Research done by CyberPeace Foundation (CPF), Autobot Infosec Private Limited, along with the academic partners under CyberPeace Center of Excellence (CCoE), has found that nearly 1.9 million attack events have been recorded in 2022 till 28th November on the healthcare
Cyber attacks on healthcare facilities have been rising in recent years, and the pandemic has only worsened matters. With hospitals and other healthcare facilities struggling to keep up with the demand for care, they have become an easy target for cybercriminals. While this may seem like a small amount, it can be devastating for a hospital that is already stretched thin.
Research done by CyberPeace Foundation (CPF), Autobot Infosec Private Limited, along with the academic partners under CyberPeace Center of Excellence (CCoE), has found that nearly 1.9 million attack events have been recorded in 2022 till 28th November on the healthcare based threat intelligence sensors network simulated by the research group in India.
The study is a part of CyberPeace Foundation’s e-Kawach program to implement comprehensive public network and threat intelligence sensors across the country to capture internet traffic and analyse real-time cyberattacks that a location or an organisation faces. A credible intelligence on real-time threats empowers organisations or a country to build cybersecurity policies.
The vulnerable internet-facing systems having Remote Desktop Protocol (RDP), vulnerable SMB and Database services enabled, and old windows server platforms were mostly attacked. Attackers also tried to inject malicious payloads into the network. The deployed network has captured a total of 1527 unique payloads belonging to Trojan, Ransomware, etc.
Analysis of data has drawn the attention that attackers also tried to exploit DICOM/MYSQL/MSSQL protocols to access the sensitive patients data like medical images, diagnostic databases etc. DICOM is standard protocol used in most medical and healthcare facilities for the management and transmission of medical images and related data.
Research team noticed a massive brute force, dictionary attacks were performed against the protocols FTP, MYSQL and MSSQL using some common credentials like ‘root’, ‘ftp’, ‘admin’, ‘web’, ‘web!’, ‘qwerty’, ‘password1’, ‘sql2005’, ‘passw0rd’, ‘administrator’ etc. One new trend has been noticed that attackers are nowadays using long passwords, not usually mentioned in the English dictionary.
In an earlier report released in August 2022, CyberPeace of Foundation also mentioned that there has been an increase in the number of phishing/social engineering attacks on Indian organizations in the Healthcare business. CPF spokesperson drew attention to WhatsApp messages masquerading as an offer from Apollo Hospital with links luring unsuspecting users with the promise of medical subsidy presents making the rounds on the app.
Recently, news has been making the rounds on the internet that All India Institute of Medical Sciences (AIIMS), Delhi faced a cyberattack probably with the injected ransomware on their systems.