Friday, November 1, 2024
HomeHacksAPT Hacking Groups are Targeting Vulnerable Medical Networks for Cyber Attack

APT Hacking Groups are Targeting Vulnerable Medical Networks for Cyber Attack

Published on

Malware protection

APT actors are currently showing more interest in medical networks and they are using various advanced threats such as PlugX RAT and Cobalt Strike to exfiltrate data from the pharmaceutical organizations.

Current research revealed that each and every year medical based cyber attacks are kept increasing and risk involvement not only for the medical devices but for Human life as well.

Advanced threat actors that targeting medical industries are able to do a lot of damages such as copy and modifying files, logging keystrokes, and Taking into account the fact that hackers placed their implants on the servers of pharmaceutical companies.

- Advertisement - SIEM as a Service

Medical infrastructure has a lot of medical devices, some of them portable. And devices like spirometers or blood pressure monitors support the MQTT protocol to communicate with other devices directly.

According to the Statistics,More than 60% of medical organizations had some kind of malware on their servers or computers.

Mass Scan with Global Medical Networks 

A Detailed research conducted in medical networks to find the vulnerable entry points through an approch using keywords such as keywords “medic”, “clinic”, “hospit”, “surgery” and “healthcare” in the organization’s name.

This Mass scan conducted by Security Firm Kaspersky based on the publically available information and performed a mass scan using advanced search engines  Shodan and Censys.

Scanning results revealed that there was a lot of trivial opened ports and services such as web-server, DNS-server, mail-server and this cause the result of attack can easily exploit the networks.

Most Interestingly non-trivial ports are already vulnerable and those services are out of date and need to be patched and the results of the scanned network are showing that some organizations web applications of electronic medical records are out of date.

The most popular opened ports on medical perimeters (18,723 live hosts; 27,716 opened ports)

Also, Researchers using ZTag tool and Censys to find the what kinds of services are hidden behind these ports and find the embedded tag that belongs to SCADA-type systems, NAS. which is one of the top services in medical networks.

According to Kaspersky, Excluding these trivial things, we found Building Management systems that out of date. Devices using the Niagara Fox protocol usually operate on TCP ports 1911 and 4911. They allow us to gather information remotely from them, such as application name, Java version, host OS, time zone, local IP address, and software versions involved in the stack.

Shodan said some of the medical organizations have an opened port 2000 that is extremely vulnerable to extract info about the current Wi-Fi connection.

These all are the flaws leads to compromise the medical network via malware, and ransomware that results will play with the medical organization and human life.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS...

ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues

White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch...

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan...

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Telegram Bot Selling Phishing Tools to Bypass 2FA & Hack Microsoft 365 Accounts

A newly discovered phishing marketplace, ONNX Store, empowers cybercriminals to launch sophisticated attacks against...

Mobile Device Management Vendor Mobile Guardian Hacked

 Mobile Guardian, a leading Mobile Device Management (MDM) vendor, experienced unauthorized access to its...

Hunt3r Kill3rs Group claims they Infiltrated Schneider Electric Systems in Germany

The notorious cybercriminal group Hunt3r Kill3rs has claimed responsibility for infiltrating Schneider Electric's systems...