- Trojan malware upended ransomware as the greatest hacking threat to the healthcare sector in 2018, according to a new report from Malwarebytes Labs.
Specifically, Emotet and Trickbot hacking trojans were the most common malware strains, while hijackers, rootkits, and riskware rounded out the top threats to the sector. According to the report, the number of trojan attacks have increased by 132 percent since 2017.
The report found hackers are steering away from the obvious ransomware attacks that provide only short-term payments and into the subtler, long-lasting trojan attacks to harvest intellectual property, personal data, and more.
The researchers classified trojans as an older malware form that sneaks in undetected, often as part of a code hidden within another to get past security tools. Emotet began as a banking trojan, but has evolved to use exploits to infect computers, steal data, monitor network traffic, spread other malware, and can even send emails to contacts.
“The attackers behind Emotet are intentionally attempting to spread their malware to business targets,” researchers wrote. “Combine this with the family’s upgrades in functionality, such as the ability to move laterally and spread malicious spam from the infected endpoint, and the motive of the Emotet controllers becomes evident.”
“The trend in information-stealing Trojans being leveraged for business breaches does not appear to be slowing down,” the report authors wrote. “However, the deployment of patches, network and data segmentation, as well as user rights management configuration might keep the Trojan invasion from spreading so easily.”
Most recently, Emotet was seen pairing with healthcare’s other problem trojan, Trickbot, along with Ryuk ransomware to gain access to a network.
Trickbot also plagued the healthcare sector in 2018. The researchers described the trojan as “a nasty information stealer that can download components for specific malicious operations, such as keylogging and lateral movement within a network.”
Hackers are constantly updating the trojan with new functions, including the ability to gather data from the network it’s on to inform the hackers and eventually allow them to secretly proliferate across a network to steal information.
What’s worse is that the two commonly are paired together, with Emotet using Trickbot as the most common payload. The researchers found 1.5 million overall detections of the virus on business endpoints last year.
As for ransomware, the healthcare sector and other industries may not have seen as many high-profile, flashy attacks as those in 2016 and 2017, but the virus should not be overlooked. Ransomware hackers have instead crafted more sophisticated, targeted attacks aimed at businesses.
“Ransomware delays can be incredibly costly, especially when an affected organization has no backup plan in place and multiple endpoints to remediate,” researchers wrote. “Incident response and digital forensics all add to the cost, which is often a lot more than simply paying the ransom (a tactic we do not recommend).”
“As we look ahead to 2019, we anticipate the game of cat and mouse to continue on and on, with old tricks applied to new threats and new tactics used for old favorites,” they added. “As always, our advice remains to stay informed, stay vigilant, and never take the security of your data or devices for granted.”