Cloud Mitigation for Ransomware, as COVID-19 Spurs Cyberattacks
Providers are increasingly being targeted with cyberattacks and ransomware throughout COVID-19; edge-to-cloud security tactics could reduce the increased risk to the healthcare sector.
By - A host of cyberattack trends on the health sector emerged in the wake of the COVID-19 pandemic, as hackers sought to take advantage of the crisis with ransomware and misinformation campaigns, according to a 4iQ report. Mitigation techniques, such as edge-to-cloud security, can help reduce the increased risk to the healthcare sector.
The report mirrors earlier findings on phishing, mobile, cloud, and impersonation attacks and sheds light on several crucial trends, highlighting the need for heightened precautions and due diligence across the healthcare sector. As noted by ForgeRock, the healthcare sector is the most targeted by hackers.
The threat intelligence team of 4iQ analyzed data collected on cybercrime campaigns leveraged between January 1 and May 1, to track prominent hacking trends spurred by the COVID-19 pandemic. The report showed misinformation campaigns, COVID-19 hoax websites, and email scams were the most common threats leveraged during that timeframe.
For healthcare, those scam websites and misinformation campaigns included conspiracy theories about global health institutions, academia, and nonprofit organizations tied to the pandemic.
Further, the pandemic led to an increase of personal information placed up for sale on the dark web, as more users downloaded social media applications. The prominent dark web threads include items offered for sale and hacking information discussed on dark web forums.
READ MORE: Open Ports, Phishing Key Targets in Healthcare Ransomware Attacks
“It has been well-documented that cybercriminals are exploiting all the fear and uncertainty that comes with COVID-19,” Julio Casal, 4iQ co-founder and CTO, said in a statement. “Of course, the outbreak is impacting our physical sphere, but the risk narrative in cyberspace is alarming, too.”
"Although several prominent ransomware groups have pledged to avoid targeting healthcare organizations during this pandemic, other threat actors are still taking full advantage of this situation," Alberto Casares, vice president of Threat Research, said in a statement. “When comparing pre-outbreak and post-outbreak, we found a significant rise in the number of threads, items offered for sale, and hacking information related to COVID-19 on deep and dark web forums."
Ransomware Landscape and Mitigation Methods
The report also showed that healthcare entities, like hospitals, medical organizations, and pharmaceutical companies are actively being targeted by several ransomware campaigns. For one, the CoronaVirus ransomware variant infects victims’ computers through a Windows utility and is distributed through a fake website masquerading as system optimization software and utilities.
The notorious REvil or Sodinokibi ransomware variant has also predominantly targeted the healthcare sector in recent months through attempted exploits on virtual private networks and other remote gateways. The hacking group was behind the 10x Genomics cyberattack in April.
READ MORE: NetWalker Ransomware Expands Operations, Targeting Healthcare
Ryuk and Locky ransomware hacking groups have also targeted the healthcare sector throughout the pandemic by leveraging targeted phishing campaigns.
Ransomware reached its highest attack levels during the last quarter of 2019, which have remained steady throughout 2020. Microsoft and the Office for Civil Rights have previously released insights to help the healthcare sector tackle this pressing threat vector.
Those guides center on patch management for VPNs and firewall configurations; remote infrastructure monitoring; attack surface reduction rules; risk analysis and management; and system monitoring and review.
For Saimon Michelson, Field CTO, North America at CTERA, edge-to-cloud security could positively impact the healthcare sector’s security posture, leveraging cloud resiliency to quickly remediate ransomware attacks on edge devices, such as file servers and IT infrastructure.
“Many organizations today store vast amounts of backup in the cloud to take advantage of its scale and cost efficiencies. Through file versioning and data retention policies, an organization can easily rollback to a non-infected point in time and restore user data,” Michelson said. “Second, IT administrators can immediately prevent malware from propagating between multiple edge locations.”
READ MORE: Paying the Ransom Can Double Ransomware Attack Recovery Costs
“Third, organizations can leverage different file-access protocols and authentication schemes for edge and cloud components to minimize the ransomware attack exposure,” he added. “Some to the best strategies include implementing end-to-end virus scanning and protection against malware. This should begin at the endpoint, extend to any local network equipment, and then into the cloud.”
Healthcare organizations should also keep in mind that not everything should be synchronized everywhere, Michaelson stressed. Instead, IT administrators should concentrate on minimizing the exposure of data sets and propagation of malware “based on a need-to-know basis.”
Lastly, it’s important to leverage a storage system able to determine which files and folders are shared or synced to specific locations. Healthcare organizations “may want certain locations to only have access to certain files for reasons including compliance and patient privacy,” while employing a least privilege strategy for user access rights.
