Healthcare Industry Facing Increased Malware and Ransomware Threats
Ransomware actors continue to target the U.S. healthcare sector, cybercriminals are increasingly using malware to steal data and provide persistent access to healthcare networks, and legitimate penetration tools are being used to mask malicious activity amongst genuine use of these tools by red teams.
These are some of the findings from the latest Global Threat Intelligence Report from Blackberry, which is based on threats detected by its Cylance Endpoint Security solution over 90 days from December 2022 to February 2023. During that time, Blackberry detected up to 12 cyberattacks per minute and identified a massive increase in unique attacks using new malware samples, which increased by 50% from 1 per minute to 1.5 per minute in the most recent reporting period.
The United States remains the most targeted country, although there has been a change in focus elsewhere, with Brazil now the second most targeted country followed by Canada. The same industry sectors are favored, with financial services, healthcare, and food/staples accounting for 60% of all malware-based attacks. The most commonly detected malware were droppers, downloaders, remote access tools (RATs), and ransomware.
Blackberry detected an increase in cyberattacks using the Agent Tesla RAT, RedLine initial access and information stealer, Emotet downloader, and BlackCat ransomware, all of which have been used in attacks on the healthcare sector. Over the 90 days, BlackBerry detected and blocked 5,246 unique malware samples that had been used in attacks on its healthcare provider clients, with an average of 59 new, unique malware samples blocked each day. Over the 90 days, BlackBerry blocked 93,000 individual attacks on its healthcare clients.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The biggest malware threat faced by the healthcare industry was Emotet. While Emotet started out as a banking Trojan, it is now primarily a botnet-driven malware dropper that is used to deliver a range of malicious payloads for other cybercriminal groups. Emotet is capable of self-propagation and lateral movement and is used to deliver malware and ransomware payloads. The RedLine information stealer was also a top threat to the healthcare sector.
Ransomware gangs continue to pose a major threat, with BlackCat and Royal both aggressively targeting the healthcare sector. BlackCat is believed to include former affiliates of the DarkSide and BlackMatter ransomware operations and has been active since November 2021 and there are indications that attacks are widening. Royal ransomware is a relatively new ransomware group that first appeared in September 2022. The group is thought to include some highly capable and experienced individuals, including members of the now-defunct Conti ransomware operation.
The healthcare industry is being targeted by initial access brokers, who compromise healthcare networks and then sell access to ransomware gangs, with access often gained through credential theft. BlackBerry also detected widespread use of the penetration testing tools Cobalt Strike and Brute Ratel, with malicious use of the former a significant threat to the healthcare sector. Nation-state actors and cybercriminals have been observed using these tools.
BlackBerry expects ransomware affiliates to continue to target hospitals and medical organizations for the foreseeable future, especially in countries that support or provide funding to Ukraine, with BlackCat, Royal, and LockBit 3.0 expected to continue to pose a threat to the healthcare sector. Healthcare, along with other critical infrastructure sectors, will likely be targeted by financially motivated as well as politically motivated actors over the coming months and BlackBerry also warns that AI is likely to be increasingly used for attack automation and deep fake attacks. Deep fake attacks have gained significant traction in recent months.
