15
Nov
2019

Moving Targets
FireEye researchers paid close attention to a particular group dubbed APT41, which has maintained an interest in targeting healthcare organizations since 2014. In the two years that followed, APT41 went after the medical device subsidiary of a larger company, using a multi-pronged attack that included password strings, spoofed domains, and a keylogger—a device that monitors and records keystrokes. In the process, APT41 also compromised and took control of a digital certificate that was used to sign malware and “legitimize” later attacks in the healthcare sector, including a 2015 attack on a biotech company. The attack acquired sensitive information about corporate operations, as well as clinical trial data for drug development and R&D funding documents. And most recently, in 2018, APT41 used a brand of spear-phishing malware called Crosswalk to attack staff at a U.S.-based healthcare center. Although that center has gone unnamed in the report, it notes that several medical researchers were fired from the MD Anderson Cancer Research Center after suspicions that research was being stolen for the Chinese government.In Their Shoes
If you want to defend effectively against cyber attacks, you need an evaluation process that thinks like the attackers—and no one understands them better than the experts! Our Red Team Assessment is a comprehensive simulation process that tests your organization’s defenses against the strategies and thinking of a real-world threat. We’ll put your systems through the latest and most dangerous attack methods, including:- Penetration Testing (internal and external)
- Social Engineering/Phishing Attacks (by phone, email, and in-person; we take this to the next level by attempting an actual breach of your network)
- Physical Access (perimeter sweep, building access, secure interior room access)
- Black Box (planting rogue remote-access devices in the production network)
- Secure Document Disposal (secure/common waste disposal, dumpster inspection)
- Wireless (forged authentication, encryption testing, device spoofing)