As hackers become more sophisticated, it is important to keep up to date with new threats. There are two new threats that are concerning in that they are difficult to recognize and detect. One of these threats is a very convincing phishing scam, while the other is a malicious encryption scheme that evades ransomware detection software. Although these are not necessarily healthcare cybersecurity threats, they target businesses across all sectors, so healthcare organizations must be vigilant.
Phishing Scam Posing as Large Retailers
There is a new phishing scam that has been reported that is particularly difficult to recognize. This is because it differs from normal phishing schemes, in that instead of directing recipients to click on a malicious link or download a malware infested document. The email poses as large retailers, such as Amazon and PayPal, notifying recipients of a large purchase made on their account. The email then prompts recipients to call if they didn’t make the purchase, providing a contact number that is in fact the scammer’s phone number, not a company’s representative.
Recipients that place the call will be connected to a scammer that will try to obtain as much personal information as possible. This information may include account names, passwords and bank details. In some cases, the scammer will trick recipients into transferring money to a fake account or attempt to install malware on their computers.
This scam can target both businesses and individuals, and is so concerning because many people use the same login credentials across multiple platforms. As such, login credentials stolen in a phishing scam can be used to access a healthcare employee’s system, thus risking the security of the entire organization. When receiving an email about a large purchase, unconfirmed login, or other alert, it is best to look up the company’s contact information on your own, rather than trust the information provided in the email.
LockFile Ransomware Avoids Detection
LockFIle is a new ransomware threat that uses intermittent encryption to avoid detection from ransomware protections. This threat specifically affects Windows users, as it exploits known flaws to gain access to Windows servers. Once deployed, the malware encrypts only every other 16 bytes of a file, allowing it to avoid detection.
Mark Loman, Sophos director of engineering said in a statement, “Partial encryption is generally used by ransomware operators to speed up the encryption process and we’ve seen it implemented by BlackMatter, DarkSide and LockBit 2.0 ransomware. What sets LockFile apart is that, unlike the others, it doesn’t encrypt the first few blocks. Instead, LockFile encrypts every other 16 bytes of a document. This means that a file such as a text document remains partially readable and looks statistically like the original. This trick can be successful against ransomware protection software that relies on inspecting content using statistical analysis to detect encryption.”
The ransomware uses the Windows Management Interface to terminate virtualization software and database critical processes, and then proceeds to partially encrypt files. Once it has finished encrypting files, the ransomware deletes itself, preventing antivirus software or incident responders from being able to find or clean up the ransomware.
Loman furthered, “The message here for defenders is that the cyberthreat landscape never stands still, and adversaries will quickly seize every possible opportunity or tool to launch a successful attack.”
Healthcare Cybersecurity Threats: Keeping Your Organization Protected
As healthcare cybersecurity threats have become more prevalent, it is more important than ever to protect your patients’ protected health information from exposure. Healthcare organizations that are HIPAA compliant are less likely to fall victim to healthcare cybersecurity threats, as HIPAA compliance mandates the implementation of advanced cybersecurity practices. It is also important to keep informed of new threats to your security, which is best done by having dedicated IT support to monitor your cybersecurity health.
