

 
One Year On: Filipino Social Enterprises Better Equipped to Improve Quality of Education Following Completion of SAP Social Sabbatical Program
Techworld Date Posted: 14 July 2017 2:22 PM | 302 Views
Following the completion of SAP Social Sabbatical Program in the Philippines last year, two participating social enterprises, Teach for the Philippines and Silid Aralan (SAI), reported that their organizations are better able to fulfill.... See More
 
One Year On: Filipino Social Enterprises Better Equipped to Improve Quality of Education Following Completion of SAP Social Sabbatical Program
Techworld Date Posted: 2:22 PM | 302 Views
Following the completion of SAP Social Sabbatical Program in the Philippines last year, two participating social enterprises, Teach for the Philippines and Silid Aralan (SAI), reported that their organizations are better able to fulfill...See More

 
Cybercriminals Targeted at Least 400 Industrial Companies with Spear-Phishing Attack for Financial Gain
Techworld Date Posted: 6 August 2018 4:32 PM | 510 Views
Kaspersky Lab researchers have detected a new wave of financial spear-phishing emails disguised as legitimate procurement and accounting letters that hit at least 400 industrial organizations in an attempt to earn money for the.... See More
 
Cybercriminals Targeted at Least 400 Industrial Companies with Spear-Phishing Attack for Financial Gain
Techworld Date Posted: 4:32 PM | 510 Views
Kaspersky Lab researchers have detected a new wave of financial spear-phishing emails disguised as legitimate procurement and accounting letters that hit at least 400 industrial organizations in an attempt to earn money for the...See More

 
Synology® Sees Huge Growth in PH NAS Market, Introduces Complete Business Backup Solution
Techworld Date Posted: 1 August 2018 5:23 PM | 165 Views
Synology®, leading network attached storage (NAS), IP surveillance and network equipment provider introduces its newest products, Active Backup Suite and Service Replacement Service (SRS) for Philippines SMBs and SMEs today. . See More
 
Synology® Sees Huge Growth in PH NAS Market, Introduces Complete Business Backup Solution
Techworld Date Posted: 5:23 PM | 165 Views
Synology®, leading network attached storage (NAS), IP surveillance and network equipment provider introduces its newest products, Active Backup Suite and Service Replacement Service (SRS) for Philippines SMBs and SMEs today. See More


Power by

Download Free AZ | Free Wordpress Themes