Attackers target pharmaceutical companies
Researchers from Kaspersky Lab have uncovered evidence of an "emerging and alarming" trend: an increasing number of advanced cyber attackers have pharmaceutical organisations in their cross hairs.
According to the company, the notorious PlugX malware that's aimed at stealing drug formulas and business information, has been detected in pharmaceutical organisations in Vietnam.
RAT on the move
PlugX is a remote access tool (RAT) that has been around for several years. It is most often spread via spear phishing and has previously been detected in targeted attacks against the military, government and political organisations.
This RAT has been employed by several Chinese-speaking cyber criminals, including Deep Panda, NetTraveler or Winnti. In 2013, it was discovered that the latter - responsible for attacking online gaming industry organisations - had been using PlugX since May 2012.
Winnti has also been found in attacks against pharmaceutical companies, where the aim has been to steal digital certificates from medical equipment and software manufacturers.
"PlugX RAT allows attackers to perform various malicious operations on a system without the user's permission or authorisation, including - but not limited to - copying and modifying files, logging keystrokes, stealing passwords and capturing screenshots of user activity. PlugX, as with other RATs, is used by cyber criminals to discreetly steal and collect sensitive or profitable information for malicious purposes," says Kaspersky Lab.
The use of RATs in attacks against pharmaceutical businesses is a clear indication that sophisticated APT actors are eyeing the healthcare sector in an attempt to cash in, the researchers said.
Yury Namestnikov Makrushin, a security researcher at Kaspersky Lab, says medical organisations are increasingly migrating private and confidential healthcare data from paper to digital form.
"While the security of the network infrastructure of this sector is sometimes neglected, the hunt by APTs for information on advancements in drug and equipment innovation is truly worrying. Detections of PlugX malware in pharmaceutical organisations demonstrate yet another battle with cyber criminals that we need to fight," adds Namestnikov.
Kaspersky Lab experts advise healthcare businesses to take the following steps to avoid infection: "Remove all nodes that process medical data from public and secure public Web portals, and automatically update installed software using patch management systems on all nodes, including servers."
Next, the security giant advises businesses to perform network segmentation, and refrain from connecting expensive equipment to the main LAN of the organisation. "Use a proven corporate grade security solution in combination with anti-targeted attack technologies and threat intelligence, as these are capable of spotting and catching advanced targeted attacks by analysing network anomalies and giving cyber security teams full visibility over the network and response automation."