The healthcare industry is getting much more attention than normal right now. COVID-19 has disrupted business operations and turned lives upside down around the world as everyone struggles to get the pandemic under control.
Unfortunately, healthcare has also captured the attention of cybercriminals as they attempt to capitalize on the stress and chaos of the pandemic. The COVID-19 pandemic has challenged every level of the healthcare industry. Doctors were quickly overwhelmed by the sheer volume of patients infected with COVID-19.
Hospitals struggled with shortages of personal protective equipment and many were forced to make tough decisions for patient care with insufficient medical resources to go around. Meanwhile, scientists and researchers worked around the clock to find more effective treatments and to develop a viable vaccine.
While the healthcare industry and the world at large grapple to contain the pandemic, cybercriminals see an opportunity. The additional confusion and stress combined with the heightened importance of healthcare as we strive to deal with COVID-19 make it an ideal target for malicious operations and ransomware attacks. As a result, healthcare facilities and pharmaceutical companies are prime targets.
In October of 2020 the US Cybersecurity and Infrastructure Security Agency (CISA) issued a joint alert with the Federal Bureau of Investigation (FBI) and Department of Health and Human Services (HHS), stating that there was credible intelligence of an imminent cyber threat against hospitals and healthcare providers. The threat was attributed to the cybercriminals behind the TrickBot malware that has been associated with ransomware attacks.
Early in 2020, the United Kingdom’s National Health Service (NHS) shared a warning of an ongoing phishing scam that claimed to be a COVID-19 vaccination invitation. Those who clicked on the links in the fake invitation were then directed to a site that looked like an official NHS site and asked to share personal and financial information.
There was another incident in February of this year where a ransomware attack resulted in the exposure of sensitive information such as patient diagnostic results and employee background checks being exposed as additional incentive to pay the ransom in a double extortion scheme. Cybercriminals recognized that victims can refuse to pay the ransom and just restore data from backups, so they have expanded the attack to include extortion with the threat that the compromised data will be shared publicly if the ransom is not paid.
Effective cybersecurity is like a jigsaw puzzle. If you only have a single piece—or even a handful of pieces—of the puzzle, it is difficult to know what the final picture will look like. The problem with traditional cybersecurity tools and next-gen solutions is that each one is only focused on giving you one narrow piece of the puzzle.
We look at attacks through a broader lens to see the big picture. Malops™—short for malicious operations—include a variety of tactics and techniques, many of which may seem trivial or innocuous in and of themselves. Cybereason focuses on Indicators of Behavior (IoBs) to quickly identify suspicious or malicious activity, and provide the visibility, context, and intelligence customers need to take action at the earliest stages of an attack and respond before it escalates to a serious event.
One thing that is common across all of these events is that the compromised organizations relied on traditional cybersecurity tools and “next-gen” solutions that were unable to protect them. The reactive model of cybersecurity and struggling to manage an overwhelming volume of alerts is simply not effective for stopping today’s threats.
Cybereason has a different approach to cybersecurity. The Cybereason Defense Platform takes an operation-centric approach to security that enables customers to detect attacks earlier so security teams can remediate faster—long before an attack escalates to the level of a major breach event.
That’s why we consistently succeed in protecting our customers against advanced adversaries. While tens of thousands of businesses and government agencies around the world have been scrambling to recover, Cybereason protected all of our customers from both the SolarWinds and HAFNIUM attacks.
We protected them not only because we deliver a solution that has the ability to detect advanced attacks earlier and remediate against them faster, but because our core values as a company necessitate that we protect our customers above all else.
Sign up for our next Live Attack Simulation, it's an inside look at how these multi-stage malicious operations work and how defenders can break the kill chain and end the attack.