The healthcare sector should brace itself against an increase in cyberattack rates and a variety of attack vectors over the coming months, researchers have warned.

On Tuesday, cybersecurity firm Check Point released new statisticsthat show a 45% increase in cyberattacks since November against the global healthcare sector, over double an increase of 22% against all worldwide industries in the same time period.

According to the researchers, attack vectors employed by threat actors are wide-ranging; including distributed denial-of-service (DDoS) attacks, social engineering, botnets, phishing, and ransomware.

However, ransomware, in particular, is of serious concern.

We’ve already seen just how debilitating a ransomware attack wave can be. The WannaCry outbreak of 2017 locked up and disrupted operations for countless businesses worldwide, and in the past four years, ransomware has continued to grow in popularity due to how lucrative a criminal business it has become.

When it comes to hospitals, some providers will pay blackmail fees demanded by ransomware operators rather than risk patient care. The death of a patient due to a ransomware attack on a hospital has already occurred.

Check Point says that ransomware attack rates are surging against the healthcare sector. The Ryuk ransomware strain is now the most popular malware to deploy in these attacks, followed by Sodinokibi.

Overall, an average of 626 attacks was recorded on a weekly basis against healthcare organizations in November, in comparison to 430 in October. Central Europe has been hardest hit in the past two months, with a 145% increase in healthcare-related attacks, followed by East Asia, Latin America, and then the rest of Europe and North America.

Healthcare organizations in Canada and Germany experienced the largest surge in cyberattack rates at 250% and 220%, respectively.

screenshot-2021-01-05-at-11-43-23.png

Check Point says that the reason for the increase is financial, with threat actors seeking to cash in on the worldwide disruption caused by COVID-19. While bog-standard fraudsters are targeting the general public through phishing, emails, texts, and phone calls in coronavirus-related campaigns, other groups are hoping to profit through more debilitating attacks on core services.

“As the world’s attention continues to focus on dealing with the pandemic, cybercriminals will also continue to use and try to exploit that focus for their own illegal purposes — so it’s essential that both organizations and individuals maintain good cyber-hygiene to protect themselves against covid-related online crime,” the team says.

Source: https://www.zdnet.com/article/as-coronavirus-cases-surge-so-do-cyberattacks-against-the-healthcare-sector/

Kaspersky identified a significant increase in DDoS attacks year-on-year.

According to cybersecurity firm Kaspersky, it’s been a busy year for cybercriminals who favour DDoS as their method of attack.

The Russian firm’s DDoS protection tool reportedly blocked 44 percent more attacks in Q4 2019 than in the same period the previous year.

Sundays were also busier than ever, highlighting the ever present nature of the threat posed by cybercrime. More than a quarter (28 percent) of all attacks happened on weekends, and the share of attacks performed on Sundays grew by 2.5 percent (to 13 percent overall).

Despite DDoS attacks growing year-on-year, they haven’t risen dramatically quarter-on-quarter. There was a “marginal” 8 percent increase between Q3 and Q4 2019, Kaspersky says.

A more notable rise (27 percent) was spotted in so-called smart DDoS attacks, which focus on the application layer and are usually carried out by skilled attackers.

“Despite the significant growth in general, the season turned out to be quieter than expected,” said Alexey Kiselev, Business Development Manager on the Kaspersky DDoS Protection team.

“Attackers can still find a way to spoil your leisure time, as cybercrime is not an ordinary nine-to-five job, so it is important to ensure that your DDoS prevention solution can automatically protect your web assets.”

Source: https://www.itproportal.com/news/ddos-attacks-through-the-roof-in-q4-2019/

 

The Greek government said Friday that the official state websites of the prime minister, the national police and fire service and several important ministries were briefly disabled by a cyberattack but have been restored.

Government spokesman Stelios Petsas said early Friday that the distributed denial-of-service or DDoS attack “led to the malfunction of certain websites.” He said “countermeasures” had been successfully implemented, but gave no further details.

Along with the prime minister’s website, targets in the attack late Thursday included the websites of the ministries of public order, interior, foreign affairs, and merchant marine, as well as the Greek Police and Fire Service.

It was the second cyberattack against government websites in less than a week. Responsibility for the first attack was claimed in an online post by a group of hackers who purported to be from Turkey. Greek officials have not commented on whether they consider that claim to be true.

Source: https://techxplore.com/news/2020-01-greece-websites-cyberattack.html

An American businessman who co-founded a cybersecurity company has admitted to hiring criminals to carry out cyber-attacks against others.

Tucker Preston, of Macon, Georgia, confessed to having paid threat actors to launch a series of distributed denial-of-service (DDoS) attacks between December 2015 and February 2016.

DDoS attacks prevent a website from functioning by bombarding it with so much junk internet traffic that it can’t handle visits from genuine users.

In a New Jersey court last week, 22-year-old Preston pleaded guilty to one count of damaging protected computers by transmission of a program, code, or command. Preston admitted to causing at least $5,000 of damage to the business he targeted.

“In or around December 2015, Preston arranged for an entity that engages in DDoS attacks to initiate attacks against a company. The entity directed DDoS attacks against the victim company, causing damage and disrupting the victim’s business,” wrote the Department of Justice in a statement released on January 16.

The count to which Preston pleaded guilty is punishable by a maximum penalty of 10 years in prison and a fine of up to $250,000 or twice the gross gain or loss from the offense.

US Attorney Craig Carpenito credited special agents of the FBI, under the direction of Special Agent in Charge Gregory W. Ehrie in Newark, New Jersey, with the investigation that led to Preston’s guilty plea.

The identity of the company that Preston paid criminals to attack has not been revealed, but Carpenito has confirmed that the targeted business had servers in New Jersey.

Preston co-founded the cloud-based internet security and performance company BackConnect Security LLC, which claims to be “the new industry standard in DDoS mitigation” and is currently online using an invalid certificate.

Preston was featured in the 2016 KrebsOnSecurity story “DDoS Mitigation Firm Has History of Hijacks,” which detailed how BackConnect Security LLC had developed the unusual habit of hijacking internet address space it didn’t own in a bid to protect clients from DDoS attacks.

Preston will reappear before the court on May 7 for sentencing.

Source: https://www.infosecurity-magazine.com/news/backconnect-founder-funded-ddos/

A man in the US who co-founded a service to protect sites from cyber-attackers has pleaded guilty to launching distributed denial of service (DDoS) attacks.

Tucker Preston is co-founder of BackConnect, a cyber-security firm that claimed to be “the new industry standard in DDoS mitigation”.

However, he was accused of arranging DDoS attacks targeting an unnamed firm.

A court document stated the attacks took place between 2015 and 2016.

News of the guilty plea was published online by Brian Krebs, a cyber-security expert and blogger.

During a DDoS attack, a website or online service is flooded with high levels of internet traffic in an attempt to cause disruption or take the target website or service offline.

Preston, of Georgia, had arranged for DDoS attacks against a company with servers in New Jersey, according to the US Department of Justice.

“The count to which Preston pleaded guilty is punishable by a maximum penalty of 10 years in prison and a fine of up to $250,000 or twice the gross gain or loss from the offence,” the Department said in a statement.

Preston is due to be sentenced in May.

Source: https://www.bbc.com/news/technology-51189386