Cyber attacks on healthcare organizations in Israel have surged during the COVID-19 pandemic, rising 25% in the last two months of 2020 to 813 per week at the end of December, Israeli cyber software firm Check Point Technologies reported this month. Prior to November, the company reported 652 cyber attacks per week.
The Tel Aviv-based company said in a post that the threat of cybercrimes around the world has worsened over the past two months, with the number of attacks targeting medical institutions globally jumping 45% globally.
“This is more than double the overall increase in cyber attacks across all industry sectors worldwide seen during the same time,” the authors of the post wrote.
Central Europe has seen the highest spike in attacks on healthcare organizations among a list of regions, with a 145% increase in November, according to the findings. This location was followed by East Asia with a 137% increase, Latin America with a 112% increase, Europe with a 67% increase, and North America with a 37% increase.
Canada experienced the most dramatic increase in cyber attacks with an uptick of over 250%, Check Point reported. Germany followed with a 220% increase and Spain saw its attacks double.
At the end of October 2020, Check Point reported that hospitals and healthcare organizations had been targeted by a rising wave of ransomware attacks, with the majority of attacks using the infamous Ryuk ransomware. This followed a Joint Cybersecurity Advisory issued by the Certified Information Systems Auditor (CISA), the Federal Bureau of Investigation (FBI), and the United States Department of Health and Human Services (HHS), which warned of “an increased and imminent cybercrime threat to US hospitals and healthcare providers,” the authors of the post said.
The cybercrime threat has worsened over the past two months with attacks from “a range of vectors,” including ransomware, botnets, remote code execution, and DDoS attacks, Check Point indicated. Ransomware attacks showed the “largest increase” and is considered the “biggest malware threat” to healthcare organizations when compared to other industry sectors, the company reported.
“Ransomware attacks against hospitals and related organizations are particularly damaging, because any disruption to their systems could affect their ability to deliver care, and endanger life—all this aggravated with the pressures these systems are facing trying to cope with the global increase in COVID-19 cases,” the Check Point researchers said. “This is precisely why criminals are specifically and callously targeting the healthcare sector: because they believe hospitals are more likely to meet their ransom demands.”
Healthcare organizations and medical institutions around the world are being targeted because “hospitals are under tremendous pressure due to the ongoing rise in coronavirus cases,” they wrote. They are “willing to pay ransom so they can continue to provide care during this critical time.”
Check Point also said that the major motivation of these attacks is financial.
“They are looking for large amounts of money, and fast. It seems that these attacks have paid off very well for the criminals behind them over the past year, and this success has made them hungry for more,” the authors said.
The main ransomware variant used in attacks is Ryuk, followed by Sodinokibi. Sodinokibi is a ransomware-as-a-service (RaaS) first discovered in mid-2019, which operates as an affiliates program.
Ryuk is ransomware that has been used in targeted and well-planned attacks against several organizations worldwide, Check Point said. It was first discovered in mid-2018 and Check Point published an analysis of targets the United States at the time. Check Point researchers monitored Ryuk activity globally in 2020 and observed an increase in attacks aimed at the healthcare sector.
It is important to note that unlike common ransomware attacks, which are widely distributed via massive spam campaigns and exploit kits, the attacks against hospitals and healthcare organizations using the Ryuk variant are “specifically targeted and tailored,” the authors of the post said.
They offered tips to companies and individuals to prevent ransomware and phishing attacks and said to look out for trojan infections (“ransomware attacks do not start with ransomware”), raise their guard during weekends and holidays, use anti-ransomware solutions, educate their employees about malicious emails, and participate in virtual patching. Patching old versions of software or systems is nearly impossible for many hospitals and Check Point recommends using an updated Intrusion Prevention System (IPS) with virtual patching capability to prevent attempts to exploit weaknesses in vulnerable systems or applications.
The COVID-19 pandemic has severely affected the cybersecurity landscape and Check Point has “seen an unprecedented increase in cyber-exploits seeking to compromise personal data, spread malware, and steal money.”
An upsurge in the registration of coronavirus-related malicious domains and even fraud advertisements offering COVID-19 vaccines for sale are just some of the infringements disguised as helpful information.
“As the world’s attention continues to focus on dealing with the pandemic, cyber criminals will also continue to use and try to exploit that focus for their own illegal purposes—so it is essential that both organizations and individuals maintain good cyber-hygiene to protect themselves against COVID-related online crime,” the Check Point researchers said.
This article first appeared in NoCamels, which covers innovations from Israel for a global audience.