Data-stealing worm found on 1,000 NHS computers

Symantec has revealed that the Qakbot worm has been stealing gigabytes of sensitive data from infected PCs, despite being easily detectable.

computer worm

Security software firm Symantec has discovered a "significant infection" by the Qakbot worm on National Health Service (NHS) computers.

Once it has infected computers, Qakbot monitors for sensitive information and uploads the stolen data to an FTP server. Despite being a relatively small botnet, Symantec observed around 4GB of stolen data being uploaded when it monitored two servers over a two-week period.

Advertisement - Article continues below

The data included online banking and credit card information, internet search histories, login details for a number of social networks including Facebook, Twitter and Bebo, and webmail account details for the likes of Gmail and Yahoo.

According to Symantec, Qakbot has infiltrated a number of Government departments and large corporations despite being aimed mainly at home users. It found more than 100 compromised computers on a Brazilian regional government network.

But more alarming was the discovery that around 1,100 separate NHS computers spread over a number of subnets have been infected with the worm. And Symantec said the figure could be even higher given that it was gained by monitoring just a couple of servers for a short period of time.

The company said that while there was no evidence to show any customer or patient data had been compromised, the relatively poor security around Qakbot itself meant stolen information could easily by accessed by others, with the possibility of more serious attacks down the line.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"Whoever is behind Qakbot has not put much effort into securing the stolen information. Anyone with a sample of this threat who knows what they are doing will be able to access this data quite easily," Symantec's Patrick Fitzgerald wrote on the company's blog.

"At the time of this writing we have only observed Qakbot stealing consumer-based information, but since Qakbot also functions as a downloader, corporate environments compromised by Qakbot could find themselves defending a more serious attack if appropriate action is not taken now," he added.

Symantec pointed out that the worm could even have been uncovered by off-the-shelf security software raising questions over the strength of the security measures employed by the NHS.

Indeed, Symantec's advice on avoiding infection from Qakbot and other security threats centred around nothing more complex than making sure computers were protected by up-to-date antivirus software, and it also urged users to make sure their passwords were as secure as possible.

"What's clear from the data we have analysed is that people use bad habits for creating their passwords," the post added. "Use hard-to-guess passwords and please don't use the same password across many online services."

Featured Resources

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Remote working 2020: Advantages and challenges

Discover how to overcome remote working challenges

Download now

Keep your data available with snapshot technology

Synology’s solution to your data protection problem

Download now

After the lockdown - reinventing the way your business works

Your guide to ensuring business continuity, no matter the crisis

Download now
Advertisement

Recommended

Andrew Daniels joins Druva as CIO and CISO
Cloud

Andrew Daniels joins Druva as CIO and CISO

22 Jul 2020
University of California gets fleeced by hackers for $1.14 million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
Australia announces $1.35 billion investment in cyber security
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
CSA and ISSA form cyber security partnership
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020

Most Popular

How do you build a great customer experience?
Sponsored

How do you build a great customer experience?

20 Jul 2020
Labour Party donors caught up in Blackbaud data breach
data breaches

Labour Party donors caught up in Blackbaud data breach

31 Jul 2020
Why it’s time to expand beyond 16:9 monitors
Advertisement Feature

Why it’s time to expand beyond 16:9 monitors

21 Jul 2020