Menu
Newly identified Trojan targets healthcare sector

Newly identified Trojan targets healthcare sector

Orangeworm has been installing Trojan.Kwampirs backdoor on Windows systems since 2015

Symantec has identified a hacker group dubbed Orangeworm that has been targeting the healthcare sector in several countries since 2015.

According to the cyber security vendor, Orangeworm has been installing a custom backdoor called Trojan.Kwampirs within large international organisations with operations in the US, Europe and Asia.

Trojan.Kwampirs is a Trojan horse able to open a backdoor on a computer and may also download malicious files. It was first discovered in August 2016 and affects Windows systems.

According to Symantec, the backdoor can collect basic network adapter information, system version information, and language settings. Once a possible victim is identified Orangeworm copies the backdoor available network shares and infect other computers.

Targeted attacks identified also affected related industries including healthcare providers, pharmaceuticals, IT solution providers for healthcare and equipment manufacturers that serve the healthcare industry.

Orangeworm does not seem to operate randomly, instead it picks its victims carefully, found Symantec based on the list of known victims.

Of the confirmed affected organisations, healthcare accounts for 39 per cent of the attacks and IT and manufacturing with 15 per cent each.

"The Kwampirs malware was found on machines which had software installed for the use and control of high-tech imaging devices such as X-Ray and MRI machines," Symantec's security response attack investigation team said in a blog post.

"Additionally, Orangeworm was observed to have an interest in machines used to assist patients in completing consent forms for required procedures" it said.

Symantec said that the motives behind the attacks is unclear, however they are likely to be of corporate espionage nature.

Orangeworm has affected organisations in several countries across the Americas, Europe and Asia but there was only a "small" number of organisations in 2016 and 2017.

Locally, Symantec is yet to confirm if any Australian organisations were affected, however if any the number is likely to be small as the US appears to have been the focus.

"I don't think that it is because Australia isn't vulnerable we just were not targeted by this particular group," Symantec Asia Pacific and Japan CTO, Nick Savvides, said.

According to Savvides, healthcare data can sell in the black market for between US$25 and US$40 per record, while an email address sells for cents.

Savvides explained that this happens due to the information contained within medical records which are generally very rich in PII (personally identifiable information) data and also has financial data associated with it.

The first quarterly Notifiable Data Breaches (NDB) report, published by the Office of the Australian Information Commissioner (OAIC), revealed that health services providers were the highest ranking in breaches reported with 24 per cent.

A total of 63 notifications were received with 33 per cent of all data breaches received were reported to involve people's health information.



Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags symanteccyber securityOrangeworm

Featured

Slideshows

Reseller News Innovation Awards 2018: meet the top performing partners

Reseller News Innovation Awards 2018: meet the top performing partners

Reseller News honoured the industry’s finest on a standout evening for the New Zealand channel, recognising the achievements of established partners, emerging players and innovative start-ups, in front of over 460 technology leaders in Auckland.

Reseller News Innovation Awards 2018: meet the top performing partners
Champagne Reception kicks off Reseller News Innovation Awards 2018

Champagne Reception kicks off Reseller News Innovation Awards 2018

More than 460 channel leaders came together to toast the top performers of the New Zealand industry, during the opening Champagne Reception at the Reseller News Innovation Awards 2018 - in association with Techbuyer.

Champagne Reception kicks off Reseller News Innovation Awards 2018
Chasing innovation: how Kiwi partners can create a new customer agenda

Chasing innovation: how Kiwi partners can create a new customer agenda

This exclusive Reseller News Roundtable - in association with Rhipe and Microsoft - detailed a blueprint for customer success, outlining the new role of the modern-day partner and wider network in New Zealand.

Chasing innovation: how Kiwi partners can create a new customer agenda
Show Comments