Healthcare and Finance Firms Ranked as Leading Targets for Cyberattacks

Close Up Shot of a African American Male Doctor Wearing White Coat Working on Tablet Computer at His Office. Medical Health Care Professional Working with Test Results, Patient Treatment Planning. (Close Up Shot of a African American Male Doctor Weari

Healthcare providers and financial services companies experienced the greatest number of cyberattacks, according to the newly released 2023 BlackBerry Global Threat Report—August Edition.

The report found that the health and financial services industries together made up 25% of all cyberattacks stopped by BlackBerry cybersecurity solutions such as CylanceENDPOINT.

BlackBerry’s Threat Research and Intelligence team, which authored the report, recorded 13,433 unique malware binaries and more than 109,922 attacks on healthcare providers from March through May 2023. In the finance industry, researchers reported over 17,000 cyberattacks, with 15,000 of those aimed at U.S. financial firms, that BlackBerry’s cybersecurity solutions identified and blocked.

Ransomware continues to be the most common threat to both healthcare and financial organizations. Thanks to the rise of cybercrime services, such as ransomware-as-a-service (RaaS) and malware-as-a-service (MaaS), cyber-crooks no longer need a great deal of technical expertise to infect a victim’s IT systems and steal data.

The impact of a ransomware attack on a healthcare provider can be severe.  A ransomware or other cyberattack can derail scheduled diagnostic tests and procedures, potentially with life threatening implications.

According to a report in the Journal of the American Medical Association, 44.4% of hospitals surveyed suffered a disruption in the delivery of healthcare services following a ransomware attack. Common disruptions included electronic system downtime, 41.7%, cancellations of scheduled care, 10.2%, and ambulance diversion 4.3%.

Besides causing outages and cancelled procedures, a ransomware attack also puts the data of patients and employees at risk. An attack on a national provider of pharmacy and healthcare services, compromised the information of more than 5.8 million people in early 2023.  Unfortunately, at least some of that data was reportedly published on the dark web.

Another type of malware seen this reporting period is infostealers, or information stealing malware. An infostealer can collect data such as credit card numbers, bank account information, patient data, and login credentials. A stolen medical record can net up to $1,000, according to the Dark Web Price Index 2023 from PrivacyAffairs. Healthcare companies have huge amounts of sensitive data on hundreds or thousands of patients. That data can be used for identity theft or sold on the Dark Web to other criminals.

Some infostealers also have other capabilities. For example, RedLine — a leading threat to healthcare providers and financial services firms — is an infostealer that can also deliver malicious files and execute commands. A threat actor can not only steal a hospital’s data but plant malware for future exploits.

Financial services is another highly targeted industry. Banks, credit card providers, and insurance companies have all been victims of data breaches and other malware. The rise of mobile services such as digital banking apps have led to a rise in mobile app malware.

According to the latest BlackBerry Threat Report, two new Android malware exploits are targeting the financial industry. One, an Android Trojan known as Chameleon, can mimic legitimate banking and cryptocurrency services. Another malware that is targeting banks is an updated version of the Xenomorph Android malware, which has new capabilities including automated transfer system (ATS) framework and the ability to steal account credentials.

Multilayered, AI-driven Defense is Essential

Cyberthreats have become more frequent and often involve sophisticated, multilayered attacks that are harder to detect. At the same time, many IT departments are struggling to keep up with the growing threat landscape. IT departments often suffer from a shortage of cybersecurity professionals and resources. And the rise in remote computing and digital services have created larger attack surfaces for criminals to target.

MSSPs, cloud services providers, and other managed services providers can provide their customers with a multi-layered approach to cyber-security — one that includes endpoint security, data encryption, AI, and email filtering for malicious attachments and phishing emails.

Mature AI/ML-based cybersecurity solutions such as CylanceENDPOINT from BlackBerry can detect suspicious behaviors by employees and applications and can identify and block malicious content in emails and files before they can execute.

Guest blog courtesy of BlackBerry Cybersecurity. Read more BlackBerry Cybersecurity blogs Regularly contributed guest blogs are part of MSSP Alert’s sponsorship program.