A hospital with 2,000 employees in the E.U. deployed Cynet protections across its environment. The hospital was in the process of upgrading several expensive imaging systems that were still supported by Windows XP and Windows 7 machines. Cynet protections were in place on most of the Windows XP and Windows 7 machines during the upgrade process, ensuring that legacy operating systems would not cause vulnerabilities or delay the activation of an incident response plan.
The Attack
Along with Cynet, the hospital implemented advanced authentication for doctors to access systems that contained sensitive patient information in the form of a USB key. The USB key contained a hidden partition with a digital certificate used to digitally sign and log the user’s activities. The USB drive could also be used as standard removable media storage for the user.
Unfortunately, because users could use the USB key to store files from any device, one of the USB keys became infected with malware. The malware was embedded in a JPEG image file, among many image files on the USB device. When the doctor used the USB key to retrieve diagnosis images from a Windows 7 machine, the media portion of the key pushed the infected images to the machine. Because the machine was connected to the hospital network, this could allow the attacker to move laterally and ultimately exfiltrate sensitive data or cause other harm.
Cynet Protections
Fortunately, Cynet protections immediately detected the malicious file and quarantined it before it could execute. This attack underscores the need for layered security as even when the advanced authentication protections were leveraged to execute malicious code, the device protections in place detected the malicious code and prevented it from executing. It also reinforces the importance of a well-prepared incident response plan.
Source: https://thehackernews.com/