APT actors are currently showing more interest in medical networks and they are using various advanced threats such as PlugX RAT and Cobalt Strike to exfiltrate data from the pharmaceutical organizations.
Current research revealed that each and every year medical based cyber attacks are kept increasing and risk involvement not only for the medical devices but for Human life as well.
Advanced threat actors that targeting medical industries are able to do a lot of damages such as copy and modifying files, logging keystrokes, and Taking into account the fact that hackers placed their implants on the servers of pharmaceutical companies.
Medical infrastructure has a lot of medical devices, some of them portable. And devices like spirometers or blood pressure monitors support the MQTT protocol to communicate with other devices directly.
According to the Statistics,More than 60% of medical organizations had some kind of malware on their servers or computers.
A Detailed research conducted in medical networks to find the vulnerable entry points through an approch using keywords such as keywords “medic”, “clinic”, “hospit”, “surgery” and “healthcare” in the organization’s name.
This Mass scan conducted by Security Firm Kaspersky based on the publically available information and performed a mass scan using advanced search engines Shodan and Censys.
Scanning results revealed that there was a lot of trivial opened ports and services such as web-server, DNS-server, mail-server and this cause the result of attack can easily exploit the networks.
Most Interestingly non-trivial ports are already vulnerable and those services are out of date and need to be patched and the results of the scanned network are showing that some organizations web applications of electronic medical records are out of date.
Also, Researchers using ZTag tool and Censys to find the what kinds of services are hidden behind these ports and find the embedded tag that belongs to SCADA-type systems, NAS. which is one of the top services in medical networks.
According to Kaspersky, Excluding these trivial things, we found Building Management systems that out of date. Devices using the Niagara Fox protocol usually operate on TCP ports 1911 and 4911. They allow us to gather information remotely from them, such as application name, Java version, host OS, time zone, local IP address, and software versions involved in the stack.
Shodan said some of the medical organizations have an opened port 2000 that is extremely vulnerable to extract info about the current Wi-Fi connection.
These all are the flaws leads to compromise the medical network via malware, and ransomware that results will play with the medical organization and human life.
Trellix, a leader in cybersecurity solutions, has unveiled its latest innovation, the Trellix Phishing Simulator,…
Darktrace's Security Operations Center (SOC) in late 2024 and early 2025, cybercriminals have been exploiting…
Threat actors have leveraged the Nitrogen ransomware campaign to target organizations through deceptive malvertising strategies.…
Cybersecurity researchers have uncovered the intricate tactics, techniques, and procedures (TTPs) employed by threat actors…
The responsibilities of Chief Information Security Officers (CISOs) are rapidly evolving as digital transformation and…
As organizations accelerate cloud adoption, CISOs face unprecedented challenges securing dynamic, multi-cloud environments. The shift…
