What Is Malware as a Service?
It’s easy for a budding cybercriminal to conduct a malware or ransomware attack today. There are many subscription-based models that allow anyone to acquire malware and ransomware services. These are often inexpensive — one ransomware toolkit can be purchased for less than $500 — and some even offer money-back guarantees. Ransomware is a preferred method for cybercriminals looking to monetize attacks, especially in healthcare, where victims may panic and pay the ransom to avoid operational disturbances.
Attackers will adjust their methods to be “tailored specifically to their targets,” according to Microsoft. They use the wealth of personal information freely available on the internet to craft highly targeted spear-phishing attacks. Users click on a link in the phishing email and go to a website that mirrors the login page for a familiar system. When users enter their credentials, criminals use them to access the healthcare network and inject malware to encrypt sensitive data until a ransom is paid.
Even if the organization decides to pay the ransom, there is no guarantee that criminals will decrypt and restore the data. Even worse, recent ransomware variants post data online, forcing targeted healthcare organizations to pay fines and rush to notify users and relevant regulatory bodies.
What Can Healthcare Organizations Do About Malware as a Service?
Prevention is the best defense against malware and ransomware, especially as these attacks become easier to perpetrate.
To combat Malware as a Service, healthcare organizations should conduct network and system backups regularly, making sure the backed-up data cannot be modified or deleted. They should couple this with strong, frequent security awareness training and phishing exercises. Make sure security solutions are up to date, and that vulnerabilities in critical systems are patched.
What Is Cryptojacking, and How Does It Impact Healthcare?
The advent of cryptocurrency has been a boon for cybercriminals. They often demand that the organization pay the ransom in cryptocurrency, so the digital transaction is hard to trace. They may also take control of multiple systems while conducting cryptojacking attacks.
Because successful cryptomining requires an enormous amount of computing power to run the mining code, criminals “cryptojack” the vast amounts of power found in healthcare systems to secretly mine cryptocurrency for themselves.
While not a direct threat to the network and patient data, cryptojacking can result in diminished performance and, in some cases, overheating of critical systems. As with Malware as a Service, cryptojacking kits are easily available, some for less than $100.
What Can Healthcare Organizations Do About Cryptojacking?
Vigilance is key to detecting cryptojacking. Periodically scan your network for abnormal CPU spikes, which could indicate this type of attack. Deploy web filtering tools that help employees and users avoid unsafe websites, and use browser extensions that can block some known cryptominers. As with all security measures, make sure to keep systems updated.
What Is Fileless Malware, and How Does It Impact Healthcare?
Another threat to healthcare organizations comes in the form of fileless malware. Instead of implanting malware code on a system, this type of attack leverages legitimate built-in system tools such as the Windows registry. Attackers must get access to the environment to modify the native tools to suit their purposes. They can accomplish this using exploit kits that scan for vulnerabilities.
Attackers also use fileless techniques for ransomware, embedding malicious code in documents through macros or hijacking tools such as PowerShell to encrypt files, all without writing a single line of code.
What Can Health IT Teams Do About Fileless Malware?
Normal defense tools such as anti-malware, whitelisting and artificial intelligence-based solutions are important, but they should be supplemented by behavioral analysis tools that can detect unusual code execution, lateral movement and other suspicious actions that could indicate an attack. Look to centralized management systems such as security information and event management to help your team find true threats among a multitude of alerts.
The Importance of Broadening Defenses in Healthcare
Security attacks are many and varied, but there is a core set of practices that can help healthcare organizations withstand them. Conducting regular backups that are tested and tamper-proof and keeping systems current are essential steps.
It is equally important to patch known vulnerabilities in critical systems. Security awareness training also can help combat the many phishing, spear-phishing and other email compromise attacks that seek to gain a toehold in your network. Being vigilant can be the key to withstanding emerging threats.