Cybersecurity
Cyber Threat Intelligence, Alerts and Reports
As part of the AHA’s commitment to helping hospitals and health systems prepare for and prevent cyber threats, we have gathered the latest government cyber threat intelligence and alerts and Health Information Sharing and Analysis Center (H-ISAC) reports.
You may be asked to enter your AHA member credentials to view certain reports and intelligence alerts.
Cybersecurity & Risk Advisory
Learn how AHA can help hospitals and health systems prepare for and mitigate cyber threats through the expertise of John Riggi, AHA’s National Advisor for Cybersecurity and Risk.
In this edition, Hacking Healthcare revisits digital contact-tracing to keep you updated on the latest
developments around the world and will remind you about the ingenuity of malicious actors by recounting how LinkedIn was weaponized to compromise European aerospace and defense firms. Lastly…
On June 17, 2020, researchers reported on a bus driver installed by FabulaTech for their “USB for Remote Desktop” software that has a vulnerability (tracked as CVE-2020-9332). The vulnerability allows a non-privileged user to potentially take over a targeted device on the network.
LokiBot Malware Threat to Healthcare, June 16, 2020
Lokibot is an information stealer; the main functionality of its binary is to collect system and application credentials and user information to send back to the attacker.
Pony malware, also known as Fareit, Classified by Trend Micro as a Trojan-Spyware, this crimeware is primarily used to steal user and File Transfer Protocol (FTP) credentials and passwords, download other payloads, and bring compromised systems into a botnet.
Formbook is an information stealing malware, also known as “form grabber” malware. The malware is installed on victims’ computers when they visit malicious websites or domains.
Lokibot is an information stealer; the main functionality of its binary is to collect system and application credentials and user information to send back to the attacker.
Nanocore is a particularly sophisticated Remote Access Trojan (RAT) that has been used by criminals to gain complete control over victim’s devices, including logging keystrokes and screen activity, manipulating private files and sensitive data, controlling surveillance systems like the webcam and…
Agent Tesla is an established Remote Access Trojan (RAT) written in .Net. A successful deployment of Agent Tesla provides attackers with full computer or network access; it is capable of stealing credentials, sensitive information, keystrokes, screen and video activity, and form-grabbing.
Remcos RAT, or remote access tool, is a legitimate application intended for use by administrators for remote access and maintenance. It has recently been used as part of attempted cyberattacks, leveraging COVID-related phishing themes to disguise it as part of the payload.
Dridex was originally developed as a financial Trojan that makes initial contact with its victims via phishing email campaigns and is one of the most prevalent malwares in use today.