VERT Alert - Healthcare Malware Infections

Vulnerability Description

The FBI has observed malicious actors targeting healthcare related systems, perhaps for the purpose of obtaining Protected Healthcare Information (PHI) and/or Personally Identifiable Information (PII), the agency said in a "Flash" alert.

Exposure & Impact

Though the initial intrusion vector is unknown, we believe that a spear phish email message was used to deliver the initial malware. Once access is obtained, the actors may collect and use legitimate account credentials to connect to the targeted system, usually through VPN.

Remediation & Mitigation

Versions Affected: All versions of Windows
Not Affected: N/A
Fixed Versions: N/A

Detection

IP360

With IP360 you can use the following custom rule to check for the known versions of this malware bind the following rule to the Windows Registry application.

References

http://www.reuters.com/article/2014/08/20/us-cybersecurity-healthcare-fbi-idUSKBN0GK24U20140820