In the past year, cybercriminals have turned their attacks on hospitals and health-related infrastructure, taking advantage of the high demand in the sector caused by the Covid-19 pandemic.
The conclusion appears in a study released by IBM on Wednesday (24) and corroborates what pointed out experts and reports from other companies published over the past year.
According to the survey, the share of attacks on the sector more than doubled in 2020 compared to 2019, to 6.6% of the detected threats (compared to 3%). The analysis takes into account more than 130 countries, including Brazil.
One of the attacks detected by the company in October targeted the European Commission and other organizations in different countries involved in the vaccine distribution chain at Covid-19. It was not possible to identify the offender, who was trying to steal access data and privileged information.
In the previous month, Microsoft published a study pointing out that 16 hacker groups that receive support from governments of countries started to target actors involved in the response to the pandemic.
“Ransomware” attacks were up 20% from 2019 and accounted for one in four of the security incidents detected in IBM’s analysis. Specifically against health, it was 28% of cases.
In this mode, malicious programs block computers or systems. Criminals then demand ransom to return access – a digital hijacking.
“When healthcare institutions are victims of ransomware, in addition to drastic economic consequences, the attack can have severely damaging implications, such as the loss of patient records and delays or cancellations of treatments,” says Luis Corrons, a researcher at Avast, a Czech company cybersecurity.
In September, one of these viruses paralyzed a hospital in Dusseldorf, Germany.
As the site was prevented from receiving new patients, he refused the ambulance transporting a 78-year-old woman who arrived with an aortic aneurysm (dilation of the largest artery in the body, which can rupture). The elderly woman had to be taken to another institution, 32 km away. The transfer took an hour and she died shortly afterwards.
More than half of the cases of these digital hijackings in 2020, points out the report, were of a variant called “double extortion”. In it, in addition to charging to restore the machines, the criminals ask for money not to leak the data obtained.
The “Sodinokibi” ransomware, which uses this strategy, was the most popular in the period. IBM estimates that it has yielded more than $ 120 million (R $ 650 million) in redemptions.
The orientation for this type of crime is not to yield to the demands. “Companies have to remember that they are dealing with criminals, there is no guarantee,” says Marcio Silva, technical manager at IBM Security Brasil.
In these cases, Silva’s tips are: make the correct management of users and only give the necessary access to each one, correct any vulnerabilities (that is, keep the systems up to date) and have a response plan in case of incidents .
The study also points out that criminals are increasingly turning their attention to critical infrastructure, not necessarily linked to fighting the coronavirus. They fall into the category, for example, water and energy supply systems.
That was the case in Oldsmar, Florida, on the 8th. A hacker accessed an employee’s computer at the water treatment plant and tried to increase the levels of sodium hydroxide (caustic soda) in the supply. The threat was detected and prevented without causing damage.
The manufacturing and energy areas are more targeted at scams and, last year, they were second only to the finance sector. In them, attackers took advantage mainly of vulnerabilities in industrial control systems (used to operate or automate processes).
“The financial and insurance market has always been the most attacked, historically. Over the years, companies have been making more investments in security,” says Silva.
In the expert’s assessment, hackers realized that the other areas would be potentially more vulnerable because they do not have such an extensive record of dealing with cybercrime. In addition, as they are sectors where work stoppages can cause major losses, there is a greater tendency to accept attackers’ requests in order to reduce downtime.
Threats to health have sparked several warnings over the past year.
In April, Interpol warned of the growth of cyber attacks against hospitals. International police have also highlighted ransomware as the most common threat. For protection, he recommended:
- Just open emails or download programs / applications from secure sources
- Do not click on links or attachments in emails that you do not expect to receive, or from an unknown sender
- Program your email service to protect against spam that may be infected
- Back up all important files frequently, and save them somewhere separate from your system (eg, in the cloud, an external hard drive)
- Have antivirus installed and up to date on all your systems and mobile devices, and make sure it’s working
- Use strong and unique passwords for each system, and change them regularly
In the U.S., the FBI has issued an alert for phishing emails, fake messages built to steal data or install malicious programs.
It is not today, however, that the health sector is in the crosshairs of cybercrime.
One of the most famous cases happened in 2017. At the time, the WannaCry ransomware affected computers worldwide and caused damage mainly to the British public health system.
Last year, the Sírio-Libanês Hospital, in São Paulo, underwent an invasion attempt that undermined the services of the institution’s website and app. Patients said they were unable to access tests such as MRI and tomography.
Months earlier, in January, an onslaught dismantled the computers at a university hospital in Madrid, Spain. Previously, attacks have affected hospitals in France.
In 2019, a medical center in Michigan, USA, had to temporarily stop its services after a cyber attack. In the same year, Boston Children’s Hospital services were impacted for weeks — in this case, the guardian was arrested.
It is common for hackers to pay attention to the main topics under discussion in society to guide their attacks. During the coronavirus crisis, scams that use the disease as a pretext are spread by messenger applications, such as WhatsApp, social networks and by email.
Scammers have created, for example, a fake website promising to release emergency aid. Upon entering the site and filling out the form, the victim has his data stolen.
This information is useful for other scams, such as trying to impersonate the victim to ask WhatsApp contacts for money. It is also one of the main vectors for more complex attacks. Personal information can help a criminal gain access to a company’s system, for example.
The migration of companies to remote work has also been explored. Kaspersky Lab’s analysis shows a 235% increase in attacks on remote connection protocols – used by companies to allow employees to access internal systems even when working remotely.