What to Know About Malware as a Service and More

What is Malware as a Service?

It’s easy for a budding cybercriminal to carry out a malware or ransomware attack today. There are many subscription-based models that allow anyone to acquire malware and ransomware services. These are often inexpensive – a ransomware toolkit can be purchased for less than $500 – and some even offer money-back guarantees. Ransomware is a favorite method for cybercriminals looking to monetize attacks, especially in the healthcare industry, where victims may panic and pay the ransom to avoid operational disruptions.

Attackers will adjust their methods to be “specifically tailored to their targets”, according to Microsoft. They use the wealth of personal information freely available on the Internet to engineer highly targeted spear-phishing attacks. Users click a link in the phishing email and go to a website that mirrors a familiar system’s login page. When users enter their credentials, criminals use them to gain access to the healthcare network and inject malware to encrypt sensitive data until a ransom is paid.

Even if the organization decides to pay the ransom, there is no guarantee that the criminals will decrypt and restore the data. Worse still, recent ransomware variants are posting data online, forcing targeted healthcare organizations to pay fines and rush to notify users and relevant regulators.

READ MORE: In healthcare, hackers are playing the long game with ransomware.

What Can Healthcare Organizations Do About Malware as a Service?

Prevention is the best defense against malware and ransomware, especially as these attacks become easier to perpetrate.

To combat malware as a service, healthcare organizations should perform regular network and system backups, ensuring that the backed up data cannot be modified or deleted. They should combine this with strong and frequent security awareness training and phishing drills. Ensure security solutions are up to date and critical system vulnerabilities are patched.

What is cryptojacking and how does it impact healthcare?

The advent of cryptocurrency has been a boon for cybercriminals. They often require the organization to pay the ransom in cryptocurrency, so the digital transaction is difficult to trace. They can also take over multiple systems while carrying out cryptojacking attacks.

Because successful cryptocurrency mining requires enormous computing power to run the mining code, criminals “cryptojack” the vast amounts of power found in healthcare systems to covertly mine cryptocurrency for themselves.

Although it does not pose a direct threat to the network and patient data, cryptojacking can cause decreased performance and, in some cases, overheating of critical systems. As with Malware as a Service, cryptojacking kits are readily available, some for under $100.

DISCOVER: How healthcare organizations can prevent cryptojacking.

What can healthcare organizations do against cryptojacking?

Vigilance is key to detecting cryptojacking. Regularly scan your network for abnormal CPU spikes, which could indicate this type of attack. Deploy web filtering tools that help employees and users avoid dangerous websites and use browser extensions that can block some known cryptominers. As with all security measures, be sure to keep systems up to date.

What is fileless malware and what is its impact on healthcare?

Another threat to healthcare organizations comes in the form of fileless malware. Instead of planting malicious code on a system, this type of attack exploits legitimate built-in system tools such as the Windows Registry. Attackers must have access to the environment to modify the native tools according to their needs. To do this, they can use exploit kits that scan for vulnerabilities.

Attackers also use fileless techniques for ransomware, embedding malicious code into documents via macros or hacking tools such as PowerShell to encrypt files, all without writing a single line of code.

What can healthcare IT teams do about fileless malware?

Normal defense tools such as anti-malware, whitelisting, and AI-based solutions are important, but they need to be supplemented with behavioral analysis tools that can detect unusual code execution, lateral movements and other suspicious actions that may indicate an attack. Use centralized management systems such as security information and event management to help your team detect the real threats from a multitude of alerts.

EXPLORE: How mature security analytics can be a weapon against cyber threats.

The Importance of Expanding Defenses in Healthcare

Security attacks are many and varied, but there is a set of basic practices that can help healthcare organizations resist them. Performing regular, tested, tamper-proof backups and keeping systems up to date are essential steps.

Equally important is patching known vulnerabilities in critical systems. Security awareness training can also help combat the many phishing, spear-phishing, and other email compromise attacks that seek to gain a foothold in your network. Being vigilant can be the key to resisting emerging threats.