Black Hat Europe 2023: The past could return to haunt you

The healthcare industry will, I am sure, remain a significant target for cybercriminals due to the huge potential it provides them to monetize their efforts through ransomware demands or by abusing the exfiltrated data of patients.
Operational disruption and sensitive data, such as medical records, combined with financial and insurance data offer a potential payday that simply does not exist in many other environments.
At Black Hat Europe 2023, the issue of legacy protocols being used by many healthcare organizations was presented by a team from Aplite GmbH. The issue of legacy protocols is nothing new; there have been numerous instances where equipment or systems remain in use due to the significant cost associated with replacement despite them utilizing protocols not suitable for today's connected environment.
Replacing an MRI scanner can cost as much as 500,000 USD and if the need to replace the device is due to an end-of-life notice on the software operating the device, then the risk may seem acceptable given budgetary requirements.
The troubles with DICOM. The Aplite team highlighted issues with the DICOM protocol, which is used for the management and transmission of medical images and related data.
The protocol has been widely used in the medical imagery sector for more than 30 years and has been subject to many revisions and updates.
When a medical image scan is conducted, it typically contains several images; the images are grouped as a series, and associated patient data is then stored with the image, along with any notes from the patient's medical team, including diagnoses.
The data is then accessible using the DICOM protocol through software solutions that allow access and modification.
Legacy versions of DICOM did not force the use of authorization to access the data, allowing anyone who could establish a connection to the DICOM server to potentially access or modify the data.
The Aplite presentation detailed that 3,806 servers running DICOM are publicly accessible over the internet and contain data relating to 59 million patients, with just over 16 million of these including identifiable information such as name, date of birth, address, or social security number.
The study found that just 1% of the servers accessible via the internet had implemented the authorization and authentication mechanisms available in the current versions of the protocol.
It's important to note that organizations that understand the risk associated and have taken prior action may have removed the servers from public access by segmentation onto networks that have the appropriate authentication and security measures in place to protect the patient and medical data.
Healthcare is a sector that has strict legislation and regulations, such as HIPPA, GDPR, PIPEDA, etc.
This then makes it surprising that 18.2 million of the records accessible on these publicly-facing servers are located in the US. Related reading: 5 reasons why GDPR was a milestone for data protection.
The misuse of the data accessible from these accessible servers provides cybercriminals with huge opportunity.
Extorting the patients due to the threat of publicly disclosing their diagnoses, modifying data to create false diagnoses, holding the responsible hospitals or other healthcare providers to ransom over what data had been changed, abusing patients' social security numbers and personal information, or using that information in spearphishing campaigns are just a few potential ways such data could be used to monetize the cybercrime.
Issues of securing legacy systems, that have known potential security issues, such as DICOM, should be on the radar of regulators and legislators.
If regulatory bodies that have the power to impose financial or other penalties specifically request confirmation from organizations that these vulnerable systems have the appropriate security measures in place to secure medical and personal data, it would be the motivator for those in procession of such systems to secure them.
Many industries suffer from the burden of expensive replacement of legacy systems, including the likes of utility, medical, and maritime to name but a few.
It's important that these systems are either replaced, or in situations where it may be too complex or financially difficult to replace the systems, then appropriate action must be taken to avoid these past protocols from haunting you.


This Cyber News was published on www.welivesecurity.com. Publication date: Sun, 10 Dec 2023 05:13:05 +0000


Cyber News related to Black Hat Europe 2023: The past could return to haunt you

Black Hat Europe 2023 Closes on Record-Breaking Event in London - PRESS RELEASE. LONDON, Dec. 20, 2023 - Black Hat, the cybersecurity industry's most established and in-depth security event series, today announced the successful completion of the in-person component of Black Hat Europe 2023. The event welcomed more ...
10 months ago Darkreading.com
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
1 month ago Aws.amazon.com
More than $100 million in ransom paid to Black Basta gang over nearly 2 years - The Black Basta cybercrime gang has raked in at least $107 million in ransom payments since early 2022, according to research from blockchain security company Elliptic and Corvus Insurance. The group has infected more than 329 victim organizations ...
11 months ago Therecord.media
Broadcom Merging Carbon Black, Symantec to Create Security Unit - Carbon Black's uncertain future following the closing of Broadcom's $69 billion acquisition of VMware in November is now settled, with the security software business merging with Symantec to form Broadcom's new Enterprise Security Group. The creation ...
7 months ago Securityboulevard.com
What is Word Unscrambler In Gaming? - Are you tired of getting stuck on those tricky word puzzles in your favourite mobile game? Have you ever wished for a tool to help unscramble those seemingly impossible words? Look no further because the word unscrambler is here to save the day! This ...
1 year ago Hackread.com
Black Basta's ransom haul tops $100M in less than 2 years - The Black Basta ransomware gang has raked in more than $100 million from victims of its double-extortion attacks since its emergence early last year, according to researchers. The haul - which included grabbing $9 million from one victim and more ...
11 months ago Packetstormsecurity.com
Rise of Black Hat AI Tools That Shifts The Nature Of Cyber Warfare - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
8 months ago Cybersecuritynews.com
Black Basta ransomware made over $100 million from extortion - Russia-linked ransomware gang Black Basta has raked in at least $100 million in ransom payments from more than 90 victims since it first surfaced in April 2022, according to joint research from Corvus Insurance and Elliptic. Over 329 victims ...
11 months ago Bleepingcomputer.com
Hyundai Motor Europe Grapples with Cyber Threat as Black Basta Ransomware Strikes - A California union and Hyundai Motor Europe both announced separately this week that they had suffered cyberattacks in the past month, resulting in the loss of their data. According to Black Basta, a group that first emerged in 2022 as a ...
8 months ago Cysecurity.news
Black Basta Buster Utilizes Ransomware Flaw to Recover Files - Security research and consulting firm SRLabs exploited a vulnerability in the encryption algorithm of a specific strain of Black Basta ransomware to develop and release a decryptor tool named Black Basta Buster. This tool, released in response to the ...
10 months ago Heimdalsecurity.com
New Black Basta decryptor exploits ransomware flaw to recover files - Researchers have created a decryptor that exploits a flaw in Black Basta ransomware, allowing victims to recover their files for free. The decryptor allows Black Basta victims from November 2022 to this month to potentially recover their files for ...
10 months ago Bleepingcomputer.com
Hyundai Motor Europe hit by Black Basta ransomware attack - Car maker Hyundai Motor Europe suffered a Black Basta ransomware attack, with the threat actors claiming to have stolen three terabytes of corporate data. BleepingComputer first learned of the attack in early January, but when we contacted Hyundai, ...
8 months ago Bleepingcomputer.com
Microsoft Busts Black Market for 100s of Millions of Fraudulent Accounts - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
10 months ago Hackread.com
Threats of the Week: Black Basta, Scattered Spider, and FIN7 Malvertising - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
5 months ago Securityboulevard.com
Defend Your Business: Testing Your Security Against QakBot and Black Basta Ransomware - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
5 months ago Securityboulevard.com
FBI/CISA Warning: 'Black Basta' Ransomware Gang vs. Ascension Health - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
5 months ago Securityboulevard.com
CISA spreads Black Basta advice amid Ascension infection The Register - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
5 months ago Go.theregister.com
Russian Hackers Hit Mail Servers in Europe for Political and Military Intel - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
8 months ago Hackread.com
Mirai-like Botnet Targets Zyxel NAS Devices in Europe for DDoS Attacks - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
4 months ago Hackread.com
VMware vCenter RCE Vulnerability: What You Need to Know - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
4 months ago Securityboulevard.com
5 Types of Crypto You Didn't Know Existed - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
7 months ago Hackread.com
Q3 2023 Cyber Attacks Statistics - Cookies, device or similar online identifiers together with other information can be stored or read on your device to recognise it each time it connects to an app or to a website, for one or several of the purposes presented here. Advertising ...
11 months ago Hackmageddon.com
Cryptocurrency losses reach $1.75 Billion in 2023; CeFi and Hacks Blamed - Cookies, device or similar online identifiers together with other information can be stored or read on your device to recognise it each time it connects to an app or to a website, for one or several of the purposes presented here. Advertising ...
11 months ago Hackread.com
1-15 October 2023 Cyber Attacks Timeline - Cookies, device or similar online identifiers together with other information can be stored or read on your device to recognise it each time it connects to an app or to a website, for one or several of the purposes presented here. Advertising ...
10 months ago Hackmageddon.com
16-31 October 2023 Cyber Attacks Timeline - Cookies, device or similar online identifiers together with other information can be stored or read on your device to recognise it each time it connects to an app or to a website, for one or several of the purposes presented here. Advertising ...
10 months ago Hackmageddon.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)