One of the hardest parts of the security process is the initial discovery phase of understanding what could go wrong. Cyber threats are constantly changing, with old attacks slowly becoming less common while new attacks rapidly pop up. Modern attack techniques target new technologies to try and cause maximum impact. These attacks can slip the minds of many manufacturers and developers producing medical devices. Device manufacturers need to stay up to date on the latest threats and be able to prepare for whatever risks may present themselves.
What Will Attackers Target?
One of the most important considerations for understanding attacks against medical devices is that attackers will usually want to go straight for high-value targets. Internal databases storing patient data, or a critical functionality will be far more valuable than something mundane, such as functionality logs. This is not to say that areas with reduced perceived value should be left unprotected, but getting into the mind of a bad guy can help prioritize areas to defend.
Depending on the unique device, functionality can be possibly life-saving to the patient. The other side to this is that failure can be catastrophic. Medical devices often hold and transmit very sensitive data that patients will want to keep private. Attackers can target this data to try and find ways to siphon it out and build up a collection of private information. It can also happen that attackers target critical devices in an attempt to shut down their functionality either for ransom purposes or terror attacks.
Medical devices can be very complex and have sprawling functionality. This can be a great thing since modern technology allows for revolutionary changes in medicine. Unfortunately, this also means that many unique risks may be introduced into the system. Too much complexity can make devices difficult and costly to defend. In many cases, there is no way to get around this, but unnecessary complexity is still something that manufacturers should be aware of.
How Can Defenders Predict Attacks?
It seems like an impossible task to guess what an attacker will do to a device, but this is luckily not the case. While perfect security is a hollow dream in almost every case, there are many steps that defenders can take to prevent attacks before they happen. A lot of the information needed to perform these exercises comes from careful analysis of software components and the information derived from mapping out what areas will be of high value for hackers.
With this information in mind, it can be possible to come up with some educated guesses for what an attacker will do and preemptively protect against these attacks. This process of mapping out potential attacks is threat modeling. There are many different threat modeling frameworks each with its specifics, but the general idea is to find relevant threats to a process or component, test it, and draw conclusions.
A very important part of threat modeling is understanding the probability of an attack as well as the potential impact. This can help prioritize fixes and let manufacturers find a proper solution without dedicating too much time to low-risk threats, or worse, ignoring critical vulnerabilities. There will always be a balance between how likely an attack is compared to the risk, with higher risk/likelihood being far more important to fix. In some cases, attacks with very low impact and probability of occurrence will be considered an acceptable risk, especially when the fixes may be complex.
Moving backward from threats can allow security teams to understand the ways that an attacker would try to exploit a system and begin patching up those areas. For example, the threat may be an attacker exfiltrating information in a sensitive database. The next consideration would be how an attacker could do that. This could be a complex exploit targeting the device, intercepted traffic in the system, or even something as simple as an attacker just guessing a password purely by luck.
Security teams should do their best to come up with creative attacks and techniques. Attackers are using new strategies and techniques every day, so defenders must do the same. Some attacks may sound far-fetched, or even silly, but can be surprisingly effective. A great example is gummy bear attacks, where hackers can bypass fingerprint scanners using gelatin and super glue.
A critical final step in threat modeling is reviewing the work and ensuring that everything was done properly and that major threats are not unaccounted for. It is easier said than done to map out complex systems, as the list of relevant threats can get daunting quickly. The cybersecurity experts at Blue Goat Cyber can help with this process and streamline the entire FDA approval cycle. Our team is well-versed in modern attacks and techniques and can help you defend against costly cyber attacks. Contact us to schedule a discovery session.