The FBI issued a detailed industry notification highlighting trends in ransomware attacks.
The notification outlined cybercriminals' use of sophisticated techniques to exploit vulnerabilities in third-party tools and system management software, leading to unauthorized access and data compromise.
These tactics were observed in recent incidents between 2022 and 2023, including the exploitation of vendor-controlled remote access to casino servers and the victimization of companies through system management tools.
The report detailed the operations of the Silent Ransom Group, also known as Luna Moth, which orchestrated callback-phishing data theft and extortion attacks. They could compromise local files, extract victim data, and extort companies by manipulating system management tools. These tactics were observed in recent incidents, including:
- Ransomware actors exploited vulnerabilities in remote access systems managed by vendors, gaining unauthorized access to casino servers and compromising networks.
- Cybercriminals used legitimate system management tools to elevate network permissions and compromise victim systems.
- The Silent Ransom Group (SRG), also known as Luna Moth, conducted callback-phishing attacks, where victims were sent a phone number in a phishing attempt.
What they're saying
The American Hospital Association national advisor for cybersecurity and risk offered a statement on the FBI notification, “Although health care is not specifically mentioned in this advisory, it serves as a good reminder that third-party tools, technology, and services continue to be a major contributing factor in some of the largest data breaches and ransomware attacks impacting hospitals and health systems. The advisory points out that our cyber adversaries combine social engineering and legitimate third-party technology tools for maximum effect and provide clearly defined defensive measures applicable to health care."
The AHA recommends organizations establish a multidisciplinary risk management governance committee to help identify and manage cyber risk related to embedded third-party technology.
Why it matters
Although not explicitly mentioned in the advisory, the healthcare sector is highly susceptible to such attacks due to its reliance on numerous third-party tools and technologies. The potential impact of data breaches and ransomware attacks on hospitals and health systems cannot be overstated, as they compromise sensitive patient information and disrupt healthcare services.
Recent cases like the HealthAlliance Hospital, Margaretville Hospital, and Mountainside Residential Care Center cyberattack show how these cases can impact operations within the organization.
Implementing the defensive strategies outlined in the advisory, such as maintaining strong liaison relationships with the FBI field offices and conducting reviews of third-party vendor security postures, are methods of avoiding cybersecurity risks.