Happy new year, and welcome back to Corum’s Did You Know cyber security awareness and education series. We are beginning the series with a focus on cyber incidents and incident response. We recently assisted one of our Cyber Defence customers with an interesting cyber incident and thought it might be an “eye-opener” for many of our customers.
One of Corum’s Cyber Defence customers contacted me to share a letter emailed from ADHA. The letter stated:
As we monitor and protect their computers as part of our Cyber Defence service, we were immediately concerned and began investigating. We discovered that the Mirai Botnet compromised the Pharmacy CCTV system, an aging Linux-based system. The CCTV provider had made the admin interface for the CCTV accessible on the internet, which had let the device be discovered and infected.
What is the Mirai Botnet?
Mirai is malware that infects smart devices such as CCTV cameras, cheap routers, and other Internet of Things (IOT) devices, turning them into a network of remotely controlled bots or “zombies”. This network of bots can launch distributed denial of service (DDoS) attacks.
Mirai will even purge any pre-existing malware to ensure the device is securely locked into the botnet. Under the control of the botnet creator, the IoT hardware can then be forced to scan the internet for other vulnerable devices to exploit, ensnaring yet more victims in the Mirai botnet.
For more information on the Mirai botnet, this article and CSO online provide some fascinating insight.
The scanning for more devices can alert government departments such as ADHA to the infection. Scanning other systems mean your public IP address will turn up in cyber tracking systems and be flagged as an abusive IP.
Impact to You
Suppose your public IP address ends up on the list of known abusers and is suspected of malicious traffic (called Indicators of Compromise or IOCs). In that case, ADHA or other government agencies (Medicare, PBS etc.) will disable your access to digital health systems such as My Health Record and Electronic Prescribing (Active Script List).
This means you will need to investigate the suspected incident and respond to it with a formal report detailing what you have done to resolve it and what steps you have taken to prevent the event from occurring again.
How Do You Protect IOT Devices
Protecting IOT devices from malware is generally impossible with traditional antivirus measures as they are not designed to run third party software such as anti-virus.
The best defences are:
Speak to your local IT provider and CCTV supplier and make sure that:
The good news for this customer is that the malware infected none of their pharmacy dispensing or point-of-sale systems because of the protections from Corum Cyber Defence. As part of our service, we are helping them with responding to the ADHA and advising on replacing their aging and vulnerable CCTV system.
Next week, I will outline more details about ADHA powers to require you to help with the investigation, what steps are required to investigate an incident and how you can be better prepared and protected.
If you are worried about the security of your pharmacy systems and want to know how you can implement strong security in your pharmacy and protect yourself from ransomware, speak to your Corum Customer Success Manager or contact us on 1300 669 865.