Connect with us

Hi, what are you looking for?


Cybercrime Server Hacked, Infected With Malware

Cybercriminals managed to breach one of the servers used for, the official website of the United States’ health insurance marketplace, federal officials reported on Thursday.

Cybercriminals managed to breach one of the servers used for, the official website of the United States’ health insurance marketplace, federal officials reported on Thursday.

The affected machine is a test server and it reportedly doesn’t contain any personal information. Furthermore, there’s no evidence that any data was transmitted outside the agency, Department of Health and Human Services (DHHS) representatives told the Wall Street Journal.

The server in question shouldn’t have been accessible via the Internet so it had little protection installed on it. Officials believe this isn’t the work of a foreign state and that was not specifically targeted. It appears the attacker had scanned the Web for vulnerable servers on which he could plant malware used for distribute denial-of-service (DDoS) attacks.

The attacker had planted the malware in July, but the breach was detected only on August 25 during a daily security scan, officials said.

While there’s no evidence that the attackers caused any serious damage, experts warn that such incidents should be taken seriously.

“While it appears the system that was compromised wasn’t directly related to the production systems that run the site, it’s quite common for attackers to escalate privilege or otherwise impact infrastructure security by leveraging such systems,” Mark Stanislav, security evangelist at Duo Security, told SecurityWeek.

“Depending on the usage of this server, it could have potentially contained passwords of administrators that could have been reused elsewhere (e-mail, other servers, VPN connections, etc.). Further, since this test server was noted to have software uploaded to it by the attackers, it’s possible that a developer could have visited the site and been compromised through a client-side exploit like a browser plugin vulnerability. Lastly, test servers are often given more network privileges in many cases that could have been used as a foothold to compromise other infrastructure,” Stanislav added.

Advertisement. Scroll to continue reading.

Other experts advise officials to carefully analyze the breach because the attackers might have gained access to sensitive data.

“I hope the incident response teams and forensics teams are taking a really good, hard look at the breach evidence. Having the ability to upload ‘malicious software’ typically means the hacker had significant access to the web server. If the hacker really had the ability to upload arbitrary software to the web server, they certainly had the ability to steal healthcare data if they desired,” Billy Rios, director of threat intelligence at Qualys, said in an emailed statement.

Eric Cowperthwaite, vice president of advanced security and strategy at Core Security, believes this could have been avoided.

“Like a lot of the other breaches that have made headlines over the past few months, this was the result of simple, compounded mistakes. A basic security flaw went overlooked, and it was assumed that because the system in question wasn’t supposed to be connected to the internet, it wasn’t high priority and didn’t warrant continuous monitoring. But accidently connecting a system like this to the internet happens all the time. Complex enterprise systems are susceptible to mistakes,” Cowperthwaite told SecurityWeek. “This could have been avoided. The technology is out there. When you’re a known target, you can’t afford to ignore anything on your network. It’s surprising that a high profile organization with the resources necessary to continuously monitor these systems could miss a problem like this.” has been criticized by security experts from day one. In January, David Kennedy, founder of TrustedSecrevealed that it only took him four minutes to identify a vulnerability that could have been exploited to access the details of 70,000 people.

“They didn’t have enough time to formally develop the websiteand grow in a manner to be successful,” Kennedy told SecurityWeek in January. “When that happens, security is put in the back burner to making sure you can get the site out in time. To this date, they can’t be doing any formal testing all around on the site. Maybe some here or there, but nothing that we would consider industry best practices.”’s Poor Security Diagnosis Shows Importance of Security Lifecycle

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Artificial Intelligence

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...