Close

See How Your Peers Are Moving Forward in the Cloud

New research from CDW can help you build on your success and take the next step.

Click Here to Read the Report
Apr 10 2025
Security

Healthcare Organizations Must Secure Identities as Social Engineering Attacks Increase

CrowdStrike’s new Global Threat Report finds voice phishing is up, China and North Korea are finding their way into the cloud, and more.
Dave Nyczepir
by

Dave Nyczepir is a Senior Editor for StateTech and FedTech magazines, sister publications of HealthTech.

Social engineering attacks are on the rise. Healthcare organizations need to be especially vigilant in their efforts to mitigate such threats due to HIPAA as well as the potential for a successful attack to impact continuity of care. This means organizations should invest in endpoint detection and response tools, then focus on securing identities and establishing cross-domain visibility.

Voice phishing attacks in particular rose 442% between the first and second half of 2024, in part because EDR has led more threat actors to abandon traditional cyberattacks, such as deploying malware via malicious documents, in favor of targeting help desks, according to CrowdStrike’s 2025 Global Threat Report.

China’s cyberactivity increased an average of 150% year over year across all sectors. Decades of investment have led to the nation-state developing fully functional offensive cyber capabilities on par with those of other world powers and driven by the goal of becoming the global hegemon.

“As we see the geopolitical landscape shifting, we see China becoming more belligerent toward Taiwan,” said Adam Meyers, head of counter-adversary operations at CrowdStrike, during a report briefing in late February. “This is going to come to a head in the next 12 to 24 months.”

Click the banner below to find out how IAM improves healthcare security and simplifies access.

xs_iam_animated3_q424_na_desktop xs_iam_animated3_q424_na_mobile

 

The Rise of Social Engineering Attacks

China has adopted an operational relay base model that relies on botnets of infected routers in the U.S. That’s because attacks “coming from inside the house” are easier to pass off as normal network activity.

Hands-on-keyboard attacks, where the threat actor forgoes scripted commands in favor of manually handling the operation, accounted for 79% of all cyberattacks in 2024, according to the report. In addition, 9% of these attacks, also known as interactive intrusions, targeted the healthcare industry.

Attackers using this method log in to a network with compromised user credentials and then move across the network via an application or browser. They often obtain these credentials by impersonating a user and calling the help desk for a password reset or, conversely, flooding a user with spam, then impersonating the help desk to send that person a link bypassing multifactor authentication.

Adam Meyers
Not only are these adversaries using different techniques, different capabilities, they’re doing it faster.”

Adam Meyers Head of Counter Adversary Operations, CrowdStrike

Generative artificial intelligence is making it easier to harvest credentials. Phishing emails written by generative AI had a click-through rate of 54%, compared with 12% for those written manually, per the report.

In one instance, a company made a $25.6 million wire transfer in response to an emailed deepfake video. Companies are also unwittingly hiring North Korean attackers, who create fake LinkedIn profiles with GenAI, then use deepfake videos during their interviews while answering questions via AI.

“Not only are these adversaries using different techniques, different capabilities, they’re doing it faster,” Meyers said.

The average breakout time — the time it takes an adversary to move laterally within a network — was 48 minutes in 2024, down from 62 minutes the year prior, and the fastest breakout recorded was 51 seconds, according to the report.

Some threat actors, known as access brokers, settle for gaining access to a target and then selling it to the highest bidder, activity that jumped 50% from 2023 to 2024, per the report.

READ MORE: Understand customized phishing in the age of generative AI.

Don’t Underestimate Cloud-Conscious Adversaries

CrowdStrike further found a 26% increase in cloud intrusions, and abuse of valid accounts has become the primary access method to the cloud, accounting for 35% of cloud incidents in the first half of 2024. This signals that adversaries are improving their ability to target and operate in such environments.

Once inside the cloud, adversaries are targeting GenAI models — one reason China and North Korea are increasing their cloud collections, Meyers said.

Salt Typhoon, a Chinese advanced persistent threat actor, often accesses the cloud by finding vulnerabilities in edge-facing devices.

“You can gain access to an older VPN concentrator or network router and then pivot from there, deeper into the environment,” Meyers said. “And because those things don’t run modern security tools, they’re softer targets.”

Healthcare organizations need to prioritize what they patch based on intelligence assessments of what adversaries are exploiting, especially as threat actors increasingly chain vulnerabilities together, Meyers said.

Plenty of adversaries do their homework, scouring public research, disclosures and blogs for new exploits targeting small parts of identities.

“If you’re not looking across all of those domains, then you’re going to miss all of these attacks,” Meyers said.

alvarez/Getty Images

More On

Related Articles