Silent Sabotage: The Dark Dance of Hacking Unleashed by Remote Access Tools
Ever since 2020, with the rise of COVID-19 cases and more companies implementing remote working, there has been an increase in remote access tools such as AnyDesk. This made it easier for employees to receive technical help from the comfort of their own homes. However, remote access comes with the risk of data exploitation. This is because there are little to no boundaries that separate the companies supplying the remote access tools and the people who receive the services. Unfortunately, this is what happened to healthcare organizations through a pharmacy supply chain and management solution provider that is available in all 50 states.
Huntress, a managed security platform, identified the attacks after noticing similar tactics, techniques, and procedures (TTPs) being done to two healthcare organizations on endpoints and actions that indicate an upsurge of cyberattacks. The hacker downloaded a payload named text.xml, which contains a C# code, which is when the craziness kicks in. This high-level programming language loads the Metasploit, which is a penetration testing framework used by hackers before exploiting a system, that would be used to attack payload Meterpreter, a security product used during pen testing. This goes into the memory of the system through non-PowerShell to bypass detection.
This all happened because it was discovered that this pharmacy supply chain and management solution provider had an on-prem instance that hadn’t been updated since 2019. So, if you are in the healthcare industry and want to steer clear of any possible hacking of your system through remote access tools, we recommend you do pen testing with us, Reaper Forensics. We go through comprehensive vulnerability assessments that go beyond surface-level scans. We will make sure to carefully look through your systems and applications to identify your system’s weak points and recommend ways to strengthen your security. Don’t repeat the same mistakes as they did and work with us to mitigate such unfortunate events.
Source: