Cybersecurity firm Check Point reported in its January 5 blog post that in the two months since November 1, 2020, there has been an increase of over 45% in the number of attacks against healthcare organizations globally, compared to an average 22% increase in attacks against other industry sectors.
Attacks involving ransomware, botnets, remote code execution and DDoS all increased, with ransomware attacks showing the biggest spike when compared to other industry sectors.
The ransomware variant most utilized in attacks is Ryuk, followed by Sodinokibi.
Why are attacks spiking now? It's all about the money. The criminals want a lot of it and fast. To date, the attacks have reaped vast sums so the healthcare industry has painted a bullseye on its collective forehead.
Hospitals in particular are under tremendous pressure because of the rapid rise in coronavirus cases and are willing to pay the ransom so they can continue to function and not lose lives – or be subject to lawsuits.
Unlike common ransomware attacks, which are distributed via massive spam campaigns and exploit kits, the attacks against hospitals and healthcare organizations using the Ryuk variant are specifically tailored and targeted.
What can you do to defend against these attacks?
Check Point suggests you look for trojan infections – ransomware attacks do not start with ransomware. Ryuk and other types of ransomware exploits usually start with an initial infection with a trojan. Often this trojan infection occurs days or weeks before the ransomware attack starts, so security professionals should watch for Trickbot, Emotet, Dridex and Cobalt Strike infections within their networks and remove them using threat hunting products – as these can all give Ryuk an opening.
Most r ..
Support the originator by clicking the read the rest link below.
