Cybercriminals Are Targeting Healthcare Sector During The COVID-19 Pandemic
Cybercriminals will take advantage of any crisis, including the COVID-19 pandemic. CISA’s latest alert is warning healthcare organizations of increased cybercriminal activity.
CISA has issued a warning to healthcare organizations about an increase in “password spraying” attacks launched by cybercriminals. They are targeting organizations involved in both national and international COVID-19 responses in order to collect bulk personal information, intellectual property, and intelligence that aligns with national priorities.
What Is Password Spraying?
Password spraying is a type of brute force attack where hackers use a username with multiple passwords to gain access to your IT system. With traditional brute force attacks, the criminal uses one username with multiple passwords, which can easily be negated by a lockout feature (which locks the criminal out after a set number of login attempts).
However, with a password-spray attack (also known as the “low-and-slow” method), the malicious cyber actors use a single password against many accounts before moving on to another password. They continue this process until they find one that works. This strategy works for them because they can avoid account lockouts. It circumvents lockout functionality by using the most common passwords against multiple user accounts until they find one that works.
Password spraying targets single sign-on (SSO) and cloud-based applications using federated authentication. A federated authentication identity provides single access to multiple systems across different enterprises. Cybercriminals target federated authentication protocols because it disguises their activities and ensures their anonymity.
Attackers use password spraying in environments that don’t use multi-factor authentication (MFA), rely on easy-to-guess passwords, or use SSO with a federated authentication method.
How Can You Protect Your Healthcare Organization?
- Enable MFA and review MFA settings to ensure coverage overall active, internet facing protocols.
- Review password policies to ensure they dictate clear guidelines for maintaining complex and unique passwords.
- Keep your VPN and other security software patched and up to date.
- Implement a browse-down architecture for your management interfaces of critical systems, which will prevent cybercriminals from gaining privileged access.
- Monitor your systems and collect data for review in the event that your network is penetrated.
- Ask your IT support to conduct Security Awareness Training for your employees at all levels.
Need assistance managing your password policies and cybersecurity as a whole? Kraft Technology Group will help – we’re available to support healthcare systems and keep them secure during the pandemic, and beyond.
Like this article? Check out the following blogs to learn more:
5-Minute Guide to DMARC Deployment