FBI, CISA warn: Hackers won't take a vacation

Although the agencies don't have any specific threat reporting about Labor Day weekend, they have observed an increase in ransomware attacks on holidays in the recent past.
By Kat Jercich
12:09 PM

The U.S. Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency released a joint advisory this week warning organizations to protect themselves during holidays, including the upcoming Labor Day weekend.  

The agencies said they have observed an increase in "highly impactful" attacks occurring when offices are normally closed.  

"The FBI and CISA do not currently have any specific threat reporting indicating a cyberattack will occur over the upcoming Labor Day holiday," the alert said.  

"Cyber criminals, however, may view holidays and weekends – especially holiday weekends – as attractive timeframes in which to target potential victims, including small and large businesses," it continued.  

WHY IT MATTERS  

The agencies noted that targeting organizations when most people are on vacation can provide bad actors with a head start for network exploitation and the propagation of ransomware.

They cited recent incidents over holidays, including:

  • A Mother's Day weekend deployment of Darkside ransomware against the IT network of a U.S.-based critical infrastructure entity in the Energy Sector.
  • A Memorial Day weekend REvil ransomware attack on U.S. and Australian meat production facilities.
  • A Fourth of July attack by REvil on a U.S.-based critical infrastructure entity in the IT sector.  

Experts reiterated the importance of staying vigilant.  

"Given the troves of highly sensitive data that hospitals have access to, hospitals are arguably the crown jewel for bad actors," said Lisa Plaggemier, interim executive director of the National Cyber Security Alliance, in an email to Healthcare IT News.   

"Therefore, beyond just in engaging in their day-to-day cyber protocols, the health sector needs to be especially vigilant during periods when threat activity is likely to be particularly high – like during long weekends and around holidays," she said.  

According to the alert, the FBI's Internet Crime Complaint Center has received 2,084 ransomware complaints, with over $16.8 million in losses, from January through July of this year.   

That's a 62% increase in reporting and 20% increase in reported losses compared to the same time frame in 2020.  

In addition to best practices such as offline backups, user training, incident response plans and multi-factor authentication, the FBI and CISA suggest preemptive "threat hunting" before attacks occur.  

"Threat actors can be present on a victim network long before they lock down a system, alerting the victim to the ransomware attack," said the alert. "Threat hunting [involves] developing a baseline through a behavior-based analytics approach, evaluating data logs, and installing automated alerting systems."  

"Already this year we have seen major holiday-timed attacks breach critical infrastructure," said Plaggemier. "So it is imperative that healthcare organizations engage in the proactive and ongoing cyber best practices needed to keep their patient and employee data safe."

THE LARGER TREND

The FBI/CISA alert came alongside a recent warning from the FBI about Hive, a newly observed ransomware that was reportedly responsible for an attack on an Ohio health system this past month.  

President Joe Biden has also called for the general strengthening of critical infrastructure cybersecurity, given incidents like those outlined in the alert.  

"The cybersecurity threats posed to the systems that control and operate the critical infrastructure on which we all depend are among the most significant and growing issues confronting our nation," Biden wrote in a July memo.  

ON THE RECORD  

"Hospitals and healthcare facilities host and serve a wide range of constituents both physically and virtually, making their information systems especially vulnerable to cyber-attacks, which are increasing at an alarming rate," said Bill Burns, vice president of vertical markets for health and life sciences at Cohesity Healthcare, in an email to Healthcare IT News.

"Organizations can best protect against the impact of these attacks by doing regular data backups and protecting their stored data via encryption, rendering it immutable to attack. In addition, an automated rapid data recovery capability will help the organization resume normal operations quickly, putting them in a position to reject any ransom demand," Burns added.

 

Kat Jercich is senior editor of Healthcare IT News.
Twitter: @kjercich
Email: kjercich@himss.org
Healthcare IT News is a HIMSS Media publication.

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.