Blog
Latest CrowdStrike Global Threat Report Finds Healthcare Orgs in the Social Engineering Crosshairs
While the world tried to cope with the COVID-19 pandemic in 2020, behind the scenes cybercriminals were taking advantage of “fear, concern and curiosity” to perpetrate a record-setting increase in social engineering attacks, according to a new report from CrowdStrike.
A solid majority of cyberattacks (79%) resulted from hands-on-keyboard techniques, which means a human being was involved, according to the 2021 CrowdStrike Global Threat Report . Such attacks, the report says, have increased fourfold in the past four years.
Healthcare continues to be a favorite target, even after some threat actors vowed to stay away from patient-treatment facilities during the pandemic. Some attacks targeted at healthcare, the report says, involved nation-state hacker groups attempting to steal information on COVID-19 vaccines and government responses to the pandemic.
These trends are bound to continue through 2021, the report cautions. “Cyber actors are getting bolder and more astute day-to-day,” according to Adam Meyers, senior vice president of intelligence at CrowdStrike. “As such, it’s critical to employ comprehensive cloud-native technology for increased visibility and prevention capabilities, including threat intelligence and expert threat hunting to stay one step ahead of modern day attacks.”
Big Game Hunting
Cyber attackers deployed various new methods to evade detection, according to the report. A prevalent method is big game hunting (BGH) ransomware campaigns, which focus on high-value targets. In fact, the report says, BGH “dominated the ecosystem of eCrime enablers in 2020.”
In addition to the usual disruptions caused by ransomware attacks, BGH attacks exfiltrate data from networks before actually executing the ransomware. BGH attacks targeted organizations of all types, including healthcare.
Attacks on healthcare organizations were particularly controversial because some – but not all – threat actor groups vowed to avoid targeting patient-care facilities during the pandemic, even promising to quickly deliver decryption keys without requiring payment in the event of an unintended healthcare target.
Nevertheless, CrowdStrike tallied 104 attacks against healthcare organizations in which 18 BGH ransomware variants were used. The most prolific were TWISTED SPIDER using Maze, and WIZARD SPIDER using Conti. “In some cases, adversaries may have avoided targeting hospitals, but proceeded with attacks against pharmaceutical and biomedical companies,” the report says.
Targeted Intrusions
While COVID-19 played a role in motivating cyberattacks, it wasn’t the only factor. The report says “targeted intrusion actors from China, Russia, Iran, North Korea, India, Pakistan and Vietnam pursued actions on objectives likely related to strategic national security and espionage priorities dictated by their respective states.”
Such activities include currency generation by North Korean threat actors and “self-profit operations” in Iran. Meanwhile, Russian attackers focused on gaining “access to targets through the exploitation of internet-accessible network devices and services, particularly those supporting virtual private network (VPN) connections.”
Recommendations
To protect against existing and evolving threats, the CrowdStrike report makes several recommendations for cybersecurity teams, including:
- Visibility – Establish consistent visibility across the full environment and be proactive about addressing vulnerabilities
- Access – Protect identities and access with multifactor authentication (MFA), a robust privilege access management process, and Zero Trust solutions to restrict data access
- Threat hunting – Invest in threat hunting to detect threats designed to bypass monitoring and detection systems
The report also recommends creating a culture of cybersecurity through user awareness programs designed to recognize and prevent phishing and other social engineering tactics – a measure that (ISC)2 endorses and supports through our certification curriculum . The HCISPP certification in particular affirms a security professional’s knowledge about protecting patient health information and employing privacy best practices and techniques.