A hacker named ‘batwhatman’ is selling the source codes for all PilotFish Technology software on the dark web, including the ones related to HL7-supported medical devices, according to security firm InfoArmor.
Cybercriminals most probably compromised a corporate SVN server and stole various application codes written in JAVA, InfoArmor stated. Some of the source code listings and filenames point to PilotFish business applications with coding strings like ‘pieadmin,’ ‘EIPExecutor,’ and ‘eip-server.’ According to the hackers, the source codes are from all of PilotFish’s products and include more than 10,000 files.
“This is clearly a risk to users of PilotFish Technologies software, particularly within the Healthcare industry and should raise significant concerns regarding the potential associated with third party providers being targeted by cybercriminals,” Andrew Komarov, chief intelligence officer for InfoArmor said in a statement.
According to the security firm’s report, ‘batwhatman’ also accessed the PilotFish’s customer database and customer licensing system containing records and information about the company’s clients. In addition to that, it appears that PilotFish Employee information and online usernames have also been leaked by the cybercriminal. The whole database includes information from 1,797 companies from countries, such as the U.S., Canada, Australia, China, and various EU nations.
“As demand for new systems and technology accelerates, this growth will also increase the threat of cyber-attack, as cyber criminals continue to look for ways to exploit this growth for their own gain. As new systems are adopted, attack surfaces grow and new threat vectors emerge, fueling cyber-crime.”
A hacker named ‘TheDarkOverLord,’ had claimed in the past that he compromised data of a software seller back in July. However, he did not initially name the victim. He later attempted to extort PilotFish through a Twitter account that has subsequently been deleted.
InfoArmor notified the National Healthcare ISAC of its findings to further risk mitigation. Komarov added to his statement:
“The next steps for PilotFish should start with notifying their customers about the data breach and securing source codes in order to avoid any tampering and malware distribution. Then, to revoke possibly compromised digital certificates in order to avoid malware code signing, using their brand.”