Positive Technologies: healthcare institutions received more attacks than the finance sector in 2018

Among major trends of 2018, Positive Technologies experts found an increase in targeted and data-theft attacks. The attackers also seemed to particularly target medical records.

Summarizing the outcomes of 2018, the report ‘Cybersecurity Threatscape 2018: Trends and Forecasts’ by Positive Technologies noted an increase in the share of targeted attacks that grew throughout the year, reaching 62 percent in Q4. By and large, targeted attacks became the favorite method of attackers (55 percent) in 2018, unlike the previous year.

In 2018, the number of unique incidents grew by 27 percent compared to the previous year. Attacker activity was at its peak in February, May, July, and at the end of the year, which according to experts can be linked to major sports competitions, such as the Winter Olympic Games and the FIFA World Cup.

In 2018, healthcare institutions in the U.S. and Europe were at the centre of attention from hackers, receiving more attacks than the banking and finance sector. In addition to stealing medical information, hackers also demanded ransom for restoring the operability of computer systems. Hospitals were ready to pay hackers, due to patient lives being at stake. According to experts, attackers got hold of the personal data and medical information of more than 6 million people.

Almost a quarter of attacks (23 percent) hit individuals. As for organisations, government institutions suffered in 19 percent of cases, whereas healthcare and financial institutions were targeted in 11 and 10 percent of cases, respectively.

In most cases, attackers hit corporate infrastructure (49 percent) and websites (26 percent).

The report also includes major findings such as:

  • The number of attacks aimed at data theft keeps growing. A statistical analysis of 2018 showed that attacker interest was mainly focused on personal data (30 percent), credentials (24 percent), and payment card information (14 percent).
  • DDoS attacks have became more powerful with 2018 marked by the two biggest DDoS attacks in history, reaching 1.35 and 1.7 terabits per second. IT companies were the second-most common target of DDoS attacks, after government institutions. Hackers disrupted the operations of internet service providers and game companies, which are particularly sensitive to downtime and equipment disruption.
  • In 2018, malware was used in 56 percent of attacks. Such popularity is caused by the fact that malicious software is becoming more and more readily available each year, which has reduced the barrier to entry for cybercriminals. Attackers mostly used spyware and remote administration malware to collect sensitive information, or gain a foothold on systems during targeted attacks.
  • As cryptocurrencies fell in price and mining became more difficult, the number of cyber incidents with miners decreased. The share of miners diminished from 23 percent in Q1, to only 9 percent in Q4 2018.
  • 2018 also saw a significant increase in social engineering, with hackers now using it in every third attack. Various communication methods are leveraged, including email, chat clients, phone calls, SMS messages, and even postal mail.

"Boundaries between cybercrime and other criminal activity are rapidly blurring," says Leigh-Anne Galloway, Cyber Security Resilience Lead at Positive Technologies. "A lot of attacks involve the theft of data rather than the theft of funds. Hacking computer systems may be only a first step in a major fraud scheme, or tool for a cyberwar. Stolen data can be used both against individuals, for example by taking out loans in someone else's name, and against organizations and even governments - such as by stealing other people's technologies and inventions.”