Hackers are continuing to attack healthcare organizations, but healthcare ransomware attacks are the biggest cause of security incidents, according to the NTT Security 2017 Global Threat Intelligence Report.
Healthcare ransomware attacks accounted for 50% of all security breaches reported by healthcare organizations between October 2015 and September 2016 and are the largest single cause of security breaches.
However, healthcare is far from the only sector to be targeted. Retail, government, and the business & professional services sector have also suffered many ransomware attacks during the same period. Those four sectors accounted for 77% of global ransomware attacks. The worst affected sector was business & professional services, with 28% of reported ransomware attacks, followed by the government (19%), healthcare (15%) and retail (15%).
NTT Security reports that phishing emails are the most common mechanism for ransomware delivery, being used in 73% of ransomware and malware attacks. Poor choices of password are also commonly exploited to gain access to networks and email accounts. NTT says just 25 passwords were used in 33% of all authentication attempts on its honeypots, while 76% of authentication attempts used a password known to have been implemented in the Mirai botnet.
Zero-day exploits tend to attract considerable media attention, but they are used in relatively few attacks. Web-based attacks have fallen but they still pose a significant threat. The most commonly attacked products were Microsoft Internet Explorer, Adobe Flash Player, and Microsoft Silverlight. Exploit kit activity has fallen throughout the year as cybercriminals have turned to phishing emails to spread malware and ransomware. There was a steady decline in exploit kit attacks throughout the year.
With phishing posing the highest risk, it is essential that organizations ensure they have adequate defenses in place. Phishing attacks are sophisticated and hard to distinguish from genuine emails. Security awareness training is important, but training alone will not prevent some attacks from being successful. It is also important to ensure that training is not just a one time exercise. Regular training sessions should be conducted, highlighting the latest tactics used by cybercriminals and recent threats.
The best form of defense against phishing attacks is to use anti-phishing technologies such as spam filters to prevent phishing emails from reaching end users. The more phishing emails that are blocked, the less reliance organizations place on end users being able to identify phishing emails. Solutions should also be implemented to block users from visiting phishing websites via hyperlinks sent via email.