Healthcare, financial services, manufacturing companies, software-as-a-service and software providers are the industries that are most often the involuntary recipients of current malware campaigns.
All areas of the economy and society are undergoing fundamental change. The long-term mission of digital transformation is accompanied by current challenges such as the pandemic and its consequences as well as the war in Ukraine. Politicians are responding to increased risk situations with new and stricter IT guidelines for an expanded circle of those affected.
Even though companies of all industries and sizes are currently experiencing a sharp increase in hacker attacks, cybercriminals have different intentions behind these incidents. Illegal publishing or sharing of information causes major inconvenience for all target groups - but such incidents hit the financial and healthcare sectors the hardest. The broad spectrum of attacks on IT with other intentions is currently primarily aimed at SaaS/software providers, followed by the financial sector, manufacturing companies and healthcare.
Target Industry 1: Healthcare
Hospitals, health insurance companies and other healthcare organizations are increasingly relying on platform services to share and manage patient data and other important information. Requirements for rationalization and digital transformation that has accelerated as a result of the pandemic or initiatives such as the electronic patient file are increasing the urge to digitize processes from exchanging data to scheduling appointments or even sick notes. In addition, the number of endpoints is growing, for example in the cloud or through the Internet of Things.
The rapidly increasing number of systems, applications and users is expanding the attack surface. An attack on an IT service provider such as Bitmark alone is enough to massively affect the operations of a hospital. Clinics are also lucrative targets for blackmail attacks because they cannot tolerate downtime or data loss in the interests of patients' health or even because of the risk to their lives. Legislators are also tightening or expanding their compliance initiatives. Manufacturers of medical devices are now also affected by the new NIS 2 requirements. The grace periods for complying with the GDPR are long over: the Hamburg data protection officer imposed a fine of 2022 euros in around 105.000 for repeatedly sending incorrect doctor's letters and a missing protocol function for access to patient data.
Target industry 2: Financial services providers
Today's digitalized bank customer, who expects the same simplicity of his banking transactions on his smartphone as with an Amazon order and at the same time the security of a bank vault or the confidentiality of a personal conversation in the branch, is the all-changing risk factor in eBanking. The target is either the credit institutions themselves or, to the same extent, special service providers such as the account switching partner of Deutsche Bank, Postbank or ING or the savings bank subsidiary Deutsche Leasing. Attackers apply industry-specific, general methods such as ransomware or BEC attacks (Business Email Compromise) to the targeted credit institution: Cybercriminals pose as executives or other high-ranking people in order to trick employees into transferring funds or disclosing confidential information.
Providers of financial services are therefore also under a variety of regulatory pressure: In addition to the law on banking secrecy and combating money laundering, the PCI-DSS standard for credit cards and classic industry standards, the Digital Operational Resilience Act (DORA), which has been in force for financial companies and their IT service providers since January, requires among other things, monitoring abnormal behavior. This requires visibility of the systems, processes and data traffic in the IT infrastructure beyond the classic endpoint.
Target industry 3: Manufacturing company
Digitalized, automated and increasingly cloud-based systems and processes in production and supply chain expand the attack surface. The manufacturing sector is a key target for government-backed cyber spies seeking to disrupt critical infrastructure and steal intellectual property. Rheinmetall was able to successfully repel what was believed to be a Russian attack. Economic interests were the driving force in the attack on the automotive spare parts supplier Bilstein Group as an example of the automotive industry under pressure. Inadequate cybersecurity, vulnerable devices and incorrectly configured systems are risk factors for well-known attack scenarios, which usually start with a phishing attack. It's no surprise that, in addition to the ISO industry standard ISO 27001, additional regulations provide for new IT homework. NIS 2 is becoming relevant for more and more industrial companies after the legislature further expanded the circle of “important” or “essential” companies affected and now also includes small companies with 50 or more employees.
Target Industry 4: SaaS and Software
Software-as-a-Service providers and software manufacturers are driving digital transformation. As early adopters of new technologies, they are most at risk. The inherently positive desire to innovate can expose these companies to new threats that those involved may not yet fully understand.
As the starting point for far-reaching cascading attacks, the supply chain with software is a gateway with a high spreading effect for opportunistic, initially automatic attacks. Ultimately, customers can block badly affected products that they rely on. In the case of the attack on the video conferencing app provider 3CX in April 2023, the attackers knew that they could compromise thousands of other companies with one attack.
The young industry with a high proportion of start-ups also suffers more often from a shortage of resources, a shortage of skilled workers in cybersecurity and tight IT budgets. It still has to face the task of cybersecurity, because investors observe the investment candidates' efforts in this regard when making their decisions regarding venture capital investment, purchase or takeover.
IT basic protection against generalist attackers
Only some hackers search for industry-specific vulnerabilities right from the start or send spear phishing emails with carefully researched addressees. The first line of defense in every industry must therefore be state-of-the-art IT protection against opportunistic attackers, which automatically searches for vulnerabilities using various methods.
The basis of such basic IT protection is the comprehensive real-time view of all legitimate, but also potentially anomalous IT processes. Security monitoring must cover the entire infrastructure, i.e. the classic IT endpoints as well as the network itself. It must also include cloud nodes and platforms, Internet of Things devices and - if available - also OT environments .
External security experts against targeted hackers
However, every industry also requires knowledge of the current attack landscape in its industry. In hybrid opportunistic campaigns, after an automatic vulnerability analysis and initial access to the network, only the second stage of an attack is more specifically tailored to the industry and the victim. Once attackers gain access, they scan the networks and adapt their actions to the specific industry. In healthcare and finance, for example, where sensitive data plays a crucial role, attackers focus on exfiltrating the data that generates the highest revenue or that companies are most likely to pay a ransom for. On the other hand, the uninterrupted production environment is often a prime target for attacks on its availability: attackers could use ransomware here to block systems and cause a costly production downtime.
Protecting against these targeted threats requires external experts. No IT administrator can know who is currently attacking which competitor application that a company itself may also be using. Small to medium-sized companies in particular often do not have the skills and experts to react in a timely manner, let alone forestall attackers.
SOC or Managed Detection and Response can help
Only powerful security services, for example an external SOC or a managed detection and response (MDR) service with external security analysts, make it possible to proactively detect industry-specific threats and react quickly in the event of an attack. A costly investment in additional internal and often unavailable or affordable IT specialists is therefore not necessary. Additionally, building an internal SOC team and infrastructure can take months or even years. This is an unacceptable period of time given increasing regulatory and environmental pressures. External help also includes cyber insurance or external, professional legal advice and knowledge of the current industry-specific funding baskets, says Jörg von der Heydt, Regional Director DACH at Bitdefender.
More at Bitdefender.com
About Bitdefender Bitdefender is a leading global provider of cybersecurity solutions and antivirus software, protecting over 500 million systems in more than 150 countries. Since it was founded in 2001, the company's innovations have consistently ensured excellent security products and intelligent protection for devices, networks and cloud services for private customers and companies. As the supplier of choice, Bitdefender technology is found in 38 percent of security solutions deployed around the world and is trusted and recognized by industry experts, manufacturers and customers alike. www.bitdefender.de