Hospitals Increasingly Targeted by Ransomware
The healthcare industry has become an increasingly popular target in 2016 due to medical devices with weak security and the use of legacy systems.
In the McAfee Labs Threats Report: September 2016, McAfee researchers identified a ransomware author and distributor who claimed to have received $121 million in payments from ransomware operations targeting a variety of sectors. Dark net discussion board communications with network affiliates suggest that this particular cybercrime actor had accumulated profits of $94 million during the first six months of this year.
The research team attributed the increased focus on hospitals to such organizations’ reliance on legacy IT systems, medical devices with weak or no security, third-party services that may be common across multiple organizations and the need for hospitals to have immediate access to information to deliver the best possible patient care.
“As targets, hospitals represent an attractive combination of relatively weak data security, complex environments and the urgent need for access to data sources, sometimes in life or death situations,” said Vincent Weafer, vice president for Intel Security’s McAfee Labs. “The new revelations around the scale of ransomware networks and the emerging focus on hospitals remind us that the cybercrime economy has the capacity and motivation to exploit new industry sectors.”
The Q2 report also features the results of a research study assessing data loss incidents, including the types of data leaking out, the ways data exits organizations and the steps organizations must take to take to improve the capabilities of data loss prevention.
The survey found that retail and financial services organizations have deployed the most extensive protections against data loss, a finding McAfee Labs attributes to organizational responses to the frequency of cyber-attacks and the value of the data held by companies in these two sectors. Having sustained fewer cyber-attacks historically, healthcare and manufacturing enterprises have made fewer IT security investments and, accordingly, possess the least comprehensive data protection capabilities.
The weaker defenses in these two sectors are particularly disturbing given that cybercriminals continue to shift their focus from easily replaceable payment card numbers to less perishable data such as personally identifiable information, personal health records, intellectual property and business confidential information.
“Industry sectors such as healthcare and manufacturing present both opportunity and motive for cybercriminals,” Weafer continued. “Their relatively weak defensive capabilities coupled with highly complex environments simplify breaches and subsequent data exfiltration. The cybercriminals’ motive is ease of monetization, with less risk. Corporations and individuals can easily cancel stolen payment cards soon after a breach is discovered. But you can’t change your most personal data or easily replace business plans, contracts and product designs.”
The research revealed that more than 25 percent of respondents do not monitor the sharing of or access to sensitive employee or customer information, and only 37 percent monitor the usage of both, although this figure rises to almost 50 percent for the largest organizations.
The survey results also show that nearly 40 percent of data losses involve some kind of physical media, such as thumb drives, but only 37 percent of organizations use endpoint monitoring of user activity and physical media connections that could counter such incidents. While 90 percent of respondents claim to have implemented cloud protection strategies, only 12 percent are confident in their visibility into the activity of their data in the cloud.
In the second quarter of 2016, McAfee Labs’ global threat intelligence network detected 316 new threats every minute, or more than five every second, and registered notable surges in ransomware, mobile malware and macro malware growth:
- Ransomware. The 1.3 million new ransomware samples in Q2 2016 were the highest ever recorded since McAfee Labs began tracking this type of threat. Total ransomware has increased 128 percent in the past year.
- Mobile malware. The nearly 2 million new mobile malware samples were the highest ever recorded by McAfee Labs. Total mobile malware has grown 151 percent in the past year.
- Macro malware. New downloader Trojans such as Necurs and Dridex delivering Locky ransomware drove a more than 200 percent increase in new macro malware in Q2.
- Mac OS malware. The diminished activity from the OSX.Trojan.Gen adware family dropped new Mac OS malware detections by 70 percent in the second quarter.
- Botnet activity. Wapomi, which delivers worms and downloaders, increased by 8 percent in Q2. Last quarter’s second most active botnet, Muieblackcat, which opens the door to exploits, fell by 11 percent.
- Network Attacks. Assessing the volume of network attacks in Q2, denial-of-service attacks gained 11 percent in the quarter to move into first place. Browser attacks dropped by 8 percent from Q1. These most prominent attack types were followed by brute force, SSL, DNS, Scan, backdoor and others.