Homeland Security: Year-long malware campaign targets healthcare, public health sectors

A sophisticated malware campaign is leveraging stolen administrative credentials to gain access to network systems, according to an April 27 alert from the Department of Homeland Security's U.S. Computer Emergency Readiness Team.

Here are five things to know about the cyberthreat.

1. In this campaign, cyberattackers use malware implants to steal administrative credentials and certificates. They use these credentials to gain access to the IT environment, where they place additional malware implants on critical systems. These attackers have used multiple malware families and variants, making them difficult to detect using anti-virus software.

2. With access to the network, an attacker can use malware implants for various purposes, including remote command execution to obtain sensitive information. A successful attack may also lead to loss of proprietary information, disruption to regular operations, financial losses to restore systems and harm to an organization's reputation.

3. In a preliminary analysis, the National Cybersecurity and Communications Integration Center traced the malware activity to at least May 2016. The NCCIC found initial victims in several sectors, including communications, energy, IT, healthcare and public health.

4. NCCIC attributed a "medium" cyber incident priority rating to this activity, meaning it "may affect public health or safety, national security, economic security, foreign relations, civil liberties or public confidence," according to the alert.

5. The U.S. Computer Emergency Readiness Team emphasized the importance of a layered mitigation approach.

"There is no single or set of defensive techniques or programs that will completely avert all malicious activities," according to the alert. "Multiple defensive techniques and programs should be adopted and implemented in a layered approach to provide a complex barrier to entry, increase the likelihood of detection and decrease the likelihood of a successful compromise."

Click here to view the full alert.

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.

 

Featured Whitepapers

Featured Webinars