The Maturity Paradigm

In healthcare we have an insatiable appetite to adopt new technology

Should we be worried

About state-sponsored attacks against hospitals?

Security and the Board Need to Speak the Same Language

How security leaders speak to thier C-Suite and Board can make all the difference

Who'd want to be a CISO?

Challenging job, but increasingly well paid

Medical Tourism - Growing in Popularity

Safe, fun, and much, MUCH more cost-effecitive

The Changing Face of the Security Leader

The role is changing, but what does the future hold?

Cyber Risk Insurance Won't Save Your Reputation

Be careful what you purchase and for what reason

Showing posts with label Ukraine. Show all posts
Showing posts with label Ukraine. Show all posts

Should we be worried about state-sponsored cyber-attacks against hospitals?

We ABSOLUTELY should!


For the past decade and a half, the criminal underworld, Russian Mafia and other organized crime syndicates in the former Soviet Union have provided a constant reminder of both the fallibility of modern IT systems and the tenacious expertise of Russian hackers and their cyber-criminal community. In what now seems like background white noise, these highly organized perpetrators have executed a near constant campaign of cyber-theft, cyber-extortion, and denial of service attacks. 

Attacks have included a long list of crippling ransomware campaigns that have disabled almost the entirety of national health systems like the Irish HSE and Irish Health System, to the near bankrupting of several large private US health systems, to causing small medical and dental practices to have to close up shop, all in the past year.  This has denied critical medical services to thousands of patients and contributed to increases in patient morbidity and mortality. Yes, Russian cyber criminals have killed innocent people, perhaps not directly or intentionally, but nevertheless their greed and lack of ethical restraint has caused great pain and suffering to thousands. But, the capabilities of these gangs pales into insignificance when compared to the resources and capabilities of nation states.

WannaCry which in 2017 crippled much of UK NHS as well as other providers of health services around the word was a (flawed) cyber weapon created by the DPRK to raise hard currency following international sanctions on Kim Jong Un’s autocratic hermit kingdom. The DPRK’s subsequent cyber weapons have been much less flawed, and have drained many cryptocurrency exchanges and large sums from the Bank of Bangladesh among a long list of other victims. With the exception of its attack against Sony Pictures, Lazarus Group and other DPRK cyber forces operate very similarly to any other criminal enterprise raising cash for the Kim family’s lavish living and to purchase rocket fuel for his pet ICBM and nuclear weapons programs.

Not Petya, a highly destructive wiperware which initially masqueraded itself as a fake ransomware attack, hit the world right on the heels of WannaCry and was quickly attributed to the Russian government, specifically the SandWorm hacking group within the GRU Russian military intelligence organization. Initially designed to target the Ukrainian MeDoc tax accounting application in a software supply chain attack, it quickly spread worldwide to any company and country doing business in Ukraine and took down many of the world’s largest companies including shipping company Maersk, FedEx, pharmaceutical giant Merck, and French firm Saint-Gobain. Each of these organizations spent hundreds of millions of dollars to restore data and systems that NotPetya had encrypted beyond repair. Not Petya destroyed tens of thousands of computer systems and resulted in losses in excess of $10bn USD globally. Already a pariah, the Russian state after this devastating attribution, became synonymous with cybercrime and cyberwarfare across the international community. In a major home goal, NotPetya ended up also wiping a large number of computer systems in Russia for organizations that also conduct business with Ukraine
 
Step forward a few years to 2022 and Russia is up to its old tricks again. A few hours before Russian tanks began rolling into Ukraine, Microsoft raised the alarm warning of a never-before-seen piece of “wiper” malware that appeared aimed at the country’s government ministries and financial institutions. ESET Research Labs, a Slovakia-based cybersecurity company, said it too had discovered a new ‘wiper’ while security experts at Symantec’s threat intelligence team said the malware had affected Ukrainian government contractors in Latvia and Lithuania and a financial institution in Ukraine. ESET has called the malware which renders computers inoperable by disabling rebooting, HermeticWiper, while Microsoft has named it'd discovery FoxBlade.

The trouble with any kind of cyber weapons, no matter how targeted they are, is that these weapons do not recognize national boundaries (just as Putin didn’t recognize Ukraine’s) and so are bound to get out into the global community of interconnected IT systems. Fortunately, and so far at least, the HermeticWiper malware does not appear to be self-propagating, whereas NotPetya was deliberately designed to spread laterally and stealthily. There are no doubt many other offensive cyber weapons being deployed against Ukraine and its allies this week as Putin escalates his attack.

But the real danger is not just in the powerful nation state weapons, but with the semi-professional hackers and organized crime syndicates. Russia has the world’s largest non-state criminal cyber infrastructure employing tens of thousands who are engaged full time in cybercrime, cyber-theft, and cyber-extortion. Putin for various reasons has turned a blind eye to their criminal activities for decades allowing these groups to grow and prosper. These criminals are already using the smokescreen of conflict in Ukraine to launch fresh ransomware attacks against the west, and evidence suggests that Putin has recently instructed them to go all-out to help Mother Russia. Putin has organized a personal crusade of military kinetic and cyber offensive capabilities and paired this with an extensive criminal underground in an attempt to overwhelm the west.

On the other side, the call has gone out for Ukrainian cyber gangs to launch an all-out offensive against the institutions of the Russian Federation, and they have been joined by Anonymous and many other international hacktivists. If we are to believe the reports coming out of Russia, then many of the Kremlin’s public systems have been taken down by cyber-attacks. This tit-for-tat action risks serious escalation, and Russia which is widely acclaimed to have invented the concept of cyber-warfare during its two brutal wars against Chechen separatists, is sure to have some very powerful, very devastating cyber weapons in its war chest. Of course so too does the USA, UK, and many other countries. These weapons if ever launched would wreak devastation akin to a nuclear war and wipe out just about anything electronic. Given our reliance upon IT systems today, especially in hospitals this would not end well for patients, resulting in a significant rise in patient morbidity and mortality. The trouble for the west is, that these cyber weapons would cause far greater damage to advanced western institutions than to former Soviet ones in Russia, Belarus, Kazakhstan, and Chechnya supporting Putin where computerization is less prevalent.

We should be taking every precaution to patch all systems, ensuring the legitimacy of patches by examining hash values before deploying, by enforcing multi-factor authentication for all users, and by disconnecting and isolating systems which cannot be properly secured. Staff should be briefed on the need for heightened awareness and told to take extra precautions in their day-to-day activities. 
 
But first however, we need to fully understand what is connected to our networks and who is accessing our systems. In this day and age of heightened threats, we need to understand what is 'normal' so that abnormal or 'anomalous behavior' can be flagged and quickly isolated. The inconvenience of kicking a user off of a system and inconveniencing them, should be far less of a concern than the safety of a patient on life support being kept alive by a collection of connected medical devices.