Healthcare Cyberattacks Doubled in 2020, with 28% Tied to Ransomware
IBM X-Force's report upheld previous findings that COVID-19 was a leading theme of cyberattacks in 2020. Meanwhile, ransomware accounted for 28 percent of targeted attacks on healthcare.
By - Cyberattacks on healthcare more than doubled in 2020, with ransomware accounting for 28 percent of all attacks. COVID-19 response efforts, including personal protective equipment and the vaccine supply chain were the largest focus of these targeted campaigns, according to the latest IBM X-Force report.
Nearly one out of four of overall cyberattacks last year were ransomware, while the increase in data extortion efforts enabled just one of these ransomware hacking groups to make over $123 million in profits in 2020.
The annual report is generated through insights and observations from monitoring more than 150 billion security events per day in more than 130 countries. Researchers also gathered and analyzed data from multiple sources within IBM, including data from Quad9 and Intezer.
The finance and insurance industry was the most-attacked sector for the fifth year in a row. Manufacturing was the second-most targeted, followed by the energy sector.
The data determined healthcare was the seventh-most targeted sector in 2020, up from last place in the previous year. The industry faced 6.6 percent of all attacks against the top 10 industries.
The rise in attacks on healthcare were likely caused by COVID-19-related cyberattacks and ransomware exploits against hospitals, researchers explained.
"In essence, the pandemic reshaped what is considered critical infrastructure today, and attackers took note,” said Nick Rossmann, global threat intelligence lead for IBM Security X-Force. "Attackers' victimology shifted as the COVID-19 timeline of events unfolded, indicating yet again, the adaptability, resourcefulness and persistence of cyber adversaries."
Scanning and exploiting vulnerabilities were the most successful entry points into victims’ networks across all sectors, with 35 percent of attacks. Mirroring earlier reports, it’s the first time vulnerability exploits surpassed phishing-based compromises (33 percent).
Notably, the use of credential theft as an infection point decreased from 29 percent to 18 percent. Researchers said this is likely due to the success they’ve had with scanning and exploiting endpoint vulnerabilities, which accounted for 35 percent of initial attack vectors.
The rise in the success of endpoint exploits was largely attributed to critical, unpatched Citrix vulnerabilities. These weaknesses provided attackers with an entry in almost one out of five attacks against related healthcare sector entities.
Healthcare was also the third-most targeted with server-access attacks, particularly attempts to exploit vulnerabilities in Citrix servers which accounted for 17 percent of Citrix exploits across all sectors.
“In at least one instance involving this CVE on a healthcare network, threat actors combined their activity with PowerShell and Cobalt Strike for lateral movement and executing on objectives,” researchers explained.
North American industries faced more ransomware attacks than any other global regions, accounting for 33 percent of all cyberattacks on the region. The US was the most-targeted country in this region, followed by Canada.
Business email compromise, data theft, data leaks, and Remote Access Trojans (RAT) were also seen in high volumes across North America.
Meanwhile, Sodinokibi was shown to be the more active ransomware group in 2020, with its hackers making more than $123 million in ransomware payments. The majority of Sodinokibi victims paid the ransom demand.
Last year also saw a rise in Linux-based malware families and a 500 percent increase in Go-written (Golang) malware during the first six months.
Researchers explained this was likely due to more organizations transitioning servers to the cloud and “the expandable processing power that cloud environments provide.” Linux powers about 90 percent of cloud workloads.
In one incident, researchers observed Linux ransomware variants amid incident response engagements that were previously only seen targeting Windows. This included Linux variants of the Defray911/RansomEXX ransomware and SFile ransomware.
The rise in open-source malware is spurring some attackers to look for ways to improve their profit margins, through reduced costs and increased effectiveness. Researchers noted this could be driving the increase of cloud attacks, which are expected to continue throughout the year.
The data is supported by a recent Netwrix survey that showed that 39 percent of healthcare entities faced a cloud ransomware attack in the last year.
In the coming year, IBM X-Force analysis predicts that the risk surface will continue to expand in 2021 through thousands of vulnerabilities likely to be reported in both new and old devices. Double extortion will also persist, as these data leak sites command high prices for ransomware.
“The year-over-year shift in industry-specific targeting highlights the risk to all industry sectors and a need for meaningful advancements and maturity in cybersecurity programs across the board,” researchers noted.
