In the fall of 2020, CISA, FBI, and HHS cybersecurity gave a joint advisory to the healthcare and public health industry subsequent to a surge in ransomware activity. The joint notice discussed that attackers are heavily targeting the healthcare sector to install ransomware in systems. Many ransomware groups had increased attacks on the healthcare and public health segment. The Ryuk and Conti groups are the most dynamic.
Check Point’s new report reveals that attacks continued increasing in November and December 2020. Cyber-attacks on healthcare companies increased by 45% worldwide. The increase was greater than twice the percentage increase in attacks on all industries globally over the same time interval. Around the globe, the average number of cyberattacks on healthcare companies is 626 per week in November and December. It was only 430 cyberattacks each week in October.
The vectors utilized in the cyberattacks were diverse. Check Point researchers saw an increase in ransomware, remote code execution, botnet, and DDoS attacks in November and December; even so, ransomware attacks had the biggest percentage increase and ransomware continues to be the major malware threat.
Conti ransomware continually create a threat and was employed in numerous healthcare sector ransomware attacks. However, Ryuk is still the most often employed ransomware variant, then Sodinokibi. The greatest increase in cyberattacks was in Central Europe with a 145% increase in attacks, after which East Asia with 137% increase and Latin America having 112% increase. There was a 67% surge in attacks in Europe while a 37% surge in North America. The nation with the greatest increase in cyberattacks was Canada having a 250% increase.
Ransomware attacks are generally financially stimulated. Ransomware allows threat actors to obtain a big payout in just days after doing an attack. Ransoms are usually paid to recover files or to avoid the public exposure or selling of stolen sensitive information. The healthcare field is targeted mainly because there is a bigger likelihood that victims will pay ransom in comparison with other industries. Healthcare companies should restore patient information access immediately to make certain to provide health care to patients, primarily when there is huge pressure because of the volume of new patients demanding treatment for COVID-19.
Although ransomware is still commonly spread by way of spam email messages and exploit kits, the healthcare sector attacks are extremely targeted, using the major ransomware variants employed in the attacks sent manually. Preliminary access to healthcare sites is obtained employing different tactics. a lot of ransomware attacks start with phishing emails that deliver Trojans including TrickBot, Dridex, and Emotet. Check Point suggests security specialists to look for these Trojans on the network, as well as Cobalt Strike, which are all utilized to send Ryuk ransomware.
Numerous ransomware attacks begin with a phishing email, thus it is essential to make sure that anti-phishing cybersecurity measures are set up, and employees receive regular training in order that they could recognize social engineering and phishing attacks.
Although many phishing attacks happen during the week’s company hours, ransomware attacks frequently start on weekends and during holidays, when tracking by security personnel is likely to be lessened. Healthcare companies are encouraged to boost their protection on weekend and during holidays to identify attacks in progress.
Vulnerabilities in software and operating systems are often exploited to acquire access to healthcare systems, thus quick patching is important. In instances that patching is not possible, Check Point suggests employing an intrusion prevention system (IPS) that have virtual patching capabilities to prevent the exploitation of vulnerabilities in programs and apps that can’t be patched. Anti-ransomware cybersecurity programs that have a remediation feature should also be employed to obstruct attacks within minutes of ransomware deployment.