The war in Ukraine is heating up again in recent days with multiple missile and drone strikes. The action comes on the heels of Western allies' promises of tank assistance to help push back Russian forces. The battle against cybercriminals is hitting closer to home, especially for U.S. healthcare organizations and hospitals. The pro-Russia group Killnet launched a series of distributed denial-of-service attacks in the past few days against some of the top clinics and medical centers in the United States, and many experts posit that similar attacks could expand in breadth across other countries that are supporting Ukraine. Killnet is not new, but the nature of their attacks on government institutions, private companies - and now, healthcare organizations - is evolving. Killnet is the same pro-Russian hacker collective that recently took down the European Parliament website with a DDoS attack after EP leaders "Proclaimed Russia as a state sponsor of terrorism," noted Parliament president Roberta Metsola. Lithuania, Czech Republic, and Romania have all also had their government websites attacked. In the United States, the landscape is a bit more broad. Killnet's targets included the government websites of at least three states last year. U.S. airport websites also fell victim to Killnet in October 2022, and the group took credit for stealing employee data from defense contractor Lockheed Martin in an August 2022 cyberattack. All these organizations can be considered critical infrastructure, but attacking healthcare systems takes that a step further, with the potential to affect millions of patients in one fell swoop. Killnet employs two-stage attacks by first hitting websites with an HTTP flood and then hitting the sites with a DNS amplification attack. These techniques aren't unique - but Killnet's recent focus on the healthcare industry is. Given the Biden administration's high-profile focus late last year on healthcare as a key area in which to enhance cybersecurity guidance and requirements, it's not a complete surprise that a pro-Russia organization would capitalize on vulnerabilities. Whether these are assumed or ascertained weaknesses is besides the point. Killnet attackers do extensive research on their targets, and recent events have shown that healthcare is likely to continue as a prime target. As the healthcare industry rapidly becomes more digitized, the conversation around posture, infrastructure, and mitigation is evolving. Akamai is no stranger to that conversation, and we are driving a proactive dialogue by examining data and reviewing attacker reconnaissance techniques. In healthcare, this is especially important since the industry had the most DDoS attacks on the Akamai platform in 2022. What we have observed is that groups like Killnet appear to be well aware of who is currently protected, and who is not. DDoS attacks tend to focus on less well-protected entities. Through careful and precise reconnaissance, the attackers determine who will be attacked next. A simple HTTP request or BGP peering lookup can validate the request path from the attacker machine back to the target web server, or work out whether the target infrastructure is protected by BGP/routing-based DDoS defenses. As an industry that's recently grappled with COVID-19, lower profit margins, and worker shortages, it's likely that readiness conversations in the healthcare space have been geared more toward clinical or financial outcomes. Today, protecting patients is about more than wearing a mask or providing vaccinations. It's about protecting patients' personal data and holistically safeguarding the systems that require continuous uptime to provide healthcare 24/7/365. Assessing threat readiness is an essential part of the conversation - one that Akamai is well-versed to lead. Learn more. Want to learn more about the evolution and growing threat of DDoS attacks? This 30-minute security architecture review with Akamai experts will help you identify if you're at risk.
This Cyber News was published on www.akamai.com. Publication date: Wed, 01 Feb 2023 18:17:02 +0000