Get Live Chat Request a Callback Get live demo

← Back

The Growing Cyberhacking as a Service Industry

Business

Disclaimer: This blog article was written by an AdvancedMD partner. The views and opinions expressed in this article are those of the author(s) and do not necessarily reflect the official policy or position of AdvancedMD.

A cybersecurity advisory was issued related to the LummaC2 malware. This alert highlights the growing cyberhacking as a service industry. Looking at this malware product is a lesion in good cybersecurity.

There are three ways this malware can get into your computer system.

The first is by email. The hackers send a target email – often referred to as spear-phishing and have a convincing hyperlink in the email. Clicking this hyperlink places the malware on your system.

The second is through a fake CAPTCHA. CAPTCHA is the ‘test’ found on many websites before they let you submit a form or access a resource to confirm you are human. You have probably seen this many times (for example: which picture has a bicycle in it?).

The CAPTCHA contains instructions for users to then open the Windows Run window (Windows Button + R) and paste clipboard contents (“CTRL + V”). After users press “enter” a subsequent Base64-encoded PowerShell process is executed.

The third is the distribution of fake popular software such as multimedia players or utility software. Once you download the fake software the malware is installed on your computer.

Once a computer system is infected, the malware can access sensitive user information, including personally identifiable information, financial credentials, cryptocurrency wallets, browser extensions, and multifactor authentication (MFA) details without immediate detection.

Private sector statistics indicate there were more than 21,000 market listings selling LummaC2 logs on multiple cybercriminal forums from April through June of 2024, a 71.7 percent increase from April through June of 2023.

What can you do to protect yourself?

  • Staff members should not be accessing personal email from practice computers.
  • Have antivirus software scan all emails and attachments prior to you being able to view the email. (Make sure you have antivirus installed on all computers and that it is being kept up to date.
  • Never click on a link or file in an email that you are not expecting.
  • Never open the Windows Run window (Windows Button + R). This opens up a command prompt on your computer. If you get a message on your screen or a call where somebody is asking you to do this, delete the message or hang up the phone. You may end up on a technical support call with a company you called, and you trust. When YOU HAVE MADE THE CALL, and you know who you are talking to, then it may be ok to do this, but NEVER when you receive the call. The person on the other side of the call may not be who they claim to be.
  • DO NOT download software from the web based upon a web search unless you are getting it from the official manufacturers site. Other sites that offer versions of the software that prices that are too good to be true are possibly fake versions of the software that contain embedded malware.

Good Cybersecurity requires you to be careful and diligent when using your computers and reading your email. A vast amount of cybersecurity incidents are caused by a user clicking the wrong button because they were convinced to do something by a bad actor.

https://www.tldsystems.com
phone: (631) 403 6687
email: [email protected]


Avatar photo
Michael Brody, DPM
Dr. Brody has been actively involved in computers and medicine since the 1980s. He is a Residency Director at a VA hospital located in Long Island, NY. Notably, he was present as the VA moved from paper records to computerized records. During this time, he was exposed to the stringent rules and regulations that government employees must adhere to when protecting patient information. He co-founded TLD Systems with Warren Melnick. They wanted to create a platform for private practice doctors that provides a cost-effective method of implementing HIPAA compliance in their practices. He has served on the Health Information Technology Standards Panel (HITSP), the Standards and Interoperability Framework (S&I), as a member of the Ambulatory Care Committee at the Certification Commission on Health Information Technology (CCHIT), and numerous other organizations. He is currently a member of the Physicians Committee at the Healthcare Information and Management Systems Society (HIMSS) and a co-chair of the EHR workgroup at Health Level Seven International (HL7). He co-founded TLD Systems with Warren Melnick to create a platform that doctors who wish to work in private practice have a cost-effective method of implementing HIPAA compliance in their practices in a manner that does not interfere with their ability to practice medicine. He has served on the Health Information Technology Standards Panel (HITSP), the Standards and Interoperability Framework (S&I), as a member of the Ambulatory Care Committee at the Certification Commission on Health Information Technology (CCHIT), and numerous other organizations. He is currently a member of the Physicians Committee at the Healthcare Information and Management Systems Society (HIMSS) and a co-Chair of the EHR workgroup at Health Level Seven International (HL7)
Topic: Business



Other Resources Related to This Topic

Business

Time for Independents to Shine

Rather than feeling battered and discouraged by the acquisition spree, this is the time for...

Read Now ›

Business

3-Step Success Formula for Medical Practice Annual Review

The practice annual review. Something independent practice owners almost universally recognize as a priority. But...

Read Now ›

Business

Automating Your New Practice: 4 Guiding Principles for Success

You’ve made the decision to go independent and start your own private practice (or partner...

Read Now ›