Woburn, MA –March 13, 2018 – Kaspersky Lab researchers have discovered evidence of an emerging and alarming trend: an increasing amount of advanced cyberthreat actors are turning their attention to attacks against the healthcare sector. The infamous PlugX malware has been detected in pharmaceutical organizations in Vietnam, aimed at stealing drug formulas and business information.
PlugX malware is a well-known remote access tool (RAT). It is usually spread via spear phishing and has previously been detected in targeted attacks against the military, government and political organizations. The RAT has been used by a number of Chinese-speaking cyberthreat actors, including Deep Panda, NetTraveler or Winnti. In 2013, it was discovered that the latter - responsible for attacking companies in the online gaming industry - had been using PlugX since May 2012. Interestingly, Winnti has also been present in attacks against pharmaceutical companies, where the aim has been to steal digital certificates from medical equipment and software manufacturers.
PlugX RAT allows attackers to perform various malicious operations on a system without the user’s permission or authorization, including (but not limited to) copying and modifying files, logging keystrokes, stealing passwords and capturing screenshots of user activity. PlugX, as with other RATs, is used by cybercriminals to discreetly steal and collect sensitive or profitable information for malicious purposes.
RAT usage in attacks against pharmaceutical organizations indicates that sophisticated APT actors are showing an increased interest in capitalizing on the healthcare sector.
Kaspersky Lab products successfully detect and block the PlugX malware.
“Private and confidential healthcare data is steadily migrating from paper to digital form within medical organizations,” said Yury Namestnikov, security researcher, Kaspersky Lab. “While the security of the network infrastructure of this sector is sometimes neglected, the hunt by APTs for information on advancements in drug and equipment innovation is truly worrying. Detections of PlugX malware in pharmaceutical organizations demonstrate yet another battle that we need to fight – and win - against cybercriminals.”
Other key findings for 2017 in the research include:
In order to stay protected, Kaspersky Lab experts advise businesses to take the following measures:
To learn more about PlugX attacks and healthcare cybersecurity, read our blogpost on Securelist.com.
About Kaspersky Lab
Kaspersky Lab is a global cybersecurity company, which has been operating in the market for over 20 years. Kaspersky Lab’s deep threat intelligence and security expertise is constantly transforming into next generation security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky Lab technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.