McAfee Labs report finds cyberattacks target healthcare and social media
Computer security software firm McAfee Labs has released the findings of its Threats Report 2017 examining the rise of script-based malware.
Recent high-profile cyberattacks, such as WannaCry and NotPetya, meant that the healthcare industry surpassed the public sector to report the greatest number of security incidents in 2017.
Both WannaCry and NotPetya lacked the capabilities necessary to extort victims' ransoms and unlock their systems, according to McAfee, but the aim may have been disruption rather than extortion.
"It has been claimed that the two high-profile attacks may not have been successful due to the amount of money made," said Chief Scientist for McAfee, Raj Samani.
"However, it is just as likely that the motivation for the attacks was disruption, in which both campaigns were incredibly effective.
"We now live in a world in which the motive behind ransomware goes beyond making money - welcome to the world of pseudo-ransomware.”
Healthcare accounted for 26% of security incidents in Q2 in 2017, with the health, public and education sectors making up more than 50% of worldwide incidents in 2016-17.
The most likely causes of breaches in the healthcare industry were accidental disclosures and human error, but attacks have been on the rise since 2016.
Vicent Weafer, Vice President for McAfee, commented: “Data breaches in healthcare highlight the value of sensitive personal information organisations in the sector possesses.”
“They also reinforce the need for stronger corporate policies that work to ensure the safe handling of that information.”
McAfee Labs counted that there were 311 disclosed security incidents in Q2, which is a 3% increase from Q1, whilst 78% of those incidents took place in the Americas.
Social media is also under threat – the Faceliker Trojan accounted for 8.9% of the quarter’s 52 million newly detected malware samples.
Faceliker works by infecting a user’s browser the hijacking their Facebook likes to promote content without the user’s knowledge.
This then can earn money for the malicious parties by “making unknown apps or news articles appear more popular, accepted and legitimate,” says Weafer.
“Unknown actors can covertly influence the way we perceive value and even truth. As long as there is profit in such methods, we should expect to see more schemes like this.”
213% increase in cyber attacks on UK remote council workers
Cyber attacks on UK councils’ remote workers more than tripled during the pandemic, according to a series of Freedom of Information (FOI) requests. The requests made by Insight, a Fortune 500-ranked global provider of Intelligent Technology Solutions, found attacks rose by an average of 213% from March 2020 compared to the 12 months before.
On average councils switched 74% of their employees, more than double the UK average, and representing more than 1.4 million workers across the UK, to remote working during the pandemic. This presented many challenges such as having to adapt to a new way of working and being under budget pressures.
According to the FOI requests, only 20% made additional investments in security, investing an average of £46,000 – in all cases taken from the wider IT budget. As a result, investments in security came at the expense of other IT services. With increased remote working set to continue in 98% of councils, attacks targeting employees at home will likely continue to increase, especially if investing in security doesn’t become a priority.
Eliminating gaps in security is key
“The fact that councils could move their employees to remote working without disrupting services needs to be recognised for the major achievement it was,” said Darren Hedley, Managing Director, UK & Ireland at Insight. “However, councils now need to build on this success: putting in place and strengthening defences to protect remote workers and eliminate gaps in security that could allow attackers to threaten essential services. It’s likely that many councils cannot do this alone. They need support and resources from central Government, or else we will see more and more employees and councils falling victim to attackers.”
It was found that less than half (47%) of councils invested more of their security budget in increased security training for remote workers. At the same time, only 6% prevented any employees from working remotely because it wasn’t possible to guarantee secure access to data.
“Clearly the priority in 2020 was enabling remote working, but more than a year into the pandemic it’s worrying that many councils still haven’t been able to assess their security posture,” said Charlotte Davis, Cyber Security Practice Lead, Insight. “These assessments need cover the entire threat landscape, including third party risks, and honestly analyse gaps in the organisation’s security posture. Once this is in place, councils can take the appropriate action to repair any gaps, from investing in technology, to building security awareness and putting frameworks in place so employees can follow best practice. Doing this will demand time and resources, so it’s essential that councils are given the support they need.”