Cybercriminals are opportunistic and currently taking advantage of the security vulnerabilities of work-from-home remote access platforms that are now more common than ever before as a result of the COVID-19 pandemic. Threat actors often target those organizations that are most dependent on their networks and services for business continuity. Therefore, it is not surprising that, just when the world is most dependent upon the healthcare sector, which is already stretched thin by the pandemic, cybercriminals have ratcheted up their attacks on it. And, yes, that is incredibly criminal and despicable.
Fortunately, there is the CTI League, a consortium of more than 1,500 cybersecurity experts, from across the globe, who volunteer their time to help protect the healthcare sector. The CTI League recently published The Darknet Report, which discusses a variety of cyber threats, from disinformation and misinformation campaigns to ransomware attacks. They found that while some cybercriminals made a truce early-on in the pandemic, to not attack healthcare institutions, it didn’t last long, and 2021 is likely to mirror the patterns that were seen in 2020.
According to the CTI League, “Ransomware and the groups that deploy them have become one of most sophisticated and well-funded and fastest-growing cybersecurity threats. As the ‘2020 year of ransomware’ continues, the attacks are only getting more extensive, targeted and more coordinated.” The CTIL Dark team found the top five ransomware variants that impacted healthcare in 2020 were Maze, Conti, Netwalker, REvil, and Ryuk, affecting over 100 organizations. And the criminals often collaborate as business entities, so they can inflict more damage and make more money. There are even criminal businesses on the Dark Web that provide Ransomware-as-a-Service. However, none of this should detract from the fact that it takes a particularly evil type of cybercriminal to extort money from a hospital or clinic.
The CTI League does not mention distributed denial of service (DDoS) attacks. However, it is almost certain that some health clinics or hospitals experienced a DDoS attack in the past year, or will experience one this year. DDoS attacks are now extremely common across all sectors because they require little coding expertise, and they can inflict severe financial and reputational damage. Such attacks are also common because there are many threat actors who provide DDoS-as-a-Service.
The Increase in R-DDoS
As well as Ransomware, 2020 saw a significant increase in R-DDoS attacks, in which threat actors combined a ransom demand with a DDoS attack. In the healthcare sector that could be costly not only financially, but also in terms of patient wellness. The vast majority of DDoS attacks are not large enough to saturate Internet links, but they are still more than capable of crashing a website or rendering a service unusable. These often short, sub-saturating, attacks are also used to mask more nefarious activities, such as stealing confidential patient data or launching a ransomware attack. That’s why organizations need always-on DDoS protection that detects and blocks even the smallest of attacks, automatically, 24×7.
What can Healthcare Organizations Do for DDoS Defense?
Healthcare organizations must take a proactive stance to prevent ransomware and DDoS attacks; either can be extremely damaging, impacting both finances and patient care. Ransomware can be spread multiple ways, such as phishing emails that contain attachments with malware, or through drive-by downloads, or by automated tools that hackers use to scan the Internet for systems that are vulnerable. Defending against ransomware requires a combination of good management processes, careful cyber hygiene on behalf of all employees in an organization, and anti-malware protection. DDoS attacks are equally sophisticated, but the solution is purely technical, and not reliant on management processes or employee practices. Organizations have a variety of choices for affordable DDoS protection; for example, often they can obtain it as a service from their Internet Service Provider. For many organizations, DDoS protection as a service makes a lot of sense in terms of budget and value.