Hackers shifted to target financial relief and healthcare during the pandemic: Keysight report

The mechanisms of cyber attacks in 2020 were not new — phishing, ransomware for financial gain and supply chain attacks were the primary trends of concern, according to Keysight Technologies’ fourth annual security report. But the tenor of attacks changed, because hackers used the Covid-19 pandemic to set their strategies and targets.

As the world grappled with the coronavirus pandemic, hackers targeted financial relief from governments to the people most impacted by the economic fallout, sought to scam people out of personal information through covid-related hoaxes and attacked healthcare providers whose digital information was more vital than ever. “Cybercriminals have shown that they are opportunistic in nature. If they know of a weakness, technological or human, they will try to take advantage of it,” Keysight noted — and in 2020, the lifelines of financial relief and healthcare were targeted ruthlessly.

Keysight reported a 62% increase in phishing attacks in 2020 compared to the year before, including a rapid increase just as the pandemic hit the U.S. in March and April, followed by a ramp-up of ransomware attacks in June that continued through the second half of the year. People trying to get financial or healthcare assistance found themselves targeted by phishing scams, which often directed them to fraudulent websites that looked like they belonged to a financial institution. Keysight said that 61% of Covid-19-related phishing pages were created in the first three months of the transition to working from home.

While ransomware attacks were directed across all industries, Keysight said that healthcare was hit especially hard and that “strain on healthcare providers last year made them especially attractive targets.” In some cases, hackers pledged not to attack healthcare-related targets — but in at least one case that Keysight cited, the bad actors then turned right around and did so, using malware to steal testing data and publish it online along with personal information. Hackers are increasingly combining demands for money with threats to release data, particularly data that will trigger regulatory penalties if it is published, the report said.

Meanwhile, the SolarWinds hack brought supply chain security into stark relief. “The supply chain continues to be a weakness since the infamous Target point of sale breach in 2013 brought this type of risk to the forefront,” Keysight said. “The SolarWinds attack reinforces the need for security architects to embrace a holistic and
comprehensive approach.”

“There is a tendency to think of your supply chain as outside entities that either supply you with software
and hardware components or the supplies you use when building your product,” the security report said, adding “Your supply chain is more than just your components. … [It] is anything critical to the operation of your business. This includes everything from your utilities, to your email, to your cloud provider, and perhaps even your coffee supplier. If you can’t do business without it, or if corruption or interruption to something you use causes you to lose time, money, or revenue, then it’s part of your supply chain and it’s important.”

The report wryly pointed out that “For most of us, 2021 still feels like the extended dance mix of 2020” — and this holds true for security concerns as well.

“Phishing and additional social engineering attacks will continue to take advantage of pandemic-related headlines, as we’ve seen with bogus testing and vaccination scams,” Keysight’s security team concluded. “And now that vaccines are available, expect to find cyber criminals moving on to target vaccination registration. This means that people looking to get vaccinated need to be educated to recognize a vaccination scam and must be aware that bad actors target personally identifiable information (PII) in a healthcare setting. Avoid clicking on links in emails and text messages; go directly to your trusted healthcare site and find the registration link. And next year, we expect to see the same criminal activity around booster shots.”

Even more emphatically, the security team said that “We believe 2021 is the year that the network security for 100% of enterprises will reach the compromised status level, whether the organizations know it or not.

“The impacts of work from home, the move to support remote workers, and lack of preparedness have offered the bored cybercriminal with a plentiful supply of targets,” the report continued. “Additionally, cybercriminals have continued to enhance their capabilities. They had a lot of time on their hands in 2020 to work on and improve their tools of the trade. This year will be filled with this realization as we uncover the artifacts of malicious activity in our networks. The faster we get to the point where we can find them, the sooner we’ll be able to work on remediating the situation.”

Comments are closed.