Health Sector largest target based on 2017 data
Looking back to 2017 has shown us that threat actors are interested in 2 very specific action. The first is to steal the confidential information by attacking healthcare providers and the second being the generation of revenue using ransomware and virtual currency mining. Another area Another area of concern is corporate espionage which we at Jigsaw Security see as the main threat being faced in 2018.
In many cases the threat actors goals are the same which is to profit monetarily by stealing proprietary information, healthcare records and in the theft of computing resources to generate revenue utilizing mining operations of unsuspecting users.
Why Health Care?
When we look we see that a major target of these attacks is the health care sector. We wanted to try and determine why this sector is targeted more often than other sectors. It really comes down to market economics. Healthcare data is more valuable than credit card data because the information cannot be changed once it is acquired. Unlike a credit care that can be canceled, health care information remains what it is, a data point at a particular time in a persons life.
It is estimated by the FBI that your medical records are worth 10 times (or more) than your credit card numbers. Large amounts of medical data commands a higher payout than the same number of credit cards in short because the data in health records can be used to commit other types of identity theft. There is also evidence that this information has been used to solicit drugs or other medical devices billed to insurance that can be resold. In addition insurance fraud is rampant whereas threat actors will use patient information with false provider numbers and file made up claims. with insurers whom sometimes catch it and sometimes they don't.
We believe the most damaging of these attacks will continue to be ransomware in the near future. Just remember that 40% of all health care organizations have reported criminal cyber activity as reported by the Ponemon Institute think tank.
Learning Institutions Cause Issues
We have been studying this for awhile at JIgsaw Security, whereas colleges and schools are increasingly targeted due to the open nature and flat network designs where if one system can be compromised, typically they all are compromised. Back in 2015 we notified NC State to some issues and as we suspected it went nowhere, the same with some medical companies in the Triangle. Even when confronted with evidence of a breach, many organizations find it easier to just sweep it under the rug, reload systems, change passwords and move on, leaving the initial attack vector in place where hackers come back and gain future data and footholds.
Out of all the sectors, education has the highest level of compromised accounts. In fact we see 4 times the number of educational credentials lost or discovered by hackers than any other second, with healthcare and email providers also at the top of the list (such as Hotmail, Google and Microsoft).
In short while the education system is busy teaching, criminals are busy hacking educational systems for financial and other gains.
The Big Elephant in the Room - Cryptocurrency
As we start digging into 2018 data one thing is for sure. Ransomware is out and illicit malware to mine cryptocurrency is in. Jigsaw Security has witnessed several threat actors move away from ransomware as it's riskier for them and have moved to anonymous payouts in cryptocurrency. Many of these threat actors started moving away from ransomware in late 2017 as the price of bitcoin and other cyber based currencies prices went through the roof. The fact that the transactions are anonymous makes it an attractive target for hackers.
While not everybody is sold on this technology, criminal and nation state actors are able to make handsome profits from thousands of unwitting victims. One think we focus on is the bitcoin trail, as have law enforcement. There have been several high profile cases of services being taken down such as AlphaBay for example where they followed the money. In reality people need to expose themselves when they convert the bitcoin to cash, that is what law enforcement is currently targeting.
We expect virtual currencies to be a favorite of the threat actor for some time to come.