McAfee research claims health sector is 'opening itself up as a target' to hackers
While many healthcare data breaches are the result of accidental disclosures and human error; cyber attacks on the sector continue to increase.
This is one of the findings of a new report released this week, which examines the rise of malware and threats to key public services.
The health sector is opening itself up as a target to hackers, particularly as the value and volume of stolen healthcare data on the black market grows
The document - McAfee Labs Threats Report: September 2017 - published by McAfee, suggests five proven threat-hunting best practices, provides an analysis of the recent WannaCry and NotPetya ransomware attacks, assesses reported attacks across industries, and reveals growth trends in malware, ransomware, mobile malware, and other threats.
McAfee Labs saw healthcare surpass public sector to report the greatest number of security incidents in the second quarter of this year; while the Faceliker Trojan helped drive quarter’s 67% increase in new malware samples from the social media landscape.
The second quarter of 2017 also saw Facebook emerge as a notable attack vector, with Faceliker accounting for as much as 8.9% of the quarter’s 52 million newly-detected malware samples.
This Trojan infects a user’s browser when they visits malicious or compromised websites. It then hijacks their Facebook ‘likes’ and promotes the content without their knowledge or permission.
Doing so at scale can earn money for the malicious parties behind Faceliker given that the hijacked clicks can make a news article, video, website or ad appear more popular or trusted than it truly is.
“Faceliker leverages and manipulates the social media and app-based communications we increasingly use today,” said Vincent Weafer, vice president for McAfee Labs.
“By making apps or news articles appear more popular, accepted and legitimate among friends, unknown actors can covertly influence the way we perceive value and even truth.
“As long as there is profit in such efforts, we should expect to see more such schemes in the future.”
While overall healthcare data breaches are most likely the result of accidental disclosures and human error; cyber attacks are becoming more frequent.
The trend began the first quarter of 2016 when numerous hospitals around the world, including dozens across the UK sustained ransomware attacks. The attacks paralysed departments and, in some cases, hospitals had to postpone appointments and procedures.
Technology developers and policy makers have a part to play, working more closely with the security sector to better secure patients’ personal and sensitive data
“Whether physical or digital, data breaches in healthcare highlight the value of the sensitive personal information organisations in the sector possess,” Weafer said.
“They also reinforce the need for stronger corporate security policies that work to ensure the safe handling of that information.”
Commenting on the impact on the health sector, Raj Samani, chief scientist and fellow at McAfee, said: “The health sector is opening itself up as a target to hackers, particularly as the value and volume of stolen healthcare data on the black market grows.
Increased technology uptake in this sector is expanding the current attack surface, but steps are not being taken to ensure security measures keep up with industry innovation.
“The explosion of networked healthcare and IoT devices is just one facet of the challenges faced by the healthcare industry. Many demonstrate known vulnerabilities, but technology is outpacing its protection and leaving data exposed to cybercriminals.
Take insulin pumps – vulnerabilities have been publicly documented, but still exist. We may not have seen an attack in the wild yet, but how long will it be before this becomes a reality?
“The healthcare industry must ensure the right technologies are in place to prevent criminals from compromising the integrity of the data under its care.
“Technology developers and policy makers also have a part to play, working more closely with the security sector to better secure patients’ personal and sensitive data.”
Key finding from the report include:
McAfee’s analysis of the WannaCry and NotPetya attacks builds on the organisation’s previous research by providing more insight into how the attacker creatively combined a set of relatively-simple tactics, melding a vulnerability exploit, proven ransomware, and familiar worm propagation.
McAfee notes that both attack campaigns lacked the payment and decryption capabilities to successfully extort victims’ ransoms and unlock their systems.
“It has been claimed that these ransomware campaigns were unsuccessful due to the amount of money made,” said Samani.
“However, it is just as likely that the motivation of WannaCry and NotPetya was not to make money, but something else.
The healthcare industry must ensure the right technologies are in place to prevent criminals from compromising the integrity of the data under its care
If the motive was disruption then both campaigns were incredibly effective. We now live in a world in which the motive behind ransomware includes more than simply making money, welcome to the world of pseudo-ransomware.”
The report suggests techniques to help threat hunters spot the presence of adversaries in their environment; starting with the principles of what McAfee’s Foundstone group calls the ‘three big knows’— know the enemy, know your network, know your tools.
The report offers best practices for hunting for command and control, persistence, privilege escalation, lateral movement, and exfiltration.
“One underlying assumption is that, at every moment, there is at least one compromised system on the network, an attack that has managed to evade the organisation’s preventive security measures,” said Ismael Valenzuela, principal engineer for threat hunting and security analytics at McAfee.
“Threat hunters must quickly find artefacts or evidence that could indicate the presence of an adversary in the network, helping to contain and eliminate an attack before it raises an alarm or results in a data breach.”