Cybercriminals are becoming more clever with attacks, as the number of incidents in healthcare doubles.
Healthcare has seen the largest increase in the number of cyber-attacks over the last year, a new report from McAfee has revealed.
The security provider has revealed its quarterly McAfee Labs Threats Report, which has found ransomware grew by 35% in 2017 as well as Mac OS malware increased by almost a quarter (24%).
McAfee found in the healthcare industry the number of cyber threats found in every second has doubled. McAfee’s report looks at the latest trends in cyber threat growth, revealing the number of cyber threats found totals 478 every minute.
Looking at the healthcare sector; the number of publicly disclosed security incidents in the healthcare industry decreased by 78% in the fourth quarter of last year. However overall figures demonstrate a severely concerning number of attacks across the entire year, totalling a 211% increase overall in 2017. The majority of these incidents were found to be caused by organisations failing to comply with security practices.
“Healthcare is a valuable target for cybercriminals who have set aside ethics in favour of profits,” Christiaan Beek, McAfee Lead Scientist and Senior Principal Engineer, said. “Our research uncovered classic software failures and security issues such as hardcoded embedded passwords, remote code execution, unsigned firmware, and more. Both healthcare organisations and developers creating software for their use must be more vigilant in ensuring they are up to date on security best practices.”
In addition to poor organisational security management, the findings also revealed the increase in security incidents was due to changing tactics from cybercriminals. Hackers are diversifying their strategy, moving away from traditional methods of ransomware and instead practicing hijacking into the likes of Bitcoin and Monero wallets.
The report also found cybercriminals targeting users through the use of Android mobile apps, as well as Mac OS software attacks. For example, the number of mobile malware attacks increased by over half (55%) as well as Mac OS devices seeing an increase in attacks growing by 58% in total over 2017. Cybercriminals have also increased the use of file-less malware, leveraging Microsoft PowerShell, which grew by 267% in Q4 2017.
“By going digital along with so many other things in our world, crime has become easier to execute, less risky and more lucrative than ever before,” said Steve Grobman, chief technology officer for McAfee. “It should be no surprise to see criminals focusing on stealthy file-less PowerShell attacks, low risk routes to cash through cryptocurrency mining, and attacks on soft targets such as hospitals.”
Experts from McAfee admitted that not all incidents are publicly disclosed, but when GDPR is implemented this will inevitably change as it will be legal requirement for businesses. Therefore, security precautions may increase if organisations realise all incidents must be reported.
“The rise in security incidents across Europe during Q4 is worrying, but we know not all incidents are reported. This will change when the GDPR comes into force in May, when non-compliance could lead to negative brand impact that could easily be more costly than fines from the regulators,” Nigel Hawthorn, Data Privacy Expert at McAfee, said. “Cyber threats have never been more of a concern and with cyber criminals often targeting personal data, a privacy first IT philosophy is a must.”