In the last 6 months, experts have been warning that ransomware is on the rise after an uptick in attacks in 2016. But May's global ransomware attack shows those warnings may have come too late.
This gallery explains the latest threats as well as recent national reports and expert comments detailing just how important it is to be prepared for the next big attack.
Advance to the next slide to start the gallery.
It appears the hackers rushed the latest round of the notorious ransomware, since the campaign is currently only able to lock down XP, VistA and other older operating systems. In June, Locky is still being distributed via email with two zip attachments that contain the virus in .exe format. It’s not unlike those in the past: the emails contain order confirmations, payment receipts and other business needs. The goal is to use social engineering to dupe its victims.
The U.S. Department of Health and Human Services issued a security alert to healthcare organizations on June 19, warning of recently discovered Windows vulnerabilities and a new threat with WannaCry-like capabilities. DHS and FBI alerted to a threat called Hidden Cobra, which is targeting U.S. critical infrastructure, media, aerospace and financial sectors. Thus, HHS officials warned, “targeting of the healthcare and public health sector systems and devices in the U.S. is possible.”
A new Rapid7 National Exposure Index found that 160 million computers, servers and IoT devices have open ports not meant to be exposed on public networks. In a rare move, Microsoft has released additional security patches for Windows XP and Server 2003 users to protect against potential nation-state activity and destructive cyberattacks, such as those seen in the WannaCry attacks on May 12.
About 250 million computers have been infected worldwide by a high volume Chinese threat operation that hijacks web browsers and turns computers into ‘zombies,’ according to a Check Point report released June 2. The operation, run by Chinese digital marketing firm Rafotech, uses the malware to manipulate the victim’s browsers and change default search engines and homepages into fake search engines.
The Health Care Industry Cybersecurity Task Force report in June 2017 came out essentially saying that the healthcare industry is in the midst of a staffing crisis. CIOs and CISOs need to put more effort and resources into their security program and understand that the preventative costs one thinks they cannot afford today pale in comparison to the reactive costs one will incur during a breach.
During this episode of Code Red, HIMSS’ cybersecurity-focused podcast, Daniel Nigrin, MD, and Senior Vice President and CIO at Boston Children’s Hospital, explains how Boston Children’s handled and survived an attack by the hacktivist group, Anonymous.
Cybercriminals are increasingly attacking medical devices with ransomware and other malware since they are both soft targets. “Ransomware attacks against medical devices are going to continue to grow like crazy in the coming months and years because most of the connected medical devices are not being secured properly,” said Mandeep Khera, chief marketing officer at Arxan Technologies, a cybersecurity vendor whose specialties include the Internet of Things in healthcare. “Hackers know that, the industry knows that, and because of the sensitive nature of these devices, hackers know they can use them for ransomware and they will get paid because it is all about affecting patients’ lives.”
Of all the 2016 malware attacks on the healthcare industry, 72 percent were caused by ransomware, according to the Verizon 2017 Data Breach Investigations Report released April 27. Ransomware attacks have doubled in frequency across all industries and are now the fifth most common specific malware variety, the Verizon report found. The healthcare industry was the second-most targeted industry at 15 percent of incidents, just behind the financial sector that had 24 percent of total incidents in 2016.
Seventy percent of businesses hit by ransomware paid the hackers to regain access to systems and data, according to IBM X-Force’s Ransomware report. Nearly 60 percent of business leaders said they would be willing to pay the ransom to regain access to financial records, intellectual property, business plans and consumer data, the report found. And depending on the data type, they’re willing to pay between $20,000 and $50,000 to get their data back.
Cerber, one of the most successful ransomware variants, was first seen in the wild with a new loader capable of evading detection from machine learning tools in March. And now it seems Cerber has overthrown 2016’s menace: Locky. Specifically, Cerber accounts for 90 percent of all ransomware infections, a recent Malwarebytes report found. Cerber adopted the Ransomware-as-service model, meaning distribution is rapidly expanding through multiple dark web actors and groups.
Ransomware found its sweet spot in healthcare last year, with hackers using Locky to target the industry with massive phishing campaigns. Although multitudes of ransomware variants are available, Locky was the most popular in 2016 for its success rates and sophistication.
Locky ransomware reemerged April 12 with multiple sets of phishing e-mail messages, cybersecurity vendor PhishMe’s research team has discovered. Similar to narratives used throughout 2016, these messages used simple, easily recognizable, but very effective phishing lures to convince recipients to open an attached file, PhishMe said. In contrast to the Locky delivery methods used throughout most of 2016, cybercriminals in this new wave are leveraging a technique that has become popular in the distribution of the Dridex botnet malware, PhishMe said, specifically PDF links.
Global information services company Experian has released its 2017 data breach industry forecast. Health records remain likely to be a top target for hackers as well as healthcare institutions deploying new mobile applications. Experian sees healthcare as particularly vulnerable to cyberattacks because medical identity theft remains so lucrative and relatively easy for hackers to exploit – and they continue to find markets for reselling patient data.
Global spending on cybersecurity in healthcare is set to surpass $65 billion by 2021 but the real problem isn’t how much healthcare organizations spend — it’s how much they don’t, according to new research from Cybersecurity Ventures published April 6. That’s because ransomware and other cybercriminal attacks are going to get a lot worse before they get any better, said Matt Anthony, vice president of incident response at the Herjavec Group, which sponsored the report. Anthony explained that the convergence of vulnerable legacy hardware and software systems and the emergence of connected health, Internet of Things devices are not always built with security in mind make healthcare more attractive to hackers than any other sector.
Unlike the federal poverty line based on household income, there is no clear definition of what the cybersecurity poverty line is. But Kaiser Permanente Chief Technology Risk Officer George DeCesare explained at the HIMSS and Healthcare IT News Privacy & Security Forum on May 12, that it’s a matter of either investing enough to protect your patient data or not investing adequately. The top threats Kaiser is preparing for include: hackers, state sponsors such as Russia and China seeking not just healthcare information but intellectual property and organized crime using ransomware and other attacks types looking for money.
Keep exploring, and you can gain access to entire hospital networks via vulnerable in medical devices, said Adam Brand, director of privacy and security at consulting firm Protiviti. That problem is not going to get any easier, Brand said at the HIMSS and Healthcare IT News Privacy and Security Forum May 12. So given that reality, researchers at Protiviti decided to set up an experiment to see how the internet would react to unsecured devices, easily findable for hackers the world over to exploit. The experiment involved so-called honeypots – fake medical devices put online for bad actors to find and exploit, offering a window into their behavior when confronted with the real thing.
