Positive Technologies: Ransomware strikes entire cities

Governments and healthcare organizations are subject to frequent ransomware attacks

Positive Technologies has published a roundup of Q2 2019 cyberattack activity which found that 59 percent of attacks in Q2 were targeted, a large increase from 47 percent in Q1. The report highlights that governments are a prime target for ransomware. Positive Technologies experts also noted a revival of cryptojacking, likely due to Bitcoin quickly rising in value and attackers continuing to develop software for stealthy mining.

Data theft remains a top priority for digital criminals, with more than half of attacks in Q2 performed to steal data. A high number of attacks on organizations (29%) targeted personal data and attacks on individuals most often targeted account credentials and payment card information (44% and 34%, respectively, of all data stolen from individuals). Financial gain was the motivation behind 30 percent of attacks on organizations and 42 percent of attacks on individuals.

Leigh-Anne Galloway, Cyber Security Resilience Lead at Positive Technologies said: "Companies often store large databases with personal data and credentials of their clients, and criminals are also interested in usernames and passwords of the employees of target companies. As for individual users, the public has a bad track record when it comes to securing their accounts. They use weak passwords or re-use passwords across sites, enter passwords for websites without checking their authenticity, and also give out information that could help an attacker to guess their password. This is why credentials and payment information are such a high target."

Attacks against governments

Malware infections hit governments more than in the previous quarter (62% in Q2 vs. 44% in Q1). The main attack they were subject to was ransomware. One such attack in early May disabled the entire IT infrastructure of the city of Baltimore. City leaders estimate damage at over $18 million. Other American cities have suffered as well. The information systems of Greenville were infected with ransomware in April. And in June, the cities of Lake City and Riviera Beach were forced to pay ransoms worth a total of more than $1,000,000 after their IT infrastructure failed to repel attackers.

As detailed in the report, phishing can also deliver financial blows to local governments. Most recently, Burlington (Canada) paid out $503,000.

Government-related websites also continue to draw hackers. This April, three websites of the FBI National Academy Association were hacked, resulting in the leak of personal data for around 4,000 federal agents and law enforcement personnel.

Attacks against the healthcare industry

Healthcare is another tempting target for hackers. By disabling IT systems, malware can be especially dangerous with healthcare as it has the potential to harm both the institution and its patients. An April ransomware attack on JFJ Eyecare Ltd. resulted in encryption of patients' personal data.

Healthcare employees often are on the receiving end of phishing attacks, as happened in Canada. Attackers succeeded in obtaining the username and password of an employee of a Nova Scotia clinic, putting data for nearly 3,000 patients at risk.

The report notes that hacks of healthcare information can target not only patients, but employees as well. Packages of doctor identity documents have appeared for sale for $500 on the dark web including medical diplomas, board recommendations, and licenses to practice.

The severity and nature of these attacks against the healthcare industry are particularly alarming,” said Galloway. “However, there are simple ways in which organizations - in healthcare and beyond - can better protect themselves and the public, as well as through the use of proven security solutions. Companies need to learn to protect their data - encrypt sensitive information, minimize access with strong authentication methods, and enforce good password sanity. They can also go a long way by simply making sure their tech is monitored and current – update software, quickly implement patches, and pentest your company to make sure your data really is secure.”