Healthcare

Crypto-miner Infects over 800 Endpoints in Medical Tech Company

14 - 21 January 2020

A company in the medical tech sector was infected with a cryptocurrency miner that spread across more than half its network.
Cyber_News_Healthcare

A company in the medical tech sector was infected with a cryptocurrency miner that spread across more than half its network. The malware uses steganography to evade detection by hiding its modules in WAV audio files. It also scans the network and moves laterally to other vulnerable Windows 7 machines via the SMB1 exploit, EternalBlue. Infected computers will run a PowerShell script for loading a payload that mines the Monero cryptocurrency. More than 800 computers were affected since the initial compromise in Oct 2019.

References:

Threats Making Wavs – Incident Response to A Cryptomining Attack

More Weekly Cyber Newsanalysis and insights

Ensign Consulting

Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.​

Ensign Systems Integration

Architecting and implementing cybersecurity solutions that bolster defences

Ensign Managed Security Services

Managing your security operations for advanced threat detection, continuous monitoring, and triage services

Ensign Labs

Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence