Over the past few months, HYAS has observed a significant increase in the number of domains associated with crime-as-a-service vendors focused on phishing, spamming, and malware distribution.
The threat of phish-facilitated malware looms large over the healthcare sector. Research shows that phishing techniques are frequently used as initial delivery vectors for malware attacks, whether ransomware or other malware types — and healthcare providers are increasingly targeted. Behind many of these attacks are crime-as-a-service vendors that give even the most unsophisticated attacker the resources to launch successful attacks.
The consequences of a successful ransomware attack can be dire. Losing access to patient data may become a matter of life and death, healthcare providers may be more inclined to pay a ransom, and criminals more likely to target them. Further, successful deployment of credential stealing malware or even a common phish can lead to exposure of sensitive financial information and fraud, whether against the targeted organization or its customers. These threats are becoming all the more difficult to manage when paired with services that provide all the tools and infrastructure necessary for such an attack.
But what if security teams could understand the entire threat landscape facing their organizations?
Though the sheer scope of attacks can be overwhelming, there exists an opportunity to mitigate threats proactively. Security incidents are a near universal experience for healthcare providers in the United States, but organizations able to identify and monitor malicious infrastructure have a significant advantage.
In short, visibility is key, and Comox offers such visibility.
Analysts can take a single data point and reveal entire constellations of malicious infrastructure by using the enhanced whois information and privacy punch features of Comox. These results can reveal threat actor behavior, allow defenders to stop threats proactively, and even help coordinate with law enforcement on investigations. Importantly, these features can also unmask the organizations and individuals enabling criminal behavior targeting the healthcare sector, whether malware, phishing, or fraud.
HYAS closely monitors numerous crime-as-a-service organizations that sell phishing kits, malware, and spamming services used to target healthcare providers. One such vendor is responsible for maintaining several thousand malicious domains — and markets itself as a “one stop shop” for criminal activities — that have been used to commit countless attacks throughout North America and Europe.