Positive Technologies: ransomware targets medicine

Over 50 percent of attacks on healthcare institutions disrupted their main activity

Positive Technologies analyzed the Q4 2021 cybersecurity threatscape. The study showed that compared to Q3, the total number of attacks rose, the number of phishing campaigns and attacks on mobile devices of individuals increased, and healthcare became the most attacked sector.

According Positive Technologies, Q4 2021 saw a 7.2 percent rise in the number of cyberattacks against the previous quarter. Experts attribute this rise to the revival of ransomware and the active exploitation of network infrastructure vulnerabilities (38% compared to 33% in Q3 2021). Most often, the targets were medical organizations, government agencies, and industry.

Positive Technologies draws attention to a curious trend seen toward the end of the year—the refusal of many organizations to pay ransoms to attackers. In addition, the decision of businesses on whether to pay up may soon be influenced by the need to publicly report such payments—as proposed by the U.S. Senate. Another reason why companies refrain from paying criminals is because of reputational risks: according a Cohesity survey, 47 percent of respondents said they would lose confidence in a company if it did not report an attack, and 22 percent claimed that a company would lose their trust if it paid a ransom.

Positive Technologies analyst Fedor Chunizhekov notes: "The tendency not to pay ransoms to cybercriminals may lead to a decrease in profits from attacks, which does not play into the hands of operators and developers of ransomware, since they incur large costs for malware development and distribution."

According to the study, due to the close attention of law enforcement agencies, the percentage of attacks on state institutions in Q4 2021 halved compared to Q3.

"In Q4, healthcare organizations ranked first among the sectors most attacked," says Ekaterina Kilyusheva, Head of the Information Security Analytics Research Group at Positive Technologies. "Obtaining sensitive information was the target of cybercriminals: 62 percent of cyberattacks resulted in a leak of personal or medical information (39% and 36%, respectively, of the total share of stolen data). In most cases, ransomware was used, which led to negative consequences. For example, the Conti ransomware attack seriously affected the provision of medical services in one of the Canadian provinces and disrupted information systems, forcing regional healthcare centers to cancel chemotherapy appointments, X-rays, surgeries, and other services. Communications were also hit, with people reporting being unable to contact emergency services."

The study revealed a significant number of cyberattacks involving botnets 1: this figure doubled compared to Q1 2021, and DDoS attacks 2 using botnets showed record-breaking power level; such attacks seriously affect the availability of services for users. In addition, attackers actively use botnets to deliver and distribute malware. This caused existing botnets to expand in Q4, and may also prompt a surge in infections with various malware types, the emergence of new networks of infected devices, and an increase in the power level of new DDoS attacks in the future.

The Positive Technologies study notes a rise in the number of mass phishing campaigns and attacks on individual mobile devices: in late 2021, social engineering was used in 90 percent of cases, while mobile devices were targeted 9 percent more than in Q3 2021. To a greater extent, attacks were aimed at obtaining personal data and credentials of both organizations and individuals, as confirmed by the share of leaks of sensitive information, which increased by 6 percentage points and 10 percentage points, respectively, compared to the previous quarter.

  1. A botnet is a network of devices infected with malware that allows attackers to connect to and control devices remotely.
  2. A DDoS attack is a distributed attack aimed at creating an excessive load on the server and causing it to fail. In such attacks, users cannot access the system (or access is hindered).