potablefog

@potablefog

It Automation / Systems Admin, Gamer, Father, Husband.

943 words

Guestbook
You'll only receive email when potablefog publishes a new post

What can the healthcare industry do about Orangeworm?

Orangeworm, if you haven't heard in the recent months, is a group focused on targeting the healthcare industry. Your information, PII and EHR need to have the most secure systems protecting your information, and that's not always what happens. IT departments don't get the staff they need, hardware/software resources they need, or even assistance they need from outside vendors due to lack of budget, or possibly other factors. EMR and PII information can be worth 1000$ or more per record for hackers.

How does Orangeworm get into the system?

Orangeworm uses a Trojan called Trojan.Kwampirs that creates and allows backdoor remote access to the systems it was able to exploit. If a high value target is found (some specific EHR or PII they are looking for) they will proceed with infecting the rest of the network. Trojan.Kwampirs creates it's own service in Windows to ensure it is loaded when the machine starts.

Once Trojan.Kwampirs is able to deploy the payload, it gathers as much information as possible about the network, such as:

Display recently contacted addresses per available network interface
Display detailed configuration information for the system and its operating system (e g. OS version i nformation, registered ownerdetails, manufacture details, processor type, available storage, list of installed patches, etc.)
Display system's configured hostname
Display system version i nformation
Display routing table for available network interfaces
Display the systems configured MAC address
Display IPaddress configuration informationfor any available network interfaces
Display a 1 ist of active and 1 istening connections (TCP a nd UDP)
Display list of running system processes
Display list of running system services
Display list of available network shares
Display list of available user groups
Display list of configured environment variables
Display account policy information (e.g. maximum password age, length of password, lockout duration, etc.)
Display system network configuration information (e g. computer name, current username, version information, domain configuration, etc.)
Display list of 1 ocal a ccounts with administrative access
Display list of local group useraccounts
Display domain local groups
Display list of available network mappings
Display list of available servers on the network
Listfiles and directories in C:\

How can we protect ourselves?

Set aside an IT security budgetMake sure Firewalls are getting continuous updates from the manufacturerEnsure Content Filtering, Malware protection, IPS and IDS are enabled and working properlyAlways have an up-to-date Anti-Virus and Anti-Malware solutionGive end users least amount of access permissions that require them to do their job effectively and efficientlyMake sure you have a patch management system in place and functioning

Sources:

Symantec Blog

SpamTitan

Forbes

Forbes EMR Worth

Orangeworm, if you haven't heard in the recent months, is a group focused on targeting the healthcare industry. Your information, PII and EHR need to have the most secure systems protecting your information, and that's not always what happens. IT departments don't get the staff they need, hardware/software resources they need, or even assistance they need from outside vendors due to lack of budget, or possibly other factors. EMR and PII information can be worth 1000$ or more per record for hackers.

Why Should You Have A Home Firewall

This is the age of Information Security. Almost everything you need (or want) today connects to the internet. The rightly named Internet of things (IoT) brings us a whole new world of device management, automation, and convenience. Adding on top of that, though, is security.

Why should home users worry about security, or even bother purchasing a firewall? The answer is simple: to protect your information. You might say, "Well, I don't have anything to hide," and maybe on the surface sure, that's accurate. Dig below the surface and you find that you have bank accounts, social security numbers, family photos, passwords for financial accounts, and much more. Protecting your information is more important today than ever before.

I am a Senior Systems Engineer for a Boston MSP, and I also work with a lot of home users on the side. The Bitdefender Box is a great solution for home users / home office devices to provide the protection you need at a great cost. The firewall is 200$ as of this writing and includes the first year subscription (99$ per year after). It supports very simple setup via a mobile application, which would be great for all end users.

Security Features include, but not limited to:

Intrusion Prevention / DetectionVulnerability scanner for all devices (Includes your internet connected refrigerators)Anti-Malware, Phishing and Fraud ProtectionAnti-Virus / Anti-Malware for all PCs, Macs and mobile devices on your network.

Have an internet connected baby monitor? You need a firewall. Have internet connected security cameras in / outside of the home? You need a firewall. Do you have an internet connected thermostat, washing machine or dishwasher? You need a firewall.

I've seen a lot of responses online about similar to, "Who cares if someone can remotely control my washing machine?" Sure, it might not be a big deal if the only risk was driving up your water and electric bill. Not only could that happen, but attackers could use the unprotected washing machine as a way to gain access to the rest of the devices on your network and attempt to inject malware or steal your credentials. The Bitdefender Box and other home firewalls aim to reduce this risk as much as possible, and hopefully eliminate the possibility.

This is not a normal "How-To" article that I usually post, but in today's world, we all need to be flexible and be able to talk about what is important.

Links to the Bitdefender Box are below.

(NOTE: I DO NOT WORK FOR, OR RECEIVE ANY COMPENSATION FROM BIT DEFENDER FOR THIS PRODUCT RECOMMENDATION. www.bitdefender.com/box/)