Categories: Hacks

APT Hacking Groups are Targeting Vulnerable Medical Networks for Cyber Attack

APT actors are currently showing more interest in medical networks and they are using various advanced threats such as PlugX RAT and Cobalt Strike to exfiltrate data from the pharmaceutical organizations.

Current research revealed that each and every year medical based cyber attacks are kept increasing and risk involvement not only for the medical devices but for Human life as well.

Advanced threat actors that targeting medical industries are able to do a lot of damages such as copy and modifying files, logging keystrokes, and Taking into account the fact that hackers placed their implants on the servers of pharmaceutical companies.

Medical infrastructure has a lot of medical devices, some of them portable. And devices like spirometers or blood pressure monitors support the MQTT protocol to communicate with other devices directly.

According to the Statistics,More than 60% of medical organizations had some kind of malware on their servers or computers.

Mass Scan with Global Medical Networks

A Detailed research conducted in medical networks to find the vulnerable entry points through an approch using keywords such as keywords “medic”, “clinic”, “hospit”, “surgery” and “healthcare” in the organization’s name.

This Mass scan conducted by Security Firm Kaspersky based on the publically available information and performed a mass scan using advanced search engines  Shodan and Censys.

Scanning results revealed that there was a lot of trivial opened ports and services such as web-server, DNS-server, mail-server and this cause the result of attack can easily exploit the networks.

Most Interestingly non-trivial ports are already vulnerable and those services are out of date and need to be patched and the results of the scanned network are showing that some organizations web applications of electronic medical records are out of date.

The most popular opened ports on medical perimeters (18,723 live hosts; 27,716 opened ports)

Also, Researchers using ZTag tool and Censys to find the what kinds of services are hidden behind these ports and find the embedded tag that belongs to SCADA-type systems, NAS. which is one of the top services in medical networks.

According to Kaspersky, Excluding these trivial things, we found Building Management systems that out of date. Devices using the Niagara Fox protocol usually operate on TCP ports 1911 and 4911. They allow us to gather information remotely from them, such as application name, Java version, host OS, time zone, local IP address, and software versions involved in the stack.

Shodan said some of the medical organizations have an opened port 2000 that is extremely vulnerable to extract info about the current Wi-Fi connection.

These all are the flaws leads to compromise the medical network via malware, and ransomware that results will play with the medical organization and human life.

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

Threat Actors Exploit Google Docs And Weebly Services For Malware Attacks

Phishing attackers used Google Docs to deliver malicious links, bypassing security measures and redirecting victims…

4 hours ago

Python NodeStealer: Targeting Facebook Business Accounts to Harvest Login Credentials

The Python-based NodeStealer, a sophisticated info-stealer, has evolved to target new information and employ advanced…

5 hours ago

XSS Vulnerability in Bing.com Let Attackers Send Crafted Malicious Requests

A significant XSS vulnerability was recently uncovered in Microsoft’s Bing.com, potentially allowing attackers to execute…

7 hours ago

Meta Removed 2 Million Account Linked to Malicious Activities

 Meta has announced the removal of over 2 million accounts connected to malicious activities, including…

11 hours ago

Veritas Enterprise Vault Vulnerabilities Lets Attackers Execute Arbitrary Code Remotely

Critical security vulnerability has been identified in Veritas Enterprise Vault, a widely-used archiving and content…

12 hours ago

7-Zip RCE Vulnerability Let Attackers Execute Remote Code

A critical security vulnerability has been disclosed in the popular file archiving tool 7-Zip, allowing…

12 hours ago