Data-stealing worm found on 1,000 NHS computers

Symantec has revealed that the Qakbot worm has been stealing gigabytes of sensitive data from infected PCs, despite being easily detectable.

computer worm

Security software firm Symantec has discovered a "significant infection" by the Qakbot worm on National Health Service (NHS) computers.

Once it has infected computers, Qakbot monitors for sensitive information and uploads the stolen data to an FTP server. Despite being a relatively small botnet, Symantec observed around 4GB of stolen data being uploaded when it monitored two servers over a two-week period.

Advertisement - Article continues below

The data included online banking and credit card information, internet search histories, login details for a number of social networks including Facebook, Twitter and Bebo, and webmail account details for the likes of Gmail and Yahoo.

According to Symantec, Qakbot has infiltrated a number of Government departments and large corporations despite being aimed mainly at home users. It found more than 100 compromised computers on a Brazilian regional government network.

But more alarming was the discovery that around 1,100 separate NHS computers spread over a number of subnets have been infected with the worm. And Symantec said the figure could be even higher given that it was gained by monitoring just a couple of servers for a short period of time.

The company said that while there was no evidence to show any customer or patient data had been compromised, the relatively poor security around Qakbot itself meant stolen information could easily by accessed by others, with the possibility of more serious attacks down the line.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"Whoever is behind Qakbot has not put much effort into securing the stolen information. Anyone with a sample of this threat who knows what they are doing will be able to access this data quite easily," Symantec's Patrick Fitzgerald wrote on the company's blog.

"At the time of this writing we have only observed Qakbot stealing consumer-based information, but since Qakbot also functions as a downloader, corporate environments compromised by Qakbot could find themselves defending a more serious attack if appropriate action is not taken now," he added.

Symantec pointed out that the worm could even have been uncovered by off-the-shelf security software raising questions over the strength of the security measures employed by the NHS.

Indeed, Symantec's advice on avoiding infection from Qakbot and other security threats centred around nothing more complex than making sure computers were protected by up-to-date antivirus software, and it also urged users to make sure their passwords were as secure as possible.

"What's clear from the data we have analysed is that people use bad habits for creating their passwords," the post added. "Use hard-to-guess passwords and please don't use the same password across many online services."

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now
Advertisement

Recommended

Visit/business/business-operations/355147/amazon-and-microsoft-join-nhs-project-battling-pandemic
Business operations

Amazon and Microsoft join NHS project battling pandemic

27 Mar 2020
Visit/security/cyber-security/355041/critical-nhs-cyber-security-checks-suspended-due-to-coronavirus
cyber security

Critical NHS cyber security checks suspended due to coronavirus response

19 Mar 2020
Visit/security/355013/10-quick-tips-to-identifying-phishing-emails
Security

10 quick tips to identifying phishing emails

16 Mar 2020
Visit/business-strategy/mergers-and-acquisitions/354941/panda-security-to-be-acquired-by-watchguard
mergers and acquisitions

Panda Security to be acquired by WatchGuard

9 Mar 2020

Most Popular

Visit/security/privacy/355155/zoom-kills-facebook-integration-after-data-transfer-backlash
privacy

Zoom kills Facebook integration after data transfer backlash

30 Mar 2020
Visit/infrastructure/server-storage/355118/hpe-warns-of-critical-bug-that-destroys-ssds-after-40000-hours
Server & storage

HPE warns of 'critical' bug that destroys SSDs after 40,000 hours

26 Mar 2020
Visit/software/355113/companies-offering-free-software-to-fight-covid-19
Software

These are the companies offering free software during the coronavirus crisis

25 Mar 2020
Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

26 Mar 2020