Trojan.Kwampirs
Canon Medical Systems Security Advisory
Overview
The Trojan Kwampirs was discovered August 19th 2016. Recently a new group, Orangeworm, has renewed this Malware and initiated targeted attacks against the healthcare sector and related industries.
This Trojan attempts to infiltrate residing computers using Windows network shares. The compromised computer then allows the attackers with remote access.
REF: https://www.symantec.com/blogs/threat-intelligence/orangeworm-targets-healthcare-us-europe-asia
Risk: Low
Canon Medical Systems has Cybersecurity protections in place that deem this a low risk (varies by product):
- Whitelisting Anti-Virus software prevents the execution of such malware
- Does not belong to a domain, therefore the attacker would have to know the IP address/host name of the system
- Attacker must know the user name and password of the targeted computer
- Windows Firewall is enabled preventing network shares using Ports 445, 137, 138, 139
Resolution
Canon Medical Systems will continue to monitor the Trojan and any new information that is released.
Notes
Please contact our nearest dealer / distributor with any specific questions or issues.
Due to medical device regulatory reasons, not all products/service displayed on this Canon Medical Systems Malaysia webpage are available in all countries, regions or markets. Future availability of the products/service cannot also be guaranteed. Please contact your local Canon Medical Systems representative for further details.
