The U.S. Department of Homeland Security (DHS) recently issued an alert from its National Cybersecurity and Communications Integration Center (NCCIC). The alert detailed particularly sophisticated malware attacks that are targeting several industries, including energy, manufacturing, health care, and public health sectors.
These attacks utilize several variants and families of a malware that mimics legitimate monitoring tools, making them difficult to detect. Organizations that do not employ appropriate defenses will find that cybercriminals can achieve full network and data access.
One malware variant, REDLEAVES, can send system information back to the hacker's server. PLUGX is another variant that takes screenshots and retrieves files, then sends the data using encoded communication to disguise the activity.
Officials at NCCIC strongly encourage organizations to establish "multiple defensive techniques and programs…to provide a complex barrier to entry, increase the likelihood of detection, and decrease the likelihood of a successful compromise." Jessica Davis "Feds warn of new, highly sophisticated malware campaign," healthcareitnews.com (May 8, 2017).