Whether it's online dating and grocery delivery or cryptocurrencies and autonomous vehicles, nearly every aspect of our lives has been utterly transformed by modern computing.
On the whole, this impact has been largely positive. But one issue that arises from moving so much of our lives online is that malicious actors can avail themselves of many more attack surfaces. Because of this, cyberattacks are increasing world-wide. According to a recent report from Check Point, we saw 38% more cyberattacks per week on corporate networks in 2022, compared to 2021.
It would be hard to overstate how expensive all this criminal activity is. In fact, the average cost of a data breach across all industries in 2022, according to a report by Upguard, was $4.35M. For some industries, this number is much higher.
One particularly enticing target for criminals is healthcare data. Owing to how sensitive healthcare data usually is, it’s an excellent way to gain leverage over companies or individuals. As more healthcare systems modernize their digital infrastructure, it's important for them to evolve their cybersecurity to address the many unique threats that are present in modern technologies.
Hackers are Shifting to More Advanced Attack Vectors
Professionals in the cybersecurity field have responded with heroic efforts at safeguarding the computing infrastructure upon which we all depend. And in large part, they’ve succeeded; they’ve done such an excellent job, in fact, if a system is set up with proper protocols and best practices, breaches become exceedingly difficult to execute.
That having been said, breaches do still occur. Sometimes, this occurs because of a failure to implement security measures; in other cases, it is largely a consequence of the astounding innovations hackers have developed in their attempts to bypass such measures.
In the following sections, we’ll discuss a few examples of such innovations alongside more traditional vulnerabilities. By understanding these top security threats for 2023 (and beyond), cybersecurity professionals will be better able to thwart bad actors and protect the systems they’re responsible for.
1. Failure to Establish Basic Security Measures
Though we’ll have plenty to say about what the cutting-edge in cybercrime looks like, the truth is, breaches are often driven by simple lapses in security.
Earlier we noted that following security best practices make organizations remarkably resilient to attack. The problem, of course, is that these best practices must actually be followed in order to be effective.
Using a single password for multiple applications is still relatively common. This poses a major threat, because if a hacker is able to guess one password, they simultaneously gain access to many other systems, allowing them to install malware, steal information, or abscond with funds.
A similar but more subtle error is a failure to effectively control permissions. Protecting data and software ultimately comes down to controlling who can access it–you want to keep bad people out while letting good people in so they can do their jobs.
Though there are many tools available for role-based access control, it remains difficult to do correctly, and even a minor lapse can leave the proverbial door open to hackers.
2. Middle MFA Token Hijacking
Multi-factor authentication has become a staple among the security-conscious. Along with using strong, unique passwords, MFA adds an additional set of hurdles that would-be hackers must overcome to gain illicit access to a system.
For a while, this combination mostly did the trick. But in recent years, hackers have figured out a workaround. It requires that they be able to extract ‘cookies’–little chunks of data stored by a browser after a user has logged into an application.
Today, many varieties of malware are able to pull these cookies out of a browser after infection. They might also be able to access the cookies by executing an adversary-in-the-middle attack, in which a user is tricked into logging in to an application from a phishing site.
In either case, the stolen cookies can allow the hacker to successfully bypass the strictures of MFA.
3. Misconfiguration in Cloud-Based Applications
While there are specific applications where it still makes sense to do everything on-prem, the cloud has become all but ubiquitous. It has delivered both cost savings and convenience by offering access to computing machinery over the internet, strongly incentivizing companies and individuals to integrate it into their operations.
As is usually the case, of course, this has led to a wide variety of new vulnerabilities and security considerations which must be dealt with.
One source of these is the misconfiguration of cloud resources. As its name suggests, ‘misconfiguration’ means provisioning cloud resources–EC2 instances, Lambda jobs, or what have you–in a way that does not align with best practices.
Unlike on-premises computing where developers must work with the infrastructure team to deploy new resources, cloud computing makes it easy for developers to scale machines up or down to fit requirements – often without any oversight from infrastructure or security. This flexibility is a huge advantage when it comes to innovation, speed, and agility, but it also means misconfigurations can quickly multiply and go unnoticed.
In the best case, a misconfiguration could simply mean that you’re paying more for cloud resources than you need to. In the worst case, it could severely weaken your enterprise’s defenses, exposing you to attackers.
4. Data Leakage in Cloud-Based Applications
Along with flexible scaling, another huge advantage of working in cloud-based environments is that they’re set up to make it easy to share data. Depending on the Cloud Service Provider (CSP) you’re using, adding collaborators could be dead simple, and providing access to a resource like a database or a table is often as straightforward as providing a link.
Obviously, this same ease also represents a vulnerability that must be accounted for. Even in the absence of bad actors, controlling who can access a resource becomes exceedingly difficult if developers are passing around links. But if they’re communicating over unsecured channels, there is the added danger of the links being stolen as part of an attack, potentially compromising some of the most valuable assets your business has.
5. Social Engineering and Phishing
In response to better security, hackers have shifted their efforts from identifying and manipulating software vulnerabilities to identifying and manipulating human vulnerabilities as a way of compromising a network.
This ‘social engineering’ is most commonly done via phishing attacks, in which a malicious actor will work patiently to coax sensitive information out of a target.
Phishing attacks are becoming more complex and sophisticated. We’ve done internal research on this phenomenon, in fact, and our dashboards show the vast majority of the incidents these days are phishing-related.
One thing exacerbating this trend is the fact that we’ve all become accustomed to receiving emails that ask for our credentials as part of the login process. It’s easy to get lax when you’re inundated with an endless stream of very similar messages, and there are many ways for hackers to exploit this lack of vigilance as part of their attacks.
6. Compromised Insiders
A variant of social engineering is the cultivation of an asset inside an organization. Hackers will attempt to identify employees who are disgruntled or otherwise unhappy, then attempt to coax them into deliberately compromising a system so as to leave it vulnerable to penetration.
7. Post-Delivery Link Weaponization
Post-delivery link weaponization, also known as “delayed phishing”, is characterized by hackers creating ways of ‘weaponizing’ malicious links after they’ve been delivered and scanned by security software. These emails can even be sent from compromised accounts from legitimate domains to further evade detection.
For example, we’ve seen cases where hackers compromise a company with weak security, then use their illicit access to send phishing emails from that company’s email domain. This allows those messages to bypass a lot of scanning and filtering because they appear to come from a real, trusted source.
Though it’s not a new phenomenon, ransomware has exploded in popularity and severity over the past decade or so. With the proliferation of entities such as hospitals and governments–which have a combination of enormous amounts of valuable, sensitive data and fairly weak security–bad actors have begun to favor ransomware as a way of profiting from their criminal activity.
The subject of ransomware is enormous, and will likely play a larger and larger role in geopolitics in the future. Luckily, even though it is a substantial and growing threat, protecting against it draws upon the same skills and practices as security more generally.
Gone are the days when crypto was only of interest to niche communities of hackers and cypherpunks. Signs are everywhere that blockchain has hit the big time, and with this change comes a concomitant surge in the value of currencies like bitcoin.
The criminal element has always taken an interest in projects like bitcoin, Zcash, and Monero, with their promise of allowing for instantaneous, anonymous transactions over the internet. It’s probably no surprise, then, that the space is simply riddled with scams.
A fairly recent innovation is ‘cryptojacking’, in which a wide variety of computing resources–from AWS clusters to simple smartphones–are used without permission to mine cryptocurrency. In most cases, a hacker will use a trojan horse or a compromised website to gain access to the resource, then attempt to run a very lightweight process in the background that handles the mining. If done well, these exploits are very hard to detect. Your first clue could be your bill from your cloud provider.
So long as we have valuable assets, property, or secrets worth protecting, security will be a concern. In today’s hyper-digitized world, there is a panoply of new threats, new attack vectors, and new ways our privacy can be compromised. This is arguably more true of healthcare than it is anywhere else.
If you’re a healthcare cybersecurity professional responsible for securing these systems, check out the full white paper, “The Top 9 Healthcare Cybersecurity Threats – and How to Beat Them!” for recommended mitigation strategies for the threats mentioned in this article.