MRI, x-ray, and an oncology machines were all found containing malware with code to install backdoors on other connected systems for the purpose of lifting data off the machines.
Security experts at TrapX Security are referring to these techniques as MEDJACKing. In 2015, a report but the company gave examples of these attacks where malware infection was contained to the device itself. This has changed however, in the MEDJACK.2 report, Trapx states examples of malware using infected medical devices as a way to gain control over other connected systems effectively bypassing firewalls and endpoint systems. Anthony James, CMO at TrapeX mentioned, “The malware, on its own accord, has found ways to go beyond the boundaries of where it first lands,”
The anti-malware and security solutions that protect computers in the healthcare sector will normally ignore outdated malware due to them not working on the newer systems. This new malware takes advantage of the plethora of medical devices running legacy operating systems. The new threat uses old code and obsolete malware utilizing backdoors and shellcode execution to move laterally through healthcare IT systems. Once it’s deep into the hospital’s network, it’ll show it’s true colors attacking with advanced techniques that are downloaded were hidden with packing and obfuscation
TrapX carried out its analysis by setting up its technology in numerous evaluation hospitals. The technology emulates medical devices in an effort to attract malware into a controlled environment, so researchers can analyze it. During the investigation, TrapX pulled up an old version of the MS08 067 worm, which would normally not even be a threat, since Windows 7 and later variants long ago patched the vulnerabilities that the worm normally exploits.
TrapX revealed three different cases of this new breed of MEDJACK attack, all involving advanced malicious coding which was packed into old malware. In all three instances, the hospital had no past knowledge of a threat hiding within its networks.
Despite this prevalent issue, manufacturers of connected medical devices typically have little inclination to spend money to upgrade their products with the most recent operating systems or security technologies, said Ben-Simon. “The vendors we speak to, they’ll say: ‘I will give you a good medical device with a new operating system.’ And guess what? They replace Windows NT with Windows 7,” commonly with little added support or specialized service, he stated. “This is their logic, this is how they think.”