41% of cyber attacks are deployed against healthcare entities, Canadian Underwriter reports, whereas only 20% of attacks are leveled at financial firms.
The information comes from specialist insurer Beazley in its Beazley 2019 Breach Briefing.
The reason healthcare targets are preferred, says Beazley, is because unlike finance hits that may yield a single payout or cryptocurrency ransom, data obtained in healthcare breaches can be sold many times over on Dark Net markets.
According to Beazley Privacy Breach Response Services Manager, Lauren Winchester:
“Healthcare records are more valuable to attackers and sell for significantly higher than financial data on the dark web…Stolen healthcare information can be used to file false claims with insurance carriers or create false IDs to purchase drugs. And unlike credit card numbers, which are cancelled relatively quickly once identified as compromised, healthcare information can be used for nefarious purposes over longer periods of time.”
Beazley analyzed 3300 data sets to generate its report.
Hackers also appear to be using different exploits to access different targets.
For example, financial institutions are more like to be targeted via “business email compromise” (BEC) – (27% financial institutions versus 22% healthcare entities).
According to Canadian Underwriter:
“BEC refer(s) to social engineering attacks where cyber criminals use compromised email credentials or spoof a legitimate email address to trick an employee into making an electronic payment to a bank account controlled by the cyber criminal or, in some cases, to transfer sensitive data.”
Socially-engineered phishing campaigns often involve profiling a particular individual via social media research.
Thereafter, hackers have been known to create customized and elaborate ruses targeted profiled individuals.
One such hack involved targeting a known dog lover who was also an employee at a cryptocurrency trading platform.
A fake dog show website was created and a phishing email disguised as an invitation to a “nearby dog show” sent to the victim.
That email contained a malicious “link to tickets,” and when the victim clicked the link, malware was uploaded onto the company’s computer system.
The platform was later hacked for a substantial amount of cryptocurrency.
Beazley says BEC hacks increased 133% between 2017 and 2018, and this method may be preferred in hacks against finance institutions because employees there often have more direct access to funds.
According to Winchester:
“One of the most lucrative ways to leverage a compromised email account is to request a fraudulent wire transfer or attempt to redirect funds, any by targeting a financial institution, the attacker is more likely to compromise someone with the ability to send or receive funds.”
According to Canadian Underwriter citing Beazley statistics, for most industries, “hack or malware was the leading cause of loss (59%) last year.”
The insurer identifies these attacks as ‘key trends’ in 2018, and says they are occurring across industries:
“[BEC], ransomware attacks and banking Trojans were key trends in 2018 and are continuing to evolve in 2019…These attacks do not discriminate in targeting businesses; all industry verticals and organizations of all sizes are falling victim to these crimes.”
Ransomware was deployed in 9% of all cyber attacks and in 12% of attacks against financial institutions in 2018, and an average payment of $116 000 USD was demanded.
This number was skewed, however, by a number of very large demands, with the mean demand adjusting down to $10 310 USD.
The highest demand reported to Beazley was $8.5 million USD or 300 bitcoins. The biggest ransom paid by the insurer was $935 000 USD.
Though only 9% of cyber attacks reported to Beazley involved ransomware, Winchester says the insurer still received over 300 ransomware notifications last year:
“So while ransomware was not as prevalent as business email compromise, we rarely saw a ransomware-free day last year.”
Beazley reportedly noted as a “main trend” last year that attackers are using banking Trojans as a precursor to activating their ransomware.
Anti-virus software maker AVG defines Trojan malware as follows:
“Trojan malware takes its name from the classical story of the Trojan horse, because it imitates the technique to infect computers. A Trojan will hide within seemingly harmless programs, or will try to trick you into installing it.”
“Trojans do not replicate by infecting other files or computers. Instead, they survive by going unnoticed. They may sit quietly in your computer, collecting information or setting up holes in your security, or they may just take over your computer and lock you out.”
Recovering or restoring data after a ransomware attack can reportedly be more straightforward than extracting Trojan malware from infected systems.
If not entirely removed, Trojan malware can leave a network susceptible to future attacks by spying on the system, by leaving backdoors, etc., or may be induced to trigger another ransomware attack.
Motherboard reported March 22nd that chemical firm Momentive recently decided to to scrap hundreds of computers after operations at the chemical firm were crippled by a LockerGoga ransomware attack.
The presence of Trojan malware in conjunction with a ransomware attack takes the attack to another level legally, says Winchester:
“What this means is that while historically many ransomware attacks did not result in a legally notifiable ‘data breach,’ the presence of a banking Trojan may also mean attackers have compromised and even stolen sensitive personal information.”