In the Fall of 2009, the security community began tracking a new wave of attacks involving the latest version of the Butterfly/Mariposa Bot malware. If a computer is infected with the Butterfly malware, it can be used to steal data stored by the victim's browser (including passwords), launch DDoS attacks, spread via USB devices or peer to peer, and download additional malware onto the infected computer.
SQL Injection attacks target vulnerabilities in organizations' web applications. "We also saw a resurgence of SQL Injection attacks beginning in October," said Hunter King, security researcher with SecureWorks. "They were being launched at legitimate websites so as to spread the Gumblar Trojan. Although SQL Injection is a well known attack technique, we continue to read news reports where it has been used successfully by cyber criminals to steal sensitive data," said King. One of the most recent cases reported involved American citizen Albert Gonzalez who was charged, along with two unnamed Russians, with the theft of 130 million credit card numbers using SQL Injection.
Factors contributing to healthcare attacks:
1. Valuable data stores – Healthcare organizations often store valuable data such as a patient's Social Security number, insurance and/or financial account data, birth date, name, billing address, and phone, making them a desirable target to cyber criminals.
2. Large attack landscape – Because of the nature of their business, healthcare organizations have large attack surfaces. Healthcare entities have to provide access to many external networks and web applications so as to stay connected with their patients, employees, insurers and business partners. This increases their risk to cyber attacks.