The world of cyber threats just took a big step in a worryingly violent direction thanks to the Israeli military. Ransomware isn't anywhere near as prevalent in the healthcare sector as it used to be. And deepfake video and audio files are predicted to cause havoc. If you're not taking cyber security seriously yet, you're taking an increasingly dangerous path.
Ransomware attacks reduce
According to Digital Health, ransomware attacks are steadily falling as cyber criminals look for fresh ways to attack IT systems.
The Vectra 2019 Spotlight Report on Healthcare points to the Internet of Things, networks that aren't partitioned properly and out of date systems, all of which present serious vulnerabilities to a business. These weaknesses are likely to be exploited by cybercriminals looking to steal personal data, and by those simply wanting to disrupt businesses.
The report demands better Artificial Intelligence and Machine Learning, both of which can help detect hidden threats. But there's some good news – it looks like ransomware, most famous for the 2018 WannaCry attack on the NHS, was used much less frequently by hackers in the last six months of 2018.
Healthcare players need to be aware of new risks and keep their eyes open for the latest threat, namely 'command-and-control' communications that can be hidden in HTTPS tunnels and look very like everyday service provider traffic. It isn't just about the affected business, either. Because no system operates in a vacuum, these new attacks are a risk every time a business communicates with independent labs, external suppliers or any other kind of healthcare service provider.
Medical IoT gadgets can be brilliant for patients. But they require strict security controls like any other networked tech. At the same time many of today's devices have poor or non-existent security controls, and that's a worry. In fact 'outdated software and operating systems' are leaving our NHS vulnerable to attack, prompting calls to separate patient data entirely from IT networks.
If you're in the healthcare industry you still need to keep your eyes open for ransomware, of course. It isn't totally dead and gone. But the point is, new threats arise regularly and good cyber security isn't a destination, it's a journey.
Israel bombs cyber attackers
In a widely-reported attack, Israel's military has announced they've "thwarted an attempted Hamas cyber offensive against Israeli targets.” The successful 'cyber defensive operation', using a drone, targeted a building where the Hamas cyber operatives worked, and flattened it. Hamas no longer has cyber capabilities after the strike, according to an IDF spokesperson. This marks the first time that instant real-time military force has tackled a cyber threat, although the USA managed to kill a senior ISIS hacker during 2015, a British citizen also targeted by a drone.
Deepfakes are fake videos or audio files that look and sound completely authentic, thanks to AI. The tech behind Deepfake is easy to get hold of and it's improving fast. You or I could easily create one, it's worryingly easy to use and it's a very dangerous tool when used maliciously.
So far Deepfakes have mostly been a hobby for amateurs, a bit of fun. Look at YouTube and you'll see numerous videos showing politicians and world leaders saying crazy things, all cleverly faked. But the tech can easily be harnessed for harm, to manipulate people and businesses in a highly sophisticated way. In a world where lies are the new truth and the truth is often in short supply, who knows what could happen? A video of a world leader making threats to another world leader could end in war. And a business could be totally trashed thanks to a Deepfake audio file about share prices, false claims about share prices or the failure of a new product.
The worst thing is the current sense of helplessness around Deepfake tech. It is almost impossible to prevent them, all you can do is inform yourself about the risk and if it happens, take instant action to protect your organisation. That might mean a public announcement, emails to every employee or customer, or a strong public denial. And, of course, taking the video or audio file offline as fast as possible.
Knowledge delivers power – Get qualified
The Cyber Essentials Plus and Cyber Essentials Scheme give you and your staff the insight and wisdom they need to be aware of old and new cyber threats, look out for cyber attacks, and stay safe themselves. We can help you and your people protect against cyberattacks.