Kaspersky raises alarm over cyberattacks trend on pharma firms

By Priam Nepomuceno

September 5, 2019, 5:00 pm

YANGON, Myanmar -- An international cybersecurity company on Thursday expressed concern over the rising trend of cyberattacks observed in the pharmaceutical industry.

“While it is a known fact that money-hungry cybercriminals can easily earn by attacking banks, we also observe that these hackers, as well as cyber espionage groups, are slowly paying a lot of attention towards the industry of advanced medicine,” Yury Namestnikov, Kaspersky's Global Research and Analysis Team (GReAT) head in Russia, said in a statement at the opening of the Cybersecurity Weekend here.

“They are slowly realizing that pharmaceutical companies house a treasure trove of highly valuable data such as the latest drugs and vaccines, the newest researches, as well as medical secrets. The rise of internet-connected operational technology (OT) inside these pharmaceuticals also contributes to the widening attack surface inside this sector," he added.

From 44 percent of machines infected in 2017 and a 1 percent increase noted in 2018, this year’s number of detected attempts shows that nearly every five in 10 devices inside a pharmaceutical facility are now being targeted globally.

Among the countries that logged the most number of attacks are Pakistan (54 percent), Egypt (53 percent), Mexico (47 percent), Indonesia (46 percent), and Spain (45 percent).

Four more countries from the Asia-Pacific region cap off the top 15 nations with the highest percent of devices infected.

These include India, Bangladesh, Hong Kong, and Malaysia with more or less four in 10 machines with detected malicious attempts.

Among the Advanced Persistent Threat (APT) groups, which have been waging sophisticated spying over pharmaceuticals globally, include Cloud Atlas and APT10 also known as MenuPass.

“Based on our monitoring of several APT actors’ movements in the Asia-Pacific and globally, we figured that these groups infect servers and steal data from pharmaceutical companies," Namestnikov said.

"Their attack techniques and behavior also prove that these attackers’ apparent goal is to get their hands on intellectual properties related to the latest medical formulas and research results as well as the business plans of their victims,” he added.

In his research, Denis Makrushin, Security Architect at Ingram Micro, revealed the risks that come along with the steady migration of hospitals from paper-based data storage to electronic medical record (EMR) systems.

He also noted that healthcare organizations, scrambling to digitize their data storage, see open-source EMR web-portals as an easy and quick option, despite their known security challenges.

“We are seeing lesser printed or hand-written medical books inside hospitals and clinics worldwide with the advent of open source. Given their limited internal IT workforce, healthcare institutions opt to use convenient services such as OpenEMR, OpenMRS or similar web applications. This technology’s rapid adoption triggers the rise of the threats against these widely-used services,” Makrushin said.

OpenEMR and OpenMRS are open platforms for medical practice management. Any organization can use these products for business without any restrictions.

The source code of this product is also available for any developer. In addition, this software has certifications from trusted organizations, such as the Office of the National Coordinator for Health Information Technology (ONC) in the United States.

“Their free and open nature make these EMR-applications highly sensitive to cyberattacks. There have been a lot of security patches released as researchers unmask one exploit after another. I, myself, have discovered vulnerabilities in these applications, hackers can inject malicious code at the initial stage of registration, and portray himself as a patient. From this, malicious actors can infect the portal’s page and collect medical information from all users of the portal, including doctors and admins. These data can be easily exfiltrated,” Makrushin added.

To secure these platforms, Makrushin suggested healthcare facilities to:

-Conduct secure software development lifecycle (Secure SDLC) or regularly perform architecture analysis, conduct penetration testing, security code review on systems being used

-Control the attack surface

-Periodically update your installed software and remove unwanted applications

-Try to remove all exposure nodes that process medical data

-Raise security awareness for every person involved

-Conduct regular cybersecurity awareness training for all staff and even patients. (PNA)