Tag Archives: #cybersecurity #vishing #security

News, Tech, Technology

Ransomware in the Global Healthcare Industry

Written by Leon Ward, VP, Product Management, ThreatQuotient 

 

The World Health Organisation (The WHO) recently hosted a webinar to discuss the critical importance of cybersecurity in the healthcare sector, which highlights the severity of the situation the industry is currently facing. Healthcare organisations are increasingly relying on digital systems to facilitate their daily workflow, but the prevalence of outdated legacy technology in the sector is rendering it vulnerable to cyber-attacks with severe consequences.

As has been demonstrated with this year’s high-profile attacks on healthcare organisations, such as incidents concerning the UK’s NHS and the US’ Ascension and Change Healthcare, the healthcare industry must review its priorities, the threats it faces, and its security measures, without delay.

Investing in data availability

Healthcare organisations store valuable personal and health information within Electronic Health Records (EHR). These records contain data that are hot commodities on the black market: from full names, birth dates, and health monitoring information to social security numbers, billing and insurance details. Storing data digitally allows healthcare organisations to share important information quickly between staff and across borders, facilitating faster, more comprehensive patient care, but it also carries risk.

Employees often have access to more information than they need to see. Should an employee accidentally click a phishing link or be exposed to malware, a bad actor can potentially access an organisation’s entire system. Further, storing data digitally makes healthcare organisations dependent on their systems, meaning that in the event of a cyber-attack they can be brought to a standstill. For example, the Ascension Healthcare Incident resulted in ambulances being diverted, and staff resorting to writing information on paper, slowing essential operations.

Immediate access to accurate patient data is not just a convenience; it’s a matter of life and death. However, this urgency for data accessibility must be balanced with stringent security measures. The vulnerability of confidential medical data to malware and ransomware attacks necessitates unwavering vigilance and robust security controls.

Relying on legacy systems

Many medical facilities and clinicians operate on outdated systems and devices, often running obsolete software versions and lacking adequate security measures. A single compromised legacy system can serve as a gateway for major data breaches, highlighting the critical need for modernisation and security upgrades. The risk for such an event is high, as legacy systems are often unsupported by their original developers, leaving them without essential security patches and updates.

Unfortunately, it’s not just the resilience of their own systems healthcare organisations should be considering. An emerging trend that is quickly gaining traction in the threat landscape is supply-chain attacks: which is when an organisation is subjected to a cyber-attack, and it travels to their partners and customers. The NHS fell victim to a ransomware attack on its third-party partner, Synnovis. This can result in considerable impacts on healthcare services, and potentially life-threatening delays.

This places healthcare organisations in a precarious position, as these attacks can be inserted at any point in the supply chain. To mitigate this risk, they must understand the cybersecurity posture of their partners, and establish a collaborative relationship that emphasises sharing threat intelligence. This will improve the cybersecurity posture of the entire supply chain.

Integrating modern assets

Another challenge the healthcare industry faces is that while they embrace new technologies to enhance efficiency and patient care, like IoT medical devices and EHR applications, they also expand and complicate their attack surface. This exposes sensitive data to a myriad of threats and makes it hard to monitor for threats and anomalies. The intersection of innovation and security presents a daunting challenge for healthcare organisations striving to embrace progress without compromising patient privacy and safety.

This puts the healthcare industry in a difficult position. Shying away from adopting new technologies can cause organisations to sacrifice the quality of their care, and lead to them having outdated technology and security measures, which increases the risk of a cyber-attack. However, integrating new technologies and driving innovation in their sector can create numerous challenges that their security teams struggle to keep pace with.

Ransomware is becoming democratised

From a risk perspective, valuable, easily accessible data with outdated cybersecurity measures, and an industry with a low tolerance for downtime, creates the perfect target for cyber-attacks. Bad actors are economic with their attacks: often valuing low-risk, high-reward targets that are likely to acquiesce to their demands. According to a recent Sophos State of Ransomware 2024 Report, ransomware attacks within the healthcare industry are not only on the rise, but over half the victims would pay up to 111% of the original ransom.

The threat landscape is also evolving, with ransomware quickly becoming a democratised industry. New developments such as Ransomware-as-a-Service (RaaS) and Ransomware-for-Hire Services enable anyone to launch a ransomware attack, even if they lack technical skills. Gen AI-based attacks are also increasing; resulting in more sophisticated attacks and phishing campaigns that can be more difficult to identify.

Combating the Threats

To combat the threats outlined above, a threat intelligence platform emerges as a robust solution that helps simplify cybersecurity efforts and support digital transformation. By aggregating all sources of threat intelligence and vulnerability data into a central repository, healthcare organisations can gain a holistic view of their cybersecurity landscape, enhancing visibility and informed decision-making.  They can also enable an organisation to prioritise threats based on their impact on the health system environment. This means that teams can filter out noise and focus on critical assets and vulnerabilities, ensuring that resources are allocated where they are most needed.

Additionally, they can automate the dissemination of threat intelligence, empowering healthcare organisations to quickly share information against cyber adversaries. Armed with intelligence, teams can proactively hunt for malicious activity, swiftly identifying and neutralising threats before they can wreak havoc on patient records and organisational integrity. A threat intelligence platform accelerates analysis and response to attacks, enabling rapid mitigation against evolving threats.

Through assessing and understanding its current cybersecurity posture, and the threat landscape, the healthcare industry will be able to update its cybersecurity infrastructure in a more comprehensive fashion. Threat intelligence platform solutions, enable healthcare organisations to improve the overall security of their supply chain, and patch its existing cybersecurity issues, whilst maintaining its daily operations.

Cybersecurity, News

Vishing Attacks Reach All Time High According to Latest Agari and PhishLabs Report

More Than a 5x Increase in Vishing Attacks Year-over-Year Reported

Vishing (voice phishing) cases have increased almost 550 percent over the last twelve months (Q1 2022 to Q1 2021), according to the latest Quarterly Threat Trends & Intelligence Report from Agari and PhishLabs, both of which are part of the HelpSystems cybersecurity portfolio. 

In Q1 2022, Agari and PhishLabs detected and mitigated hundreds of thousands of phishing, social media, email, and dark web threats targeting a broad range of enterprises and brands. The report provides an analysis of the latest findings and insights into key trends shaping the threat landscape. 

According to the findings, vishing attacks have overtaken business email compromise (BEC) as the second most reported response-based email threat since Q3 2021. By the end of the year, more than one in four of every reported response-based threat was a vishing attack, and this makeup continued through Q1 2022.

“Hybrid vishing campaigns continue to generate stunning numbers, representing 26.1% of total share in volume so far in 2022,” said John LaCour, Principal Strategist at HelpSystems. “We are seeing an increase in threat actors moving away from standard voice phishing campaigns to initiating multi-stage malicious email attacks. In these campaigns, actors use a callback number within the body of the email as a lure, then rely on social engineering and impersonation to trick the victim into calling and interacting with a fake representative.”

Additional Key Findings

  • Social media impersonation attacks are on the rise. Since Q2 2021, the volume of brand impersonations increased 339% and executive impersonations 273%. According to the findings, brands prove to be convenient targets for threat actors, especially when associated with retail counterfeit operations. However, for some unique attacks, executive accounts are preyed on to make the spoofs seem more realistic.
  • Credential theft email scams continue to be the most common email threat type reported by employees, contributing to nearly 59% of all threat types encountered. Credential theft reports increased 6.9% in volume from Q4 2021.
  • The malware landscape continues to be ever changing. Qbot was once again the payload of choice for threat actors attempting ransomware attacks, but Emotet reemerged in Q1 and was the second leading payload.
  • While nearly half of all phishing sites rely on a free tool or service for staging, Q1 2022 was the first quarter in five consecutive quarters where paid or compromised services (52%) outnumbered free solutions for the use of staging phishing sites.

“As the variety of digital channels organizations use to conduct operations and communicate with consumers expands, bad actors are provided with multiple vectors to exploit their victims,” added LaCour. “Most attack campaigns are not built from scratch; they are based on reshaping traditional tactics and incorporating multiple platforms. Therefore, to remain secure, it’s no longer effective for organizations to only look within the network perimeter. They must also have visibility into a variety of external channels to proactively gather intelligence and monitor for threats. 

“Additionally, security teams should invest in partnerships that will ensure the swift and complete mitigation of attacks before they result in reputational and financial damage.”

 

Additional Resources

To learn more about the report findings, attend the live webinar at 2 PM EST on Tuesday, May 24 or watch on-demand: https://www.phishlabs.com/webinars/details/?commid=541642.

To access the complete Agari and PhishLabs Quarterly Threat Trends a& Intelligence Report, visit: https://info.phishlabs.com/quarterly-threat-trends-and-intelligence-may-2022