Hackers now eyeing pharmaceutical industry, Kaspersky warns

Global cybersecurity company Kaspersky revealed an alarming trend in the pharmaceutical industry – a steady increase in the number of devices being attacked by cybercriminals. From 44 per cent of devices infected in 2017 and just a 1 per cent increase in 2018, the number of detected attempts this year shows that nearly every five in 10 devices inside a pharmaceutical facility is being targeted. 
The countries that logged the highest number of attacks are Pakistan with 54 per cent, Egypt 53 per cent, Mexico 47 per cent, Indonesia 46 per cent and Spain 45 per cent. Four more countries in the Asia Pacific region cap the top 15 nations with the highest number of devices infected. These include India, Bangladesh, Hong Kong and Malaysia with more or less four in every 10 machines with malicious attempts detected.
“While it is a known fact that money-hungry cybercriminals can earn easily by attacking banks, we have also observed that these hackers as well as cyberespionage groups are slowly paying a lot of attention to the industry of advanced medicine,” said Yury Namestnikov, head of Kaspersky’s global research and analysis team in Russia. “They are slowly realising that pharmaceutical companies house a treasure trove of highly valuable data such as the latest drugs and vaccines, the newest researches, as well as medical secrets. The rise of internet-connected operational technology [OT] inside these pharmaceutical firms also contributes to the widening attack surface inside this sector.”
Among the advanced persistent threat (APT) groups that have been waging a sophisticated spying war in the global pharmaceutical industry globally are Cloud Atlas and APT10, also known as MenuPass. 
“Based on our monitoring of several APT actors’ movements in the Asia Pacific and globally, we figured that these groups infect servers and exfiltrate data from pharmaceutical companies. Their attack techniques and behaviour also prove that these attackers’ apparent goal is to get their hands on intellectual properties related to the latest medical formulas and research results as well as the business plans of their victims,” Namestnikov said.

Vulnerabilities in open source EMR-systems and its dangers
Denis Makrushin, security architect at Ingram Micro, pointed out the risks that come along with the steady migration of hospitals from paper-based data storage to electronic medical record (EMR) systems. He further noted that healthcare organisations, scrambling to digitise their data storage, consider open-source EMR web-portals as an easy and quick option, despite the known security challenges.
“We are seeing fewer printed or hand-written medical books inside hospitals and clinics worldwide due to the advent of open source. Given their limited internal IT workforce, healthcare institutions opt to use convenient services such as OpenEMR, OpenMRS or similar web applications. This technology’s rapid adoption triggers an increase in threats against this widely-used services,” Makrushin said.
OpenEMR and OpenMRS are open platforms for medical practice management. Any organisation can use this product for business without restriction. The source code of this product is also available for any developer. In addition, this software has certifications from trusted organisations.
“Their free and open nature make these EMR-applications highly sensitive to cyberattacks. There have been a lot of security patches released as researchers unmask one exploit after another. I, myself, have discovered vulnerabilities in these applications. A hacker can inject malicious code at the initial stage of registration, and portray himself as a patient. From this, malicious actors can infect the portal’s page and collect medical information from all users of the portal, including doctors and admins. These data can be easily exfiltrated,” he added.
To secure this platform, Makrushin suggests healthcare facilities to:
• Conduct secure software development lifecycle (Secure SDLC)
• Regularly perform architecture analysis, conduct penetration testing, security code review on systems being use
• Control the attack surface
• Periodically update the installed software and remove unwanted applications
• Try to remove all exposure nodes that process medical data
• Raise security awareness for every person involved
• Conduct regular cybersecurity awareness training for all staff and even patients