Bad cyber actors went after the healthcare current market very last calendar year in a substantial way, according to professionals who spoke at a webinar hosted past week by the Cyber Risk Alliance. The discussion protected some major cybersecurity threats, trends in the attack lifetime cycle, protection vulnerabilities, and major incidents that transpired in 2021.
In the course of the session, Neil Jenkins, main analytic officer with the Cyber Danger Alliance, and Dave Liebenberg, head of strategic analysis with Cisco Talos, reviewed the Talos Incident Reaction 12 months-in-Critique for 2021 and presented some viewpoint on what threats may yet lie ahead.
Liebenberg stated health care was the major focused sector for a few of the 4 quarters past year. “The exception becoming Q3, in the drop, which was nearby governments,” he mentioned. “Even then, healthcare was a shut 2nd.” In the final 50 percent of 2020, healthcare was also the top target of cyber threats, Liebenberg stated, coinciding with and overlapping the pandemic.
Jenkins asked if the threats to health care largely targeted hospitals or provided biopharmaceutical organizations dealing with espionage tries connected to COVID-19 investigation.
“It did include some research businesses,” Liebenberg mentioned. “Most of the [data] exfiltration we observed was essentially directed a lot more in the direction of hospitals and involved exfiltrating personally identifiable information and facts.”
Major Menace 2021: Ransomware
Ransomware rated “by a mile” as the prime variety of risk in 2021, Liebenberg explained, continuing a longstanding trend. “With the exception of Q1, each and every quarter aside from that ransomware took up practically 50% of all the threats that we noticed,” he stated. That spoke to the problems enterprises should have about ransomware attempts, Liebenberg said.
Other types of threats might exist, these as the early 2021 information breach of the Microsoft Exchange Server, but he claimed ransomware continues to be at the forefront as a recurring, frequent, and dominant problem.
In 2020 and by means of early 2021, several incidents were attributed to the Ryuk ransomware spouse and children, Liebenberg claimed. By the second quarter of 2021, Ryuk and REvil, the two of which have alleged roots in Russian prison groups, tied as the topmost noticed resources of ransomware incidents with new threats emerging. “That same quarter, we see shift taking place,” he stated. “That exact same quarter, we also discover 13 other ransomware people.”
A amount of legal rings behind the ransomware assaults broke up and reformed into new groups, driving new democratized evolutions of these kinds of threats, Liebenberg mentioned. “Ryuk becomes Conti DoppelPaymer to Grief DarkSide to BlackMatter.”
New threats consist of a change from commodity Trojan horses to new resources these as Cobalt Strike attacks, he mentioned, as perfectly as the GMER rootkit remover becoming made use of to disable safety software program.
‘Crypto Miners … Truly Do Not Care’
With a lot more lousy actors gaining the indicates to launch ransomware attacks, some idea their palms faster than other folks. “The fastest you are going to at any time see are crypto miners,” Liebenberg claimed. “They really do not care. They just have the worst tradecraft possible. As soon as the [proof of capacity] is unveiled, they are dumping it out, modding it out. They are the first types you see.”
Right after crypto miners, a lot more innovative teams may well surface, these types of as advanced persistent risk (APT) or ransomware groups, he mentioned. Small business e-mail compromise scenarios, together with connected phishing messages, also rated among the severe threats to enterprises, Liebenberg claimed, but the rise of crypto has made its mark on the digital underworld.
“Cryptocurrency miners … they are just evergreen,” he reported. “Who is familiar with if they’ll at any time go absent.” Any time a new vulnerability is introduced, floods of cryptocurrency botnets consider to target that vulnerability, Liebenberg claimed.
The kinds of targets that cybercriminals go immediately after in the future may possibly change from greater, high-worth targets to smaller sized targets as law enforcement cracks down, but threats can continue being for companies of all measurements. “We are in a quite in flux, geopolitical condition ideal now,” Liebenberg reported, hinting at Russia’s new invasion of Ukraine. “I do forecast a lot of latest, greater [cybercriminal] groups will glimpse to stay clear of scrutiny. You just cannot lower price a new, brash actor stepping in to do a thing silly.”