IT teams ought to conduct regular checks on devices to ensure no pre-installed tools have been compromised, thus acting as an entryway into the system to address the issue.
FREMONT, CA: It has become ever more evident that cybersecurity is a risk factor in healthcare data. As per the data breach investigation report, most breaches are about money, and attackers usually take the most natural path to obtain the information they require. Accordingly, many common threats persist to be problematic in healthcare, including:
Living Off the Land Attack
The concept refers to a style of attack wherein cybercriminals leverage pre-installed tools that come on targeted systems and can be exploited to launch attacks. The approach facilitates evasion because the malicious code that is injected appears to be part of an authorized process, making it difficult for security teams to detect and define.
PowerShell, a task automation, and configuration management framework from Microsoft, is one of the most popular targets for these types of attacks. Cybercriminals employ PowerShell to deliver ransomware and other malicious payloads, to encrypt data and move agilely across the network.
Healthcare IT teams must be highly aware of the tactic, particularly given the number of IoT devices connecting the network. IT teams ought to conduct regular checks on devices to ensure no pre-installed tools have been compromised, thus acting as an entryway into the system to address the issue.
There have been numerous high-profile ransomware attacks, which have demonstrated a high degree of planning and targeting. In fact, in one instance, the attackers had already done the due diligence to gain confidential credentials that enabled the execution of the malware. With the credentials, they could operate with minimal evasion or obfuscation tactics deployed. The approach indicates that they had already assessed the network defenses.
Overall, it looks as though perpetrators are moving away from an entirely opportunistic model of malware distribution to focus on explicitly selected networks. Hospitals are known to be victims for ransomware attacks, as they are more willing to pay to retrieve data, most likely due to poor planning or deficiencies in data recovery and continuity processes. With the occurrence in mind, health networks need to strengthen their malware defenses and ensure they have current data backups.