Alert against 3 major attack trends targeting the health sector
After the cyber attacks, health institutions need to spend 1.4 million dollars to recover! If organizations are constantly aware of new methods designed to infiltrate networks and develop new tactics for cyber security efforts, the risk of successful cyber attacks is reduced.
Fortinet, the world leader in comprehensive, integrated and automated cyber security solutions, explained the threats targeting the health sector by addressing the importance of threat intelligence in the health sector where network outages can lead to situations that threaten human life. The dependence on technology in healthcare systems and the increasing number of connected devices directly affects patients and patient care. In addition, while an average healthcare institution can recover $ 1.4 million in damages caused by a cyber violation, the financial resources of the hospital, the reputation of the hospital, the most important components of the patient experience, and the trust in the hospital are severely damaged.
Threats targeting the health sector
Security teams need to be prepared for all major threat trends, including threats that are thought to target other sectors, while the threat types highlighted in the Threat Report, which Fortinet analyzed in the Q1 2019, highlighted that the types of threats that could specifically affect the health sector.
Fortinet warns IT and security teams working in the healthcare industry against these three threats:
Use legally visible tools to hide
This type of attack emerges as a frequent attack method in the first quarter of 2019. Cybercriminals, like PowerShell, use tools that are pre-installed on their target systems and can be exploited to launch attacks. In this approach, the malicious code transmitted to the system appears to be part of an approved process, making it easier to bypass techniques, making it difficult to identify and identify by security teams. Installed on Windows devices, PowerShell is considered one of the most popular targets of these types of attacks. Cyber criminals use PowerShell to encrypt data and demand ransom by maintaining lateral movements across the network.
Especially when considering the number of IoT devices connected to the Internet, healthcare IT teams need to be aware of this attack method. Health systems are constantly installing new connected tools, many of which are part of patient treatments that are not designed with security in mind. To avoid this threat, IT teams need to implement regular checks on devices to ensure that no pre-installed vehicles have been compromised and thus no open doors are left on the network.
Special targeted ransomware
This year, high-profile ransomware attacks are targeted and planned at an advanced level. In fact, in one of the LockerGoga cases, attackers had already completed a thorough review and preparation process for accessing privileged credentials that enabled the application of malware. With these credentials, they were able to carry out attacks using a minimum of tactics of hiding and hiding. This shows that attackers who use this method have already evaluated network defenses and rendered these measures ineffective.
Anatova, which encrypts as many files as possible and leaves minimal chances of repair, stands out among ransomware in the first quarter. Anatova demonstrates that attackers are moving away from a malicious malware distribution model that focuses entirely on chance to focus on the networks of their choice.
Fortinet experts say health systems need to keep these attacks in mind, reinforcing malware defenses and making sure that data backups already exist. Hospitals, which are likely to pay more for stolen data due to deficiencies in data recovery and continuity processes and inadequate planning, are known to be specific targets for ransomware attacks. The data retrieved by paying the ransom may be corrupted or incomplete, thus creating a potential impact on patient safety.
Pre- and post-capture action traffic
Evaluating the types of websites used by attackers and the phase of the cyber death chain they access provides predictions on how cyber attackers structure their actions. For this reason, it is important to record the developments before and after the seizure. Pre-capture actions appear to be three times more likely to occur on working days when employees are often trapped. Post-capture actions are determined to occur consistently on business days and weekends, with little or no user interface required.
Segmentation is essential for safety in the health sector
These developments bring to mind an important point about segmentation. It is known that health sector is always a working sector. For example, the emergency service network should be running continuously, including over the weekend, and should not stop or slow down due to an attack. On the other hand, it is known that there are departments that do not always need to be working. For example, in such a department, access to a device other than working time can be an attack signal. Seized devices that operate during irregular working hours to initiate, extend, or move attacks on the network can affect highly essential networks, such as in the emergency room. Therefore, it is recommended that health systems add an additional layer of defense and apply segmentation in key networks and isolate devices that display abnormal behavior until they are used for what purpose.