Connect with us
[crypto-donation-box]

Blockchain

Security Risks in Medical IoT Devices – MEDJACK Malware Review

Devices on the Internet of Things are a weak point in many networks. Too often, they have outdated operating systems and poor security protection. IT administrators can’t get at their internals. Deploying insecure devices in healthcare systems can produce especially damaging consequences. Security Risks in Medical IoT Devices Health-related data is a prime target, and…

The post Security Risks in Medical IoT Devices – MEDJACK Malware Review appeared first on Blockchain Healthcare Review.

Republished by Plato

Published

on

Devices on the Internet of Things are a weak point in many networks. Too often, they have outdated operating systems and poor security protection. IT administrators can’t get at their internals. Deploying insecure devices in healthcare systems can produce especially damaging consequences.

Health-related data is a prime target, and the legal penalties for failing to protect personal health information are severe. An infected device may not function properly, putting patients’ health and even lives at risk.

Current risks of medical IoT devices:

    • With the number of IoT devices growing from millions to 100s of millions centralized processes cannot scale​
    • Current processes are vulnerable to variety of threats.

Attacks on devices through MEDJACK

The MEDJACK attack provides a case in point. It’s a set of malware tools that target medical devices. MEDJACK takes advantage of weaknesses in older operating systems which are embedded in devices. They include Windows XP, 2000, and Server 2003, as well as some Linux distributions. It has gone through several revisions, each time devising new ways to bypass defenses.

It follows the “command and control” model, where it installs malware in a device which then sends data to a server that belongs to the attacker. The aim is to exfiltrate confidential data on the patient or the provider. Such data has high resale value. The devices serve as a pivot point from which the malware can reach other systems on the network.

The difficulties in defending against MEDJACK

Several factors make it difficult to detect and defend against these attacks. The devices are usually black boxes to the IT department. There often is no way to connect a console to them. Installing anti-malware software is difficult. Even if there is a way to do it, it may be inadvisable, since it would modify the behavior of an FDA-certified device. If a desktop computer stops running properly because of security software, it’s a nuisance that can be fixed. If a lifesaving device has the same problem, the consequences could be much worse.

As a result, the IT department is dependent on the manufacturer to issue security patches. Some manufacturers are slow at this. Some are reluctant to update certified devices, even though the FDA has issued guidelines stating that security patches don’t require re-certification of the device.

TrapX report – a case of malicious penetration

TrapX’s report, “Anatomy of an Attack,” describes three breaches that resulted from MEDJACK. They are similar in many ways, and a detailed look at the first will be informative.

A hospital, not named in the study, experienced several security alerts. The point of penetration was three blood gas analyzers, which had been breached in separate attacks. They had set up backdoors in the local network and were sending hospital data to a server in Europe. The amount of data stolen is uncertain, but there clearly was a breach.

After gaining a foothold in the devices, the attack used malware such as Zeus and Citadel to find passwords to other systems. The devices stored their data without encryption, simplifying the acquisition of confidential information.

Blood gas analyzers are used for critical treatment. They can’t simply be pulled out of service. Remedying the malware problem, even when it is known, is a difficult task.

The hospital had respectable network security. It had a firewall, heuristic intrusion detection, endpoint security, and antivirus software. These were insufficient to prevent intrusion because the devices had antiquated operating systems and because it was impossible to install security software on them.

TrapX concluded that the attackers could have not only stolen data but modified internal data. While the report doesn’t indicate that malicious modifications occurred, a similar attack could make devices produce false data on patients. That could lead to deadly errors in treatment.

Benefits of blockchain integration

Manufacturers using enabled blockchains can construct authorization/authentication databases. The QBRICS enterprise platform presents a unique example of an integrated blockchain solution. QBRICS proposes that authorization/authentication databases be propagated to read-only permission blockchain databases downstream using proprietary transmission protocols​. A plugin provided by the blockchain platform on IoT devices would then authenticate using the most proximate database. Fully deployed, relevant data from inventory, operational analytics (usage), marketing perspective would be readily accessible for consumption by business intelligence tools.The complete solution would provide:

    • No rogue devices (stolen devices, unauthorized vendors etc)​
    • Near-universal availability of device information (including software and hardware)​
    • Device movement and location information​
    • Device usage information ​
    • Device software upgrades easier (as targets easily identified, maintenance becomes easier)​

Conclusion

As this case shows, IoT-based attacks are difficult to prevent and detect. Several actions, however, can reduce the risk:

  • Take security features into account when selecting devices, when information on them is available.
  • Keep IoT devices on a separate subnetwork which doesn’t have access to critical information.
  • Use firewalls to strictly limit inbound and outbound access to IoT devices.
  • Run frequent security scans for any signs of infection.
  • Doing without the devices is rarely an option. The only alternative is to give extra attention to their security.

Subscribe to stay up to date with the latest blockchain innovation in healthcare .

subscribe

Subscribe to receive blockchain analysis of cyber security threats in healthcare. e

Source: https://blockchainhealthcarereview.com/security-risks-in-medical-iot-devices-medjack-malware-review/?utm_source=rss&utm_medium=rss&utm_campaign=security-risks-in-medical-iot-devices-medjack-malware-review

Blockchain

Buyer of Jack Dorsey’s ‘genesis tweet NFT’ reportedly detained in Iran

Republished by Plato

Published

on

Iranian Cyber Police have reportedly arrested Bridge Oracle CEO Sina Estavi, according to a tweet pinned to Estavi’s Twitter account.

A rough translation of the tweet reads:

“The owner of this account was arrested on charges of disrupting the economic system by order of Special Court for Economic Crimes. Official judicial authorities will provide additional information.”

The same tweet is also pinned to the official account of Bridge Oracle, a Tron Network-based public oracle system. At the time of writing, the price of Bridge Oracle’s native token, BRG, has taken a sharp dive, crashing by more than 65%, according to data from TradingView.

Bridge Oracle is said to be a Malaysia-based blockchain company, but Estavi’s other venture, cryptocurrency exchange Cryptoland, was operating in Iran. Cryptoland’s Twitter account shares the same pinned tweet. No further information was shared publicly by the authorities.

Estavi is known for his heated bidding battle with tech entrepreneur and Tron CEO Justin Sun to buy Jack Dorsey’s first-ever tweet as an NFT. Twitter’s first tweet is dated March 2006 and reads, “Just setting up my twttr.”

In the end, Estavi successfully purchased the NFT for more than $2.9 million, or 1,630 Ether (ETH). Dorsey converted the proceeds to Bitcoin (BTC) and donated them to a charity organization in Africa.

Earlier this year, Estavi was sued by former Bitcoin.com CEO Mate Tokay for allegedly failing to pay him for his services. In his claim, Tokay also alleged that there’s an inconsistency between the purported and actual circulating supply of BRG.

Cointelegraph reached out to Bridge Oracle for comment. This article will be updated should they reply.

Coinsmart. Beste Bitcoin-Börse in Europa
Source: https://cointelegraph.com/news/buyer-of-jack-dorsey-s-genesis-tweet-nft-reportedly-detained-in-iran

Continue Reading

Blockchain

Bank of America to Settle Stock Trades on Paxos Network

Republished by Plato

Published

on

The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.

You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.

See full terms and conditions.

Coinsmart. Beste Bitcoin-Börse in Europa
Source: https://cryptobriefing.com/bank-america-settle-stock-trades-paxos-network/

Continue Reading

Blockchain

Is Bitcoin nearing another Black Thursday crash? Here’s what BTC derivatives suggest

Republished by Plato

Published

on

Bitcoin’s 51.4% crash in March 2020 was the most horrific 24-hour black swan event in the digital asset’s history. The recent price activity of the past week has probably resurrected similar emotions for investors who experienced the Black Thursday crash. 

Over the past week, Bitcoin’s (BTC) price dropped 29% to reach a three-month low at $42,150. $5.5 billion in long contracts were liquidated, which is undoubtedly a record-high in absolute terms. Still, the impact of the March 2020 crash on derivatives was orders of magnitude higher.

To understand why the current correction is less severe than the one in March 2020, we will start by analyzing the perpetual futures premium. These contracts, also known as inverse swaps, face an adjustment every eight hours, so any price gap with traditional spot markets can be easily arbitrated.

Sometimes, price discrepancies arise during moments of panic due to concerns about the derivatives exchange’s liquidity or market makers being unable to participate during times of extreme volatility.

Bitcoin perpetual premium/discount vs. spot price, March 2020. Source: TradingView

On March 12, 2020, the Bitcoin perpetual futures initiated a much larger descent than the price on spot exchanges. This move is partially explained by the cascading liquidations that took place, creating a backlog of large sell orders unable to find liquidity at reasonable prices.

The aftermath of the bloodbath resulted in futures perpetual contracts trading at a 12% discount versus regular spot exchanges. BitMEX, the largest derivatives market at the time, went offline for 25 minutes, causing havoc as investors became suspicious about its liquidity conditions.

By comparing this event with the most recent week, one will find that sustainable price discrepancies are very unusual. Even a temporary 12% gap doesn’t occur, even during the most volatile hours.

Bitcoin perpetual premium/discount vs. spot price, May 2021. Source: TradingView

Take notice of how the perpetual contracts reached a peak 4% discount versus regular spot exchanges on May 13, although it lasted less than five minutes. Market makers and arbitrage desks could have been caught off guard but quickly managed to recoup liquidity by buying the perpetual contracts at a discount.

To understand the impact of those crashes on professional traders, the 25% delta skew is the best metric, as it compares similar call (buy) and put (sell) options’ pricing. When market makers and whales fear that Bitcoin’s price could crash, they demand a higher premium for the neutral-to-bearish put options. This movement causes the 25% delta skew to shift positively.

Bitcoin options 25% delta skew, March 2020. Source: Skew

The above chart displays the mind-blowing 59% peak one-month Bitcoin options delta skew in March 2020. This data shows absolute fear and an incapacity to price the put (sell) options, causing the distortion. Even if one excludes the intraday peak, the 25% delta skew presented sustained periods above 20, indicating extreme “fear.”

Bitcoin options 25% delta skew, May 2021. Source: Laevitas

Over the past week, the skew indicator peaked at 14%, which isn’t very far from the “neutral” -10% to +10% range. It is indeed a striking difference from the previous months’ negative skew, indicating optimism, but nothing out of the ordinary.

Therefore, although the recent 29% price drop in seven days could have been devastating for traders using leverage, the overall impact on derivatives has been modest.

This data shows that the market has been incredibly resilient as of late, but this strength might be tested if Bitcoin’s price continues to drop.

The views and opinions expressed here are solely those of the author and do not necessarily reflect the views of Cointelegraph. Every investment and trading move involves risk. You should conduct your own research when making a decision.

Coinsmart. Beste Bitcoin-Börse in Europa
Source: https://cointelegraph.com/news/is-bitcoin-nearing-another-black-thursday-crash-here-s-what-btc-derivatives-suggest

Continue Reading
Blockchain4 days ago

US Investment Bank Cowen to Offer Crypto Custody Services

Blockchain4 days ago

Buterin Plugs UNI as Next Oracle Token

Blockchain5 days ago

Bitwise Launches ‘Crypto Innovators’ ETF

Blockchain5 days ago

Which ‘green’ cryptocurrency is Tesla likely to add for payments?

Blockchain4 days ago

Elon Musk Pokes Massive Hole in the Bitcoin Market After Halting Bitcoin Payments at Tesla

Blockchain5 days ago

Facebook’s Diem Enters Crypto Space With Diem USD Stablecoin

Blockchain5 days ago

Venture platform Cognitive Blockchain invests in cross-chain compute network Cudos

Blockchain5 days ago

Ethernity Chain Memorializes Tony Hawk’s Latest 540 Skate Trick With NFT

Blockchain5 days ago

Vitalik Buterin Dumps His SHIB, Price Tanks 30% In 1 Hour

Blockchain4 days ago

The STC Token is Live – And Over 10 Crypto Exchanges are Ready for It

Blockchain4 days ago

Diem parters with Silvergate bank to launch stablecoin in the US

Blockchain4 days ago

DeFi Staple UMA Launches “Optimistic Oracle”

Blockchain4 days ago

MicroStrategy Buys Another $15M Worth of Bitcoin at $55K

Blockchain5 days ago

In Less than A Week, How Internet Computer (ICP) Climbed To The Top 10

Blockchain4 days ago

Here’s why Ethereum, AAVE, ALPHA are unfazed by Bitcoin’s latest ‘Elon candle’

Blockchain5 days ago

Vitalik Buterin Has Dumped His Unsolicited Doge-Clones

Blockchain4 days ago

Central Bank of Bahrain and JPMorgan to work on digital currency settlement pilot

Blockchain4 days ago

Diem Relocates From Switzerland to the US to Launch an USD-Backed Stablecoin

Blockchain5 days ago

Government Adoption: Cryptos are property in Texas, Hungary to cut taxes

Blockchain4 days ago

AppSwarm’s DOGE division calls for a global dev teams to build off Dogecoin

Trending