Recently, we became aware that several of the past Hacking Healthcare submissions from this year have inadvertently omitted attribution to some sources that were used to provide background and context. These unintentional omissions will soon be rectified with revised versions that can be found in Health-ISAC’s archives. The subject and substance of these articles remains unchanged and due credit will properly attributed. We apologize for this oversight.
This week, Hacking Healthcare examines a major report on the cyber threat landscape as it relates to Ukraine. Google’s new report, which investigates government-backed operations, information operations, and the cybercriminal ecosystem, provides a useful window into how cyber capabilities have, and have not, been used in a modern armed conflict between technologically modern states. We break down some of the more interesting findings, including the degree to which healthcare has been targeted and what the conflict has appeared to do to the cybercriminal ecosystem.
As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog (available in the Member Portal.)
TLP WHITE - 2.24.2023 -- Hacking Healthcare
Welcome back to Hacking Healthcare.
Google Reports on the Ukrainian Conflict’s Cyber Threat Landscape
The Russian invasion of Ukraine, soon to enter its second year, brought an intense focus on cyberspace. With tensions between Russia and the West already high, many speculated that the conflict might become a testbed for new and destructive cyber weapons as well as a justification to ramp up cyberattacks beyond Ukraine’s borders.[i] [ii] While fears of a wider “cyber war” look to be overstated, understanding the nuanced impact that the conflict has had on the cyber threat landscape could prove incredibly valuable to policymakers and cyber defenders. A recently released report from Google is perhaps the most comprehensive snapshot yet produced. So, what does it say and what can the healthcare and public health (HPH) sectors learn from it?
Google released its 47-page report, Fog of War: How the Ukraine Conflict Transformed the Cyber Threat Landscape, on February 16th.[iii] The product of a collaboration between three of Google’s internal teams, the Threat Analysis Group (TAG), Mandiant, and Google Trust & Safety, the report is split into sections detailing government-backed cyber operations, information operations, and cybercrime. At a high level, the primary takeaways for each were summed up by Google as follows:
- – NATO Phishing – Google noted a 300 percent increase in Russian spear-phishing attacks against entities located in North Atlantic Treaty Organization (NATO) member countries.[iv]
- – Destructive Attacks Spike – Google noted that attacks were carried out against civilian infrastructure in what they believe was an attempt “to undermine the public’s trust in the government’s ability to deliver basic services.”[v] They also noted that they “observed more destructive cyberattacks in Ukraine during the first four months of 2022 than in the previous eight years.”[vi]
- – Full-Spectrum Operations – The Russian government carried out “the full spectrum of information operations” to further Russian strategic interests.[vii]
- – Seismic Shifts – The conflict has resulted in significant upheaval within the cybercriminal ecosystem that Google asserts “will likely have long term implications for both coordination between criminal groups and the scale of cybercrime worldwide.”[viii]
- – “Ransomware Retaliation” – Google did not note an increase in cyberattacks targeting critical infrastructure in NATO member countries.
- – Google expects that cyberattacks targeting NATO member countries will continue when it suits broader strategic aims.
- – Google “assess[es] with high confidence” that “disruptive and destructive attacks” are likely to be increasingly used in response to deteriorating battlefield conditions.[ix] Google believes that these attacks are likely to increasingly hit targets outside of Ukraine.
- – Healthcare was not a prominently targeted sector.
Google ends its report by stating that they plan on continuing to monitor the threat landscape and aid in security efforts.
Action & Analysis
**Included with H-ISAC Membership**
Tuesday, February 21st:
– No relevant hearings
Wednesday, February 22nd:
– No relevant hearings
Thursday, February 23rd:
– No relevant hearings
– No relevant meetings