Kwampirs.A Virus

Aug 9, 2018


This notification is voluntarily reported by BD to Information Sharing and Analysis Organizations (ISAOs).

It applies to BD products in scope in addition to products that are not actively supported by BD that run Microsoft Windows Operating Systems. BD engages in proactive communication around cybersecurity issues that have the potential to either directly or indirectly impact our products. Vulnerability disclosure is an essential component of BD's culture of transparency to help ensure that customers have the necessary information to properly assess potential cybersecurity risk, even those caused by third-party software and/or operating systems.

Background

--------- Begin Update B: August 9, 2018 ---------

Vulnerability Details

BD is aware of a Trojan called Kwampirs, which allows malicious attackers remote access into a compromised computer. This is not a BD-specific vulnerability, and there have been no reports of a BD product being affected by Kwampirs. It has been observed targeting common legacy Microsoft Windows operating systems. Kwampirs affects those systems with enabled network shared drives, outdated or no malware protection and any version of the Microsoft Windows Operating System.

This notification provides product security information and recommendations related to a Kwampirs trojan when an "attacker" has access to a hospital's network and vulnerable enabled network shares are found to further propagate. This notification is voluntarily reported by BD to Information Sharing and Analysis Organizations (ISAOs) where BD participates, including the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) and the National Health Information Sharing and Analysis Center (NH-ISAC).

Products in Scope

BD has provided a list of BD products in scope that use Microsoft Windows operating systems that are potentially vulnerable to Kwampirs.

Mitigations & Compensating Controls

BD has confirmed that anti-virus software, where maintained by BD, addresses the Kwampirs vulnerability for products in scope. If you have a BD product in scope where BD maintains and administers an anti-virus solution, there is no customer action needed.

For customers that maintain anti-virus software independent of BD automated updates, BD recommends the following mitigations and compensating controls in order to reduce risk associated with this vulnerability:

  • Ensure your anti-virus solution and web filtering are updated and maintained
  • Ensure appropriate security controls are in place:
    • Limit and monitor network share permissions
    • Limit and monitor privileged account use
    • Limit and monitor outbound network activity
    • Application whitelisting technologies
    • Use a firewall to block all incoming connections from the Internet to services that should not be publicly available
    • Ensure data has been backed up and stored according to your individual processes and disaster recovery procedures

Clinical Risk Assessment and Patient Safety Impact

Hospitals should conduct their own risk assessments based on the products within their facility(s).

Product Security Risk Assessment and Vulnerability Score

BD has conducted internal risk assessments for this vulnerability to review baseline and temporal Common Vulnerability Scoring System (CVSS) scores as outlined below. These vulnerability scores can be used in assessing risk within your own organization.

BD has provided a list of BD products in scope potentially vulnerable to Kwampirs in order to help our customers prioritize remediation steps given the severity level assigned to each BD product.

For More Information

For product or site-specific concerns, contact your BD service representative.

--------- End Update B: August 9, 2018 ---------

BD is aware of a Trojan called Kwampirs, which allows malicious attackers remote access into a compromised computer. This is not a BD-specific vulnerability, and there have been no reports of a BD product being affected by Kwampirs. It has been observed targeting common legacy Microsoft Windows operating systems.

Response

Kwampirs affects those systems with enabled network shared drives, outdated or no malware protection and any Windows Operating System. BD is currently reviewing the potential impact this trojan may have on BD products. To minimize risk and impact from Kwampirs, BD recommends the following for systems vulnerable to this attack:

    • Ensure your anti-virus solution and web filtering are updated and maintained
    • Ensure appropriate security controls are in place:
      • Limit and monitor network share permissions
      • Limit and monitor privileged account use
      • Limit and monitor outbound network activity
      • Application whitelisting technologies
      • Use a firewall to block all incoming connections from the Internet to services that should not be publicly available
      • Ensure data has been backed up and stored according to your individual processes and disaster recovery procedures

Additional Resources

For product or site-specific concerns, contact your BD service representative.

Microsoft: Trojan:Win32/Kwampirs.A

Last BD Publication Update: 08/09/2018
Original BD Publication Date: 05/22/2018

This site uses cookies. If you click accept cookies then all cookies will be written. Please review our cookies policy and configure your cookies for your experience.