According to the most recent Beazley’s Q3 Breach Insights Report, Cyber Criminal campaigns attacks are increasing once again and healthcare is the most targeted sector.
Ransomware attacks on healthcare groups comprised 37% of those managed by Beazley Breach Response (BBR) Services. This figure is over three times the number of attacks encountered by Professional services, the second most targeted industry with 11%.
Other cyber security companies including Kaspersky Lab, McAfee, and Malwarebytes have all published reports in 2018 that indicate ransomware attacks are falling; however, Beazley’s figures display that monthly increases in attacks occurred in August and September, with double the number of attacks in September compared to August.
The report emphasises a noticeable trend in cyberattacks involving multiple malware variants. One of these involved the Emotet banking Trojan downloaded as the main payload with a an additional payload of ransomware.
Emotet is utilized to steal bank credentials and can download additional malicious payloads. Once credentials have been captured, a ransomware payload is downloaded and deployed. This two pronged strategy has been implemented by several threat groups. The ransom demands can be significant. One group asked for a $2.8 million ransom after an extensive infection that incorporated the encryption of backups.
Beazley refers to research carried out by Kivu Consulting that indicates there has been a rise in the use of rough and ready ransomware variants that use strong encryption to secure files yet lack the functionality to allow the full decryption of data. These cyber attacks can see files stay locked even if a ransom is paid or the encryption/decryption process can lead to file corruption and major data loss.
These cyber attacks show how important it is for groups to conduct constant backups and to test those backups to ensure that file recovery is possible. Healthcare groups should consider a 3.2.1 strategy to backing up: Create three backup copies, on at least two separate media, with one copy stored safely offsite.
It is not surprising that large groups are an attractive mark for cybercriminals. Massive numbers of encrypted devices mean higher ransom demands can be requested. Large groups are also more likely to have funds available to pay high ransoms, although they also have more resources to dedicate to cybersecurity.
Cyber attacks on small to medium sized companies are usually easier and this is confirmed in Beazley’s figures. Out of the ransomware cyber attacks that the BBR Services team have managed, 71% of victims were small to medium sized companies.
The Breach Insights report shows, unlike most industry sectors, accidental disclosures are the main type of data violation in the healthcare sector and making up 32% of all data breaches in Q3, closely followed by hacks/malware incidents on 30%. Beazley remarks that healthcare cyber attack incidents have grown from 20% to 30% this year. 17% of breaches were initiated by internal members of staff, 9% saw the loss of physical records, and 6% involved the loss of portable electronic computing equipment.