Summarizing the outcomes of 2018, the experts noted an increase in the share of targeted attacks that grew throughout the year reaching 62 percent in Q4. By and large, targeted attacks became the favorite method of attackers (55 percent) in 2018, unlike the previous year.
The number of attacks aimed at data theft keeps growing. A statistical analysis of 2018 showed that attacker interest was mainly focused on personal data (30 percent), credentials (24 percent), and payment card information (14 percent).
In 2018, healthcare institutions in the U.S. and Europe were at the center of attention from hackers, receiving more attacks than even banks and finance. In addition to stealing medical information, hackers also demanded ransom for restoring the operability of computer systems. Hospitals were ready to pay hackers, patient lives being at stake. According to experts, attackers got hold of personal data and medical information of more than 6 million people.
DDoS attacks became more powerful. Thus, 2018 was marked by the two biggest DDoS attacks in history, reaching 1.35 and 1.7 terabits per second. IT companies were the second-most common target of DDoS attacks, after government institutions. Hackers disrupted the operations of internet service providers and game companies, which are particularly sensitive to downtime and equipment disruption.
In 2018, malware was used in 56 percent of attacks. Such popularity is caused by the fact that malicious software is becoming more and more available each year, which reduces the barrier to entry for cybercriminals. Attackers mostly used spyware and remote administration malware to collect sensitive information or gain a foothold on systems during targeted attacks.
By Leigh-Anne Galloway, cyber security resilience lead, Positive Technologies.
It has become clear in the last few years that when it comes to cybercrime, hackers are not fussy about which organization or sector they focus on – if there’s profit to be made, anyone is a potential target.
However, there are of course institutions which will always be of particular desirability to cybercriminals. Financial institutions, banks and retail are among the most targeted because the goal of most cyberattacks is financial gain, and organizations in these industries are the most lucrative targets for cybercriminals. The healthcare sector is also heavily targeted because of the personal data it holds. This data may be stolen and used for different purposes, including fraud. As a consequence, the focus on healthcare institutions by hackers has ramped up in recent years.
This increased attention on the health sector is because of hackers seeing it as an inexhaustible source of money. On multiple occasions, media reports have described leaks of data from medical centers, followed by a ransom demand sent to clinic management and patients.
There are a number of other ways criminals can monetize attacks on healthcare equipment and applications. These include threatening patient health by altering stored information; using stolen data to fraudulently obtain access to medical care or controlled medications; leveraging personal information on patients and their family members; and sabotaging websites and/or infrastructure on behalf of unscrupulous competitors. Attacking healthcare institutions also allows criminals to resell stolen data to third parties such as insurance companies, healthcare providers, banks, and others, who can use this valuable information for a number of purposes (such as advertising, research, or even discrimination based on pre-existing conditions).
One such specific way that criminals can carry out attacks is by exploiting advancements in health technology and equipment in recent years. We’ve seen an increasing number of medical devices such as pacemakers, drug pumps (like insulin infusion devices), implantable defibrillators, and other devices implementing wireless connectivity for doctors to control and fine-tune their work and update firmware. This makes these devices potentially incredibly dangerous for patients. A criminal could research and reverse communication protocols and exploit vulnerabilities in a simple piece of software used in those tiny devices, for example changing the heart rate controlled by pacemakers, injecting incorrect doses of drugs or even making them show the wrong data — leading doctors to the wrong conclusions and causing them to make mistakes in their treatment.