There's a disturbing increase in cyber attacks targeting the Australian Health sector. This trend was observed by the Australian Cyber Security Centre (ACSC), a government agency tasked with monitoring Australia’s cyber threats.
The ACSC has flagged two threats under high alert - SDBBot Remote Access Tool (RAT) and CI0p.
The SDBBot is an insidious remote access weapon that grants attackers unmitigated remote control of an infected system. Once installed, the SDBBot will autonomously download additional components to establish remote access. The SDBBot will then move throughout the network of the compromised system and exfiltrate data.
The ACSC has not identified any cyber crime groups linked to these attacks, however, the SDBBot RAT is an attack method almost exclusively used by cyber crime group Hive 0065 (also known as TA505).
According to the ACSC, the SDBBot is a precursor to CI0p ransomware. CI0p ransomware is used to target high profile companies, it’s operatives refer to themselves as “Clop.” The ransomware attempts to disable WIndows Defender and remove Microsoft Security Essential to evade detection.
Cyber attackers install the CI0p ransomware in the final phase of a SDBBot - CI0P attack. Once enough sensitive data has been breached, it’s encrypted and held hostage. If victims fail to pay the ransom price, the breached data is published on the dark web.
The cybercrime group behind CI0p ransomware attacks follow through with their threat of publishing breached data if victims don’t pay. On October 3, CI0p breached German tech company Software AG and demanded a ransom payment of $20 million.
To prove sensitive data was compromised, the cyber crime group published a screenshot displaying Software AG employee emails, financial records, a passport and ID scans.
The software giant failed to pay and their breached data was published online, as promised.
But the threat of a ransomware attack against the health sector is of much greater concern than the software industry. Ransomware attacks completely lock victims out of their internal systems and in a hospital this could result in the death of patients relying on networked systems.
The ACSC observed that the health industry was the highest targeted sector in the 2019-2020 financial year
Cyber criminals are not just targeting the Australian health industry. On September 27, one of the largest healthcare providers in the United States, Universal Health Services, fell victim to a ransomware attack.
The health sector in Australia, and globally, needs to desperately improve its security posture to protect patients from the pernicious threat of ransomware.