Kwampirs Malware Targets Healthcare Sector
In defending against threats like Kwampirs, do not focus too much on specific indicators of compromise. They will change quickly, and are only useful to detect past infections. Instead, verify how well you are able to detect the techniques the malware uses to spread. For example, Kwampirs like other malware, seeks out administrative shares and installs as a new service. These are fairly generic techniques used by other malware as well. Implementing techniques to detect this type of behavior has the benefit that it will not just detect this particular malware, but more generically help identify malicious behavior.