Hackers Use Conficker to Conduct Hospital IOT Attacks

Hospital IOT attacks are not just theoretical. Hackers are actively targeting medical devices such as MRI machines, CT scanners, and other Internet-connected medical devices. The attackers are attempting to gain access to the devices in order to steal the protected health information of patients, as well as to establish a foothold in healthcare networks.

Medical devices seldom have the same level of protection as PCs and servers. Consequently, they are viewed as easy targets by hackers. All too often, hospitals fail to protect the devices adequately. The devices are often connected to Internet-enabled devices that are low down the priority list when patches are issued. All too often patches are simply not applied. Many of the devices can be attacked easily as they run on the unsupported Windows XP operating system.

Hospital IOT Attacks Being Conducted Using Old Malware

Because operating systems are outdated, hackers are able to perform hospital IOT attacks using old malware such as the Conficker worm. Conficker was a notorious malware that caused havoc 7 years ago. Other old worms are also seeing a resurgence. They may not be effective on modern operating systems but they still work on Windows XP and can be used to attack devices running on Windows 7 and 8 if patches have not been installed.

Conficker is capable of cracking passwords and was extensively used to create large botnets. The botnets are used to distribute other malware and email spam. As many as 15 million PCs were believed to have been infected with Conficker during the height of its use in 2009.

Researchers at TrapX security have recently discovered modified versions of the Conficker worm that are being used in hospital IOT attacks. The new variants are able to move laterally within healthcare networks and can infect unpatched devices. While the worm itself may lack sophistication, the methods used by hackers to conduct hospital IOT attacks are quite sophisticated.

Worms Not See as A Security Threat

Many security systems fail to identify the old worms as threats since they are ineffective on patched Windows 7 and Windows 8 devices. However, they can spread within networks and if they are installed on devices that have not been patched they are a serious security threat. The worms are used to download much more sophisticated malware and software tools which are used by the hackers to gain access to healthcare records.

Unfortunately, while many hospitals have state of the art security software, scans are not performed on medical devices. Additional malware can be downloaded onto those devices undetected. As TrapX co-founder Moshe Ben-Simon explained, “All it takes is one successful at­tempt for the attacker to establish a backdoor, find and steal data, or use automated tools to set a ransomware attack in motion.”

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of NetSec.news