Infostealer attacks are a prominent malware family for the healthcare sector, as attackers attempt to steal valuable data from organisations and patients in order to further blackmail or ransom the data.
Bangalore, India, March 7, 2024: Netskope Threat Labs has today published its latest research report, revealing that the infostealers were the primary malware and ransomware families used to target the healthcare sector. Healthcare was among the top sectors impacted during 2023 by mega breaches, an attack where over one million records were stolen.
The report also examined the continued increase in cloud app adoption in the healthcare sector as well as malware trends across the sector.
Key findings include:
- Key target for infostealer attacks: Infostealer attacks are a prominent malware family for the healthcare sector, as attackers attempt to steal valuable data from organisations and patients in order to further blackmail or ransom the data.
- In particular, the Clopp ransomware gang was particularly active in targeting healthcare and health insurance organisations, exploiting the CVE-2023-34362 MOVEit vulnerability.
- Healthcare was among the top sectors impacted during 2023 by mega breaches, an attack where over one million records were stolen.
- Malware downloads increased in 2023 but plateaued in H2: Cloud-delivered malware ended the year at approximately 40% of malware downloads in the healthcare sector after a peak of 50% in June, which then dipped a little in the second half of the year. Healthcare trended slightly below other industries, but cloud-delivered malware in the sector grew considerably year-on-year, up from just 30% a year ago.
- Notably, the healthcare sector appeared to have the lowest percentage of malware sourced from the cloud in the past 12 months, ranking 6th at approximately 40% of total malware downloads, behind telecoms, financial services, manufacturing, retail, technology, state and local government, and education.
- Cloud apps are increasingly a target for malware as they give attackers the ability to evade regular security controls that rely on tools such as domain block lists and monitoring of web traffic, and such attacks impact companies that do not apply zero trust principles to routinely inspect cloud traffic.
- Bucking the Microsoft OneDrive malware trend: While Microsoft OneDrive remained the most popular app in the healthcare sector, its use was significantly lower than other sectors. As a result, malware downloads through OneDrive were 12 percentage points lower than in other industries.
- The general prevalence of OneDrive-originating malware attacks reflects the merger of adversary tactics (abusing OneDrive to distribute malware) and victim behaviour (their likelihood to click on the links and download the malware), coupled with the widespread popularity of OneDrive.
- Slack’s popularity in healthcare: The app was second for uploads (behind OneDrive) and fifth for downloads, significantly higher than in other sectors. However, this usage trend did not correlate with the number of malware downloads from the app; it was not even in the top 10 sources.
- As Slack is a robust enterprise app, attackers need to use different tactics and content to target users who need to accept or share invites to external channels. This is a more complex process when compared with other consumer messaging apps like Whatsapp that could be used on a corporate device. Instead, attackers would use Slack as a command and control server, as its API provides a flexible mechanism to upload (or exfiltrate) data.
Speaking on the findings, Paolo Passeri, Cyber Intelligence Principal at Netskope, said: “Infostealers are among the top threats for the healthcare sector, and this is reflected in the fact that during the course of 2023, many healthcare organisations were the targets of mega breaches and among the top targets of the massive Clop campaign exploiting the CVE-2023-34362 vulnerability.
“Of course, this modus operandi is unsurprising because of the types of personal data managed by these organisations but it is particularly effective because attackers do not necessarily need to encrypt the data in a ransomware-style attack. Instead, they exfiltrate the stolen information and use it to blackmail the victim (or its customers or patients).
“Malware and infostealers shouldn’t be the only concern for the healthcare sector; they should also consider the vulnerability of their supply chain and apply the same zero trust strategy they would in their own organisation to third parties in the supply chain.”
The report is based on anonymised usage data collected about a healthcare sector subset of Netskope’s 2,500+ customers, all of whom give prior authorisation for their data to be analysed in this manner.
For the full report, please visit here.
Also read: The Road Ahead: Predictions for the Future Evolution of Artificial Intelligence
Do Follow: CIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter
About us:
CIO News, a proprietary of Mercadeo, produces award-winning content and resources for IT leaders across any industry through print articles and recorded video interviews on topics in the technology sector such as Digital Transformation, Artificial Intelligence (AI), Machine Learning (ML), Cloud, Robotics, Cyber-security, Data, Analytics, SOC, SASE, among other technology topics.
