Devices on the Internet of Things are a weak point in many networks. Too often, they have outdated operating systems and poor security protection. IT administrators can’t get at their internals. Deploying insecure devices in healthcare systems can produce especially damaging consequences.
Health-related data is a prime target, and the legal penalties for failing to protect personal health information are severe. An infected device may not function properly, putting patients’ health and even lives at risk.
Current risks of medical IoT devices:
- With the number of IoT devices growing from millions to 100s of millions centralized processes cannot scale
- Current processes are vulnerable to variety of threats.
Attacks on devices through MEDJACK
The MEDJACK attack provides a case in point. It’s a set of malware tools that target medical devices. MEDJACK takes advantage of weaknesses in older operating systems which are embedded in devices. They include Windows XP, 2000, and Server 2003, as well as some Linux distributions. It has gone through several revisions, each time devising new ways to bypass defenses.
It follows the “command and control” model, where it installs malware in a device which then sends data to a server that belongs to the attacker. The aim is to exfiltrate confidential data on the patient or the provider. Such data has high resale value. The devices serve as a pivot point from which the malware can reach other systems on the network.
The difficulties in defending against MEDJACK
Several factors make it difficult to detect and defend against these attacks. The devices are usually black boxes to the IT department. There often is no way to connect a console to them. Installing anti-malware software is difficult. Even if there is a way to do it, it may be inadvisable, since it would modify the behavior of an FDA-certified device. If a desktop computer stops running properly because of security software, it’s a nuisance that can be fixed. If a lifesaving device has the same problem, the consequences could be much worse.
As a result, the IT department is dependent on the manufacturer to issue security patches. Some manufacturers are slow at this. Some are reluctant to update certified devices, even though the FDA has issued guidelines stating that security patches don’t require re-certification of the device.
TrapX report – a case of malicious penetration
TrapX’s report, “Anatomy of an Attack,” describes three breaches that resulted from MEDJACK. They are similar in many ways, and a detailed look at the first will be informative.
A hospital, not named in the study, experienced several security alerts. The point of penetration was three blood gas analyzers, which had been breached in separate attacks. They had set up backdoors in the local network and were sending hospital data to a server in Europe. The amount of data stolen is uncertain, but there clearly was a breach.
After gaining a foothold in the devices, the attack used malware such as Zeus and Citadel to find passwords to other systems. The devices stored their data without encryption, simplifying the acquisition of confidential information.
Blood gas analyzers are used for critical treatment. They can’t simply be pulled out of service. Remedying the malware problem, even when it is known, is a difficult task.
The hospital had respectable network security. It had a firewall, heuristic intrusion detection, endpoint security, and antivirus software. These were insufficient to prevent intrusion because the devices had antiquated operating systems and because it was impossible to install security software on them.
TrapX concluded that the attackers could have not only stolen data but modified internal data. While the report doesn’t indicate that malicious modifications occurred, a similar attack could make devices produce false data on patients. That could lead to deadly errors in treatment.
Benefits of blockchain integration
Manufacturers using enabled blockchains can construct authorization/authentication databases. The QBRICS enterprise platform presents a unique example of an integrated blockchain solution. QBRICS proposes that authorization/authentication databases be propagated to read-only permission blockchain databases downstream using proprietary transmission protocols. A plugin provided by the blockchain platform on IoT devices would then authenticate using the most proximate database. Fully deployed, relevant data from inventory, operational analytics (usage), marketing perspective would be readily accessible for consumption by business intelligence tools.The complete solution would provide:
- No rogue devices (stolen devices, unauthorized vendors etc)
- Near-universal availability of device information (including software and hardware)
- Device movement and location information
- Device usage information
- Device software upgrades easier (as targets easily identified, maintenance becomes easier)
As this case shows, IoT-based attacks are difficult to prevent and detect. Several actions, however, can reduce the risk:
- Take security features into account when selecting devices, when information on them is available.
- Keep IoT devices on a separate subnetwork which doesn’t have access to critical information.
- Use firewalls to strictly limit inbound and outbound access to IoT devices.
- Run frequent security scans for any signs of infection.
- Doing without the devices is rarely an option. The only alternative is to give extra attention to their security.
Subscribe to stay up to date with the latest blockchain innovation in healthcare .
Subscribe to receive blockchain analysis of cyber security threats in healthcare. e
Brennan is a blockchain technical adviser in the healthcare sector and blockchain entrepreneur who has worked on developing proprietary concepts for both artificial intelligence and enterprise blockchain. He is a graduate of Rutgers University School of Health Professions where he earned a M.S. in biomedical informatics.
Bitcoin Shakes Off Dollar Rebound But Beware Of Coming Bear Phase
Bitcoin has barely flinched in the face of the dollar’s best attempt at a rebound in over a year. The greenback is trying to stage a comeback against the top cryptocurrency, which has left the global reserve currency battered and beaten.
Although Bitcoin has fended off the advance in USD, if history repeats and the dollar surges, a short term » Read more
” href=”https://www.newsbtc.com/dictionary/bear/” data-wpel-link=”internal”>bear phase could be coming to the crypto market soon.
The Badly Beaten Dollar Begins Breakout And Bounce
2021 thus far has been Bitcoin’s best year on record. 2020 was among the dollar’s worst as sentiment turned negative and inflation fears pushed investors toward hard assets like gold and crypto.
However, according to the DXY Dollar Currency Index, which weighs the dollar against a bucket of other national forex currencies, a comeback is in the making.
The dollar is breaking out from a falling wedge. Will crypto respond? | Source: DXY on TradingView.com
The chart above shows the DXY breaking out from a falling wedge pattern, and coming back down to retest the former resistance line as support. With the retest complete, a stronger push higher should result.
Related Reading | Dollar, Divergences, & More: Here’s Why Bitcoin Could Soon Bounce
Thus far Bitcoin has remained largely unaffected by the dollar’s advance, despite one half of the cryptocurrency’s main trading pair featuring the fiat currency.
A bullish MACD crossover will confirm the breakout as it has in the past | Source: DXY on TradingView.com
Coinciding with the breakout of the falling wedge, on higher timeframes, the MACD – a momentum indicator – is starting to turn upward. Past instances of the same pattern breaking upward combined with a bullish crossover on the MACD has led to sustained upside in the DXY.
How A Reversal In The Greenback Could Send Bitcoin Into A » Read more
” href=”https://www.newsbtc.com/dictionary/bear/” data-wpel-link=”internal”>Bear Market
Although the leading cryptocurrency by market cap has shaken off the greenback’s rebound thus far, a » Read more
” href=”https://www.newsbtc.com/dictionary/bear/” data-wpel-link=”internal”>bear phase could soon be coming that sets back the current uptrend for some time.
” href=”https://www.newsbtc.com/dictionary/bear/” data-wpel-link=”internal”>bear market in Bitcoin, as pictured below.
Each bullish crossover in the dollar led to a crypto » Read more
Bitcoin has been an uptrend for nearly a full year – since Black Thursday in 2020 – but time could be running out. The MACD hasn’t fully crossed over just yet, but has begun to turn upward.
Related Reading | This Unique Take On Bitcoin Suggests A Bear Phase Is Near
However, not all is lost for Bitcoin and the rest of the crypto market. An inverse head and shoulders on high timeframes might have completed on the DXY, which after a throwback to the trendline to confirm it as resistance, could result in the largest collapse in the dollar’s history, and its eventual undoing.
Upside in the dollar could ultimately be limited, benefiting Bitcoin | Source: DXY on TradingView.com
Such a scenario would suggest a bear phase in Bitcoin will arrive sooner than later, but that it will be much shorter-lived than previous » Read more
” href=”https://www.newsbtc.com/dictionary/bear/” data-wpel-link=”internal”>bear markets, and once it ends, the leading cryptocurrency by market cap could completely take over as the global reserve currency.
Of course, there’s no telling what the dollar could do from here, or if this time is actually different.
Featured image from Deposit Photos, Charts from TradingView.com
Mainnet launch and NFT sale lift Aavegotchi (GHST) to a new all-time high
Nonfungible tokens (NFTs) have rapidly become the new hot topic in the cryptocurrency sector, as evidenced by Litecoin (LTC) creator Charlie Lee comparing the current spike in NFT interest to the ICO mania of 2017.
The recent pullback in the cryptocurrency market hit decentralized finance tokens (DeFi) pretty hard, but as Bitcoin’s (BTC) price recovered the $50,000, DeFi and NFT tokens bounced back rapidly.
One project that has successfully capitalized on the DeFi and NFT boom is Aavegotchi. The project benefits from its association with Aave, while also focusing on the creation of value-infused NFTs that are limited in minting.
Data from Cointelegraph Markets and TradingView shows that the price of GHST, Aavegotchi’s governance token, rose 35% from $1.36 on March 1 to a new all-time high of $1.86 on March 2 as the community conducted its first NFT sale.
Three reasons for the GHST breakout to a new all-time high include its recent migration to the Polygon network, the successful completion of its first NFT sale and excitement about the upcoming mainnet launch.
Users bridge to Polygon for lower fees
Transaction fees on the Ethereum network have been increasing since the beginning of 2021, and they show no signs of decreasing anytime soon.
In response to this, the team at Aavegotchi announced on Jan. 26 that the project would bridge to the Polygon network, an Ethereum layer-two solution Following the migration, users are able to conduct transactions, buy items in the store and stake their GHST tokens for the cost of .0001 MATIC, a significant price reduction from the current costs of transacting on Ethereum.
GHST price rose from $0.61 on Jan. 27, when the Polygon bridge was first released, to $1.25 on Feb. 14 as users began to be more active in the community due to lower transaction costs.
Optimism grows as the mainnet launch approaches
One of the biggest drivers of GHST was its official mainnet launch on March 2.
While most NFT projects are content to utilize Web 2.0 servers or the InterPlanetary File System, Aavegotchi has taken its project to the next level by creating its own blockchain. Doing this enables each GHST token to have its unique personality traits, staked cryptocurrencies and visual elements stored permanently on the blockchain, which may help to strengthen their collectability and long-term value.
This also creates the unique opportunity where DeFi can be combined with NFTs by locking one of Aave’s wide selection of interest-generating tokens directly into a particular Aavegotchi, making each one a rare, unique form of a digital piggy bank.
NFTs sell out in under a minute
As Aavegotchi launched its mainnet, the project also conducted its first “portal drop,” which allowed tokenholders to buy a portal that is capable of summoning a yield-bearing Aavegotchi NFT.
Each portal was on sale for 100 GHST, and the demand was so high that the 10,000 portals sold out in less than a minute.
Through an integration with Aave and its aTokens, NFTs on the Aavegotchi platform create unique interest-bearing representations of funds supplied to the Aave protocol, a first for the NFT space.
Aavegotchis are designed to combine elements of gaming and collecting in an effort to tie digital collectibles to real value. This adds a new level of functionality to NFTs and is likely to help each Aavegotchi increase in value over time. In order to extract the value of aTokens locked within an NFT, the Aavegotchi must be destroyed in the process.
Future portal drops, low transaction fees and an expanding NFT store demonstrate that there is a healthy demand for GHST, and this is bound to grow as the platform expands to offer new layers of gamification.
Bitcoin has brought new thinking to payments and financial inclusion: SEC chair nominee
When it comes to Bitcoin, market opinions are often divided, with those who support the asset and those who don’t. Similar camps may now appear to take hold of US regulators and policymakers. Recently, President Biden’s nominee for chairman of United States Securities and Exchange Commission (SEC), Gary Gensler appeared to share his perspective on the crypto sector. Gensler said that cryptocurrencies “have been a catalyst for change.”
Speaking to US Senator Mike Rounds during his Senate confirmation, Gensler added:
Bitcoin and other cryptocurrencies have brought new thinking to payments and financial inclusion, but they’ve also raised new issues of investor protection that we still need to attend to.
His opinion on crypto is in stark contrast to Treasury secretary, Janet Yellen’s, who believed that Bitcoin is “extremely inefficient for conducting transactions” and that it is a “highly speculative asset.” It goes against Senator Elizabeth Warren’s views, who thinks Bitcoin would only “end badly.”
However, if Gensler is confirmed, a move that many crypto enthusiasts are looking forward to, the nominee plans to work to “promote the new innovation.”
I think, as I teach at MIT on these subjects, that these innovations have been a catalyst for change. Bitcoin and cryptocurrencies have brought new thinking to payments and financial inclusion but they’ve also raised new issues of investor protection…If confirmed at the SEC, I will work to promote innovation.
He quickly stressed on the importance of investor protection and said:
It’s always important to update our market oversight to new technologies…It’s important to stay true to our principles of investor protection.
Gary’s answer to concerns of crypto. pic.twitter.com/DR9u6FfDex
— CryptoBomber (@GSL24236982) March 2, 2021
Furthermore, in his opening remarks, Gensler said that markets—and technology— “are always changing” and must not be taken for granted.
Our rules have to change along with them. I believe financial technology can be a powerful force for good but only if we continue to harness the core values of the SEC in service of investors, issuers, and the public.
Gensler is most famously known for testifying before Congress for crypto and blockchain several times in the past. He even argued against the notion that crypto was similar to Ponzi schemes.
Sign Up For Our Newsletter