- The healthcare industry is taking the lion’s share of ransomware attacks, according to a threat report released May 1 by endpoint security firm Cylance.
Ransomware attacks grew three-fold last year, with healthcare being affected the most by this increase, according to data collected from Cylance’s customers.
The most common malware infection vectors remained email phishing and drive-by downloads. System damage and data destruction represented the top risks from malware.
The Cylance 2017 Threat Report noted the rapid growth of malware variants and the ease with which they can be deployed. Malware variants are a challenge for legacy security solutions that rely on signatures to detect threats given their short lifespan.
According to Cylance, the top ten malware families are WannaCry, Upatre, Cerber, Emotet, Locky, Petya, Ramnit, Fareit, PolyRansom, and Terdot/Zloader.
“Cybercriminals are adept at modifying their malware and methods to stay ahead of traditional protections that organizations deploy, as seen by the rise in infections and sophistication of attacks in 2017,” said Cylance Worldwide Chief Technology Officer Rahul Kashyap. “It’s critical that companies are aware of the threats, keep up-to-date with patches, and use defenses that protect against constantly evolving malware.”
The report also examined other threat trends, including emerging supply chain attacks, the growth of crypto-miners, wallet-swiping trojans, and firmware and hardware vulnerabilities.
“The attacks and threats of 2017 are a reminder of the ingenuity and destructive capabilities of threat actors,” Cylance Head of Security Research Aditya Kapoor stated. “All indicators point to a perfect storm with the explosion in the number and types of endpoints requiring protection, the rise in the diversity of attack types, and the ease with which they can be accessed and weaponized.”
The report noted that the rise of ransomware-as-a-service has opened ransomware up for anyone to use.
“Ransomware is not a new or novel phenomenon. What has evolved rapidly in the last two to three years is the sheer velocity of the attacks. This volume increase can be observed in both the speed of infection/spreading as well as the fundamental encryption functionality,” the report read.
The report cited the Locky ransomware attack against Hollywood Presbyterian Medical Center in February 2016 as a particularly devasting healthcare attack that resulted in the hospital paying the $17,000 in Bitcoin.
The WannaCry attacks made the UK National Health Service want to cry by freezing up its systems, but the WannaCry attackers did more damage to the food and manufacturing sectors, according to Cylance data. The food industry endured 58 percent of the WannaCry attacks, while the manufacturing sector made up 25 percent. Healthcare came in a distant third at 9 percent of WannaCry attacks.
To reduce the risk of ransomware infection, Cylance recommended that companies implement a regularly scheduled data backup plan, remove all remote desktop protocol connections accessible from the internet, and conduct internal threat assessments annually.
“The past year served as a stark reminder of the innovative prowess and destructive capabilities of global threat actors. Their tireless dedication to technical theft, inventive exploits, and creative methodology paid big dividends in 2017,” the report concluded.
The Cylance report results jives with Verizon’s recently released Data Breach Investigations Report (DBIR), which found that ransomware attacks were on the rise, particularly for healthcare, where ransomware accounted for 85 percent of malware attacks.
Verizon uncovered ransomware in 39 percent of malware-related cases this year, and it has begun impacting business critical systems rather than just desktops.
DBIR also discovered that the healthcare industry was the only sector that had more internal actors behind data breaches than external actors. Medical data was the target of two-thirds of data breaches in the healthcare industry, while personal information made up 37 percent and payment data 4 percent of breaches.
Last year, the healthcare industry had 750 cyber incidents, with 536 involving data disclosure. Miscellaneous errors, crimeware, and privilege misuse presented 63 percent of cyber incidents in the sector.
“Preventive controls regarding defending against malware installation are of utmost importance. Take steps to minimize the impact that ransomware can have on your network. Our data shows that the most common vectors of malware are via email and malicious websites, so focus your efforts around those factors,” the Verizon report advised.