On the fourth. On April 4, Interpol sent a rare alert to hospitals around the world to keep them alert for imminent cyber attacks. As hospitals are struggling to keep pace with the global pandemic, so has the number of ransom raids on organizations critical to fighting the virus. And while some well-known cybercriminal groups promised not to attack health organizations during the COVID 19 crisis, for many cybercriminal groups these promises were clearly overshadowed by the desire and ability to make a profit.
Pay up! Why are hospitals targeted by Threat-Actora?
The enemy has long attacked medical facilities with ransoms and other destructive cyber attacks. The Institute for Critical Infrastructure Technology identified software retirement as the number one threat to health organizations in 2016, which proved to be true in subsequent years as well. Excluding the impact of the COVID 19 attacks on ransom providers, the number of ransom demands increased by 350% in the last quarter of 2019, with Corvus reporting that the rapid pace of attacks will continue into 2020.
When it comes to ransom, cybercriminals know that the health sector will pay the ransom sooner than others because hospitals simply cannot afford the time to develop a restructuring and recovery plan. Given the loss not only of income but also of lives, it is not surprising that almost a quarter of ransom raids in hospitals resulted in some form of payment. Blocking necessary records, the hospital’s inability to receive patients, or finding a way to damage or monitor medical equipment such as scanners and infusion pumps, a successful attack can have a devastating effect on a hospital’s ability to care for its patients.
In the event of a pandemic, these fears will increase. Hospitals are short of resources and their services have never been more urgent. Whether for profit or to conceal more malicious intent, the criminal organisations and nation states that acted against them during the COWID crisis almost certainly contributed to the already high death toll by capturing the necessary resources.
Taxation of the supply chain
Hospitals don’t work in a vacuum. Food production, logistics and transportation are just some of the industries that, if hit by a cyber attack, can have an inverse and damaging effect on the ability of the medical industry and hospitals to effectively care for patients.
I recently spoke to the safety team of a major American food manufacturer, who told me that they are busier than ever to ensure that every employee works to the best of their ability. The global supply chain is under increasing pressure to keep pace with demand, even as business processes change and new challenges emerge. A cyber attack on the production facilities of a food or medical facility can cause devastating delays and bottlenecks when production needs have never been more urgent.
Just last month, the Mediterranean Shipping Company (MSC), the second largest container shipping company in the world, had to deal with a prolonged network failure. Although the MSC has not confirmed that this failure was due to a cyber attack, it has twittered: We cannot completely rule out the possibility of malware. I can’t help but think of the ransom attack by NotPetya, who managed to disrupt the supply chain by blocking transport and logistics companies and creating chaos without the global pandemic adding further pressure on the supply chain.
Because companies and supply chains around the world experience accelerated digital conversion when working on remote workstations, they are particularly vulnerable to cyber attacks and human error. Whether this failure in an MSC was caused by an adversary or a mistake, it is a reminder that the supply chain is vulnerable and that IT vulnerabilities affect the management of business and physical operations in the business world.
The first cyber-responders
I am married to a former First Aid nurse and I have great respect and gratitude for all those who responded first and put their lives and families at risk to help others in this day and age. We should also remember that there are other first aid physicians who do not wear stethoscopes or N95 masks, but help keep medical facilities running. This already includes small security and IT teams, but is certainly not limited to them. These orders are now trying to launch telemedicine and build an infrastructure for remote operations while defending themselves against destructive cyber attacks.
What can the security industry do to support the pioneers of cybernetics in these difficult times? Many security companies offer resources free of charge. In addition to simply offering free resources, security teams turn to automated solutions that can take some of the work off their hands.
ICAR has recently identified many cybersecurity functions as important roles, and our understanding of our core business and core personnel will continue to evolve as the pandemic develops. It is already clear that advanced technologies such as AI will play an important role in ensuring that businesses, hospitals and supply chains function effectively without being affected by disruptions or cyber attacks.
Justin Fierre is the director of Darktrace’s Cyber Intelligence and Analysis Department, based in Washington, DC. With more than 10 years of experience in cyber defence, Fier has supported several elements of the US intelligence community by performing critical security tasks at Lockheed Martin, Northrop Grumman Mission Systems and Abraxas. Fier is a highly qualified technical employee and a specialist in cyber operations in both offensive and defensive fields.
Old columns of Justin Fierre: