Ransomware actors continue to target the U.S. healthcare sector, cybercriminals are increasingly using malware to steal data and provide persistent access to healthcare networks, and legitimate penetration tools are being used to mask malicious activity amongst genuine use of these tools by red teams.

These are some of the findings from the latest Global Threat Intelligence Report from Blackberry, which is based on threats detected by its Cylance Endpoint Security solution over 90 days from December 2022 to February 2023. During that time, Blackberry detected up to 12 cyberattacks per minute and identified a massive increase in unique attacks using new malware samples, which increased by 50% from 1 per minute to 1.5 per minute in the most recent reporting period.

The United States remains the most targeted country, although there has been a change in focus elsewhere, with Brazil now the second most targeted country followed by Canada. The same industry sectors are favored, with financial services, healthcare, and food/staples accounting for 60% of all malware-based attacks. The most commonly detected malware were droppers, downloaders, remote access tools (RATs), and ransomware.

Blackberry detected an increase in cyberattacks using the Agent Tesla RAT, RedLine initial access and information stealer, Emotet downloader, and BlackCat ransomware, all of which have been used in attacks on the healthcare sector. Over the 90 days, BlackBerry detected and blocked 5,246 unique malware samples that had been used in attacks on its healthcare provider clients, with an average of 59 new, unique malware samples blocked each day. Over the 90 days, BlackBerry blocked 93,000 individual attacks on its healthcare clients.

The biggest malware threat faced by the healthcare industry was Emotet. While Emotet started out as a banking Trojan, it is now primarily a botnet-driven malware dropper that is used to deliver a range of malicious payloads for other cybercriminal groups. Emotet is capable of self-propagation and lateral movement and is used to deliver malware and ransomware payloads. The RedLine information stealer was also a top threat to the healthcare sector.

Ransomware gangs continue to pose a major threat, with BlackCat and Royal both aggressively targeting the healthcare sector. BlackCat is believed to include former affiliates of the DarkSide and BlackMatter ransomware operations and has been active since November 2021 and there are indications that attacks are widening. Royal ransomware is a relatively new ransomware group that first appeared in September 2022. The group is thought to include some highly capable and experienced individuals, including members of the now-defunct Conti ransomware operation.

The healthcare industry is being targeted by initial access brokers, who compromise healthcare networks and then sell access to ransomware gangs, with access often gained through credential theft. BlackBerry also detected widespread use of the penetration testing tools Cobalt Strike and Brute Ratel, with malicious use of the former a significant threat to the healthcare sector. Nation-state actors and cybercriminals have been observed using these tools.

BlackBerry expects ransomware affiliates to continue to target hospitals and medical organizations for the foreseeable future, especially in countries that support or provide funding to Ukraine, with BlackCat, Royal, and LockBit 3.0 expected to continue to pose a threat to the healthcare sector. Healthcare, along with other critical infrastructure sectors, will likely be targeted by financially motivated as well as politically motivated actors over the coming months and BlackBerry also warns that AI is likely to be increasingly used for attack automation and deep fake attacks. Deep fake attacks have gained significant traction in recent months.

The post Healthcare Industry Facing Increased Malware and Ransomware Threats appeared first on HIPAA Journal.

The National Institute of Standards and Technology (NIST) is in the process of updating the NIST Cybersecurity Framework (CSF) 1.1 and plans to release the complete draft version 2.0 in the summer. A discussion draft has been published that includes updates to the Core elements of the Framework and NIST is seeking concrete suggestions on how the Framework can be improved ahead of the publication of the complete draft. The NIST CSF 2.0 Core covers the outcomes across the 6 Functions, 21 Categories, and 112 Subcategories and includes a sample of potential new CSF 2.0 Informative Examples. The discussion draft is not complete and is preliminary, and has been released to improve transparency and inform the development of the complete draft.

Modifications have been made to the NIST CSF 1.1 to increase clarity, ensure a consistent level of abstraction, address changes in technologies and risks, and improve alignment with national and international cybersecurity standards and practices. NIST has received comments confirming version 1.1 of the Framework is still effective at addressing cybersecurity risks but felt an update was required to make it easier for organizations to address current risks and future cybersecurity challenges more effectively.

NIST received 92 written responses to its January 2023 CSF 2.0 concept paper, feedback from working sessions and workshops, 134 written responses to its February 2022 NIST Cybersecurity RFI, and suggestions at conferences, webinars, roundtables, and meetings around the world. All feedback has been considered when crafting the update to the Framework.

Specifically, NIST seeks feedback on whether the cybersecurity outcomes detailed in the discussion draft address the current challenges faced by organizations, are aligned with existing cybersecurity practices and resources, and whether the updates address the submitted comments. NIST said suggestions can also be submitted on any aspects of the framework where further improvements can be made, including the content, format, and scope of the implementation examples.

NIST has confirmed that updates will be made to other elements of the Framework and said there is still much work to be done ahead of the planned summer release of the complete draft of NIST CSF 2.0.

The discussion draft can be viewed/downloaded here.

The post NIST Releases Discussion Draft of NIST CSF 2.0 Core appeared first on HIPAA Journal.