15 Nov 2019
In recent months, we’ve talked about cyber attacks designed to corrupt and hold data hostage. We’ve investigated identities stolen and repurposed for sale on the black market, and taken a look at the consequences of neglecting compliance standards. However, when international forces strike in the name of industrial espionage, the game changes—and so does the motive. In a report issued by cybersecurity company FireEye, researchers warn that advanced persistent threat (APT) groups from China are targeting cancer research facilities around the world to steal their work. The report suggests that due to national rates of cancer and mortality and the cost of healthcare rising, these groups represent the country’s interest in accessing research as soon as possible. There may be a commercial advantage to these efforts as well; researchers speculate that the fast-growing Chinese pharmaceutical market could potentially use newly obtained cancer research to put out their medications more quickly. But why not just partner with other nations leading the charge in cancer research? For one, the boom in the national pharmaceutical market means that now more than ever, domestic oncology corporations have increasingly lucrative opportunities. Research and data stolen from international studies allow them to put new drugs on the market even faster than their competitors without having to bow to diplomatic or industrial expectations.
Moving TargetsFireEye researchers paid close attention to a particular group dubbed APT41, which has maintained an interest in targeting healthcare organizations since 2014. In the two years that followed, APT41 went after the medical device subsidiary of a larger company, using a multi-pronged attack that included password strings, spoofed domains, and a keylogger—a device that monitors and records keystrokes. In the process, APT41 also compromised and took control of a digital certificate that was used to sign malware and “legitimize” later attacks in the healthcare sector, including a 2015 attack on a biotech company. The attack acquired sensitive information about corporate operations, as well as clinical trial data for drug development and R&D funding documents. And most recently, in 2018, APT41 used a brand of spear-phishing malware called Crosswalk to attack staff at a U.S.-based healthcare center. Although that center has gone unnamed in the report, it notes that several medical researchers were fired from the MD Anderson Cancer Research Center after suspicions that research was being stolen for the Chinese government.
In Their ShoesIf you want to defend effectively against cyber attacks, you need an evaluation process that thinks like the attackers—and no one understands them better than the experts! Our Red Team Assessment is a comprehensive simulation process that tests your organization’s defenses against the strategies and thinking of a real-world threat. We’ll put your systems through the latest and most dangerous attack methods, including:
- Penetration Testing (internal and external)
- Social Engineering/Phishing Attacks (by phone, email, and in-person; we take this to the next level by attempting an actual breach of your network)
- Physical Access (perimeter sweep, building access, secure interior room access)
- Black Box (planting rogue remote-access devices in the production network)
- Secure Document Disposal (secure/common waste disposal, dumpster inspection)
- Wireless (forged authentication, encryption testing, device spoofing)