Cloud 9 Advisers

    Supplier Spotlight: Vigilant Technology Solutions

    02/19/2020 12:13 PM By Chuck F

    Malware Found on Patient Medical Monitoring Devices

    by: Vigilant Technologies and David Dickmeyer

    Cloud 9 Supplier Spotlight:  Vigilant Technology Solutions

    Vigilant helps you avoid catastrophe by giving you full network visibility to see threats 98-days sooner than the industry average! 

    Why, does it seem that companies are falling victim to hackers left and right? To add insult to injury, these are not ordinary companies we are talking about. They are companies ranging from Fortune 500s and major retailers to banking institutions, all with very large security budgets intended to maintain the security of their customer’s data. These incidents lead organizations to ask themselves three important questions
        1. If all of these companies are compliant with industry regulations, how is it they are still so successfully attacked?
        2. With security budgets of giant companies in the millions, how will I ever be able to afford protecting myself?
        3. If Firewalls, logging, and AV are getting better all the time, how do these attacks go undetected?


    CyberDNA is a managed network security monitoring service from Vigilant LLC. and successfully reduces the overall cyber risk to an organization by proactively monitoring the customer’s network for signs of anomalous activity that could be indicative of an active compromise, misconfigurations, or other notable security risks. To allow customers to see the added value of CyberDNA over and above industry leaders, Vigilant offers a proof-of-value, free trial period, which produces a detailed threat report of our findings. This written report contains the findings from that free trial and highlights the value of having a fully managed continuous network security monitoring service.


    Why your Network Loves Ebola

    The headline might seem a bit dramatic, but there really is a correlation between diseases, how (and when) they are treated, and how your network and company data are protected – specifically, how antivirus works.


    Modern medicine is amazing. It seems like every other week another news story comes out about some major breakthrough, some miracle treatment for a disease once thought to be incurable. It has become so commonplace, in fact, that we often find ourselves scratching our heads, impatiently wondering why all disease can’t simply be cured. 

    We’ve become so accustomed to miraculous breakthroughs that it takes something extraordinary – a disease of incomparable fear - to make us take notice. In the 1940s and 50s, it was Polio. In the 1980s, it was HIV and AIDS. Today’s scariest threat is Ebola.

    More recently, we’ve observed the spread of Ebola throughout sub-Saharan Africa. What started as a couple isolated cases quickly spread to dozens, dozens begat hundreds, and hundreds were quickly morphed into thousands.

    But this is the where the cold, hard truth of modern medicine comes into play. While seemingly miraculous to the yet uninfected, the discovery and synthesis of treatments for some of our most troublesome and problematic medical disorders comes at the ultimate sacrifice of those unlucky enough to have been exposed before us. How many thousands died of HIV and AIDs before a cocktail of drugs was identified to control its symptoms? How many children were left stricken with Polio before Jonas Saulk synthesized his vaccine?

    Ebola is no different. In order for people to be protected from Ebola, other people, unfortunately, need to get sick and often times die from it. It’s in this critical mass of early sufferers that treatment will be found. As more people get sick, more opportunities for study arise – more opportunities for testing treatments.

    This phenomenon is the same with most modern-day “cyber-diseases". And the “cures”, like antivirus, next-generation firewalls, or intrusion detection and prevention solutions, all come from a method called signature-based detection. Signature-based detection at its core is the data security equivalent of antibiotics and vaccines. It is a treatment for an illness that has already infected many others – hopefully before you. But, like many vaccines, it isn’t necessarily responsive. Other networks had to be infected with the disease first before any of the technologies had the ability to detect it. Therefore, widespread detection capabilities are merely reactive. They are only designed to discover known threats and if it doesn’t know about them, it can’t detect them.

    Our largest challenge as defenders and cybersecurity professionals is that threats are constantly changing. Hackers are targeting companies with specific tactics – tactics designed for exploiting an individual system, organization, or end user – not just widespread threats. It’s like a disease designed specifically to make you and only you sick. There’s no way to benefit from others prior illness. Signature based detection, which gives many network administrators a sense of security, is certainly good to have, but it’s only one layer of security – and not a terribly effective one on targeted attacks. 

    Targeted tactics are why hackers can infiltrate and remain inside organizations undetected for up to 215 days on average and why big organizations are struggling to defend against them.

    Protecting your network and data today requires multiple layers of security and the ability to identify any abnormality – often the symptoms before a diagnosis. Network visibility is the essential prerequisite to effective security.

    Case Study: Malware Found on Patient Medical Monitoring Devices

    Vigilant was engaged by a Healthcare Provider who was experiencing a sudden and extreme drop in bandwidth within their infrastructure. Their IT staff had been working on the problem for two weeks without any detection or artifacts of the problem visible in their existing IDS/IPS or logs. Something was eating up their bandwidth and bringing them to a grinding halt. Upon starting the engagement, Vigilant installed its CyberDNA sensors that would give the best ability to collect all traffic traversing the customer network. 
    CyberDNA is agentless, meaning there is no software loaded on any customer devices, which also ensures that the attacker is not aware of the monitoring device/service. This further reduces the risk of any potential attacker’s countermeasures. We strategically placed our sensors in a manner that will not alert the attacker of our presence while still allowing full visibility. The remote attacker has to travel across the network at some point on their way out to the internet. This allows for an interesting vantage point of our detection and monitoring tools as no matter how the attacker tries to conceal themselves they still have to travel on the network and are detectable by the CyberDNA sensors and the Vigilant analyst team. Vigilant’s approach gives immediate visibility and can inform a customer in real-time about what is happening in the deepest parts of their network. It’s like turning on the lights late at night to see if there is a monster in the room, although you hope there isn’t one. If there is, however, now you know and can take appropriate actions. Within minutes of turning on Vigilant’s CyberDNA service, our analysts were able to detect that multiple heart monitor devices at one of the hospital’s remote locations were running an embedded operating system infected with a botnet known as Conficker. They may never have known what was going on or that they were on heart monitors hooked up to patients however the attackers were using these devices to attack other locations on the internet and brought down the hospital’s network in the crossfire. There were two problems here, first, the Conficker worm was bringing their network down, and second, the devices were running outdated and non-compliant operating systems that were connected to patients. 
    While the Conflicker worm, sometimes referred to as Downad, was first discovered over 12 years ago in November of 2008, many recent reports show that it is still highly active and is the worm that just won’t die. At its peak Conflicker managed to infect over 9 million systems worldwide, making it one of the most prolific malware of its day. 
    When using third-party software or devices like Point-of-Sale (POS) systems in retail, medical devices in healthcare, door-entry and other “smart” sensor systems in buildings, etc. businesses are at the mercy of the vendor’s level of security--or, the weakest link in the chain. If the vendor makes a mistake it can cost you. Vigilant CyberDNA gives you visibility into these devices without needing to have additional agents installed. By doing this we can show you all software and operating systems running on your network. We keep your vendors honest about security and greatly reduce your risk and exposure.
    This attack was carried out by tactics that Vigilant detects every day. Without the visibility that Vigilant brings it would have likely gone undetected in this victimized organization because their other advanced detection tools simply couldn’t see it.
    Summary:

    • The patient medical devices running an embedded operating system were first infected with Conficker behind the hospital firewall and were later activated.
    • The effects of the infected devices caused a sharp decrease in bandwidth across the hospital's network resulting in applications being rendered unusable.
    • All previously installed and active IDS/IPS and detection methods available within the hospital network did not see or know about the outdated operating system nor the Conficker infection.
    • CyberDNA was placed, agentless, within the environment and immediately detected both the non- compliant OS and that Conficker was the source of the bandwidth draw.
    • Vigilant’s analyst team notified the customer of the infected systems. The customer removed the systems from the patients, cleaned them and notified the manufacturer of the vulnerability.

    About Vigilant

    Vigilant Technology Solutions is a cybersecurity firm based out of Cincinnati, Ohio providing security detection and prevention solutions. Vigilant is strict in it methodology of separating threat detection from threat prevention, using two tools: CyberDNA and MEP (Managed Endpoint Protection). Remarkably affordable and extremely effective, we work with businesses of all sizes in all industries. Vigilant is particularly effective with businesses in heavily regulated industries like finance and healthcare and we actively work with numerous Fortune 500 companies around the world, Vigilant has been operating since 2009, is privately held (and will remain so) with no outside investment funding.


    Vigilant helps you avoid catastrophe by giving you full network visibility to see threats 98-days sooner than the industry average. 
    Learn More

    Contact Cloud 9 Advisers to see if Vigilant and their CyberDNA (detection) or MEP (protection) security solutions are right for your business. Cloud 9 Advisers is 100% vendor-agnostic. If Vigilant is not right for you we'll help steer you to the right company and solution from over 200 service providers in our curated Supplier Portfolio

    Cloud 9 Advisers

    Every company wants to be your partner, but let’s face it, if they are selling you something, they’re not your partner, they’re just another vendor. Cloud 9 is different. We don’t actually sell anything and we don't charge our clients. We become a complementary extension of your team and help manage the often overwhelming process of finding, evaluating, and selecting the right technologies and competitive providers. Cloud 9, together with our distributors, is made up of more than two-hundred and fifty staff, all devoted to helping you save time and money. Our curated Supplier Portfolio contains nearly two-hundred of the best service provider companies. We are one of the largest buyers of technology in the country. Through us, you’ll get the collective buying power of thousands of other clients. Consider us your informed buyers, strategic partners, and technology advisers. We are impartial, unbiased, and vendor-agnostic. We sit on your side of the table to help you find, evaluate, and negotiate with service provider companies. We’ll help you design the right solution and identify the best technologies. We’ll get pricing from multiple competing companies, then guide you through the evaluation and procurement process. Use our evaluation tools for documentation and due diligence. Plus, have our entire team at your disposal before, during, and after the acquisition of your new services, for as long as you’re in business.


    Technology Partners. Strategic Advisers.

    Contact Cloud 9
    Tags :
    Categories :

    Make smart cloud & IT investments quickly and confidently using our Pathfinder platform and vendor-neutral engineering teams to guide your decisions. 


    We provide clients with comprehensive, board-ready information about the vendors  and validate the solutions and business value so you can make confident IT buying decisions and solve problems fast.


    • Clarity to make quick decisions
    • Remove vendor fatigue
    • Reduce risk in decision making
    • Streamline the IT buying process

    Solutions

    We help companies buy important stuff!

    © 2009-2023 Cloud 9 Advisers, LLC    -    (202) 996-0757      Consulting@Cloud9Advisers.com