Two more healthcare networks caught up in outbreak of hospital ransomware through very old vulnerability | Ars Technica

I have been developing a cybersecurity exploitation and threat lifecycle model and this article caught my attention in it highlighting the evolution of the deployment of the ransomware tech. Initially spread through phishing, it is now being used as the payload in the attacks. Interesting.

This also creates an interesting base cost of not safeguarding a network environment. Consider that the attacks are becoming automated (automatic identification of a server running known vulnerability and then automatic installation of malware which then automatically takes over network for ransom) the attacks scale easily, and there is a bit of near certainty here. More thoughts, developed out with hard data, to come on this topic.

“This is really one of the first times we’ve seen ransomware spread by a network vulnerability,” Craig Wilson of Talos Research told Ars, …The malware, called “Samsam” by Talos, uses old, very public exploits right out of JexBoss—an open source vulnerability testing tool for JBoss. Once the malware has a foothold on the server, it spreads to Windows machines on the same network. “I wouldn’t be surprised if this [malware approach] was extended toward WordPress and other content management systems,” Wilson said. “This is really just the natural progression of ransomware.”

Source: Two more healthcare networks caught up in outbreak of hospital ransomware | Ars Technica




Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s