Categories: Hacks

APT Hacking Groups are Targeting Vulnerable Medical Networks for Cyber Attack

APT actors are currently showing more interest in medical networks and they are using various advanced threats such as PlugX RAT and Cobalt Strike to exfiltrate data from the pharmaceutical organizations.

Current research revealed that each and every year medical based cyber attacks are kept increasing and risk involvement not only for the medical devices but for Human life as well.

Advanced threat actors that targeting medical industries are able to do a lot of damages such as copy and modifying files, logging keystrokes, and Taking into account the fact that hackers placed their implants on the servers of pharmaceutical companies.

Medical infrastructure has a lot of medical devices, some of them portable. And devices like spirometers or blood pressure monitors support the MQTT protocol to communicate with other devices directly.

According to the Statistics,More than 60% of medical organizations had some kind of malware on their servers or computers.

Mass Scan with Global Medical Networks

A Detailed research conducted in medical networks to find the vulnerable entry points through an approch using keywords such as keywords “medic”, “clinic”, “hospit”, “surgery” and “healthcare” in the organization’s name.

This Mass scan conducted by Security Firm Kaspersky based on the publically available information and performed a mass scan using advanced search engines  Shodan and Censys.

Scanning results revealed that there was a lot of trivial opened ports and services such as web-server, DNS-server, mail-server and this cause the result of attack can easily exploit the networks.

Most Interestingly non-trivial ports are already vulnerable and those services are out of date and need to be patched and the results of the scanned network are showing that some organizations web applications of electronic medical records are out of date.

The most popular opened ports on medical perimeters (18,723 live hosts; 27,716 opened ports)

Also, Researchers using ZTag tool and Censys to find the what kinds of services are hidden behind these ports and find the embedded tag that belongs to SCADA-type systems, NAS. which is one of the top services in medical networks.

According to Kaspersky, Excluding these trivial things, we found Building Management systems that out of date. Devices using the Niagara Fox protocol usually operate on TCP ports 1911 and 4911. They allow us to gather information remotely from them, such as application name, Java version, host OS, time zone, local IP address, and software versions involved in the stack.

Shodan said some of the medical organizations have an opened port 2000 that is extremely vulnerable to extract info about the current Wi-Fi connection.

These all are the flaws leads to compromise the medical network via malware, and ransomware that results will play with the medical organization and human life.

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS devices.…

1 day ago

ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues

White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch Experts…

3 days ago

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan exploits…

3 days ago

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on organizations…

3 days ago

Google Chrome Security, Critical Vulnerabilities Patched

Google has updated its Chrome browser, addressing critical vulnerabilities that posed potential risks to millions…

3 days ago

Notorious WrnRAT Delivered Mimic As Gambling Games

WrnRAT is a new malware attack that cybercriminals have deployed by using popular gambling games…

4 days ago