The black market for hackers and cybercriminals is thriving, particularly regarding sales of credentials for Remote Desk Protocol servers – a popular entry point for ransomware – according to a report from cloud security provider Armor.
Armor’s Threat Resistance Unit research team analyzed and compiled data from twelve different dark markets and forums, both English- and Russian-speaking ones, from February through June of this year, discovering numerous cybercriminals offering credentials for unhacked Windows RDP servers for as little as $20 a piece.
As of this month, Armor’s TRU team has identified 161 publicly reported ransomware attacks against organizations in the U.S., including healthcare facilities.
The TRU team estimates there are thousands of other ransomware attacks that have resulted in the encryption of data belonging to public and private organizations around the globe, and these simply have not come to light.
“Thus, it makes sense that security researchers and cyber defenders would begin to see plenty of scammers selling access to un-hacked RDP servers,” the report noted.
The report also noted that medical records are for sale in these black markets, although the number of digital storefronts selling them appear to be far fewer than those selling other illicit cyber goods and services.
Most medical records contain everything one needs for identity theft: full name, address, birthdate, phone number, email address, social security number, credit card number or checking account number, and emergency contact (which is often a family member).
The report hypothesized that one reason stores of medical records aren’t being advertised on the underground markets is because cybercriminals are culling out the PII data from the stolen medical records and selling this valuable information off separately.
While researching the underground hacker markets in 2018, the research team saw medical records being sold for $408 on average, Chris Hinkley, director of Armor’s TRU, told HealthcareITNews.
“Cybercriminals are very aware of the value these healthcare records possess,” he explained. First, medical records contain an individual’s insurance credentials, and these are worth a lot, especially for someone who cannot qualify or afford medical coverage and needs an expensive medical procedure.”
Hinkley also noted healthcare organizations also need to be wary of ransomware attacks, pointing out that in 2019 alone, Armor identified 27 healthcare organizations or service providers to the healthcare industry that have been hit by attacks.
“Hackers know that healthcare organizations cannot afford to have their systems go down, as it could mean life or death for patients, so it is imperative that healthcare security workers put security protections in place to defend against the ransomware threat, in addition to other cyber threats,” he said.
Hinkley warned the threat landscape facing healthcare organizations was likely to widen, as attackers learn new ways to monetize PII contained in medical records.
“Attacks will evolve to take advantage of new technologies and devices,” he said. “Also, with the move to the cloud and the introduction of more and more micro-services, security becomes more specialized and securing assets will become more challenging as each new cloud microservice requires its own set of security controls.”