The health care sector continued to face a high volume of cyberattacks in the past few months as infostealing malware rose in popularity, BlackBerry stated in its latest Global Threat Intelligence Report.
Produced quarterly, the report examines cyber threat trends and cyber challenges faced by private and public sector entities and covers attacks logged between March and May 2023. Throughout that 90-day period, BlackBerry observed threat actors deploying approximately 11.5 attacks per minute, including 1.7 novel malware samples per minute.
The latter figure represented a 13% increase from the previous reporting period, “demonstrating that attackers are diversifying their tooling in an attempt to bypass defensive controls, especially those legacy solutions based on signatures and hashes,” BlackBerry stated.
Health care and financial services were the top two most targeted sectors during the reporting period. The last report, released in April, showed similar results, with health care, financial services, and food and staples retailing receiving 60% of all malware-based attacks.
While the last report highlighted an increase in SEO poisoning in health care, the latest iteration focused on the proliferation of info-stealing malware, or infostealers. Infostealers live in infected computers and gather information, allowing attackers to exploit organizations and obtain credentials.
“The most prominent attacks were made using commodity malware, particularly infostealers such as RedLine. Another prevalent threat was Amadey (a bot linked to a botnet of the same name), which can perform reconnaissance on an infected host, steal data, and deliver additional payloads,” the report stated.
“Threat actors also used malware families such as Emotet, IcedID, and SmokeLoader to target the health care sector. A commonality in these attacks on health care providers is that they employ infostealing malware that can also deliver additional malicious payloads.”
BlackBerry highlighted the factors that contribute to health care being so frequently targeted by threat actors. Namely, the value of protected health information (PHI) as well as the high-stakes nature of the industry create a perfect storm for threat actors, who believe they can pressure health care providers into paying ransoms.
BlackBerry logged a variety of attacks against health care, from a ransomware attack on Spanish hospital Clínic de Barcelona to an attack on Mumbai-based pharmaceutical manufacturer Sun Pharmaceuticals claimed by ALPHV/BlackCat ransomware.
“These varied attacks demonstrate that the health care industry is an attractive target for all types of threat actors. Because health care organizations typically hold sensitive data and provide critical services, the number of attacks against this industry is likely to rise,” the report suggested.
As threat actors continue to change up their tactics and create unique malware, health care institutions must remain on high alert. BlackBerry encouraged organizations to learn about threat actor profiles and common tactics to aid in threat hunting and incident response.
“Ransomware remains an ongoing threat to both financial and health care institutions. Based on our telemetry from this and the previous reporting period, these two industries are likely to remain heavily targeted,” the report continued.
In future months, BlackBerry threat researchers predicted that sophisticated phishing campaigns, generative AI, and additional breach disclosures stemming from the MOVEit Transfer vulnerability would be at the forefront of cyber threat developments.