Healthcare Threats and Adversary Techniques
Staying ahead of threats starts with understanding them deeply. Learn more about the threats impacting healthcare organizations and how you can best prepare to mitigate these specific techniques.
PowerShell
PowerShell continues to be the most prevalent technique detected in 2023. Since adversaries find this tool to be advantageous to their malicious intent, they’re able to execute commands, evade detection, gather information and much more. Oftentimes, adversaries will send victims email messages with attachments that have embedded code with the intent of launching a payload.
#1
Overall Rank
22.1%
Customers Affected
869
Threats Detected
Cloud Accounts
Adversaries continue to focus their attention on cloud systems for numerous reasons, but one worth noting is organizational adoption of SaaS and IaaS platforms like AWS(Amazon Web Services), Azure and GCP (Google Cloud Platform) With adoption, attack vectors increase, such as a diverse set of authentication methods, which can contribute to multiple opportunities for credential theft. Once in possession, adversaries can mimic normal behavior making detection challenging for security teams. Defending your cloud environment from such malicious activity is critical.
#4
Overall Rank
7.7%
Customers Affected
701
Threats Detected
Windows Command Shell
Command Shell is one of the primary ways adversaries interact with compromised systems. Most adversaries use Command Shell to collect system information, modify systems, bypass security controls and more. Since most of the malicious activity involves obfuscation techniques like random variable names and caret symbols. Having the right detection logic can uncover these techniques.
#2
Overall Rank
18.9%
Customers Affected
837
Threats Detected
Ransomware
Red Canary focuses on the early stages of ransomware, including initial access, reconnaissance, and lateral movement. As a strategy, this approach serves to be a solid tactic for stopping ransomware. In 2023, saw Lockbit, Crysis, Akira, and Snatch along with specific precursors including Impacket, Mimikatz, SocGholish, Qbot and Raspberry Robin.
To view the entire report, please check out our Threat Detection Report
Ransomware Toolkit - Stop ransomware from impacting patient care
Learn how to shut down ransomware precursors with Red Canary’s guides, resources, and open-source tools. We rounded up our best insights in one place so you don’t waste a minute searching.
Check Out Our ToolkitThreat Report – A comprehensive guide on threats, techniques and detection strategies to thwart ransomware attacks.
Anatomy of an Attack – Learn about the milestones and key elements of a ransomware attack.
Open Source Tools – Defend against threats with confidence. Uncover tests to test your team’s ability to respond.
Threat Intelligence – Gain actionable insights into adversarial behavior so you can stay prepared.
Patient-care is more than important, it’s necessary. With over 14,000 endpoints and 1000s of employees, this healthcare provider will experience a surge in cyber attacks in 2022. Ransomware, more specifically, posed the greatest threat. As this organization navigated an evolving threat landscape, as well as security budgets, and resource constraints they sought to find a solution that supported endpoint protection, scaled security and threat intelligence. Red Canary was there to help.
Additional Resources
Threat Detection Report
This in-depth look at the most prevalent trends, threats, and ATT&CK® techniques
Gain deep insight into adversarial techniques, trends and methods combined with 4000+ behavioral analytics that are continuously being optimized by the latest intelligence.
Readiness Exercises
Sharpen response skills and validate response readiness
Detect and prevent cybersecurity problems today before they become an issue tomorrow. Readiness exercises help prepare your security team by honing specific skills, testing response ability and planning for specific events. With expert-led guidance you can keep your organization ahead of the next cybersecurity event.
Cloud Security
Understand and manage your cloud-based attack surface
Unlock 24/7/365 monitoring and threat expertise to spot misconfigurations and vulnerabilities are critical. Healthcare organizations are storing data and analyzing patient data across the cloud and threat actors are taking advantage of this new attack vector. Stop them in their tracks with human-led expertise and early threat detection.