Ransomware threat increases in health sector; report
Intel Security investigates ransomware, mobile, and macro malware threats surge in Q2 2016
Intel Security has assessed the growing threat towards the healthcare industry in Q2 2016 in its latest "McAfee Labs Threats Report: September 2016".
Intel Security investigated a string of attacks upon hospitals in 2016, the ransomware networks behind them, and the payment structures enabling cybercriminals to monetise their malicious activity. The researchers identified nearly $100,000 in payments from hospital ransomware victims to specific bitcoin accounts.
While healthcare is still clearly a small proportion of the overall ransomware ‘business,' McAfee Labs expects a growing number of new industry sectors to be targeted by the extensive networks launching such attacks.
In the first half of 2016, researchers identified a ransomware author and distributor who appeared to receive $121m (BTC 189,813) in payments from ransomware operations targeting a variety of sectors. Dark net discussion board communications suggest that this particular cybercrime actor had accumulated profits of $94m during the first six months of this year.
The research team attributes the increased focus on hospitals to such organisations' reliance on legacy IT systems, medical devices with weak or no security, third-party services that may be common across multiple organisations, and hospitals' need for immediate access to information to deliver the best possible patient care.
Vincent Weafer, Vice President for Intel Security's McAfee Labs, said: "As targets, hospitals represent an attractive combination of relatively weak data security, complex environments, and the urgent need for access to data sources, sometimes in life or death situations. The new revelations around the scale of ransomware networks and the emerging focus on hospitals remind us that the cybercrime economy has the capacity and motivation to exploit new industry sectors."
"Industry sectors such as healthcare and manufacturing present both opportunity and motive for cybercriminals," Weafer continued. "Their relatively weak defensive capabilities coupled with highly complex environments simplify breaches and subsequent data exfiltration. The cybercriminals' motive is ease of monetisation, with less risk. Corporations and individuals can easily cancel stolen payment cards soon after a breach is discovered. But you can't change your most personal data or easily replace business plans, contracts, and product designs."
The research revealed that more than 25% of respondents do not monitor the sharing of or access to sensitive employee or customer information, and only 37% monitor the usage of both, although this figure rises to almost 50% for the largest organisations.
The survey results also indicate that nearly 40% of data losses involve some kind of physical media, such as thumb drives, but only 37% of organisations use endpoint monitoring of user activity and physical media connections that could counter such incidents. While 90% of respondents claim to have implemented cloud protection strategies, only 12% are confident in their visibility into the activity of their data in the cloud.
Weafer concluded: "We will always face challenges as we work to prevent the exfiltration of data, wherever it is stored and however it is handled. But organisations can learn a great deal from this study's consistent theme of the value of greater visibility into events and incidents across the enterprise, and the longer-term value of the data drawn from this monitoring to construct stronger security postures."