Federal agencies warn that cybercriminals are escalating their extortion attempts against the healthcare sector even as hospitals are facing a nationwide surge in Covid-19 cases.
In a joint alert, the FBI and two federal agencies warned that they had "credible information of an increased and imminent cybercrime threat to US hospitals and healthcare providers". The alert said malicious groups are targeting the sector with attacks that produce "data theft and disruption of healthcare services".
The alert said that a Russian-speaking criminal gang is targeting the healthcare industry with cyberattacks that produce "data theft and disruption of healthcare services." Ransomware attacks crippled at least five US hospitals last week alone, The Guardian reported.
We are experiencing the most significant cybersecurity threat we’ve ever seen"
The agencies suggested hospitals, practices and public health organizations take "timely and reasonable precautions to protect their networks from these threats" - which they said include targeting with Trickbot malware, "often leading to ransomware attacks, data theft, and the disruption of healthcare services" just as hospitals are also hard-pressed to respond to a third wave of the covid-19 crisis.
"We are experiencing the most significant cybersecurity threat we've ever seen in the United States," Charles Carmakal, chief technical officer at cybersecurity firm Mandiant, said in a statement.
Over the past five years, the originators of Trickbot have "continued to develop new functionality and tools increasing the ease, speed, and profitability of victimization," the agencies said. "What began as a banking trojan and descendant of Dyre malware, now provides its operators a full suite of tools to conduct a myriad of illegal cyber activities. These activities include credential harvesting, mail exfiltration, cryptomining, point-of-sale data exfiltration, and the deployment of ransomware, such as Ryuk."
🚨🚨🚨 Healthcare and Public Health sector partners - shields up! Assume Ryuk is inside the house. Executives - be ready to activate business continuity and disaster recovery plans. IT sec teams - patch, MFA, check logs, make sure you have a good backup point. https://t.co/j3cb26khHZ— Chris Krebs #Protect2020 (@CISAKrebs) October 29, 2020
The FBI noticed new Trickbot modules grouped under the name Anchor in 2019, the agencies said, "which cyber actors typically used in attacks targeting high-profile victims."
In September, a ransomware attack hobbled all 250 US facilities of the hospital chain Universal Health Services, forcing doctors and nurses to rely on paper and pencil for record-keeping and slowing lab work. Employees described chaotic conditions impeding patient care, including mounting emergency room waits and the failure of wireless vital-signs monitoring equipment.
More than a quarter of all cyber incidents detected by UK spies in the past year involved criminals and hostile states exploiting the coronavirus pandemic, according to the figures published in the annual report of the National Cyber Security Centre — a branch of signals intelligence agency GCHQ
According to the NCSC, UK spies detected 723 incidents in the year to September, of which 194, or 27%, related to coronavirus. The total number of incidents over the year increased by a fifth compared with the annual average of 602 since the centre opened in 2016.