The US Federal Bureau of Investigation (FBI), Departments of Homeland Security, and Health and Human Services (HHS) issued a joint alert Wednesday warning of an “imminent” increase in ransomware and other cyberattacks against hospitals and healthcare providers. This should be a major concern for all Veterinary Hospitals and practices.
The reason being the way cyber attacks are deployed. If can learn anything from the NotPeyta Attack and the $670 million dollar loss to Merck Animal Health in 2017. Cyber attacks don’t recognize borders. Anytime health care industries are put in the cross hairs of cyber attacks it also encompasses Veterinary hospital and practices as well. Here are two things every practice manager and owner should consider.
Does your Veterinary Hospital use any of the following terms in your marketing or business name?
Hospital, medical center, Practice, Health, Clinic & Care amongst may other medical related terms.
Lack of modern robust cyber security protections
“Malicious cyber actors are targeting the [Healthcare and Public Health] Sector with TrickBot malware, often leading to ransomware attacks, data theft, and the disruption of healthcare services,” the Cybersecurity and Infrastructure Security Agency said in its advisory.
What is TrickBot?
We are seeing this new attack being deployed in tried and true ways. Through email Phishing campaigns. Once they have you on the hook the malware allows them to steal your veterinary practice financial data and other personal data. TrickBot once deployed allows hackers direct access to the infected system to allow them to drop ransomware and other malware onto the practice’s network. We already saw a number of veterinary practices being attacked with TrickBot last month to deploy Ryuk ransomware.
Microsoft’s Attempt to take down TrickBot
Over the last couple of weeks it has been reported that the TrickBot’s server infrastructure had been taken down by Microsoft in an attempt to stop the TrickBot attacks. “The challenge here is because of the attempted takedowns, the TrickBot infrastructure has changed and we don’t have the same telemetry we had before,” Hold Security’s Alex Holden told The New York Times.
“These attacks often involved data exfiltration from networks and point-of-sale devices,” CISA said. “As part of the new Anchor toolset, Trickbot developers created Anchor_DNS, a tool for sending and receiving data from victim machines using Domain Name System (DNS) tunneling.”
The Hacker News reported that TrickBot is using a back door that allows your infected PCs to communicate with the TrickBot servers via a DNS tunnel that allows the traffic to “blend in” with normal internet traffic evading local cyber defense products.
Also coinciding with the warning is a separate report by FireEye, which has called out a financially-motivated threat group it calls “UNC1878” for the deployment of Ryuk ransomware in a series of campaigns directed against hospitals, retirement communities, and medical centers. Urging the health care professionals to patch operating systems and implement network segmentation, CISA also recommended not paying ransoms, adding it may encourage bad actors to target additional organizations.
How to protect yourself from TrickBot
1) Make sure all your PCs, Servers, Tablets and Phones have been updated and make sure to keep them updated
2) Make sure local defense systems like Windows Defender has updated its definitions.
3) Make sure you have deployed AI and Machine Learning based cyber security software across your network. This way if TrickBot updates and changes the way it communicates, as soon as any PC running the same security software anywhere in the world. Is infected with this new version, your security software will immediately get this new definition and know what to look for.
4) Make sure you’re leveraging air gaped local backups as well as the cloud to protect your practice management, Xray and accounting data.
5) Make sure you have a complete Incident Response and Disaster Recovery Plan
Clint Latham J.D.
Lucca Veterinary Data Security
Sources : The Hacker News