Health-ISAC Hacking Healthcare 7-2-2024

This week, Hacking Healthcare™ examines the French Cybersecurity Agency’s (ANSSI) 2023 Cyber Threat Overview to gain a European perspective on how the cyber threat landscape is evolving.^[i] In particular, we will look at the developments and trends that may have significant impacts on the healthcare sector throughout the rest of 2024.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog (available in the Member Portal.)

PDF Version:
TLP WHITE - 7.2.2024 -- Hacking Healthcare™

 

Text Version:

2024 Fall Americas Summit: Call for Papers
While there are still many months before the Health-ISAC’s 2024 Fall Americas Summit kicks off in Phoenix, Arizona, from December 2-6, 2024, time is running out to submit presentation proposals. If you are interested in sharing case studies, lessons learned, real-time strategies (best practices), or current challenges with leaders in the global healthcare community, consider submitting before the July 12 deadline.

Proposals can be submitted via the following link: https://h-isac.org/summits/2024-fall-americas-summit/

 

ANSSI 2023 Cyber Threat Overview 

 ANSSI’s third edition of its Cyber Threat Overview is a fairly comprehensive 40 pages and begins with a short summary that highlights the following:[ii]

• – Cyber threats continue to increase “against a backdrop of new geopolitical tensions and France hosting international events”
• – Cyber threat actors from China, Russia, and general cybercrime pose the most significant threat to critical infrastructure in France
• – Strategic and industrial espionage was the primary mobilizing factor for ANSSI
• – “The cybercrime ecosystem also keeps on diversifying thanks to the leaks of ransomware source codes”
• – ANSSI noted an uptick in “attacks aimed at promoting a political agenda, hindering access to online content or undermining an organization’s reputation”
• – Prominent international events like the 2024 Olympic and Paralympic Games may incentivize attacks

The Overview then breaks into covering three high-level issue areas:

The Changing Motivations of Malicious Actors 

ANSSI focuses on three specific motivations for attacks, beginning with what ANSSI recognizes as a growing number of attacks seemingly motivated by strategic and industrial espionage. These attacks appear to primarily target policy, technology, and defense industries. More relevant to the public health sector is the second motivation — profit-oriented attacks. While ANSSI does cite more attacks against the public health sector year-over-year, the actual percentage remained constant, around 10%.[iii] The final motivation covered was related to destabilization operations in the context of geopolitical conflict. In particular, ANSSI highlights the work of pro-Russian hacktivists.

Improvement of Offensive Capabilities

ANSSI’s overview reiterates the notion that while there is no shortage of tools available to less sophisticated actors looking to carry out effective operations, the higher-end malicious actors continue to adapt and increase their sophistication. This section details the growth in anonymization networks and the diversification of the cybercriminal ecosystem and cybercriminal methods. It also details a rise in the compromise of mobile devices, including those belonging to senior executives of entities tied to a wide range of politically and strategically important sectors.

Opportunities Seized by Attackers 

The final section of the Overview cites how malicious actors look to take advantage of software vulnerabilities, how organizations may be taking on risk if they use a managed service provider (MSP), and how major events, such as the 2024 Olympics, can create opportunities and incentives for cyberattacks.

Action & Analysis
**Included with Health-ISAC Membership**