Healthcare Technology Company Uses New Strategy to Thwart Crypto-miners Attacking Oracle ERP

Client Profile

A leading provider of information technology and mobility applications and services for U.S. hospitals and health systems, including customized application development.

  • Industry:  Healthcare
  • Geography:  US
  • Employees: 1,400
  • Products Supported: ERP

The Challenge

The Client offers end-to-end healthcare IT applications, hardware and customization services, including business intelligence, disaster recovery and help desk.

Like most organizations, the Client must address a wide variety of security threats. In today’s world, bad actors use malicious servers running scripts that constantly probe for vulnerabilities to exploit all around the world.

“This particular exploit was a WebLogic deserialization Java vulnerability,” says the Client’s chief information security officer. “Basically, the attackers were attempting to install crypto-miner software that would let them use our servers to mine crypto currencies like Bitcoin. Vendor patches don’t effectively address all vulnerabilities,” the CISO explains. In fact, the Vendor patch released on April 17, 2017 didn’t fully mitigate the threat and systems continued to be breached.

“Plus you have to perform regression testing and take your systems down to apply patches before hackers find you. When we discovered a successful attack on some of our servers with a connection to the Internet we immediately placed a call to our third-party support provider, Rimini Street, for assistance.”

Waratek’s Solution

After identifying the nature of the attack, Rimini Street recommended Waratek, a Preferred Solution Provider working side-by-side to mitigate the threat.

“Working with Waratek and Rimini Street, we set up a demo scenario on a non-production server,” the CISO says. “They first used Metasploit to prove the vulnerability could be exploited. Next, we installed the Waratek Patch software, which blocked the exploit and gave us confidence to install in production.”

Because the Waratek virtual patching solution does not touch source code, there is no regression testing and no system downtime required.

“This approach protects our software much quicker than vendor patches and without disrupting operations.  Initial installation was easy and took less than a day. Now that we’re familiar with the software, we could now set it up within an hour on a new server.” – Client’s senior security analyst

Future updates will be easy and require only a few minutes to apply.

Client Results & Benefits

  • Increased security protection: The Waratek security solution is faster, less disruptive and offers greater protection than typical vendor patching options.
  • Reduced support and maintenance spend: The Client is saving 50 percent of its previous annual support and maintenance costs, while gaining advanced security protection from Waratek and strategic advisory services from Rimini Street.
  • Seamless security support: The Client receives fast and effective security advice around its support services at no extra charge.

“A week after we installed the Waratek solution we got hit with more deserialization attacks,” the CISO says. “Because of Waratek’s solution, the attacks were immediately stopped, and the solution automatically alerted us to the attempt.  All of the hacker’s malicious scripts failed, which took us to a new level of confidence — the Waratek virtual patch is providing the protection we need, better and faster than we ever thought possible.”

Related Resources

Case Study
Global Commercial Real Estate Services Company Improves Security and Compliance
Learn More
Case Study
Global University Improves Protection and Reduces Cost With Waratek & Rimini Street Solutions
Learn More
Case Study
Financial Services Company Remove Vulnerabilities as Detected by PCI Frameworks
Learn More