Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

3/17/2021
01:00 PM
Greg Foss
Greg Foss
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
100%
0%

COVID, Healthcare Data & the Dark Web: A Toxic Stew

The growing treasure trove of healthcare data is proving irresistible -- and profitable -- to bad actors.

As COVID-19 enters a new phase with vaccine rollouts, the amount of protected health information data being sold on the Dark Web has massively increased. Personal records such as COVID-19 test results and vaccine notifications are now available in large quantities, making the vaccine rollout a prime target for cybercriminals today.

We recently saw that documents accessed in the European regulator's systems were manipulated before being leaked on the Dark Web, creating concerns about ways they might be leveraged in the future. And given the track record of cybercriminals amid the pandemic, this is likely only the beginning.

Related Content:

Dark Web Forum Activity Surged 44% in Early COVID Months

Special Report: How IT Security Organizations Are Attacking the Cybersecurity Problem

New From The Edge: Realistic Patch Management Tips, Post-SolarWinds

Not only are healthcare organizations at risk, but researchers have already detected threats targeting individuals looking to access the vaccine, and even that personal data is being sold on the Dark Web. As the vaccine rolls out to the masses, and more personal data increases in value, we can expect cybercriminals to seize the opportunity to profit. 

According to recent data, an estimated 239.4 million attempted cyberattacks targeted VMware Carbon Black healthcare customers in 2020 alone. We also found an average of 816 attempted attacks per endpoint in 2020, representing a staggering 9,851% increase from 2019. In order to stop these threats from targeting healthcare organizations, and especially the deployment of the much anticipated vaccine, we all need to be educated on the types of threats that exist, and the steps we can take to protect ourselves and others from cyberattacks. 

Supply Chain Concerns Continue
Research has consistently shown that healthcare remains one of the most targeted and vulnerable industries to cyberattacks due to the sensitivity and value of the data it utilizes, as well as the difficulty of securing the disparate systems it uses. The increased focus on this sector by malicious actors due to the vaccine has only compounded this problem. Healthcare organizations have been tasked with the mammoth challenge of creating, distributing, and tracking the vaccine rollout in less than nine months.

In addition to looking for valuable data to sell on the Dark Web for monetary gain, we can also expect breaches to take a more destructive approach of targeting the coveted vaccine supply chain. This could ultimately result in delayed delivery of the vaccine to those who need it. 

Patients Are Not Safe From Personal Risks 
For individuals looking to get the vaccine, the cyber threats take on a different shape. We've already seen numerous attacks targeting those waiting for information about the timing and eligibility of the vaccine. These threats come in the form of watering hole attacks, where vulnerable consumers are duped by a phishing website, fake emails, or portals. Once on these sites, consumers are prompted to enter sensitive data in hopes they're one step closer to getting their vaccine. However, that personal information is then delivered directly to hackers. From there, the hackers take the data and sell it on Dark Web forums, offering broad promises from account breaches to identity theft to the highest bidder on the Web. 

I came across one example of these watering hole attacks recently from a security researcher on Twitter. The fake website, targeting consumers in Turkey, directs people to download an application to apply for their spot in line for the vaccine. In reality, consumers are downloading a popular banking Trojan known as Cerberus, which is then used to steal valuable data from their mobile device. 

Striving for Cyber Immunity
When the threats outlined above come together between healthcare organizations and patients, they present serious and potentially destructive consequences for the effectiveness of vaccine distribution. Not only is the rollout disrupted, but a loss in public trust due to breaches and continued threats needs to be avoided. There is a slew of misinformation online about the effectiveness of vaccines and the potential harm they can cause, but as we all strive to get back to some sort of normalcy, we can't risk letting that misleading information get in the hands of vulnerable consumers. I'd advise healthcare organizations to take the following precautions:  

  • Implement physical security controls and auditing around the vaccine storage solution.
  • Educate healthcare staff on the various cybersecurity risks related to their job.
  • Ensure the latest system and software patches are installed.
  • Implement and enforce multifactor authentication for all Internet-accessible services.
  • Log and monitor the usage of information systems, especially the access to sensitive data.
  • Conduct regular risk assessments and perform proactive threat hunting.
  • Use off-site data backup and test recovery periodically.

The sharp rise in attacks during the pandemic has left local governments and the hospital industry asking for increased federal help. The Department of Homeland Security unveiled $25 million in cybersecurity grants to put cybersecurity at the top of the government's agenda as a part of a larger security initiative, which is a great step in the right direction. Implementing safe cybersecurity hygiene to mitigate a digital pandemic and ensuring that the vaccine rollout goes smoothly and securely is critical.

When it comes to cybersecurity, vigilance is key. For both healthcare organizations and consumers awaiting the vaccine, stay alert and be proactive as your reputation and digital health, respectively, depend on it.

Greg Foss is a Senior Cybersecurity Strategist within VMware's Security Business Unit where he focuses on detection engineering, security efficacy, and bypasses across the diverse product line. Greg is a very active member of the Denver information security community and he ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?
Tim Sadler, CEO and co-founder of Tessian,  6/17/2021
Edge-DRsplash-10-edge-articles
7 Powerful Cybersecurity Skills the Energy Sector Needs Most
Pam Baker, Contributing Writer,  6/22/2021
News
Microsoft Disrupts Large-Scale BEC Campaign Across Web Services
Kelly Sheridan, Staff Editor, Dark Reading,  6/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-35210
PUBLISHED: 2021-06-23
Contao 4.5.x through 4.9.x before 4.9.16, and 4.10.x through 4.11.x before 4.11.5, allows XSS. It is possible to inject code into the tl_log table that will be executed in the browser when the system log is called in the back end.
CVE-2021-27649
PUBLISHED: 2021-06-23
Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2021-29084
PUBLISHED: 2021-06-23
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in Security Advisor report management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2021-29085
PUBLISHED: 2021-06-23
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in file sharing management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2021-29086
PUBLISHED: 2021-06-23
Exposure of sensitive information to an unauthorized actor vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to obtain sensitive information via unspecified vectors.