During the pandemic, cybercriminals exploited new opportunities and have been launching attacks on hospitals, physician clinics and other firms and institutions on the front line in the struggle against COVID-19.
Cyber attacks on the healthcare field increased in 2020, specifically in the fall because a synchronized campaign had numerous healthcare victims. Ransomware continues to be a serious threat to the healthcare segment and more attacks have persisted into 2021.
A current CTIL League report presents more data on these attacks and a number of the strategies employed to target the healthcare industry in 2020. The report shows the work carried out by the CTIL Dark team, which tracks the deep web and darknet for indications of security breaches and cybercriminal activity that can affect the healthcare market or general public safety.
This is the very first report published that shows the findings and accomplishments of the CTIL Dark team, and looks into the world of healthcare ransomware attacks as well as the dark markets – the place where the exchange of access to healthcare networks take place.
In 2020, the CTIL Dark team’s study identified the following principal ransomware groups aiming at the healthcare industry: Conti Maze, REvil, Ryuk And Netwalker. These five groups have carried out greater than 100 ransomware attacks on the healthcare market, 66% of which were in North America and Europe. The attacks conducted by these gangs made up 75% of all ransomware attacks in 2020.
The spike in ransomware attacks in 2020 was due to the easiness at which the healthcare sector can be attacked and the greater visibility of the sector for the duration of the pandemic, and no healthcare firm was safe. Though attacks on big healthcare companies were preferred since they have the capability to pay big ransom demands, in the fall season, attacks on small- to medium-sized clinics and hospitals surged.
Ransomware attacks usually cloud the news reports as a result of the significant effect of these attacks on healthcare companies and their patients. Hospitals are obligated to use pen and paper, patient visits quite often get postpone, and patient data is typically leaked on the web and offered to a number of cybercriminals. What isn’t well known is the supply chain that allows these attacks.
For the duration of the pandemic, the requirement for backdoor access to healthcare sites increased significantly. The number of threat actors offering access likewise increased. The supply chains set up to deliver access information for healthcare networks to ransomware gangs and other cybercriminals observed a considerably reduced obstacle to performing cyberattacks on the area.
2020 saw a rise in the amount of Initial Access Brokers. These are the cybercriminals who attack and exploit vulnerable networks and peddle access to the top bidder, such as ransomware groups and their affiliates. The CTIL Dark team states duplicity of the quantity of Initial Access Brokers from quarter 2 of 2020 to quarter 4 of 2020. Competent hackers that could breach healthcare systems frequently register to ransomware-as-a-service operations as affiliates. In 2020, various RaaS operations commenced recruitment drives focusing on persons who already got access to healthcare sites and could perform huge numbers of attacks.
The CTIL Dark team says that ransomware attacks are starting to be more comprehensive, focused, and coordinated, with threat groups usually joining up and sharing resources and details. In 2020, the ransomware activity inquired by the team most frequently needed attacks on perimeter flaws like unpatched systems and poor passwords in remote connectivity resources, instead of phishing attacks.
The CTIL Dark team furthermore found a rise in the number of databases comprising PHI being marketed on darknet forums for usage in specific attacks on patients, and even staff databases for targeting healthcare staff to acquire access to healthcare networks.
Phishing attacks went up in 2020, with opportunistic cybercriminals walking away from their usual campaigns and transitioning to COVID-19 themed activities that closely mirrored equipment insufficiency and knowledge breaks. Scams were performed according to the scarcity in COVID-19 tests and PPE, then bogus offers of antibody blood. If hydroxyquinoline was recognized as a game-changer for COVID-19 treatment, darknet providers turned from offering cocaine to offering dosages of the drug. Today, as the vaccine rollout started, scammers have moved to supplying phony vaccines.
CTIL has estimated that attacks on the healthcare industry will probably go up in 2021 as opposed to decreasing, so it is vital for healthcare establishments to continue to be on high alert and make use of data from cybersecurity companies, authorities, health-ISACs, and institutions, for instance, CTIL league and carry out policies, processes, and protections to end these threats.