US hospitals hacked with ancient exploits

Deliberately doused vulns the right medicine for XP backdoor bliss


Attackers have popped three prominent US hospitals, using deliberately ancient malware so old that it slips under the radar of modern security controls to compromise Windows XP boxes and gain network beacheads.

The attacks were foiled using deceptive honeypot-style frameworks, according to California-based TrapX.

Hospitals were attacked between late 2015 and early this year, potentially compromising medical systems such as x-ray machines, and fluoroscopy radiology systems.

TrapX detailed the attacks in its paper MEDJACK.2 Hospitals Under Siege [PDF] descrbing how the three hospitals contained a "multitude of backdoors and botnet connections" under attacker control.

"The malware utilized for this attack was specifically selected to exploit older versions of Windows," TrapX researchers wrote of the attacks.

"It enabled the attacker to install a backdoor within the enterprise, from which they could launch their campaign and quietly exfiltrate data and perhaps cause significant damage using a ransomware attack.

"[Attackers] can extend their foothold on these compromised systems to potentially breach the patient records over an extended period of time."

The company says the modern security systems in place at the hospitals did not eradicate the old malware using vulnerabilities such as MS08-067 which was dangerous only to Windows XP systems.

That the security systems failed to stop the malware is odd given that the signatures for the deployed worms are well known and should be baked into detection controls.

Forensic investigations however revealed the systems did not generate alerts in what the researchers suggest is a lack of concern for the ancient exploits that fire only on the hospitals' few Windows XP systems.

One hospital was compromised despite having had centralised intrusion detection software, updated endpoint protection, and new model firewalls.

One malware instance appeared to be ancient but contained deeper within it sophisticated abilities for lateral network movement, the company says.

The report is the latest in a series in which medical devices have been described as a "key pivot point for attackers" in healthcare.

This says TrapX is because the devices are "visible points of vulnerability" that are among the most difficult to secure and remediate after a breach.

Healthcare in the US is one of the largest individual markets with annual expenditures of some 17.5 percent of US GDP. It employs some 900,000 physicians, 2,700,000 registered nurses, physician’s assistants, and medical administrative staff in more than 225,000 practices.

The findings come on the back of a separate report that revealed healthcare practitioners were revealed to be possibly the most notorious bypassers of security controls using shared passwords, Post-It notes, and proximity sensor -defeating styrofoam cups to get their jobs done faster.

The persistence of Windows XP in healthcare isn't just a problem in America. Australia's Royal Melbourne Hospital was attacked in January. ®

Similar topics


Other stories you might like

  • Warehouse belonging to Chinese payment terminal manufacturer raided by FBI

    PAX Technology devices allegedly infected with malware

    US feds were spotted raiding a warehouse belonging to Chinese payment terminal manufacturer PAX Technology in Jacksonville, Florida, on Tuesday, with speculation abounding that the machines contained preinstalled malware.

    PAX Technology is headquartered in Shenzhen, China, and is one of the largest electronic payment providers in the world. It operates around 60 million point-of-sale (PoS) payment terminals in more than 120 countries.

    Local Jacksonville news anchor Courtney Cole tweeted photos of the scene.

    Continue reading
  • Everything you wanted to know about modern network congestion control but were perhaps too afraid to ask

    In which a little unfairness can be quite beneficial

    Systems Approach It’s hard not to be amazed by the amount of active research on congestion control over the past 30-plus years. From theory to practice, and with more than its fair share of flame wars, the question of how to manage congestion in the network is a technical challenge that resists an optimal solution while offering countless options for incremental improvement.

    This seems like a good time to take stock of where we are, and ask ourselves what might happen next.

    Congestion control is fundamentally an issue of resource allocation — trying to meet the competing demands that applications have for resources (in a network, these are primarily link bandwidth and router buffers), which ultimately reduces to deciding when to say no and to whom. The best framing of the problem I know traces back to a paper [PDF] by Frank Kelly in 1997, when he characterized congestion control as “a distributed algorithm to share network resources among competing sources, where the goal is to choose source rate so as to maximize aggregate source utility subject to capacity constraints.”

    Continue reading
  • How business makes streaming faster and cheaper with CDN and HESP support

    Ensure a high video streaming transmission rate

    Paid Post Here is everything about how the HESP integration helps CDN and the streaming platform by G-Core Labs ensure a high video streaming transmission rate for e-sports and gaming, efficient scalability for e-learning and telemedicine and high quality and minimum latencies for online streams, media and TV broadcasters.

    HESP (High Efficiency Stream Protocol) is a brand new adaptive video streaming protocol. It allows delivery of content with latencies of up to 2 seconds without compromising video quality and broadcasting stability. Unlike comparable solutions, this protocol requires less bandwidth for streaming, which allows businesses to save a lot of money on delivery of content to a large audience.

    Since HESP is based on HTTP, it is suitable for video transmission over CDNs. G-Core Labs was among the world’s first companies to have embedded this protocol in its CDN. With 120 points of presence across 5 continents and over 6,000 peer-to-peer partners, this allows a service provider to deliver videos to millions of viewers, to any devices, anywhere in the world without compromising even 8K video quality. And all this comes at a minimum streaming cost.

    Continue reading

Biting the hand that feeds IT © 1998–2021