Modern malware is different from historical malware in the way it operates. Traditional malware has a specific goal: to take its system out of harm’s way and to make it easy for the owners of the systems infected with it to quickly patch any problems. Modern malware seems to be more focused on gaining access, as opposed to taking over a specific system.
We have seen some research into this idea, which focuses on tracking attacks against healthcare systems. What they found was that:
- Of all attacks carried out on healthcare facilities by their attackers, only 6% were successful in compromising machines (and 4% of those successes were detected by security professionals);
- 4% of attacks succeeded in “stealing” data;
- 61% failed because of their targets’ lack of technical expertise; and
- 74% failed because they targeted machines that weren’t protected by more-advanced firewalls or intrusion detection systems (many hospitals are still using antiquated tools).
These trends would indicate that hospitals should not only have more advanced firewalls and security systems but also should be paying attention to detecting threats before they can impact their systems—and hopefully preventing them from even happening in the first place. There are certainly some good reasons for hospitals to protect themselves from attacks—but as a general rule, there is also a lot we can do on our own too—and for most organizations (including many hospitals), those efforts could make all the difference in preventing an attack from occurring at all.
The Importance of Protecting Healthcare Infrastructure
Healthcare is an especially attractive target for cybercriminals, but it’s not just a computer problem. Hackers are increasingly turning to the old arts of social engineering and human interaction to get the best return on their efforts. With so many vulnerable systems running on open systems, they can easily get past even the most sophisticated security measures.
The most common way of protecting vulnerable systems is to install patches, but that doesn’t always work. Sometimes there are updates available, but they can be hard to install or take too long to download. Sometimes there is no update available at all (the patch was only released recently). And sometimes a patch won’t even help—it simply doesn’t work as advertised (or perhaps it does but it gets worse).
The good news is that there are tools that can help keep your system patched and up-to-date without you having to do any heroic scripts or manual updates. The bad news is that none of them will necessarily stop cyber criminals from successfully exploiting your system—at least none of them will if you don’t know how to use them.
I recently had a meeting with a healthcare IT security consultant who launched a personal project called Clarity Checker.
That message looks like a normal email sooner or later; but if you click on the link in the subject line, you will be taken directly to a blackhole where nothing happens.
Once again, notice how many elements are present in this message: If you look closely at Clarity Checker , you will see that everything I just said about Clarity Checker also applies here: This system doesn’t just block malware from infecting your systems; it blocks malware from infecting people—or as someone aptly put it, “It blocks spam from being delivered into your inbox.”
So why does it work? It works because it’s used in conjunction with other tools included within Clarity Checker. In particular, when I first showed my sample project to my friend and colleague David Hildebrand, he went crazy with excitement and could scarcely contain his enthusiasm for it. He immediately began creating new applications for use with his own antivirus products (and we quickly identified some potential problems we could solve by taking advantage of our new tool).
The Impact of Ransomware Attacks on Healthcare
In the past, ransomware has only been a threat to software companies, but in recent years there have been more and more ransomware attacks targeting healthcare systems.
This issue has become so critical that it has entered the domain of the executive board. The healthcare industry doesn’t even have a name for this problem.
The very best way to prevent attack is to protect your assets from attack — but what about everything else? How do you keep ransomware out of sensitive data? That’s a tougher question with all kinds of security threats (including traditional malware) becoming increasingly sophisticated and easy to get around. In particular, threats like ransomware are no strangers to working with sensitive data (think: credit card numbers or personal information). And as we continue to make advances in our digital lives and experiences (from streaming music to shopping on your phone), it becomes easier for hackers to exploit these vulnerabilities.
The best way to protect your assets is by just protecting them. You can do this by implementing automated security controls like firewalls, IDS/IPS and IPS/IDS solutions. You can also use operating system-level anti-malware programs such as antivirus, anti-spyware or antimalware designed specifically for endpoint devices (think smart phones). But these steps alone won’t stop attacks like ransomware; you also need policy and process changes that will stop attacks before they occur.
Here are some specific solutions that can help protect critical infrastructure from ransomware:
• Enable encryption software on all endpoints (from laptops and desktops down to smartphones)
• Use strict permissions for apps running on mobile devices
• Enable IDS/IPS systems in the cloud
• Ensure all servers run up-to-date antivirus software.
• Ensure all servers run up-to-date firewall software
The Steps Taken to Protect Healthcare Infrastructure
Malware is a very bad thing, and yet we’re all familiar with it: it’s what everyone uses to get around the internet. It is a powerful tool, but one that has its pitfalls. So in this post of ours, we want to look at how we can protect our critical infrastructure from malware without leaving too many holes for attackers to exploit.
This podcast is part of our Healthcare & Critical Infrastructure series, which examines how security can be improved in healthcare facilities and healthcare delivery systems using the latest technologies, best practices, and solutions available.
The Challenges in Protecting Healthcare Infrastructure
Malware is a huge problem for all systems in healthcare, and hospitals are no exception. As we have seen from our recent post on CryptoLocker and the state of ransomware in general, malware circulates at an enormous pace, wreaking havoc almost as quickly as viruses like Ebola or the Zika virus.
While there are a number of ways to defend against ransomware and other malware threats, the most important way to defend against them is to be prepared for ransomware in your own systems. This means continuous monitoring of your security software and keeping it up-to-date through regular updates.
But if you have a more complicated system—one that handles critical infrastructure, or one that has been brought online by a third party—then it is even more important to be prepared for ransomware attacks.
The most important thing here is to understand what kind of attack you need to protect against. There are three main types:
- Ransomware : This type of attack usually happens when someone enters someone else’s network or system without permission or when someone uses their credentials (like those for entering an account into an online banking website) but then doesn’t return them when they intend to use them. A classic example is the CryptoLocker that appeared recently, which was trying to steal money from people’s bank accounts through malware attached to emails from a third party bank that was impersonating the banks own site (see this article). In this case, the company being impersonated was actually using CryptoLocker itself as well as some custom code on their system (which they had not been tricked into doing). In either case, this has nothing at all to do with anyone other than the person running it.
- Spam : This attack usually happens when someone sends unsolicited email messages in order to get you or your company’s attention; whether it’s because they want something from you (a proposal) or just want you know something bad about them (and if so, why would they care?). The term spam comes from Spamhaus , who has been tracking this kind of activity since 1996 . If spammers can get you on their mailing lists these days then there is no reason why cybercriminals couldn’t do so too (if only because people will be less likely not just to use email but also not use email if it can potentially be used against them).
Conclusion: The Importance of Protecting Healthcare Infrastructure
Modern ransomware and malware have gotten better at adapting to new environments and are now able to spread across different platforms, languages and geographic locations. As a result, it is important for organizations to have a plan in place that covers the potential consequences of an incident in the healthcare industry—whether big or small.
Most organizations have a plan to respond when they experience a ransomware or other malware attack. However, many organizations do not understand what exactly makes ransomware unique from other attacks. For example, some ransomware are highly customized and contain functionality that doesn’t fit anywhere else on the market (such as encryption for specific regions). Other ransomware use more advanced technology that is not found elsewhere on the market (such as stealth mode). The purpose of this post is to clarify what makes ransomware unique from other attacks so that you can be prepared for any future incidents.
Ransomware targets healthcare organizations because:
1) They are vital infrastructure for patients;
2) Health care institutions provide critical services for patients;
3) Healthcare professionals (such as nurses) often work with patients;
4) Healthcare has been traditionally seen as a “high-touch” activity;
5) Healthcare professionals need access to patient data—including payment information and personal health records–in order to provide high quality patient care;
6) Healthcare professionals will lose their jobs if they cannot access patient data in order to provide high quality patient care;
7) The rates of patient care errors continue to rise due to healthcare professionals not being able to access patient data in order to provide high quality patient care;
8) As time goes by, errors caused by human error increase due to lack of availability of necessary equipment and supplies.
Today’s threats against healthcare systems are evolving rapidly. There are numerous types of AdWare/Malware families targeting healthcare systems including Cryptolocker, Cryptoware, Shameware, Stuxnet/WannaCry and potentially others with unknown origins yet still targeting hospitals globally. For this reason it is important that your organization has a robust cybersecurity program in place with clearly defined roles and responsibilities.
