Last Saturday night, a French hospital suffered a ransomware-type cyberattack leading to no or limited access to most of its computers and medical devices. The attack is still ongoing. The criminals are demanding a ransom of $10 million to remove the digital lock from the workstations of the hospital staff. This unfortunate event reminds us that hospitals are not the only ones at risk. Any organization can be a target. Therefore, how can you secure your assets? In this special report, you will find a recap of the most common cyber threats and some recommendations on how to better protect your systems from them.
Lindsay Clark, Eduardo Di Monte and Camille Rustici contributed to this special report.
Cyber attacks are frequent and the healthcare sector is increasingly subject to hacking via ransomware. The hackers did not even stop their attacks during the COVID-19 pandemic.
In 2020, a ransomware attack struck the digital equipment of a major hospital chain in the US. All the hospital’s computers suddenly shut off, medical files were lost and many of the patients had to be sent to other facilities.
Cyberattacks in the healthcare sector are a matter of life and death. A woman even died in Germany from delayed treatment after hackers penetrated the hospital’s computers. It was the first fatality from a ransomware attack.
Most of these attacks have similarities. They are often triggered at night or during weekends when the teams on call are less numerous. But let’s go back in time to know more about ransomware.
1/ Beware of Ransomware
In 2017, nearly 130,000 people in more than 100 countries were victims of a massive worldwide ransomware attack. The WannaCry cyberattack infected U.K. National Health System, Spanish Telcommunication company Telefonica, French Automaker Renault, German railway company Deutsche Bahn. The goal of the attack was to encrypt the target’s data pending payment of a ransom. This attack is one of the first to bring a new cyber threat to the forefront: ransomware.
What is a Ransomware?
During a ransomware attack, malware block access to your data and threaten to delete or disclose it unless you pay a ransom. Your content is then totally or partially encrypted so that it cannot be used without the decryption key. Usually, the hacker asks to be paid in cryptocurrency, such as Bitcoin for example.
They are the work of rogue organizations. In the case of the French hospital, investigators suspect LockBit, one of the largest groups specializing in the use of ransomware. They have carried out similar operations in the past.
2/ What Are the Most Important Cyber Threats in Industry?
While previously, digital sectors such as eCommerce companies were the first on the radar of criminals, this has now shifted towards industrial targets.
Typically, the main goal of an attack is to target a critical business practice and create the biggest impact in the shortest timeframe. If criminals can affect business-critical practices, they can set in motion a chain reaction across many other areas of your business, including supply chains, magnifying the impact and creating knock-on effects.
Also, the more your organization relies on technology, the larger the threat surface you need to defend. When adopting any new software or devices into your business-critical processes, you need to know how you will protect the technology. It’s the companies who adopt new systems without properly securing them first that present the best opportunities to cybercriminals.
3/ Attacking Your Suppliers Implies Attacking You
An IT supply chain attack aims to damage targeted companies by attacking the least secure elements of their application supply chain, for example, by infiltrating a Trojan horse through software produced by one of their vendors. As companies are using more and more various software from various vendors, this trend is accelerating.
The SolarWinds attack is one of the most notorious recent events. Texas-based software company SolarWinds came under an undetected cyberattack in September 2019 with hackers gaining access to the production system for Orion, SolarWinds’ flagship software. The problem was that the software is used by thousands of businesses and organizations around the world. Hackers were, therefore, able to infect Orion’s users and access their computer networks without being detected. Of the 18,000 infected customers, about 100 were infiltrated, including government entities.
4/ So, What Can You Do to Better Secure Your Company?
Badly protected security systems along with human factors are at the center of all cyber attacks. Many of them also rely on social engineering which is a set of manipulation techniques aimed at influencing an individual to commit a malicious act unintentionally.
What Are the Most Frequent Cyber Attacks?
Being aware of the most common attacks is crucial to protect your assets from them. The attacks you are most likely to encounter include: Password Attack, Malware (including Ransomware, Spyware, Trojan horses, viruses), Phishing, Denial of Service Attacks, Man in the Middle Attacks, SQL Injections, Fake President Fraud, Zero-Day Exploit and attacks via Suppliers (attacks on the IT supply chain as mentioned above).
How Do You Prevent These Attacks?
There are best practices to put into place to better secure an organization, whether it is an SME or a larger group.
The best practices involve: Regularly changing passwords, implementing Endpoint Detection Response, Backup your data, regularly updating your applications, and encryption.
External solutions also exist: having an external SOC, resorting to Virtual Patching and working with bug bounties.
5/ Bug Bounty: Protecting Yourself by Being Attacked
The bug bounty approach means opening yourself up to being attacked in order to better defend yourself. This American cybersecurity proactive method is not new and dates back to the sixties. But it is now becoming established in Europe.
Companies that have launched a new system or equipment can often be victims of a Zero Day attack where cybercriminals exploit a potential fragility in the equipment.
The idea is to call on the hacker community to test cybersecurity. Bug bounty platforms can help with this, by creating an environment that allows ethical hackers to work on software, hardware and operating system vulnerabilities with a controlled process of identification and validation of these vulnerabilities in order to develop patches in cooperation with the industry. If the hackers find vulnerabilities in a system, they are paid in the form of a bounty. Like bounty hunters in the American Wild West in the 19th century.