Carbon Black Reports Trend in Ransomware and Data Destruction Attacks


Healthcare Cyber Heists in 2019 had compiled information from 20 industry leading CISOs, which include the cyberattacks they experienced in the past year, the strategies employed in the attacks, and changes of the threat landscape.

Healthcare data breaches in 2018 was at a record high and cyberattacks continue at an unparalleled level. April 2019, which had 46 breaches impacting 500+ records, was the worst month ever for healthcare data breaches.

Cyberattacks can have a substantial, real-world effect on healthcare companies and patients. Cyber attackers could access, steal and offer patient data for sale on the dark web. They could also prevent hospitals from accessing their critical systems and patient files, so that efficient patient care becomes virtually impossible.

83% of surveyed CISOs think cyberattacks increased over the last year and 66% of CISO’s say attacks became more sophisticated in the last year.

66% of surveyed companies had to manage an attempted ransomware attack last year. The attackers used different ransomware variants but the Kryptik/GenKryptik ransomware variants had been used in 74% of attacks.

Nearly half of survey participants encountered an attack intended to destroy data. Attacks that want to destroy data do so to paralyze businesses. The attacks are generally connected to sponsored hacking groups from North Korea, Russia and China.

Although many different strategies are used for healthcare organization attacks, one common method use Excel spreadsheets containing macro-enabled PowerShell to download malware.

33% of CISOs stated they encountered an ‘island hopping’ attack last year. This type of attack involves hackers that compromised a third party and utilized it to strike their organization. For instance, an attack by means of partner-provisioned Virtual Desktop Infrastructure access, private network links or VPNs. 33% of CISOs additionally claimed hackers used counter incident response strategies to avert breach mitigation and to attempt to retain continual access.

CISOs were likewise asked concerning their greatest issues. 33% said it was compliance, 22% said budget restrictions, 16% said loss of patient data and another 16% said vulnerable devices.

Healthcare organizations seem to think that compliance with HIPAA means robust cybersecurity, but that is not true. Compliance with HIPAA simply means a company has attained a baseline degree of security. A lot of HIPAA-complaint healthcare organizations still experienced data breaches. Compliance must be considered as a place to start an organization’s security plan. With HIPAA compliance, further security programs ought to be developed.

The report reveals organizations came to the realization that staff security awareness training is important, not only for compliance but also for enhancing security. 84% of companies train their staff on security awareness at least yearly while 45% train their staff more frequently.

In rating their organization’s security posture, the majority of CISOs said much still needs to be improved. 74% of the CISOs gave a rating of B or less, 25% gave a B, 16% gave a B- and 33% gave a C.

Though most of the organizations involved in threat hunting say there’s significant improvement in their cybersecurity posture, just 33% of respondents claimed they’ve got a threat hunting team. Carbon Black remarks that threat hunting is not just for the security elite. Threat hunting software helps businesses get better awareness to find and deal with threats before a data breach occurs.