containing the outbreak: the healthcare security pandemic

© 2016 Avecto Ltdavecto.com

Containing the outbreakThe healthcare security pandemicJames MaudeSenior Security Engineer

2016 Avecto Ltdavecto.com

© 2016 Avecto Ltdavecto.com

Introducing James Maude

James MaudeSenior Security Engineer

› Broad remit in endpoint security research, conducting in-depth analysis of malware and penetration testing to identify attack vectors and trends in the evolving security landscape.

› Active involvement in the security research community

› Background in Digital Forensics & Research

© 2016 Avecto Ltdavecto.com

What is happeningRansomware strains

Attack vectorsExplore solutions

Agenda

2016 Avecto Ltdavecto.com

© 2016 Avecto Ltdavecto.com

Ransomware’s impact on the healthcare market has been headline news.

© 2016 Avecto Ltdavecto.com

Ransomware has exploded over the past 12 months

© 2016 Avecto Ltdavecto.com 2016 Avecto Ltdavecto.com

© 2016 Avecto Ltdavecto.com

› Same group as successful Dridex banking trojan campaigns› Phishing Word document contains dropper macro› Encrypts data on local drives and network shares› Attempts to erase local backup copies of files

Locky Analysis

2016 Avecto Ltdavecto.com

© 2016 Avecto Ltdavecto.com

› Evolves quickly, usually undetected ( VirusTotal )› Multiple strains tested in Avecto labs – all stopped proactively

2016 Avecto Ltdavecto.com

Locky Analysis

© 2016 Avecto Ltdavecto.com 2016 Avecto Ltdavecto.com

Example of a free ransomware kit on the dark web

© 2016 Avecto Ltdavecto.com 2016 Avecto Ltdavecto.com

Makes generating ransomware payloads easy

© 2016 Avecto Ltdavecto.com

› Low barrier to entry› Increasingly looking for high value targets› Network shares and mounted devices› Decrypting not an option› Constantly evolving to bypass defences

Ransomware Evolution

2016 Avecto Ltdavecto.com

© 2016 Avecto Ltdavecto.com

› A lot of shared time critical data = high value› Aging and vulnerable systems› Admin rights required for legacy apps› Security not top of agenda

Why is healthcare a target?

2016 Avecto Ltdavecto.com

© 2016 Avecto Ltdavecto.com

› 35% of NHS trusts run XP› 14% have no transition date set› Melbourne Health and QBot

The aging population

2016 Avecto Ltdavecto.com

blog.avecto.com

© 2016 Avecto Ltdavecto.com

© 2016 Avecto Ltdavecto.com

CSOChief Security Officer

› Advanced network appliance› Patched and updated› Award winning AV software› SIEM and SOC› User opens a word doc..

How good security can be undermined by ransomware

© 2016 Avecto Ltdavecto.com

How to prevent the infection?

2016 Avecto Ltdavecto.com

© 2016 Avecto Ltdavecto.com

› Right medicine in the right dose› Least Privilege

› Screen and establish a baseline› Whitelist

› Isolate the vulnerable› Sandbox applications that

introduce infections

Immunisation

2016 Avecto Ltdavecto.com

As recommended by:

© 2016 Avecto Ltdavecto.com

• Isolates browser, downloaded content and email attachments• Mitigates ransomware / web threats• Protect data and contain unknown threats

• #1 Defense strategy• Easy to achieve whitelisting• Regain control of unknown applications

• Mitigates 85% Critical Windows vulnerabilities• Protect user and system• Privileges when you need them

© 2016 Avecto Ltdavecto.com

Preventing ransomware in healthcare is possible!

1.

Get proactive, reduce the

attack surface2.

Foundational security

starts with the endpoint

3.

Prevention is possible

Visit www.avecto.com for more details.