Intel Security, has released its McAfee Labs Threats Report: September 2016, which assesses the growing ransomware threat to the healthcare industry, surveys the “who and how” of data loss, explains the practical application of machine learning in cybersecurity, and details the growth of ransomware, mobile malware, macro malware, and other threats in Q2 2016.
Following a rash of targeted ransomware attacks upon hospitals in early 2016, Intel Security investigated the attacks, the ransomware networks behind them, and the payment structures enabling cybercriminals to monetise their malicious activity. The researchers identified nearly $100,000 in payments from hospital ransomware victims to specific bitcoin accounts. While healthcare is still clearly a small proportion of the overall ransomware ‘business,’ McAfee Labs expects a growing number of new industry sectors to be targeted by the extensive networks launching such attacks.
In the first half of 2016, our McAfee Labs’ researchers identified a ransomware author and distributor who appeared to receive $121 million (BTC 189,813) in payments from ransomware operations targeting a variety of sectors. Dark net discussion board communications suggest that this particular cybercrime actor had accumulated profits of $94 million during the first six months of this year.
The scale of the operation is in line with the research the firm conducted with its Cyber Threat Alliance partners in late October 2015, when the group uncovered a ransomware operation using the CryptoWall ransomware strain to extort nearly $325 million over the course of two months.
“As targets, hospitals represent an attractive combination of relatively weak data security, complex environments, and the urgent need for access to data sources, sometimes in life or death situations,” said Vincent Weafer, Vice President, Intel Security’s McAfee Labs. “The new revelations around the scale of ransomware networks and the emerging focus on hospitals remind us that the cybercrime economy has the capacity and motivation to exploit new industry sectors.”
The survey found that retail and financial services organisations have deployed the most extensive protections against data loss, a finding McAfee Labs attributes to organisational responses to the frequency of cyber-attacks and the value of the data held by companies in these two sectors. Having sustained fewer cyber-attacks historically, healthcare and manufacturing enterprises have made fewer IT security investments and, accordingly, possess the least comprehensive data protection capabilities.
McAfee Labs researchers find the weaker defenses in these two sectors particularly disturbing given that cybercriminals continue to shift their focus from easily replaceable payment card numbers to less perishable data such as personally identifiable information, personal health records, intellectual property, and business confidential information.
“Industry sectors such as healthcare and manufacturing present both opportunity and motive for cybercriminals,” Weafer continued. “Their relatively weak defensive capabilities coupled with highly complex environments simplify breaches and subsequent data exfiltration. The cybercriminals’ motive is ease of monetisation, with less risk. Corporations and individuals can easily cancel stolen payment cards soon after a breach is discovered. But you can’t change your most personal data or easily replace business plans, contracts, and product designs.”
The survey results also show that nearly 40 percent of data losses involve some kind of physical media, such as thumb drives, but only 37 percent of organisations use endpoint monitoring of user activity and physical media connections that could counter such incidents. While 90 percent of respondents claim to have implemented cloud protection strategies, only 12 percent are confident in their visibility into the activity of their data in the cloud.
Weafer concluded: “We will always face challenges as we work to prevent the exfiltration of data, wherever it is stored and however it is handled. But organisations can learn a great deal from this study’s consistent theme of the value of greater visibility into events and incidents across the enterprise, and the longer-term value of the data drawn from this monitoring to construct stronger security postures.”
In the second quarter of 2016, McAfee Labs’ global threat intelligence network detected 316 new threats every minute, or more than 5 every second, and registered notable surges in ransomware, mobile malware, and macro malware growth.