Trojan.Gatak, the little-known group behind the Gatak Trojan, is continuing a five-year campaign to infiltrate organizations and recently targeting healthcare entities in particular, according to a new Symantec study.
Gatak infects its targets through websites promising product licensing keys as a lure for pirated software. Gatak victims are infected as they access websites offering product key generators or “keygens” that actually provide pirated software. The malware is bundled with the product key and, if the victim is tricked into downloading and opening one of these files, it installs on that person’s computer.
Healthcare organizations are far and away the most targeted by Gatak. Of the top 20 most affected organizations (organizations with the most infected computers), 40 percent were in the healthcare sector, Symantec noted. No more than 5 percent of any other sectors were affected.
It’s unclear how Gatak is profiting from its attacks, however. Data theft is one possibility, with the attackers selling personally identifiable information and other stolen data on the cyberunderground.
“This could explain the attackers’ heavy focus on the healthcare sector, with healthcare records usually selling for more than other personal information,” the study said. “Healthcare organizations can often be pressurized, under-resourced, and many use legacy software systems that are expensive to upgrade.”
Malware will be among the topics experts address at the Privacy & Security Forum in Boston, Dec. 5-7, 2016.
⇒ Privacy & Security Forum Boston: What to expect
⇒ How to beat back hackers and savvy cybercriminals? Delve into the dark web
⇒ A CISO, consultant, and infosec vendor nail down cybersecurity best practices
⇒ Gone' phishin': Mayo Clinic shares tips for fending off attacks
⇒ Complete coverage of the HIMSS and Healthcare IT News Privacy & Security Forum
