SEO Poisoning, Cobalt Strike Abuse, Emotet Continue to Threaten Healthcare Cybersecurity

April 25, 2023 - Search engine optimization (SEO) poisoning, Cobalt Strike abuse, and other tactics are increasingly being used against the healthcare sector, BlackBerry observed in its quarterly Global Threat Intelligence Report.

During the last quarter, BlackBerry customers in the financial, healthcare, and food and staples retailing industries received 60 percent of all malware-based cyberattacks, showing that threat actors are not slowing their efforts to target a variety of sectors.

BlackBerry predicted an increase in SEO poisoning in healthcare in the coming months. SEO poisoning occurs when threat actors optimize malicious web pages in order to lure victims to click on links that expose them to attacks. These findings align with a February 2023 HHS threat brief regarding SEO poisoning techniques.

“As healthcare digitization continues, the industry must prioritize security measures that ensure patient data and healthcare systems and infrastructure are protected,” the report noted.

“Cyber criminals increasingly seek to exploit vulnerabilities in the healthcare industry’s complex, interconnected, and often aging digital infrastructure. Cyberthreats during this reporting period include data breaches, ransomware attacks, and other sophisticated threats.”

Emotet continues to be a prominent threat to healthcare cybersecurity in 2023, BlackBerry observed. Emotet first surfaced in 2014 and has since evolved into a botnet-operated dropper capable of delivering malicious payloads.

“Emotet poses a significant threat to the healthcare industry because it can infiltrate and move laterally within networks as well as provide an initial access point for malware, including ransomware,” the report stated. “During this reporting period, BlackBerry telemetry showed an increase in the use of Emotet to target healthcare organizations.”

In addition to Emotet and SEO poisoning, BlackBerry warned the healthcare sector of the initial access infostealer known as RedLine, BlackCat and Royal ransomware operators, and Cobalt Strike abuse.

As previously reported, the abuse of legitimate tools such as Cobalt Strike have been threatening the sector since their creation. In April, Microsoft’s Digital Crimes Unit (DCU), along with cybersecurity software company Fortra and the Health Information Sharing and Analysis Center (Health-ISAC), announced that they were joining forces to disrupt illegal, legacy copies of Cobalt Strike and abused Microsoft software.

As healthcare continues to digitally transform, attack surfaces will also continue to expand. Remaining aware of the top threats facing the sector is a crucial step in mitigating risk.