H-ISAC Hacking Healthcare 10-21-2020 – Cybercrime

TLP White: This week, Hacking Healthcare continues with coverage on global cybercrime. We have a few new developments to examine before breaking down what they might mean for the healthcare sector. To begin, we try to put this year in cybercrime into perspective by delving into some recently reported statistics from an insurance firm. Next, we briefly examine the results of a major EU-US coordinated takedown of a criminal group that’s responsible for providing financial services to cybercrime gangs. Finally, we look at an interesting new report that suggests employees view stress and fatigue as the biggest factors in their ability to reduce cybercrime vulnerability, rather than a lack of training and awareness.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog (available in the Member Portal.)

Welcome back to Hacking Healthcare.

Cybercrime Profits Continue to Grow

First off, let’s talk numbers. While few are likely to doubt the underlying notion that COVID-19 has benefitted cybercriminals, numbers help put in perspective just how bad the problem has been over the past 12 months.

Hiscox, a Bermuda-based insurance provider, recently released its annual Cyber Readiness Report with some interesting findings. The report, which was compiled in collaboration with Forrester, is “based on a survey of executives, departmental heads, IT managers, and other key professionals” that are from organizations of various sizes and sectors across Europe and the United States.

Their findings show $1.8 billion in losses over the last 12 months, which is up 50% over last year.[1] Hiscox also reports that cyber losses for affected organizations rose “six-fold to a median of $57,000,” which is up from a $10,000 median the year before.[2] And for larger organizations of 100,000 or more employees, the median came out significantly higher at around $500,000. An interesting development that helps explain the massive rise in that median loss number is Hiscox’s report that the number of firms affected by a cyber event this year dropped by roughly 20 percentage points.[3]

Beyond loss totals, Hiscox described some other notable trends. Over the past year, they report that pharmaceuticals have jumped into their top five “Sectors Bearing the Most Pain,” and that malicious actors seem to be moving to targets with low tolerance for outages.[4] Additionally, while ransomware has stolen the spotlight recently, Hiscox notes that Business Email Compromise (BEC) is still exceptionally common and only marginally behind ransomware as an incident type.[5] Lastly, Hiscox noted some troubling statistics related to the long term impact of falling victim to a cyberattack. According to respondents who had been victims, 15% reported difficulty in attracting new customers in the wake of the attack, up from 5% last year, and 12% reported lost business partners as a result, up from 4% last year.

Action & Analysis

**Membership requiered**

Law Enforcement Authorities Strike Back 

Despite the troubling statistics and trends we’ve seen this year, it isn’t all doom and gloom on the cybercrime front. Last week, law enforcement authorities from the United States and Europe coordinated the takedown of an “Eastern European criminal group accused of trying to launder tens of millions of dollars” that were the product of cybercrime.[6] In total, the coordinated action involved operations in 16 countries and has so far resulted in 20 arrests.[7]

The group, known as QQAAZZ, is believed to be made up of individuals primarily from Bulgaria, Latvia, Georgia, and Romania. While the group itself wasn’t charged with carrying out cyberattacks, it is allegedly a key cog for many well-known cybercrime gangs who use its services to launder their ill-gotten gains. According to reporting, the group has hundreds of bank accounts set up around the world to launder cybercriminals’ funds, and they occasionally resort to cryptocurrency transfers.[8] Fourteen of QQAAZZ’s members have since been charged in the United States for conspiracy to commit money laundering.[9]

In late breaking news, this week also saw the United States formally indict six members of the Russian Main Intelligence Directorate (GRU) on a host of charges related to some of the most significant cyber attacks in recent history. The hackers, which are alleged to be behind NotPetya and the Ukraine power grid attacks, were charged with conspiracy to commit an offense against the United States, false registration of a domain name, conspiracy to commit wire fraud, wire fraud, intentional damage to protected computers, and aggravated identity theft.^[10] This is the latest in a number of recent indictments the United States has levied against criminal and state-sponsored international actors for cyber-related offenses. While unlikely to lead to any kind of a trial, the aggressiveness in indictments in recent months and the push to publicly name alleged offenders is noteworthy.

Action & Analysis

**Membership required**

COVID-19 Fuels Employee Cybercrime Fears

While organizations’ cybercrime analysis usually focuses on its relationship to the enterprise, a new study from PricewaterhouseCoopers (PwC) decided to examine its effects on employees. The recently released study sheds some light on how workers in the United Kingdom have been adjusting to remote work and the changing cybercrime environment. The results are notable if not all that surprising.

According to the study, 21% of workers feel more vulnerable to cybercrime since COVID-19 started.[11] Furthermore, “stress and fatigue” was the overwhelming choice for the most significant factor behind that feeling of vulnerability at 35%.[12] This may surprise some who may have predicted that a lack of skills and training to identify and respond to cybercrime, which came in second at 19%, would have been the larger issue.[13] Additionally, nearly a third of survey respondents stated they believe they have observed a rise in potentially criminal and malicious advertisements, emails, and links.[14]

Action & Analysis

**Membership required**

Congress –

Tuesday, October 20th:

– No relevant hearings

Wednesday, October 21st:

– No relevant hearings

Thursday, October 22nd:

– No relevant hearings

International Hearings/Meetings –

– No relevant hearings

EU –

Tuesday, October 20^th:

– European Commission – Hearing – “The organisation of resilient health and social care following the COVID-19 pandemic”

Sundries –

White House Strategy Names 20 Emerging Technologies Crucial to National Security

https://www.nextgov.com/emerging-tech/2020/10/white-house-strategy-names-20-emerging-technologies-crucial-national-security/169293/

Singapore releases AI ethics, governance reference guide

https://www.zdnet.com/article/singapore-releases-ai-ethics-governance-reference-guide/

Data watchdog issues biggest ever fine over airline cyberattack

https://www.zdnet.com/article/data-watchdog-issues-biggest-ever-fine-over-airline-cyberattack/

Conferences, Webinars, and Summits –             

https://h-isac.org/tmp24/events/

Contact us: follow @HealthISAC, and email at contact@h-isac.org

[1] https://www.hiscox.co.uk/sites/uk/files/documents/2020-06/Hiscox_Cyber_Readiness_Report_2020_UK.PDF

[2] https://www.hiscox.co.uk/sites/uk/files/documents/2020-06/Hiscox_Cyber_Readiness_Report_2020_UK.PDF

[3] https://www.hiscox.co.uk/sites/uk/files/documents/2020-06/Hiscox_Cyber_Readiness_Report_2020_UK.PDF

[4] https://www.hiscox.co.uk/sites/uk/files/documents/2020-06/Hiscox_Cyber_Readiness_Report_2020_UK.PDF

[5] https://www.hiscox.co.uk/sites/uk/files/documents/2020-06/Hiscox_Cyber_Readiness_Report_2020_UK.PDF

[6] https://www.cyberscoop.com/qqaazz-department-of-justice-europol-money-laundering/

[7] https://www.cyberscoop.com/qqaazz-department-of-justice-europol-money-laundering/

[8] https://www.cyberscoop.com/qqaazz-department-of-justice-europol-money-laundering/

[9] https://www.documentcloud.org/documents/7232024-20-295-Nazarovi-QQAAZZ.html#document/p2

[10] https://arstechnica.com/tech-policy/2020/10/six-russians-accused-of-the-worlds-most-destructive-hacks-indicted/

[11] https://www.infosecurity-magazine.com/news/uk-workers-vulnerable-cybercrime/

[12] https://www.infosecurity-magazine.com/news/uk-workers-vulnerable-cybercrime/

[13] https://www.infosecurity-magazine.com/news/uk-workers-vulnerable-cybercrime/

[14] https://www.infosecurity-magazine.com/news/uk-workers-vulnerable-cybercrime/

• Related Resources & News
• Health-ISAC Hacking Healthcare 8-26-2024
• What is Threat Intelligence? A Comprehensive Overview
• Why Cybercriminals Target Healthcare Data and How Organisations Can Protect Themselves
• Federal Authorities Work to Boost Health-Care Cybersecurity
• Health-ISAC Hacking Healthcare 8-9-2024
• Health-ISAC Medical Device Blog – VEX
• Podcast: Health-ISAC Featured in Cyberwire Daily episode 2021
• Health-ISAC Hacking Healthcare 8-2-2024
• Protecting Healthcare Organizations with Human-Centric Email Security
• American Hospital Association and Health-ISAC Joint Threat Bulletin