Healthcare is prime target of Gatak Trojan malware
The healthcare industry is the most affected by a strain of malware known as the Gatak Trojan, according to Symantec, a data security firm.
The new malware can lie undetected for extended periods, and also is capable of extending to other computers on a network in many cases, the company reveals.
In a just released blog posting, Symantec reported that healthcare organizations comprise 40 percent of Gatak victims. The automotive, construction, education and gambling industries each account for 5 percent of victims, with another 40 percent unclassified.
It is not clear how Gatak profits from attacks, but one possibility is the selling of personally identifiable information, which could explain the focus on healthcare organizations, because health records generally command a higher price, Symantec notes.
In addition, healthcare organizations often don’t have sufficient security resources, which could lead to taking shortcuts and using pirated software, increasing the susceptibility to malware attacks.
What makes Gatak so dangerous is its ability to lay dormant for long periods after infection, thus evading detection. Gatak is willingly accepted by victims because it appears to be from a vendor and offers product licensing keys for pirated software.
“The malware is bundled with the product key, and if the victim is tricked into downloading and opening one of these files, the malware is surreptitiously installed on their computer,” Symantec explains. The main module of the malware then steals information from the infected computer.
“In approximately 62 percent of incidents, lateral movement across the victim’s network occurs within two hours of infection,” according to Symantec. “In the remaining cases, lateral movement began at some point after the two-hour mark. The variance indicates that lateral movement isn’t automated and instead carried out manually by the attackers. Whether the attackers don’t have the resources to exploit all infections immediately or whether they prioritize some infections over others is unknown.”
Software product keys being offered are those most likely to be used in professional environments, according to the firm.
Software brands used to lure victims to download Gatak malware include, SketchList3D, Native Instruments Drumland, BobCad-CAM, BarTender Enterprise Automation, HDClone, Siemens SIMATIC STEP 7, CadSoft Eagle Professional, PremiumSoft Navicat Premium, Originlab Originpro, Manctl Skanect, and Symantec System Recovery (part of Veritas).
The complete Symantic blog is available here.