Tony UcedaVélez: Evolution of attacks

The Cyber Threat Landscape Evolution: How the Pandemic Changed the Attack Surface in Healthcare: Evolution of Attacks

Tony UcedaVélez is the Founder and CEO of security consulting firm VerSprite, based in Atlanta. He founded VerSprite after working in the IT and information security space for nearly a quarter of a decade.

Tony UcedaVélez: As we look at the evolution of attacks, we look at with nostalgia at some of the early types of threat actors that came about when they were offering things like viruses and worms and, and rootkits, and things like that. So in the early days, you know, back in the mid-90s, around the initial commercialization of the internet, you have, you know, a lot of criminals that are looking online to abuse very simply, insecure platforms, architectures, etc. And so the basic note is back then was just simply kind of trial and error.

ee, it was kind of more of a novelty. But that novelty definitely grew over the years would go into the.com, the era of the 2000s into 2005. And then now you start to see the novelty of interest in hacking, to basically evolve into a business model of information, compromise, you know, things that relate to like identity theft and credit card theft. That’s for today, where are we at? Well, you know, there are some new terms that have definitely been introduced.

There are some interesting attacks, where we’re looking at things like you know, deep fake technology, which is amazing, to be able to replicate the likeness of someone else’s voice, and image and video, and script out something that they actually never said, and I’m sure many of you, if you google deep fakes and, you know, President Obama and deep fakes and Tom Cruise and a couple other, you know, deep fake videos, the technology is pretty sophisticated.

And you can get anyone to say it’s with the likeness of someone, you can get that someone to say things with their same intonation, same physiological expressions. So the common theme as we look at the trend, and is that there has been a lot of perpetration of trust. There’s different interest now, as we looked, you know, in the 2012 era, you see a lot of now nation-states, getting behind the business of cybercrime, you know, trying to undermine elections and economies and incorporate corporate entities that have a very global presence. But, you know, from a healthcare perspective, where should you guys really tune into? Well, a lot of these threat actors are still motivated by the information, and the healthcare industry, protected health care information is definitely very much a, a has a high level of reward financially. And there’s a lot of information that is can be leveraged for identity theft, and other types of threat motives.

But the most important thing to understand here is that a lot of this stuff is fairly easier when attacking the healthcare sector. Now, specifically, looking at the healthcare sector, let me bring out some things that were highlighted from, you know, our threat Intel team reverse bright, but, you know, obviously, it’s been a busy year, there’s been a lot of things have happened, you know, in terms of general hacks and compromises, you know, the exchange compromise definitely has been, you know, affecting a lot of different smaller healthcare providers and entities.

We look at things like, you know, for example, there were some trends were, you know, phishing attacks, for example, which has always been a go-to, in a fan favorite from cybercriminals worldwide, have basically now targeted, you know, pharmacies and hospitals, and the increase has been, you know, about 189%, is not a surprise, you know, based upon what we see from the types of attacks and threats that we defend in terms of healthcare entities. So triple-digit high numbers in terms of an increase, you know, in the past, and just this, this is just the past week. Right. So this is just in the past, this is recent data. Basically, there’s a lot of perpetration, we see, you know, that another party here where let me get out the laser pointer here.

We see here that a lot of these threat actors are looking to represent pharma companies. And they’re looking to use that level of trust of big entities in order to undermine the trust and confidence of target companies so that they can click on something, they can open up an attachment, and they can simply correspond to them or even have a voice conversation with them. The vaccine rollout that’s going on right now, again, this is recent Intel, there’s a lot of propaganda campaigns that are looking to really target end-users, companies that are affiliated with this type of rollout.

There are other types of vaccines and rollouts that are being researched. There were some campaigns that relate to the International AIDS vaccine initiative, where there was a domain compromise of iavcei.org that was had vulnerable endpoints associated with it and Microsoft’s Microsoft Exchange Server vulnerabilities that were left to expose and that was obvious See provided a conduit for ransomware attacks. So this particular non for profit, public-private partnership, group was responsible for the acceleration and development of vaccines was HIV prevention and AIDS.

So the theme that we’re seeing here with different healthcare-related focus is that there’s a lot of initiatives that are happening on the healthcare front, that are being abused and leverage as false pretenses for conducting different types of attack, especially over email, but also over other mediums such as voice-based attacks, and in-person perpetration, and things like that.

Now, this 2021, obviously, is a new start to a very difficult year with the pandemic, you know, a lot of companies and individuals are very hopeful that, you know, things will get back to normal. But I think, you know, in reality, many experts and professionals feel that there is still going to be, you know, some time period before the remote workforce goes away, if at all, you know, there’s a lot of well known major brands that have decided that the remote workforce is actually there now, common de facto. So what we have here is we have, you know, some trends that are needed to be we need to be mindful of number one is that there is proliferation to the cloud that is now in hyperdrive. And so before the pandemic, the cloud was a hot thing in my cloud, you know, there’s a lot of different things that we mean by that, you know, yes, it does include Amazon, and Google Cloud and Azure Cloud.

But it also includes service models, where you have healthcare providers, maybe like owners of patient portals that have a multi-tenant cloud platform, you know, different platforms where your medical records are now online, in the cloud, shared with others, you know, healthcare entities is very much becoming a de facto. So hackers now realize with a decentralized model, they can set their eyes and trying to attack the end user. And here we have a picture of, you know, the classic parent trying to do their job, you know, the son or daughter is on the iPhone trying to, you know, just get distracted without hacking into their, their parents with a Mac MacBook. But, you know, in all seriousness, you know, we look at some other threat pandemics that just extend beyond compromised credentials to the cloud, which is one area of focus by cybercriminals.

Another area is, you know, the fact that you know, healthcare, unlike its financial counterparts, you know, was large, before the pandemic, you still had a lot of instances where you had centralized traditional on-prem environments. But now with the pandemic, they’ve had to pivot, you know, how do we provide our services from a decentralized architecture where we push things into the cloud, you know, through self-hosting into our own private, you know, cloud environments, or we rely on third-party service providers.

Again, the concern here is, is that you have credentials to get into all these places. And so the pandemic really forces a lot of companies to really go to and further expand their cloud presence. So, this puts a lot of emphasis on the endpoint, you know, see in this example, that we see here, you know, we see you know, consumer electronics, you know, laptops, you have mobile devices, you have printers, you have IoT components that are all on the shared network, have now a home office environment.

And so the criminals already kind of mapped this out, they understand that they don’t necessarily have to approach maybe the device itself, I mean, sure, they can through phishing and malvertising and drive-by download and other types of attacks. But they could also do it by trying to undermine mine the corporate home environment, a very popular router brand, for example, or a very popular IoT device like Alexa, you know, or something like that. So the consideration and really, this comes down to, from an IT management governance and security governance standpoint, being able to understand like, what is the new threat landscape of home devices that are neighboring now corporate devices that have protected health information, potentially

Watch every minute of Tony UcedaVélez's session here.

Learn more about Paubox Spring Summit, Secure Communication During a Pandemic.

Read a full recap of Paubox Spring Summit.

Learn more about Tony UcedaVélez.