All Articles

(Webinar) Lessons Learned From Ransomware Attacks - Srinivasulu Thayam

Posted by pritha on December 29, 2022 at 11:43pm in Blog

The healthcare industry in India has faced 1.9 million cyber attacks this year till November 28, as per data published on Thursday by cyber security think tank Cyber Peace Foundation and Autobot Infosec Private Ltd. The attacks came from a total of 41,181 unique IP addresses, which were traced back to Vietnam, Pakistan, and China. The objective behind most of the attacks was to inject a malicious payload into the network of the healthcare company and trigger ransomware attacks. The sensors found 1527 unique payloads used for trojan and ransomware, the report shows.

 

 

About Speaker

Srinivasulu Thayam : CTO, Aravind Eye Care .

Srinivasulu is Senior Leader in IT with 27+ years of global diversified experience in Product engineering, Product development and assurance, Business Unit development, Strategic management, Delivery, Program and Practice Management, Test Automation tools, Non-Functional Testing, change controls, account management, Transformation, and Transition management, scaling high performing organizations, maximizing revenue & growth through client satisfaction and disciplined leadership.

 

 

Webinar (Recorded)

 

 

Discussion Highlights

1. Healthcare Data breaches

 10920909282?profile=RESIZE_710x

 

2. Why healthcare is the biggest target for cyber attacks

  • Private patient information is worth a lot of money to attackers
  • Medical devices are an easy entry point for attackers
  • Staff need to access data remotely, opening up more opportunities for attack
  • Workers don’t want to disrupt convenient working practices with the introduction of new technology
  • Healthcare staff aren’t educated on online risks
  • The number of devices used in hospitals makes it hard to stay on top of security
  • Healthcare information needs to be open and shareable
  • Smaller healthcare organizations are also at risk
  • Outdated technology means the healthcare industry is unprepared for attacks

 

3. Fear the attacker

10920912059?profile=RESIZE_710x

 

4. Recent Ransomware scenarios

  • A major cyber security breach that has forced it to take a number of critical systems offline following an alleged social engineering attack on an employee by an apparent teenage hacktivist
  • Data breach at Uber saw information on 57 million user accounts – 2.4 million in the UK – compromised
  • Uber was fined almost $150m for covering up this breach, and its then chief security officer, Joe Sullivan, is currently facing criminal charges over the incident
  • AIIMS Delhi turns manual following ransomware attack and around 40 million patients might have been exposed
  • The FIR stated that after two encrypted mails, there was a message: “what happened, your files are encrypted, all files are protected by strong encryption with RSA-2048, there is no public decryption software, what is the price to repair, the price depends on how fast you can pay to us, after receiving money, we will send program and private keys to your IT department right now, do not attempt to decrypt your data after using third party software, this may result in permanent data loss, our program can repair all files in few minutes and all servers will work perfectly same as before, free decryption as guarantee, you can send us upto three free decrypted files before payment.”
  • Safdarjung Hospital, a 1,500-bed government hospital, recently disclosed that cyber criminals also hit its IT system in November. No data, however, was compromised when the system went down in a day
  • While Medical Superintendent Dr B.L. Sherwal did not expound on the nature of the attack, He added that the system was immediately restored by the National Informatics Centre, the government agency responsible for enabling all government IT systems in India
  • The processes at Safdarjung Hospital are not as computerized as those at AIIMS, which is why the harm wrought by the cyber attack was not as serious as that at AIIMS
  • Personal details of more than 1.5 Lakh patients (data is from 2007 to 2011) of a Tirupur Hospital have been put of for a sale by Cyber hackers through Telegram channels and specific Cybercrime forums
  • The leaked information contains personal details such as birth dates, doctor details, residential addresses, and basic vitals of patients such as height, weight and blood groups
  • The database was advertised for $100 (meaning that multiple copies of database would be sold) for cyber criminals seeking to be the exclusive owner of the database, the price is raised to $300 and if the owner intends to resell the database, the quoted price is $400
  • CloudSEK (a contextual AI company that predicts cyber threats) has revealed this
  • Customer data was encrypted by Cyber attacker repeatedly 3 times in last 5 months
  • During 1st attack, partial ransom was paid (for specific clients) by the data processor, however ransom was ignored during 2nd time and they went to Cyber insurance to manage the damage and again 3rd time was attacked most of his customer networks (common to data processor and his customers)

 

5. Crowdstrike Blog

10920916482?profile=RESIZE_710x

 

6. Causes

  • Social engineering using phone calls and text messages to impersonate IT personnel, and either directing victims to a credential harvesting site or directing victims to run commercial remote monitoring and management (RMM) tools
  • Social engineering “most dangerous” threat, say 75 percent of security professionals. In May, Cyber Security Hub research revealed that three out of every four cyber security professionals considered social engineering or phishing attacks to be the “most dangerous” threat to cyber security at their companies
  • Ransomware has accounted for around 20% of cyber breaches so far in 2022. For comparison, the use of stolen credentials (hacking) accounts for 40% of breaches as of October 2022, and phishing accounts for around 20%
  • 93.28% of detected ransomware files are Windows-based executables. The next most common file type is Android, at 2.09%
  • The most common entry point for ransomware attacks is through phishing, with 41%
  • Cause of ransomware infection - Spam/phishing emails: 54%, Poor user practices/gullibility: 27%, Lack of cyber security training: 26%, Weak passwords/access management: 21%

 

7. Threats

  • Malware
  • Cryptomining
  • Phishing
  • IAM abuse
  • Outgoing DDoS attacks
  • Bruteforce
  • Leaked credentials
  • Hijacked accounts
  • Compromised machines

 

8. Threat Management

  • AD Security
  • Increase Visibility
  • Improve Third- Party Security.
  • Expand Cyber Threat Awareness
  • Implement Multi-Factor Authentication

 

9. Data sources

10920919883?profile=RESIZE_710x

 

10. Signs that your organization is at risk 

  • Employees are not trained to fully understand and apply laws, mandates, or regulatory requirements related to their work and that affects the organization’s security
  • Employees are unaware of the steps they should take at all times to ensure that the devices they use—both company issued and BYOD—are secured at all times
  • Employees are sending highly confidential data to an unsecured location in the cloud, exposing the organization to risk
  • Employees break your organization’s security policies to simplify tasks
  • Employees expose your organization to risk if they do not keep devices and services patched and upgraded to the latest versions at all times

 

Views: 115
E-mail me when people leave their comments –
Follow
Posted by pritha

CISO Platform

You need to be a member of CISO Platform to add comments!

Join CISO Platform

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)