Category Archives: Patch management

Recent Attack Suggests Ransomware Is Alive and Well in Healthcare

A U.S. hospital disclosed that it suffered a ransomware attack, the latest in a spate of such incidents befalling the industry in recent years. Despite the fact that ransomware has declined in most other industries, these continued attacks highlight the need for healthcare organizations to boost their defenses and adopt strategies to proactively fight against this persistent threat.

Another Hospital, Another Data Breach

The hospital announced that it became aware of a crypto-malware attack on the morning of July 9. The incident affected the organization’s internal communications systems and access to its electronic health record (EHR).

Soon after discovering the malware, the hospital quickly initiated its incident response protocol, and IT professionals worked with law enforcement and forensics experts to investigate the incident. The security team also evaluated the hospital’s digital defense capabilities and decided to divert ambulance patients suffering from trauma or stroke to other institutions.

Although the investigators did not discover any evidence of the attack compromising patient data, they did opt to temporarily shut down the system as a precaution.

Ransomware Rates Remain High in Healthcare

According to Recorded Future, ransomware campaigns began declining in 2017, driven largely by the disappearance of many exploit kits (EKs) on the cybercrime market. At the same time, the remaining EKs made a tactical shift toward distributing crypto-mining malware. Unfortunately for hospitals, the decline in overall ransomware attacks does not apply to the healthcare sector.

Healthcare companies are still prime targets for ransomware because they invest relatively little in IT security. In addition, hospitals are often more willing to pay ransoms due to the criticality of their IT systems and EHRs. As John Halamka, chief information officer (CIO) at Boston’s Beth Israel Deaconess Medical Center, noted in Fierce Healthcare, some of these systems are not up to date, which makes them susceptible to vulnerability-driven attacks.

“Each time a patch is introduced, the act of changing a mission-critical system impacts reliability and functionality,” Halamka explained. “Some mission-critical systems were created years ago and never migrated to modern platforms.”

According to ZDNet, many hospitals have recently paid ransoms of tens of thousands of dollars to regain access to their data. Threat actors view these incidents as evidence that ransomware is still an effective and lucrative tactic to use against healthcare organizations.

How Can Hospitals Protect Their Data?

To protect healthcare data from threat actors looking to hold it for ransom, hospitals should double down on patch management to ensure that all networks, endpoints, applications, databases and medical devices are up to date. They should also implement network segmentation to limit attackers’ lateral movement and regularly back up data so that operations can resume quickly in the event of a breach.

As always, the best defense against threats such as ransomware is continuous training and education throughout the organization. By ensuring that everyone from rank-and-file employees to top leadership can recognize signs of a ransomware attack and act accordingly, these users can serve as the first line of defense against this persistent threat.

The post Recent Attack Suggests Ransomware Is Alive and Well in Healthcare appeared first on Security Intelligence.

Taken by Ransomware? Certain Skills Required

Skull and crossbones adorning a pair of Alexander McQueen boots, um yes, please. Skull and crossbones flashing across my PC, uh no, thanks. While the former speaks of swashbuckling ready-to-wear,

The post Taken by Ransomware? Certain Skills Required appeared first on The Cyber Security Place.

Does the Rise of Crypto-Mining Malware Mean the End of Ransomware?

Crypto-mining malware activity grew significantly in the first quarter of 2018, according to new research, suggesting that threat actors are finding this tactic to be more lucrative than traditional ransomware attacks due to the increasing popularity and value of digital currencies.

But this shift doesn’t signal an end to the threat of ransomware — rather, it points to an evolution toward more targeted attacks against specific organizations and industries, such as healthcare, that are most vulnerable and store particularly valuable data.

Cybercriminals Shift Tactics Amid Cryptocurrency Gold Rush

In short, this new trend shows that cybercriminals follow the money. Amid the rising popularity of cryptocurrencies like bitcoin, Monero and Etherium, threat actors have embraced crypto-mining schemes as a way to generate illicit financial gains with the least amount of effort, in the shortest time possible — and at a relatively low risk of discovery.

According to McAfee Labs Threats Report: June 2018, researchers observed more than 2.9 million samples of crypto-mining malware in the first quarter of 2018 — a 629 percent increase from just 400,000 samples in the last quarter of 2017.

“Cybercriminals will gravitate to criminal activity that maximizes their profit,” said Steve Grobman, chief technology officer (CTO) at McAfee, in a June 2018 press release. “With the rise in value of cryptocurrencies, the market forces are driving criminals to crypto-jacking and the theft of cryptocurrency. Cybercrime is a business, and market forces will continue to shape where adversaries focus their efforts.”

Troy Mursch, the security researcher behind the website Bad Packets Report, noted that the industry is seeing so many JavaScript-based crypto-miners because most modern browsers run JavaScript. This means that nearly every web user is a target of malicious crypto-jacking attacks.

Alternatively, attackers can maximize their computing power by infecting a server or other network asset with crypto-mining malware. This tactic makes enterprise networks particularly lucrative targets for crypto-jacking campaigns. Also, browser-based crypto-mining doesn’t require attackers to craft an exploit — and the action usually goes undetected so users might not know they’ve been infected for some time.

Why Ransomware Is Down but Not Out

These characteristics of crypto-mining could explain why some attackers have moved away from traditional ransomware. Victims also know when they’ve suffered a ransomware infection and can respond accordingly, which demotivates potential attackers.

But the fact that opportunistic attackers are leaving ransomware behind doesn’t mean the threat is over and done — it’s merely changing. For instance, threat intelligence provider Recorded Future noted that ransomware attack campaigns are becoming more targeted in nature. This is evident in ransomware actors’ penchant for going after healthcare, an industry in which resource deprivation can threaten people’s lives and trigger urgent responses. According to insurance company Beazley Group, healthcare targeting accounted for 45 percent of all ransomware attacks in 2017.

Attackers are also beginning to leverage the mere threat of high-profile ransomware to extract payment. Action Fraud, the U.K.’s cybercrime reporting center, detected one such scam campaign warning users that they had been infected with WannaCry. In actuality, the emails simply aimed to scare recipients into sending a bitcoin payment, limiting the necessity of even distributing malicious software to obtain its gains.

How Companies Can Defend Against Crypto-Mining Malware

Amid the growth of crypto-mining malware and the ongoing evolution of ransomware, enterprises can defend themselves against crypto-mining malware by investing in an endpoint security solution and creating a patch management program.

Because ransomware relies on suspicious emails and software vulnerabilities for distribution, users can guard against its primary attack vectors by following best security practices. Organizations can further defend themselves by regularly updating antivirus software and training employees to refrain from engaging fraudsters over email.

The post Does the Rise of Crypto-Mining Malware Mean the End of Ransomware? appeared first on Security Intelligence.