Attack Group Targets Healthcare, Manufacturing

Wednesday, April 25, 2018 @ 10:04 AM gHale

Breakdown of Orangeworm’s victims.
Source: Symantec

By Gregory Hale
A new hacker group called Orangeworm is focusing on the healthcare sector with manufacturing just behind, researchers said.

Symantec Telemetry found the group infected a small number of victims and it mainly goes after healthcare more than any other industry, with 17 percent of its victims in the U.S. Manufacturing is just behind at 15 percent along with information technology.

FDA to Hike Medical Device Security
Abbott Updates Defibrillator
Biosense Fixes System Vulnerabilities
Philips Remediates iSite, IntelliSpace Holes

The hacker group has been targeting organizations across several industries since 2015. One of the group’s attributes is it is very deliberate and methodic in choosing their victims.

Almost 40 percent of victims are comprised of healthcare providers, pharmaceuticals, IT solution providers for healthcare and healthcare industry equipment manufacturers, said researchers at Symantec in a post.

In addition to companies in the U.S., several organizations throughout Europe have been targeted, with five percent in the UK and Hungary. Saudi Arabia, India and the Philippines have reported hits.

“It is perhaps no surprise that a new attack group, dubbed Orangeworm, has been discovered targeting the healthcare industry,” said Jalal Bouhdada, founder and principal ICS Security Consultant for Applied Risk. “There have been repeated warnings that healthcare systems are easy pickings for cybercriminals, and although there has been an understandable desire within the industry to press ahead and unlock the benefits of IoT technology, a lack of consideration regarding the security ramifications of this has begun to concern many.

“While innovation in the healthcare industry is having a great impact on the quality of life for many people, what if the opposite is also true? While in the case of Orangeworm it seems the attackers were only looking to learn about the inner workings of a system, could this often life-saving medical equipment be turned against us?

“Medical device manufacturers must now begin adhering to best practice security advice. New data privacy laws and strict FDA requirements mean the responsibility is now with the developers to ensure the protection of networks and systems, or they will face the consequences. To help meet these obligations, the security industry and medical device manufacturers must develop a closer relationship, ensuring that new devices are developed with security defences baked in. The ethos of “secure by design” must become entrenched within all product developers,” Bouhdada said.

Orangeworm installs a custom backdoor called Trojan.Kwampirs within large international corporations that operate within the healthcare sector in the United States, Europe, and Asia, Symantec researchers said.

Kwampirs malware was found on machines which had software installed for the use and control of high-tech imaging devices such as X-Ray and MRI machines, researchers said. Additionally, Orangeworm was observed to have an interest in machines used to assist patients in completing consent forms for required procedures. The exact motives of the group are unclear.

Leave a Reply

You must be logged in to post a comment.